# 企业级开发框架实验四

**Repository Path**: qipeiabc/SpringBootTest4

## Basic Information

- **Project Name**: 企业级开发框架实验四
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-05-17
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# 实验四 基于Spring Security码云OAuth2认证

#### 一、 实验目的
1. 掌握使用Spring Security框架；
2. 掌握配置Spring Security的安全过滤链；
3. 掌握编写Spring Security单元测试；
4. 掌握创建接入码云的应用；
5. 掌握码云OAuth2认证基本流程；
6. 掌握使用码云API；
7. 了解使用模板引擎或前端框架制作用户登录界面。


#### 二、 实验环境
1. JDK 1.8或更高版本
2. Maven 3.6+
3. IntelliJ IDEA

#### 三、 实验任务
1. 创建接入码云的应用
```
static final String CLIENT_ID = "a38ea69882eae02d6132d77d3aaaf029c51a792b3aff42fc2f9970067d3fd3f7";
static final String CLIENT_SECRET = "0cbb1570fb6302053dcc4f233c9cd22932373156ed9e17f68c2a6e1bc7299ec5";
```
2.  编写重定向过滤器的业务逻辑
```
  response.sendRedirect(StringFormat.format(AUTHENTICATION_URL, CLIENT_ID, REDIRECT_URI));

//自定义字符填充格式化类
package cn.edu.dgut.css.sai.springsecuritygiteeexperiment;
public class StringFormat {
    public static String format(String s, String ...args) {
        if(s == null || args == null || args.length == 0) {
            return null;
        }
        for (String arg : args) {
            int begin = s.indexOf("{");
            int end = s.indexOf("}") + 1;
            if(begin >= 0 && end >= 0) {
                String substring = s.substring(begin, end);
                s = s.replace(substring, arg);
            } else {
                break;
            }
        }
        return s;
    }
}
```
3.  使用码云access_token API向码云认证服务器发送post请求获取
```
            URI uri = UriComponentsBuilder
                    .fromUriString(StringFormat.format(ACCESS_TOKEN_API_URI, code, CLIENT_ID, REDIRECT_URI, CLIENT_SECRET))
                    .build(42);
            RequestEntity<Void> requestEntity = RequestEntity.post(uri).header("User-Agent", "spring-security-gitee-experiment").build();
            ResponseEntity<String> responseEntity = rest.exchange(requestEntity, String.class);
            String json = responseEntity.getBody();
            Map<String, Object> map = new JacksonJsonParser().parseMap(json);
            return String.valueOf(map.get("access_token"));
```
4.使用码云API获取授权用户的资料
```
            URI uri = UriComponentsBuilder
                    .fromUriString(StringFormat.format(USER_INFO_URI, accessToken))
                    .build(42);
            RequestEntity<Void> requestEntity = RequestEntity.get(uri).header("User-Agent", "spring-security-gitee-experiment").build();
            ResponseEntity<String> responseEntity = rest.exchange(requestEntity, String.class);
            String json = responseEntity.getBody();
            Map<String, Object> map = new JacksonJsonParser().parseMap(json);
            return map;
```
5.把自定义的两个Filter加进安全过滤链
```
    http.addFilterAfter(new GiteeOAuth2RedirectFilter(), SecurityContextPersistenceFilter.class);
  http.addFilterAfter(new GiteeOAuth2LoginAuthenticationFilter(), SecurityContextPersistenceFilter.class);
```
6.把我们自定义的SecurityConfigurer应用到安全过滤链
```
   and.apply(new GiteeOAuth2LoginConfigurer<HttpSecurity>())
```
7.改造/user接口，返回码云用户资料给前端；改造user.ftlh模板用于显示用户资料。
```
       Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            GiteeOAuth2LoginConfigurer.UserInfo userInfo = (GiteeOAuth2LoginConfigurer.UserInfo) authentication.getPrincipal();
            System.out.println(userInfo);
            System.out.println(authentication.getPrincipal());
            model.addAttribute("userInfo", userInfo.getMap());
            model.addAttribute("securityDetails", authentication.getDetails());
            return "user";
```
8.信息展示页面 
 
  <div align=center>
    <img width = '90%' height ='60%' src ="https://images.gitee.com/uploads/images/2020/0517/180255_5d43af14_4835231.png"/>
 
</div>