分类: JAVA CAS 2012-05-15 09:57 2820人阅读 收藏 举报 cas官方已经在开发cas与oauth集成的插件,使用的是scribe-up这个项目来获取授权后的用户基本信息。计划在cas3.5.0版本时推出,不过现在已经可以用了,下面将以新浪微博为例,说明如何用新浪微博的账号登录cas,到https://github.com/Jasig/cas/tree/master/cas-server-support-oauth下载源码,把cas-server-support-oauth的依赖添加到你的cas项目中。
先定义两个类,SinaWeiboApi20.java和SinaWeiboProvider.java,SinaWeiboApi20.java主要定义新浪微博的授权链接,SinaWeiboProvider.java主要是获取用户授权后的用户信息。
SinaWeiboApi20.java
- public class SinaWeiboApi20 extends DefaultApi20
- {
- private static final String AUTHORIZE_URL = "https://api.weibo.com/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code";
- private static final String SCOPED_AUTHORIZE_URL = AUTHORIZE_URL + "&scope=%s";
-
- @Override
- public Verb getAccessTokenVerb()
- {
- return Verb.POST;
- }
-
- @Override
- public AccessTokenExtractor getAccessTokenExtractor()
- {
- return new JsonTokenExtractor();
- }
-
- @Override
- public String getAccessTokenEndpoint()
- {
- return "https://api.weibo.com/oauth2/access_token?grant_type=authorization_code";
- }
-
- @Override
- public String getAuthorizationUrl(OAuthConfig config)
- {
-
- if (config.hasScope())
- {
- return String.format(SCOPED_AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()), OAuthEncoder.encode(config.getScope()));
- }
- else
- {
- return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));
- }
- }
- }
SinaWeiboProvider.java
- public class SinaWeiboProvider extends BaseOAuth20Provider {
-
- @Override
- protected void internalInit() {
- if (scope != null) {
- service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)
- .apiSecret(secret).callback(callbackUrl).scope(scope).build();
- } else {
- service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)
- .apiSecret(secret).callback(callbackUrl).build();
- }
- String[] names = new String[] {"uid", "username"};
- for (String name : names) {
- mainAttributes.put(name, null);
- }
-
- }
-
- @Override
- protected String getProfileUrl() {
- return "https://api.weibo.com/2/statuses/user_timeline.json";
- }
-
- @Override
- protected UserProfile extractUserProfile(String body) {
- UserProfile userProfile = new UserProfile();
- JsonNode json = JsonHelper.getFirstNode(body);
- ArrayNode statuses = (ArrayNode) json.get("statuses");
- JsonNode userJson = statuses.get(0).get("user");
- if (json != null) {
- UserProfileHelper.addIdentifier(userProfile, userJson, "id");
- for (String attribute : mainAttributes.keySet()) {
- UserProfileHelper.addAttribute(userProfile, json, attribute,
- mainAttributes.get(attribute));
- }
- }
- JsonNode subJson = userJson.get("id");
- if (subJson != null) {
- UserProfileHelper
- .addAttribute(userProfile, "uid", subJson.getIntValue());
-
- }
- subJson = userJson.get("domain");
- if (subJson != null) {
- UserProfileHelper.addAttribute(userProfile, "username",
- subJson.getTextValue());
- }
-
- return userProfile;
- }
-
- }
添加SinaWeiboProvider bean声明到applicationContext.xml
- <bean id="sinaWeibo" class="com.xxx.oauth.provider.SinaWeiboProvider">
- <property name="key" value="sinaweibo_key" />
- <property name="secret" value="sinaweibo_secret" />
- <property name="callbackUrl" value="https://sso.xxx.com:9443/login" />
- </bean>
其中callbackUrl为你cas的登录地址。
在cas-servlet.xml 中定义OAuthAction bean
- <bean id="oauthAction" class="org.jasig.cas.support.oauth.web.flow.OAuthAction"
- p:centralAuthenticationService-ref="centralAuthenticationService" >
- <property name="providers">
- <list>
- <ref bean="sinaWeibo" />
- </list>
- </property>
- </bean>
添加oauthAction到cas的login-webflow.xml中,其主要功能是拦截oauth服务商返回的信息。
- <action-state id="oauthAction">
- <evaluate expression="oauthAction" />
- <transition on="success" to="sendTicketGrantingTicket" />
- <transition on="error" to="ticketGrantingTicketExistsCheck" />
- </action-state>
添加OAuthAuthenticationHandler到deployerConfigContext.xml 中的authenticationHandlers处,使其支持oauth验证
- <property name="authenticationHandlers">
- <list>
- <bean class="org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler">
- <property name="providers">
- <list>
- <ref bean="sinaWeibo" />
- </list>
- </property>
- </bean>
- </list>
- </property>
添加OAuthCredentialsToPrincipalResolver 到deployerConfigContext.xml中的credentialsToPrincipalResolvers处。
- <property name="credentialsToPrincipalResolvers">
- <list>
- <bean class="org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver" >
- </bean>
- </list>
- </property>
如果想获取从oauth返回的用户信息,就必须添加OAuthAuthenticationMetaDataPopulator到deployerConfigContext.xml中authenticationMetaDataPopulators处。
- <property name="authenticationMetaDataPopulators">
- <list>
- <bean class="org.jasig.cas.support.oauth.authentication.OAuthAuthenticationMetaDataPopulator" />
- </list>
- </property>
最后一步就添加用新浪微博账号登录的链接到登录页面
- <a href="${SinaWeiboProviderUrl}">用新浪微博登录</a>
大功告成!
参考资料:https://wiki.jasig.org/display/CASUM/OAuth+client+support
本文地址:
http://blog.csdn.net/laigood12345/article/details/7567247
本站仅提供存储服务,所有内容均由用户发布,如发现有害或侵权内容,请
点击举报。