CAS服务部署
项目导入OAUTH2依赖
Maven
<!-- https://mvnrepository.com/artifact/org.apache.oltu.oauth2/org.apache.oltu.oauth2.authzserver --> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.authzserver</artifactId> <version>1.0.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.oltu.oauth2/org.apache.oltu.oauth2.resourceserver --> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.resourceserver</artifactId> <version>1.0.2</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apache.oltu.oauth2/org.apache.oltu.oauth2.client --> <dependency> <groupId>org.apache.oltu.oauth2</groupId> <artifactId>org.apache.oltu.oauth2.client</artifactId> <version>1.0.2</version> </dependency>Gradle
implementation group: 'org.apache.oltu.oauth2', name: 'org.apache.oltu.oauth2.authzserver',version: ‘1.0.2’ implementation group: 'org.apache.oltu.oauth2', name: 'org.apache.oltu.oauth2.resourceserver',,version: ‘1.0.2’ Implementation group: 'org.apache.oltu.oauth2', name: 'org.apache.oltu.oauth2.client',version: ‘1.0.2’解析OAUTH2授权请求
public class AuthorizeController { public Object authorize(HttpServletRequest request) throws OAuthSystemException, URISyntaxException { try { //构建OAuth 授权请求 OAuthAuthzRequest oauthRequest = new OAuthAuthzRequest(request); //根据传入的clientId 判断 客户端是否存在 if (!authorizeService.checkClientId(oauthRequest.getClientId())) { //生成错误信息,告知客户端不存在 OAuthResponse response = OAuthASResponse .errorResponse(HttpServletResponse.SC_BAD_REQUEST) .setError(OAuthError.TokenResponse.INVALID_CLIENT) .setErrorDescription("客户端验证失败,如错误的用户名密码") .buildJSONMessage(); return new ResponseEntity( response.getBody(), HttpStatus.valueOf(response.getResponseStatus())); } // 判断用户是否登录 Subject subject = SecurityUtils.getSubject(); //如果用户没有登录,跳转到登录页面 if (!subject.isAuthenticated()) { if (!login(request, sysuser)) { //登录失败时跳转到登陆页面 return "登录页面地址"; } } SysUser user = (SysUser) subject.getPrincipal(); //生成授权码 String authorizationCode = null; String responseType = oauthRequest.getParam(OAuth.OAUTH_RESPONSE_TYPE); if (responseType.equals(ResponseType.CODE.toString())) { OAuthIssuerImpl oAuthIssuer = new OAuthIssuerImpl(new MD5Generator()); authorizationCode = oAuthIssuer.authorizationCode(); //把授权码放到缓存中 authorizeService.addAuthCode(authorizationCode, user); } // 进行OAuth响应构建 OAuthASResponse.OAuthAuthorizationResponseBuilder builder = OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND); // 设置授权码 builder.setCode(authorizationCode); // 构建响应 final OAuthResponse response = builder.location(redirectURI).buildQueryMessage(); // 根据OAuthResponse 返回 ResponseEntity响应 HttpHeaders headers = new HttpHeaders(); headers.setLocation(new URI(response.getLocationUri())); return new ResponseEntity(headers, HttpStatus.valueOf(response.getResponseStatus())); } catch (OAuthProblemException e) { // 出错处理 String redirectUri = e.getRedirectUri(); if (OAuthUtils.isEmpty(redirectUri)) { // 告诉客户端没有传入redirectUri直接报错 return new ResponseEntity("告诉客户端没有传入redirectUri直接报错!", HttpStatus.NOT_FOUND); } // 返回错误消息 final OAuthResponse response = OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).error(e).location(redirectUri).buildQueryMessage(); HttpHeaders headers = new HttpHeaders(); headers.setLocation(new URI(response.getLocationUri())); return new ResponseEntity(headers, HttpStatus.valueOf(response.getResponseStatus())); } } }修改项目登录逻辑,如果用户没有登录,引导用户请求OAUTH2服务器登录,地址参考:
http://服务器地址/服务器项目名/oauth-server/authorize?response_type=code&redirect_uri=回跳地址&client_id=用户名&password=密码