From 985fb40582267c897fb1e7155d414f7e488dc83a Mon Sep 17 00:00:00 2001 From: monkeyk7 Date: Fri, 20 Apr 2018 23:57:58 +0800 Subject: [PATCH] =?UTF-8?q?API,=20=E6=A0=B7=E5=BC=8F,=20=E5=8A=9F=E8=83=BD?= =?UTF-8?q?=E5=AE=8C=E5=96=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sos/config/WebSecurityConfigurer.java | 7 +- .../webapp/WEB-INF/jsp/decorators/main.jsp | 2 +- src/main/webapp/WEB-INF/jsp/index.jsp | 72 +- src/main/webapp/WEB-INF/jsp/login.jsp | 93 ++- src/main/webapp/static/api/SOS_API-0.5.html | 650 ++++++++++++++++ src/main/webapp/static/api/SOS_API-0.6.html | 650 ++++++++++++++++ src/main/webapp/static/api/SOS_API-1.0.html | 722 ++++++++++++++++++ src/main/webapp/static/api/SOS_API-2.0.html | 720 +++++++++++++++++ 8 files changed, 2875 insertions(+), 41 deletions(-) create mode 100644 src/main/webapp/static/api/SOS_API-0.5.html create mode 100644 src/main/webapp/static/api/SOS_API-0.6.html create mode 100644 src/main/webapp/static/api/SOS_API-1.0.html create mode 100644 src/main/webapp/static/api/SOS_API-2.0.html diff --git a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java index fde52e7..01aa6ec 100644 --- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java +++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java @@ -47,7 +47,8 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { -// http.csrf().disable() + http.csrf().ignoringAntMatchers("/oauth/authorize", "/oauth/token"); + http.authorizeRequests() .antMatchers("/public/**").permitAll() .antMatchers("/static/**").permitAll() @@ -66,10 +67,6 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { .usernameParameter("oidc_user") .passwordParameter("oidcPwd") .and() - .csrf() - .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) - .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")) - .disable() .logout() .logoutUrl("/signout") .deleteCookies("JSESSIONID") diff --git a/src/main/webapp/WEB-INF/jsp/decorators/main.jsp b/src/main/webapp/WEB-INF/jsp/decorators/main.jsp index 6310993..e9b779a 100644 --- a/src/main/webapp/WEB-INF/jsp/decorators/main.jsp +++ b/src/main/webapp/WEB-INF/jsp/decorators/main.jsp @@ -5,7 +5,7 @@ <%@ page contentType="text/html;charset=UTF-8" language="java" trimDirectiveWhitespaces="true" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> -<%@ taglib tagdir="/WEB-INF/tags" prefix="custom" %> +<%@ taglib tagdir="/WEB-INF/tags" prefix="tags" %> diff --git a/src/main/webapp/WEB-INF/jsp/index.jsp b/src/main/webapp/WEB-INF/jsp/index.jsp index 4a64c3d..48b8b23 100644 --- a/src/main/webapp/WEB-INF/jsp/index.jsp +++ b/src/main/webapp/WEB-INF/jsp/index.jsp @@ -5,6 +5,7 @@ <%@ page contentType="text/html;charset=UTF-8" language="java" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> +<%@ taglib tagdir="/WEB-INF/tags" prefix="tags" %> @@ -13,14 +14,18 @@ -

Spring Security&OAuth2 is work!

- -

- Login -  |  - Logout -

+

Spring Security&OAuth2 + ${mainVersion} +

+
+ Logged: ${SPRING_SECURITY_CONTEXT.authentication.principal.username} +
+ + + +
+
操作说明:
    @@ -32,7 +37,17 @@

  1. 菜单 Unity 与 Mobile 需要OAuth 验证后才能访问(即受保护的resource);
    - Unity 需要 [ROLE_UNITY] 权限, Mobile 需要 [ROLE_MOBILE] 权限. + Unity 需要 [ROLE_UNITY] 权限(resourceId: + unity-resource + ), Mobile 需要 [ROLE_MOBILE] 权限(resourceId: + mobile-resource + ). +

    +
    2. +
  2. +

    + 在使用之前, 建议先了解OAuth2支持的5类grant_type, 请访问 http://andaily.com/blog/?p=103

  3. @@ -54,14 +69,49 @@ 菜单
    • - User +

      + API - 查看提供的API文档 +

    • - Unity +

      + client_details - 管理ClientDetails +

    • - Mobile +

      + User - 管理User +

      +
      • +
    • +

      + Unity - Unity 资源(resource), 需要具有 [ROLE_UNITY] 权限(resourceId: + unity-resource才能访问 +

      +
      • +
    • +

      + Mobile - Mobile资源(resource), 需要具有 [ROLE_MOBILE] 权限(resourceId: + mobile-resource才能访问 +

    +
    + +
    +

    + 说明: Unity与Mobile菜单需要先获取到access_token后才能正常访问; 可以尝试在URL后面任意添加access_token参数值试试效果, +
    + 如: ${contextPath}/m/dashboard?access_token=i_am_testing_access_token +

    + +

    + 请求受保护的资源时传递 + Access Token + 有两种方式, 方式一在URL参数中添加access_token, 方式二在请求的Header中添加 Authorization, 其值为 bearer + your_access_token +

    +
    \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/jsp/login.jsp b/src/main/webapp/WEB-INF/jsp/login.jsp index be2bffc..34380fa 100644 --- a/src/main/webapp/WEB-INF/jsp/login.jsp +++ b/src/main/webapp/WEB-INF/jsp/login.jsp @@ -5,6 +5,7 @@ <%@ page contentType="text/html;charset=UTF-8" language="java" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> +<%@ taglib tagdir="/WEB-INF/tags" prefix="tags" %> @@ -14,34 +15,78 @@

    OAuth Login

    -
    -
    +
    -
    - +
    +
    -
    - -
    + + +
    + + +
    + +
    +
    + +
    + + +
    + +
    +
    + +
    + + +
    + + <%--Login error--%> + Access denied !!! + Authentication Failure +
    +
    + +
    +
    -
    - - -
    - -
    -
    - -   - <%--Login error--%> - Access denied !!! - Authentication Failure - +
    +
    +

    你可以使用以下几个初始的账号进行登录:

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    UsernamePasswordPrivileges
    adminadminAll privileges, allow visit [Mobile] and [Unity] resources
    unityunityOnly allow visit [Unity] resource, support grant_type: + authorization_code,refresh_token,implicit
    mobilemobileOnly allow visit [Mobile] resource, support grant_type: password,refresh_token
    diff --git a/src/main/webapp/static/api/SOS_API-0.5.html b/src/main/webapp/static/api/SOS_API-0.5.html new file mode 100644 index 0000000..53f9bf6 --- /dev/null +++ b/src/main/webapp/static/api/SOS_API-0.5.html @@ -0,0 +1,650 @@ + + + + + + + + spring-oauth-server API + + + + +

    spring-oauth-server + V-0.5 +

    + +
    + 说明: 本文档用于描述spring-oauth-server对外开发的接口(API)使用, 所有标记 + public + 的API都是公开的, 其他的API则需要获取 + access_token + 后可调用 +
    + +
    +
    + +
    +
    + +
    +

    获取access_token (grant_type=password) + public +

    + +

    使用grant_type=password方式来获取access_token

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typepassword固定值
      scope{scope}read or write
      username{username}用户名
      password{password}用户密码
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=6361b08fdea6400f93b2eccda8936b32&client_secret=i4KXewMI0u6i8CFEZo10mB2rGzQRXrIv&grant_type=password&scope=read&username=mobile&password=mobile +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"1f60abaf-6c3f-45a8-a574-bbbe6f76083f","token_type":"bearer","expires_in":41769,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (grant_type=authorization_code) + public +

    + +

    使用grant_type=authorization_code 方式来获取access_token, 需要先获取code

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeauthorization_code固定值
      code{code}
      redirect_uri{redirect_uri}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=[code]&redirect_uri=[redirect_uri] +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"2c612eb7-a22b-45f0-8b2e-cd6f9e366772","token_type":"bearer","refresh_token":"6c984bdc-01c7-486f-93bf-5637990d8a37","expires_in":43199,"scope":"read + write"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid authorization code: vzmIh1"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取access_token (grant_type=client_credentials) + public +

    + +

    使用grant_type=client_credentials 方式来获取access_token, 不需要username, password

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeclient_credentials固定值
      scope{scope}read or write
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=client_credentials&scope=read +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e5ea7620-5459-4d53-a7a0-6888bbb76f62","token_type":"bearer","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (Restful API) + public +

    + +

    Restful API 获取access_token, + 适用于grant_type为authorization_code,password,refresh_token,client_credentials

    + +
      +
    • +

      + 请求URI: /oauth/rest_token POST REST +

      + +

      + Content-Type: + application/json +

      +
      + 请求Body参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      grant_type{grant_type}authorization_code,password,refresh_token,client_credentials
      scope{scope}read or write
      client_id{client_id}
      client_secret{client_secret}
      username{username}grant_type=password时必须有
      password{password}grant_type=password时必须有
      + 请求Body示例: +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read","username":"mobile","password":"mobile"} +

      + 或 +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read"} +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e2996930-8398-44fd-8de5-7d1b1624ced7","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43008,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Bad credentials"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    刷新access_token (grant_type=refresh_token) + public +

    + +

    用于在access_token要过期时换取新的access_token (grant_type需要有refresh_token)

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typerefresh_token固定值
      refresh_token{refresh_token}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=refresh_token&refresh_token=1156ebfe-e303-4572-9fb5-4459a5d46610 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"b12cace6-7ce4-4fa8-b127-cf537d15b213","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid refresh token: + 1156ebfe-e303-4572-9fb5-4459a5d46610"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取当前用户信息 (ROLE_UNITY)

    + +

    使用access_token获取用户信息, 需要有 ROLE_UNITY 权限

    + +
      +
    • +

      + 请求URI: /unity/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/unity/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"55b713df1c6f423e842ad68668523c49","archived":false,"username":"unity","phone":"","email":"unity@wdcy.cc","privileges":["UNITY"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取当前用户信息 (ROLE_MOBILE)

    + +

    使用access_token获取用户信息, 需要有 ROLE_MOBILE 权限

    + +
      +
    • +

      + 请求URI: /m/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/m/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"612025cb3f964a64a48bbdf77e53c2c1","archived":false,"username":"mobile","phone":"","email":"mobile@wdcy.cc","privileges":["MOBILE"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +
    + + +
    +
    +
    +

    + © 2013 - 2016 + sz@monkeyk.com from spring-oauth-server +

    +
    +
    + + \ No newline at end of file diff --git a/src/main/webapp/static/api/SOS_API-0.6.html b/src/main/webapp/static/api/SOS_API-0.6.html new file mode 100644 index 0000000..4971607 --- /dev/null +++ b/src/main/webapp/static/api/SOS_API-0.6.html @@ -0,0 +1,650 @@ + + + + + + + + spring-oauth-server API + + + + +

    spring-oauth-server + V-0.6 +

    + +
    + 说明: 本文档用于描述spring-oauth-server对外开发的接口(API)使用, 所有标记 + public + 的API都是公开的, 其他的API则需要获取 + access_token + 后可调用 +
    + +
    +
    + +
    +
    + +
    +

    获取access_token (grant_type=password) + public +

    + +

    使用grant_type=password方式来获取access_token

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typepassword固定值
      scope{scope}read or write
      username{username}用户名
      password{password}用户密码
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=6361b08fdea6400f93b2eccda8936b32&client_secret=i4KXewMI0u6i8CFEZo10mB2rGzQRXrIv&grant_type=password&scope=read&username=mobile&password=mobile +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"1f60abaf-6c3f-45a8-a574-bbbe6f76083f","token_type":"bearer","expires_in":41769,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (grant_type=authorization_code) + public +

    + +

    使用grant_type=authorization_code 方式来获取access_token, 需要先获取code

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeauthorization_code固定值
      code{code}
      redirect_uri{redirect_uri}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=[code]&redirect_uri=[redirect_uri] +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"2c612eb7-a22b-45f0-8b2e-cd6f9e366772","token_type":"bearer","refresh_token":"6c984bdc-01c7-486f-93bf-5637990d8a37","expires_in":43199,"scope":"read + write"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid authorization code: vzmIh1"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取access_token (grant_type=client_credentials) + public +

    + +

    使用grant_type=client_credentials 方式来获取access_token, 不需要username, password

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeclient_credentials固定值
      scope{scope}read or write
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=client_credentials&scope=read +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e5ea7620-5459-4d53-a7a0-6888bbb76f62","token_type":"bearer","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (Restful API) + public +

    + +

    Restful API 获取access_token, + 适用于grant_type为authorization_code,password,refresh_token,client_credentials

    + +
      +
    • +

      + 请求URI: /oauth/rest_token POST REST +

      + +

      + Content-Type: + application/json +

      +
      + 请求Body参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      grant_type{grant_type}authorization_code,password,refresh_token,client_credentials
      scope{scope}read or write
      client_id{client_id}
      client_secret{client_secret}
      username{username}grant_type=password时必须有
      password{password}grant_type=password时必须有
      + 请求Body示例: +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read","username":"mobile","password":"mobile"} +

      + 或 +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read"} +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e2996930-8398-44fd-8de5-7d1b1624ced7","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43008,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Bad credentials"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    刷新access_token (grant_type=refresh_token) + public +

    + +

    用于在access_token要过期时换取新的access_token (grant_type需要有refresh_token)

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typerefresh_token固定值
      refresh_token{refresh_token}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=refresh_token&refresh_token=1156ebfe-e303-4572-9fb5-4459a5d46610 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"b12cace6-7ce4-4fa8-b127-cf537d15b213","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid refresh token: + 1156ebfe-e303-4572-9fb5-4459a5d46610"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取当前用户信息 (ROLE_UNITY)

    + +

    使用access_token获取用户信息, 需要有 ROLE_UNITY 权限

    + +
      +
    • +

      + 请求URI: /unity/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/unity/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"55b713df1c6f423e842ad68668523c49","archived":false,"username":"unity","phone":"","email":"unity@wdcy.cc","privileges":["UNITY"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取当前用户信息 (ROLE_MOBILE)

    + +

    使用access_token获取用户信息, 需要有 ROLE_MOBILE 权限

    + +
      +
    • +

      + 请求URI: /m/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/m/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"612025cb3f964a64a48bbdf77e53c2c1","archived":false,"username":"mobile","phone":"","email":"mobile@wdcy.cc","privileges":["MOBILE"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +
    + + +
    +
    +
    +

    + © 2013 - 2016 + sz@monkeyk.com from spring-oauth-server +

    +
    +
    + + \ No newline at end of file diff --git a/src/main/webapp/static/api/SOS_API-1.0.html b/src/main/webapp/static/api/SOS_API-1.0.html new file mode 100644 index 0000000..89c022a --- /dev/null +++ b/src/main/webapp/static/api/SOS_API-1.0.html @@ -0,0 +1,722 @@ + + + + + + + + spring-oauth-server API + + + + +

    spring-oauth-server + V-1.0 +

    + +
    + 说明: 本文档用于描述spring-oauth-server对外开发的接口(API)使用, 所有标记 + public + 的API都是公开的, 其他的API则需要获取 + access_token + 后可调用 +
    + +
    +
    + +
    +
    + +
    +

    获取access_token (grant_type=password) + public +

    + +

    使用grant_type=password方式来获取access_token

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typepassword固定值
      scope{scope}read or write
      username{username}用户名
      password{password}用户密码
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=6361b08fdea6400f93b2eccda8936b32&client_secret=i4KXewMI0u6i8CFEZo10mB2rGzQRXrIv&grant_type=password&scope=read&username=mobile&password=mobile +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"1f60abaf-6c3f-45a8-a574-bbbe6f76083f","token_type":"bearer","expires_in":41769,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (grant_type=authorization_code) + public +

    + +

    使用grant_type=authorization_code 方式来获取access_token, 需要先获取code

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeauthorization_code固定值
      code{code}
      redirect_uri{redirect_uri}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=[code]&redirect_uri=[redirect_uri] +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"2c612eb7-a22b-45f0-8b2e-cd6f9e366772","token_type":"bearer","refresh_token":"6c984bdc-01c7-486f-93bf-5637990d8a37","expires_in":43199,"scope":"read + write"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid authorization code: vzmIh1"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取access_token (grant_type=client_credentials) + public +

    + +

    使用grant_type=client_credentials 方式来获取access_token, 不需要username, password

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeclient_credentials固定值
      scope{scope}read or write
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=client_credentials&scope=read +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e5ea7620-5459-4d53-a7a0-6888bbb76f62","token_type":"bearer","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (Restful API) + public +

    + +

    Restful API 获取access_token, + 适用于grant_type为authorization_code,password,refresh_token,client_credentials

    + +
      +
    • +

      + 请求URI: /oauth/rest_token POST REST +

      + +

      + Content-Type: + application/json +

      +
      + 请求Body参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      grant_type{grant_type}authorization_code,password,refresh_token,client_credentials
      scope{scope}read or write
      client_id{client_id}
      client_secret{client_secret}
      username{username}grant_type=password时必须有
      password{password}grant_type=password时必须有
      + 请求Body示例: +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read","username":"mobile","password":"mobile"} +

      + 或 +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read"} +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e2996930-8398-44fd-8de5-7d1b1624ced7","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43008,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Bad credentials"} + +

        +
        • +
      +
      • +
    +
    +
    +

    校验access_token + public +

    + +

    校验, 检查access_token的有效性

    + +
      +
    • +

      + 请求URI: /oauth/check_token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      token{access_token}
      client_id{client_id}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/check_token?token=e2996930-8398-44fd-8de5-7d1b1624ced7&client_id=mobile-client +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"aud":["mobile-resource"],"exp":1505878459,"user_name":"mobile","authorities":["ROLE_MOBILE","ROLE_USER"],"client_id":"mobile-client","scope":["read","write"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_token","error_description":"Token was not recognised"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    刷新access_token (grant_type=refresh_token) + public +

    + +

    用于在access_token要过期时换取新的access_token (grant_type需要有refresh_token)

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typerefresh_token固定值
      refresh_token{refresh_token}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=refresh_token&refresh_token=1156ebfe-e303-4572-9fb5-4459a5d46610 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"b12cace6-7ce4-4fa8-b127-cf537d15b213","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid refresh token: + 1156ebfe-e303-4572-9fb5-4459a5d46610"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取当前用户信息 (ROLE_UNITY)

    + +

    使用access_token获取用户信息, 需要有 ROLE_UNITY 权限

    + +
      +
    • +

      + 请求URI: /unity/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/unity/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"55b713df1c6f423e842ad68668523c49","archived":false,"username":"unity","phone":"","email":"unity@wdcy.cc","privileges":["UNITY"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取当前用户信息 (ROLE_MOBILE)

    + +

    使用access_token获取用户信息, 需要有 ROLE_MOBILE 权限

    + +
      +
    • +

      + 请求URI: /m/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/m/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"612025cb3f964a64a48bbdf77e53c2c1","archived":false,"username":"mobile","phone":"","email":"mobile@wdcy.cc","privileges":["MOBILE"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +
    + + +
    +
    +
    +

    + © 2013 - 2017 + sz@monkeyk.com from spring-oauth-server +

    +
    +
    + + \ No newline at end of file diff --git a/src/main/webapp/static/api/SOS_API-2.0.html b/src/main/webapp/static/api/SOS_API-2.0.html new file mode 100644 index 0000000..b38765c --- /dev/null +++ b/src/main/webapp/static/api/SOS_API-2.0.html @@ -0,0 +1,720 @@ + + + + + + + + spring-oauth-server API + + + + +

    spring-oauth-server + 2.0.0 +

    + +
    + 说明: 本文档用于描述spring-oauth-server对外开发的接口(API)使用, 所有标记 + public + 的API都是公开的, 其他的API则需要获取 + access_token + 后可调用 +
    + +
    +
    + +
    +
    + +
    +

    获取access_token (grant_type=password) + public +

    + +

    使用grant_type=password方式来获取access_token

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typepassword固定值
      scope{scope}read or write
      username{username}用户名
      password{password}用户密码
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=6361b08fdea6400f93b2eccda8936b32&client_secret=i4KXewMI0u6i8CFEZo10mB2rGzQRXrIv&grant_type=password&scope=read&username=mobile&password=mobile +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"1f60abaf-6c3f-45a8-a574-bbbe6f76083f","token_type":"bearer","expires_in":41769,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (grant_type=authorization_code) + public +

    + +

    使用grant_type=authorization_code 方式来获取access_token, 需要先获取code

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeauthorization_code固定值
      code{code}
      redirect_uri{redirect_uri}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=[code]&redirect_uri=[redirect_uri] +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"2c612eb7-a22b-45f0-8b2e-cd6f9e366772","token_type":"bearer","refresh_token":"6c984bdc-01c7-486f-93bf-5637990d8a37","expires_in":43199,"scope":"read + write"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid authorization code: vzmIh1"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取access_token (grant_type=client_credentials) + public +

    + +

    使用grant_type=client_credentials 方式来获取access_token, 不需要username, password

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typeclient_credentials固定值
      scope{scope}read or write
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=client_credentials&scope=read +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e5ea7620-5459-4d53-a7a0-6888bbb76f62","token_type":"bearer","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Bad client credentials</error_description><error>invalid_client</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取access_token (Restful API) + public +

    + +

    Restful API 获取access_token, + 适用于grant_type为authorization_code,password,refresh_token,client_credentials

    + +
      +
    • +

      + 请求URI: /oauth/rest_token POST REST +

      + +

      + Content-Type: + application/json +

      +
      + 请求Body参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      grant_type{grant_type}authorization_code,password,refresh_token,client_credentials
      scope{scope}read or write
      client_id{client_id}
      client_secret{client_secret}
      username{username}grant_type=password时必须有
      password{password}grant_type=password时必须有
      + 请求Body示例: +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read","username":"mobile","password":"mobile"} +

      + 或 +

      + {"client_id":"test1234","client_secret":"test1234","grant_type":"password","scope":"read"} +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"e2996930-8398-44fd-8de5-7d1b1624ced7","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43008,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Bad credentials"} + +

        +
        • +
      +
      • +
    +
    +
    +

    校验access_token + public +

    + +

    校验, 检查access_token的有效性

    + +
      +
    • +

      + 请求URI: /oauth/check_token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      token{access_token}
      client_id{client_id}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/check_token?token=e2996930-8398-44fd-8de5-7d1b1624ced7&client_id=mobile-client +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"aud":["mobile-resource"],"exp":1505878459,"user_name":"mobile","authorities":["ROLE_MOBILE","ROLE_USER"],"client_id":"mobile-client","scope":["read","write"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_token","error_description":"Token was not recognised"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    刷新access_token (grant_type=refresh_token) + public +

    + +

    用于在access_token要过期时换取新的access_token (grant_type需要有refresh_token)

    + +
      +
    • +

      + 请求URI: /oauth/token POST +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      client_id{client_id}
      client_secret{client_secret}
      grant_typerefresh_token固定值
      refresh_token{refresh_token}
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/oauth/token?client_id=test1234&client_secret=test1234&grant_type=refresh_token&refresh_token=1156ebfe-e303-4572-9fb5-4459a5d46610 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"access_token":"b12cace6-7ce4-4fa8-b127-cf537d15b213","token_type":"bearer","refresh_token":"2b2de701-53e7-4b57-8301-e4a06ee49698","expires_in":43199,"scope":"read"} + +

        +
        • +
      • +

        + 异常 [401]
        + + {"error":"invalid_grant","error_description":"Invalid refresh token: + 1156ebfe-e303-4572-9fb5-4459a5d46610"} + +

        +
        • +
      +
      • +
    +
    + +
    +

    获取当前用户信息 (ROLE_UNITY)

    + +

    使用access_token获取用户信息, 需要有 ROLE_UNITY 权限

    + +
      +
    • +

      + 请求URI: /unity/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/unity/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"55b713df1c6f423e842ad68668523c49","archived":false,"username":"unity","phone":"","email":"unity@wdcy.cc","privileges":["UNITY"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +

    返回

    + +

    获取当前用户信息 (ROLE_MOBILE)

    + +

    使用access_token获取用户信息, 需要有 ROLE_MOBILE 权限

    + +
      +
    • +

      + 请求URI: /m/user_info GET +

      + +
      + 请求参数说明: + + + + + + + + + + + + + + +
      参数名参数值必须?备注
      + 请求示例: +

      + http://localhost:8080/spring-oauth-server/m/user_info?access_token=b12cace6-7ce4-4fa8-b127-cf537d15b213 +

      + +
      +
      + + 响应 + +
        +
      • +

        + 正常 [200]
        + + {"guid":"612025cb3f964a64a48bbdf77e53c2c1","archived":false,"username":"mobile","phone":"","email":"mobile@wdcy.cc","privileges":["MOBILE"]} + +

        +
        • +
      • +

        + 异常 [401]
        + + <oauth><error_description>Invalid access token: + 2c612eb7-a22b-45f0-8b2e-cd6f9e3667722</error_description><error>invalid_token</error></oauth> + +

        +
        • +
      +
      • +
    +
    + +
    +
    + + +
    +
    +
    +

    + © 2013 - 2018 spring-oauth-server +

    +
    +
    + + \ No newline at end of file