## 框架自带登录接口
SpringSecurityOauth2框架中提供了登录认证的端点`TokenEndpoint`,支持Get、Post请求:
```
@FrameworkEndpoint
public class TokenEndpoint extends AbstractEndpoint {
private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
@RequestMapping(value = "/oauth/token", method=RequestMethod.GET)
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!allowedRequestMethods.contains(HttpMethod.GET)) {
throw new HttpRequestMethodNotSupportedException("GET");
}
return postAccessToken(principal, parameters);
}
@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException(
"There is no client authentication. Try adding an appropriate authentication filter.");
}
}
}
```
## 自定义登录端点
```
@ApiOperation(value = "用户名密码获取token")
@PostMapping("/oauth/user/token")
@LogAnnotation(module = "auth-server", recordRequestParam = true)
public void getUserTokenInfo(
@ApiParam(required = true, name = "username", value = "账号") @RequestParam(value = "username") String username,
@ApiParam(required = true, name = "password", value = "密码") @RequestParam(value = "password") String password) {
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder
.getRequestAttributes();
HttpServletRequest request = servletRequestAttributes.getRequest();
HttpServletResponse response = servletRequestAttributes.getResponse();
try {
String clientId = request.getHeader("client_id");
String clientSecret = request.getHeader("client_secret");
OAuth2AccessToken oAuth2AccessToken = sysTokenService.getUserTokenInfo(clientId, clientSecret, username,
DesUtils.decryption(password, SecurityConstant.LOGIN_PASSWORD_ENCRYPT_KEY));
ResponseUtil.renderJson(response, oAuth2AccessToken);
} catch (Exception e) {
Map<String, String> rsp = new HashMap<>();
rsp.put("code", HttpStatus.UNAUTHORIZED.value() + "");
rsp.put("msg", e.getMessage());
ResponseUtil.renderJsonError(response, rsp, HttpStatus.UNAUTHORIZED.value());
}
}
```
- 写在前面
- 如何阅读源码
- 第一部分 开源框架
- Netty
- 启动过程
- SpringSecurityOauth2
- Quartz
- quartz启动原理
- quartz定时调度任务触发流程
- 第二部分 优质中间件源码分析
- Canal
- Canal是如何伪装为mysql的slave的?
- canal源码调试
- Sentinel
- 核心概念梳理
- 滑动窗口实现原理
- jvm-sandbox
- jvm-sandbox-repeater
- Windows环境安装
- 结果比对
- 第三部分 优质行业项目源码分析
- 第一章 分库分表实践
- sharding-jdbc
- 第二章 DDD领域驱动
- 享同科技DDD开源框架
- J-IM
- 功能测试
- 悟空CRM
- 项目搭建
- 默认密码
- dataX-web
- 项目搭建
- 部署报错
- dolphinscheduler
- awescnb
- geek
- chrome插件-funds
- 优质开源项目备忘