Shulou(Shulou.com)06/02 Report--

This article is to share with you about how SpringSecurityOAuth2 custom login and login, the editor thinks it is very practical, so share with you to learn, I hope you can get something after reading this article, say no more, follow the editor to have a look.

Login customization: logging out is equivalent to invalidating token. We only need to bring the access_token request ConsumerTokenServices (default logout API), and the old token will not be available after the request.

@ DeleteMapping ("/ logout") public ResponseVo logout (String accessToken) {if (consumerTokenServices.revokeToken (accessToken)) {return new ResponseVo (200, "logout successful");} else {return new ResponseVo (500, "logout failed");}}

Login customization: the default token request address is "oauth/token", which can be customized in the AuthorizationServerEndpointsConfigurer configuration of the authentication service configuration.

/ * configure authorization (authorization) and access endpoint and token service (token services) for token (token) * / @ Override public void configure (AuthorizationServerEndpointsConfigurer endpoints) throws Exception {/ / endpoints.pathMapping ("/ oauth/token", "/ token/login") Set the token generation request address endpoints .tokenStore (tokenStore ()) / configure token to store .userDetailsService (userDetailsService) / / configure custom user rights data. If not configured, token will not be able to refresh .authenticationManager (authenticationManager) .tokenServices (defaultTokenServices ()) / / load token configuration .accountionTranslator (webResponseExceptionTranslator) / / Custom exception return}

We can also encapsulate our own request and do some of our own processing before requesting the token. Here I use to get the information that needs to request token, and then use RestTemplate on the java side to call to generate the token address to get token. I can do some other processing before calling, such as CAPTCHA check and so on.

@ PostMapping ("/ login") public ResponseVo login (HttpServletRequest request) throws UnsupportedEncodingException {String header = request.getHeader ("Authorization"); if (header = = null & &! header.startsWith ("Basic")) {return new ResponseVo (400, "missing parameter in request header");} String url = "http://" + request.getRemoteAddr () +": "+ request.getServerPort () +" / oauth/token "; Map map = new HashMap () Map.put ("grant_type", "password"); map.put ("username", request.getParameter ("username")); map.put ("password", request.getParameter ("password")); HttpHeaders headers = new HttpHeaders (); headers.set ("Authorization", header); headers.setContentType (MediaType.APPLICATION_FORM_URLENCODED); / / this mode is required, otherwise the requester cannot get grant_type HttpEntity httpEntity = new HttpEntity (headers). ResponseEntity response = restTemplate.postForEntity (url + "?" + LinkStringUtil.createLinkStringByGet (map), httpEntity, String.class); if (response.getStatusCodeValue () = = 200) {return new ResponseVo (200, "login successful", JSONObject.parseObject (response.getBody ();} else {return new ResponseVo (500, "login failed") }} above is how SpringSecurityOAuth2 customizes login and logout. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.