## 框架自帶登錄接口
SpringSecurityOauth2框架中提供了登錄認證的端點`TokenEndpoint`,支持Get、Post請求:
```
@FrameworkEndpoint
public class TokenEndpoint extends AbstractEndpoint {
private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
@RequestMapping(value = "/oauth/token", method=RequestMethod.GET)
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!allowedRequestMethods.contains(HttpMethod.GET)) {
throw new HttpRequestMethodNotSupportedException("GET");
}
return postAccessToken(principal, parameters);
}
@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException(
"There is no client authentication. Try adding an appropriate authentication filter.");
}
}
}
```
## 自定義登錄端點
```
@ApiOperation(value = "用戶名密碼獲取token")
@PostMapping("/oauth/user/token")
@LogAnnotation(module = "auth-server", recordRequestParam = true)
public void getUserTokenInfo(
@ApiParam(required = true, name = "username", value = "賬號") @RequestParam(value = "username") String username,
@ApiParam(required = true, name = "password", value = "密碼") @RequestParam(value = "password") String password) {
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder
.getRequestAttributes();
HttpServletRequest request = servletRequestAttributes.getRequest();
HttpServletResponse response = servletRequestAttributes.getResponse();
try {
String clientId = request.getHeader("client_id");
String clientSecret = request.getHeader("client_secret");
OAuth2AccessToken oAuth2AccessToken = sysTokenService.getUserTokenInfo(clientId, clientSecret, username,
DesUtils.decryption(password, SecurityConstant.LOGIN_PASSWORD_ENCRYPT_KEY));
ResponseUtil.renderJson(response, oAuth2AccessToken);
} catch (Exception e) {
Map<String, String> rsp = new HashMap<>();
rsp.put("code", HttpStatus.UNAUTHORIZED.value() + "");
rsp.put("msg", e.getMessage());
ResponseUtil.renderJsonError(response, rsp, HttpStatus.UNAUTHORIZED.value());
}
}
```
- 寫在前面
- 如何閱讀源碼
- 第一部分 開源框架
- Netty
- 啟動過程
- SpringSecurityOauth2
- Quartz
- quartz啟動原理
- quartz定時調度任務觸發流程
- 第二部分 優質中間件源碼分析
- Canal
- Canal是如何偽裝為mysql的slave的?
- canal源碼調試
- Sentinel
- 核心概念梳理
- 滑動窗口實現原理
- jvm-sandbox
- jvm-sandbox-repeater
- Windows環境安裝
- 結果比對
- 第三部分 優質行業項目源碼分析
- 第一章 分庫分表實踐
- sharding-jdbc
- 第二章 DDD領域驅動
- 享同科技DDD開源框架
- J-IM
- 功能測試
- 悟空CRM
- 項目搭建
- 默認密碼
- dataX-web
- 項目搭建
- 部署報錯
- dolphinscheduler
- awescnb
- geek
- chrome插件-funds
- 優質開源項目備忘