add ch09

xindongbook · Jun 13, 2020 · 9f6ca71 · 9f6ca71
1 parent 773cf71
commit 9f6ca71
Show file tree

Hide file tree

Showing 5 changed files with 386 additions and 11 deletions.
diff --git a/src/com/oauth/ch03/AppIndexServlet.java b/src/com/oauth/ch03/AppIndexServlet.java
@@ -20,6 +20,7 @@
 public class AppIndexServlet extends HttpServlet {
 
 
+    //8080:三方软件，8081：授权服务，8081：受保护资源服务 为了演示方便我们将授权服务和受保护资源服务放在同一个服务上面
 
     String oauthUrl = "http://localhost:8081/OauthServlet-ch03?reqType=oauth";
     String redirectUrl = "http://localhost:8080/AppServlet-ch03";

diff --git a/src/com/oauth/ch03/AppServlet.java b/src/com/oauth/ch03/AppServlet.java
@@ -17,6 +17,7 @@ public class AppServlet extends HttpServlet {
 
 
     String oauthURl="http://localhost:8081/OauthServlet-ch03";
+    String protectedURl="http://localhost:8081/ProtectedServlet-ch03";
 
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 
@@ -25,6 +26,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
 
 
+
         //授权码许可流程，DEMO CODE
 
         String code = request.getParameter("code");
@@ -40,6 +42,15 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
 
         System.out.println("accessToken:"+accessToken);
 
+        //使用 accessToken 请求受保护资源服务
+
+        Map<String, String> paramsMap = new HashMap<String, String>();
+
+        paramsMap.put("app_id","APPID_RABBIT");
+        paramsMap.put("app_secret","APPSECRET_RABBIT");
+        paramsMap.put("token",accessToken);
+
+        String result = HttpURLClient.doPost(protectedURl,HttpURLClient.mapToStr(paramsMap));
 
 
     }

diff --git a/src/com/oauth/ch03/ProtectedServlet.java b/src/com/oauth/ch03/ProtectedServlet.java
@@ -0,0 +1,77 @@
+package com.oauth.ch03;
+
+import com.my.util.HttpURLClient;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+@WebServlet("/ProtectedServlet-ch03")
+public class ProtectedServlet extends HttpServlet {
+
+
+
+
+
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        //省略验证代码
+
+        String accessToken =  request.getParameter("token");
+
+        //根据当时授权的token对应的权限范围，做相应的处理动作
+        //不同权限对应不同的操作
+        String[] scope = OauthServlet.tokenScopeMap.get(accessToken);
+
+        StringBuffer sbuf = new StringBuffer();
+        for(int i=0;i<scope.length;i++){
+            sbuf.append(scope[i]).append("|");
+        }
+
+        if(sbuf.toString().indexOf("query")>0){
+            queryGoods("");
+        }
+
+        if(sbuf.toString().indexOf("add")>0){
+            addGoods("");
+        }
+
+        if(sbuf.toString().indexOf("del")>0){
+            delGoods("");
+        }
+
+        //不同的用户对应不同的数据
+        String user = OauthServlet.tokenMap.get(accessToken);
+        queryOrders(user);
+    }
+
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+
+
+
+    }
+
+
+    private String queryGoods(String id){
+        return "";
+    }
+
+    private boolean addGoods(String goods){
+        return true;
+    }
+
+    private boolean delGoods(String id){
+        return true;
+    }
+
+    private String queryOrders(String user){
+        return "";
+    }
+
+}
diff --git a/src/com/oauth/ch04/JWTTest.java b/src/com/oauth/ch04/JWTTest.java
@@ -20,7 +20,7 @@ public class JWTTest {
 
 
 
-    static String publicKey = "QgkAQIDAQAB";
+    /*static String publicKey = "QgkAQIDAQAB";
     static String privateKey = "hellooauth";
 
 
@@ -55,15 +55,14 @@ public static PrivateKey getPrivateKey() {
         }
 
         return null;
-    }
+    }*/
 
 
     public static void main(String[] args) {
         String sharedTokenSecret="hellooauthhellooauthhellooauthhellooauth";
         Key key = new SecretKeySpec(sharedTokenSecret.getBytes(),
                 SignatureAlgorithm.HS256.getJcaName());
 
-
         Map<String, Object> headerMap = new HashMap<>();
         headerMap.put("typ", "JWT");
         headerMap.put("alg", "HS256");
@@ -77,28 +76,20 @@ public static void main(String[] args) {
 
         System.out.println("jws2:" + jws2);
 
-
-
         /*String sharedTokenSecret2="hellooauthhellooauthhellooauthhellooaut0";
         Key key2 = new SecretKeySpec(sharedTokenSecret2.getBytes(),
                 SignatureAlgorithm.HS256.getJcaName());
 
-
         Jws<Claims> claimsJws = Jwts.parserBuilder().setSigningKey(key2).build().parseClaimsJws(jws2);*/
 
         Jws<Claims> claimsJws = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(jws2);
 
-
         JwsHeader header = claimsJws.getHeader();
         Claims body = claimsJws.getBody();
 
-
-
         System.out.println("jwt header:" + header);
         System.out.println("jwt body:" + body);
         System.out.println("jwt body:" + body.getSubject());
-
-
     }
 
 }