cas集成oauth,用新浪微博账号登录示例

fmms 8年前

cas官方已经在开发cas与oauth集成的插件,使用的是scribe-up这个项目来获取授权后的用户基本信息。计划在cas3.5.0版本时推出,不过现在已经可以用了,下面将以新浪微博为例,说明如何用新浪微博的账号登录cas,到https://github.com/Jasig/cas/tree/master/cas-server-support-oauth下载源码,把cas-server-support-oauth的依赖添加到你的cas项目中。

先定义两个类,SinaWeiboApi20.java和SinaWeiboProvider.java,SinaWeiboApi20.java主要定义新浪微博的授权链接,SinaWeiboProvider.java主要是获取用户授权后的用户信息。

SinaWeiboApi20.java

public class SinaWeiboApi20 extends DefaultApi20  {    private static final String AUTHORIZE_URL = "https://api.weibo.com/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code";    private static final String SCOPED_AUTHORIZE_URL = AUTHORIZE_URL + "&scope=%s";      @Override    public Verb getAccessTokenVerb()    {      return Verb.POST;    }      @Override    public AccessTokenExtractor getAccessTokenExtractor()    {      return new JsonTokenExtractor();    }      @Override    public String getAccessTokenEndpoint()    {      return "https://api.weibo.com/oauth2/access_token?grant_type=authorization_code";    }      @Override    public String getAuthorizationUrl(OAuthConfig config)    {      // Append scope if present      if (config.hasScope())      {        return String.format(SCOPED_AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()), OAuthEncoder.encode(config.getScope()));      }      else      {        return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));      }    }  }
SinaWeiboProvider.java
    public class SinaWeiboProvider extends BaseOAuth20Provider {                    @Override          protected void internalInit() {            if (scope != null) {              service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)                  .apiSecret(secret).callback(callbackUrl).scope(scope).build();            } else {              service = new ServiceBuilder().provider(SinaWeiboApi20.class).apiKey(key)                  .apiSecret(secret).callback(callbackUrl).build();            }            String[] names = new String[] {"uid", "username"};            for (String name : names) {              mainAttributes.put(name, null);            }                      }                    @Override          protected String getProfileUrl() {            return "https://api.weibo.com/2/statuses/user_timeline.json";          }                    @Override          protected UserProfile extractUserProfile(String body) {            UserProfile userProfile = new UserProfile();            JsonNode json = JsonHelper.getFirstNode(body);            ArrayNode statuses = (ArrayNode) json.get("statuses");            JsonNode userJson = statuses.get(0).get("user");            if (json != null) {              UserProfileHelper.addIdentifier(userProfile, userJson, "id");              for (String attribute : mainAttributes.keySet()) {                UserProfileHelper.addAttribute(userProfile, json, attribute,                    mainAttributes.get(attribute));              }            }            JsonNode subJson = userJson.get("id");            if (subJson != null) {              UserProfileHelper                  .addAttribute(userProfile, "uid", subJson.getIntValue());                          }            subJson = userJson.get("domain");            if (subJson != null) {              UserProfileHelper.addAttribute(userProfile, "username",                  subJson.getTextValue());                 }                    return userProfile;          }                }  
添加SinaWeiboProvider bean声明到applicationContext.xml
    <bean id="sinaWeibo" class="com.xxx.oauth.provider.SinaWeiboProvider">                <property name="key" value="sinaweibo_key" />                <property name="secret" value="sinaweibo_secret" />                <property name="callbackUrl" value="https://sso.xxx.com:9443/login" />            </bean>  

其中callbackUrl为你cas的登录地址。

cas-servlet.xml 中定义OAuthAction bean

    <bean id="oauthAction" class="org.jasig.cas.support.oauth.web.flow.OAuthAction"                p:centralAuthenticationService-ref="centralAuthenticationService"  >                <property name="providers">                    <list>                        <ref bean="sinaWeibo" />                                  </list>                </property>            </bean>  
添加oauthAction到cas的login-webflow.xml中,其主要功能是拦截oauth服务商返回的信息。
    <action-state id="oauthAction">                 <evaluate expression="oauthAction" />                 <transition on="success" to="sendTicketGrantingTicket" />                 <transition on="error" to="ticketGrantingTicketExistsCheck" />            </action-state>  
添加OAuthAuthenticationHandler到deployerConfigContext.xml 中的authenticationHandlers处,使其支持oauth验证
    <property name="authenticationHandlers">                    <list>                                <bean class="org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler">                             <property name="providers">                                       <list>                                             <ref bean="sinaWeibo" />                                                        </list>                                 </property>                           </bean>                                   </list>                </property>  
添加OAuthCredentialsToPrincipalResolverdeployerConfigContext.xml中的credentialsToPrincipalResolvers处。
    <property name="credentialsToPrincipalResolvers">                    <list>                                <bean class="org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver" >                          </bean>                    </list>                </property>  
如果想获取从oauth返回的用户信息,就必须添加OAuthAuthenticationMetaDataPopulator到deployerConfigContext.xml中authenticationMetaDataPopulators处。
    <property name="authenticationMetaDataPopulators">                     <list>                         <bean class="org.jasig.cas.support.oauth.authentication.OAuthAuthenticationMetaDataPopulator" />                     </list>                 </property>  
最后一步就添加用新浪微博账号登录的链接到登录页面
    <a href="${sinaWeiboProviderUrl}">用新浪微博登录</a>   

大功告成!

参考资料:https://wiki.jasig.org/display/CASUM/OAuth+client+support

本文地址:http://blog.csdn.net/laigood12345/article/details/7567247