{"id":1419,"date":"2023-03-20T21:45:38","date_gmt":"2023-03-20T13:45:38","guid":{"rendered":"https:\/\/www.appblog.cn\/?p=1419"},"modified":"2023-04-28T21:06:16","modified_gmt":"2023-04-28T13:06:16","slug":"spring-security-oauth2-password-mode-refresh-token-mode-access-auth-token-endpoint","status":"publish","type":"post","link":"https:\/\/www.appblog.cn\/index.php\/2023\/03\/20\/spring-security-oauth2-password-mode-refresh-token-mode-access-auth-token-endpoint\/","title":{"rendered":"Spring Security OAuth2 password\u6a21\u5f0f\u3001refresh_token\u6a21\u5f0f\u8bbf\u95ee\/oauth\/token\u7aef\u70b9"},"content":{"rendered":"<h2>\/oauth\/token \u7aef\u70b9<\/h2>\n<ul>\n<li>\u7aef\u70b9\u8fc7\u6ee4\u5668<code>TokenEndpointAuthenticationFilter<\/code><\/li>\n<li>\u7aef\u70b9\u5bf9\u5e94\u7684action\u7c7b<code>TokenEndpoint<\/code><\/li>\n<li>\u53d7\u4fdd\u62a4\u7684\u8d44\u6e90\u4fe1\u606f\u7c7b<code>ResourceOwnerPasswordResourceDetails<\/code><\/li>\n<li>\u548c\u8ba4\u8bc1\u670d\u52a1\u5668\u4ea4\u4e92\u8d44\u6e90\u4fe1\u606f\u7c7b<code>ResourceOwnerPasswordAccessTokenProvider<\/code><\/li>\n<\/ul>\n<p><!-- more --><\/p>\n<h2>\/oauth\/token\uff08\u4ee4\u724c\u7aef\u70b9\uff09\u83b7\u53d6\u7528\u6237token\u4fe1\u606f<\/h2>\n<pre><code class=\"language-java\">\/**\n * \/oauth\/token(\u4ee4\u724c\u7aef\u70b9) \u83b7\u53d6\u7528\u6237token\u4fe1\u606f\n *\/\n@RequestMapping(value = &quot;token&quot;, method = RequestMethod.POST)\npublic ResponseEntity&lt;BaseResponse&gt; getToken(@RequestParam String username, @RequestParam String password) {\n\n    ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();\n    resource.setId(propertyService.getProperty(&quot;spring.security.oauth.resource.id&quot;));\n    resource.setClientId(propertyService.getProperty(&quot;spring.security.oauth.resource.client.id&quot;));\n    resource.setClientSecret(propertyService.getProperty(&quot;spring.security.oauth.resource.client.secret&quot;));\n    resource.setGrantType(GrantTypeEnum.PASSWORD.getGrant_type());\n    resource.setAccessTokenUri(propertyService.getProperty(&quot;spring.security.oauth.token.uri&quot;));\n    resource.setUsername(username);\n    resource.setPassword(password);\n    resource.setScope(Arrays.asList(&quot;all&quot;));\n\n    OAuth2RestTemplate template = new OAuth2RestTemplate(resource);\n    ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();\n    template.setAccessTokenProvider(provider);\n    try {\n        OAuth2AccessToken accessToken = template.getAccessToken();\n        Map&lt;String, Object&gt; result = Maps.newHashMap();\n        result.put(&quot;access_token&quot;, accessToken.getValue());\n        result.put(&quot;token_type&quot;, accessToken.getTokenType());\n        result.put(&quot;refresh_token&quot;, accessToken.getRefreshToken().getValue());\n        result.put(&quot;expires_in&quot;, accessToken.getExpiresIn());\n        result.put(&quot;scope&quot;, StringUtils.join(accessToken.getScope(), &quot;,&quot;));\n        result.putAll(accessToken.getAdditionalInformation());\n\n        Collection&lt;? extends GrantedAuthority&gt; authorities = tokenStore.readAuthentication(template.getAccessToken()).getUserAuthentication().getAuthorities();\n        JSONObject jsonObject = new JSONObject();\n        for (GrantedAuthority authority : authorities) {\n            jsonObject.putAll(JSONObject.parseObject(authority.getAuthority()));\n        }\n        result.put(&quot;authorities&quot;, jsonObject);\n\n        return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.OK, result));\n    } catch (Exception e) {\n        e.printStackTrace();\n        return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION, e.toString()));\n    }\n}<\/code><\/pre>\n<p>POST\u8bbf\u95ee\uff1a<a target=\"_blank\" rel=\"noopener\" href=\"http:\/\/127.0.0.1:9003\/oauth2\/token\">http:\/\/127.0.0.1:9003\/oauth2\/token<\/a><br \/>\n\u53c2\u6570\uff1ausername\u3001password<\/p>\n<pre><code class=\"language-json\">{\n    &quot;status&quot;: 200,\n    &quot;message&quot;: &quot;SUCCESS&quot;,\n    &quot;data&quot;: {\n        &quot;access_token&quot;: &quot;574007641a804ebf871248991e20bec6&quot;,\n        &quot;refresh_token&quot;: &quot;b250860394954b2ea47b7f40563a027d&quot;,\n        &quot;scope&quot;: &quot;all&quot;,\n        &quot;token_type&quot;: &quot;bearer&quot;,\n        &quot;expires_in&quot;: 59,\n        &quot;client_id&quot;: &quot;client_password&quot;,\n        &quot;authorities&quot;: {\n            &quot;interfaces&quot;: [\n                &quot;\/a\/b&quot;,\n                &quot;\/a\/c&quot;,\n                &quot;\/oauth\/token&quot;\n            ],\n            &quot;username&quot;: &quot;admin&quot;\n        }\n    }\n}<\/code><\/pre>\n<h2>\/oauth\/token\uff08\u4ee4\u724c\u7aef\u70b9\uff09\u5237\u65b0token\u4fe1\u606f<\/h2>\n<pre><code class=\"language-java\">\/**\n * \/oauth\/token\uff08\u4ee4\u724c\u7aef\u70b9\uff09\u5237\u65b0token\u4fe1\u606f\n *\/\n@RequestMapping(value = &quot;refresh_token&quot;, method = RequestMethod.POST)\npublic ResponseEntity&lt;BaseResponse&gt; refreshToken(@RequestParam String refresh_token) {\n    try {\n        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();\n        resource.setId(propertyService.getProperty(&quot;spring.security.oauth.resource.id&quot;));\n        resource.setClientId(propertyService.getProperty(&quot;spring.security.oauth.resource.client.id&quot;));\n        resource.setClientSecret(propertyService.getProperty(&quot;spring.security.oauth.resource.client.secret&quot;));\n        resource.setGrantType(GrantTypeEnum.REFRESH_TOKEN.getGrant_type());\n        resource.setAccessTokenUri(propertyService.getProperty(&quot;spring.security.oauth.token.uri&quot;));\n\n        ResourceOwnerPasswordAccessTokenProvider provider = new ResourceOwnerPasswordAccessTokenProvider();\n        OAuth2RefreshToken refreshToken = tokenStore.readRefreshToken(refresh_token);\n        OAuth2AccessToken accessToken = provider.refreshAccessToken(resource, refreshToken, new DefaultAccessTokenRequest());\n\n        Map&lt;String, Object&gt; result = Maps.newLinkedHashMap();\n        result.put(&quot;access_token&quot;, accessToken.getValue());\n        result.put(&quot;token_type&quot;, accessToken.getTokenType());\n        result.put(&quot;refresh_token&quot;, accessToken.getRefreshToken().getValue());\n        result.put(&quot;expires_in&quot;, accessToken.getExpiresIn());\n        result.put(&quot;scope&quot;, StringUtils.join(accessToken.getScope(), &quot;,&quot;));\n        result.putAll(accessToken.getAdditionalInformation());\n\n        Collection&lt;? extends GrantedAuthority&gt; authorities = tokenStore.readAuthentication(accessToken).getUserAuthentication().getAuthorities();\n        JSONObject jsonObject = new JSONObject();\n        for (GrantedAuthority authority : authorities) {\n            jsonObject.putAll(JSONObject.parseObject(authority.getAuthority()));\n        }\n        result.put(&quot;authorities&quot;, jsonObject);\n\n        return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.OK, result));\n    } catch (Exception e) {\n        e.printStackTrace();\n        return ResponseEntity.ok(BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION, e.toString()));\n    }\n}<\/code><\/pre>\n<p>POST\u8bbf\u95ee\uff1a<a target=\"_blank\" rel=\"noopener\" href=\"http:\/\/127.0.0.1:9003\/oauth2\/refresh_token\">http:\/\/127.0.0.1:9003\/oauth2\/refresh_token<\/a><br \/>\n\u53c2\u6570\uff1arefresh_token<\/p>\n<pre><code class=\"language-json\">{\n    &quot;status&quot;: 200,\n    &quot;message&quot;: &quot;SUCCESS&quot;,\n    &quot;data&quot;: {\n        &quot;access_token&quot;: &quot;b4b26e5aab854b3aa44b4983901fd7ac&quot;,\n        &quot;token_type&quot;: &quot;bearer&quot;,\n        &quot;refresh_token&quot;: &quot;dc03d64f523048f9bce62068b1100a4d&quot;,\n        &quot;expires_in&quot;: 59,\n        &quot;scope&quot;: &quot;all&quot;,\n        &quot;client_id&quot;: &quot;client_password&quot;,\n        &quot;authorities&quot;: {\n            &quot;interfaces&quot;: [\n                &quot;\/a\/b&quot;,\n                &quot;\/a\/c&quot;,\n                &quot;\/oauth\/token&quot;\n            ],\n            &quot;username&quot;: &quot;admin&quot;\n        }\n    }\n}<\/code><\/pre>\n<h2>oauth\/check_token\uff08\u7aef\u70b9\u6821\u9a8c\uff09\u6821\u9a8ctoken\u6709\u6548\u6027<\/h2>\n<pre><code class=\"language-java\">\/**\n * oauth\/check_token\uff08\u7aef\u70b9\u6821\u9a8c\uff09\u6821\u9a8ctoken\u6709\u6548\u6027\n *\/\n@RequestMapping(value = &quot;check_token&quot;, method = RequestMethod.POST)\npublic ResponseEntity&lt;BaseResponse&gt; checkToken(String access_token) {\n    OAuth2AccessToken accessToken = tokenStore.readAccessToken(access_token);\n    OAuth2Authentication auth2Authentication = tokenStore.readAuthentication(access_token);\n    Map&lt;String, Object&gt; map = Maps.newHashMap();\n    \/\/\u7528\u6237\u540d\n    map.put(&quot;username&quot;, auth2Authentication.getUserAuthentication().getName());\n    \/\/\u662f\u5426\u8fc7\u671f\n    map.put(&quot;isExpired&quot;, accessToken.isExpired());\n    \/\/\u8fc7\u671f\u65f6\u95f4\n    map.put(&quot;expiration&quot;, DateFormatUtils.format(accessToken.getExpiration(), &quot;yyyy-MM-dd HH:mm:ss&quot;));\n    BaseResponse response = null;\n    try {\n        response = BaseResponse.createResponse(HttpStatusMsg.OK, map);\n    } catch (Exception e) {\n        response = BaseResponse.createResponse(HttpStatusMsg.AUTHENTICATION_EXCEPTION, e.toString());\n    }\n    return ResponseEntity.ok(response);\n}<\/code><\/pre>\n<p>POST\u8bbf\u95ee\uff1a<a target=\"_blank\" rel=\"noopener\" href=\"http:\/\/127.0.0.1:9003\/oauth2\/check_token\">http:\/\/127.0.0.1:9003\/oauth2\/check_token<\/a><br \/>\n\u53c2\u6570\uff1aaccess_token<\/p>\n<pre><code class=\"language-json\">{\n    &quot;status&quot;: 200,\n    &quot;message&quot;: &quot;SUCCESS&quot;,\n    &quot;data&quot;: {\n        &quot;expiration&quot;: &quot;2019-08-14 16:45:59&quot;,\n        &quot;isExpired&quot;: false,\n        &quot;username&quot;: &quot;admin&quot;\n    }\n}<\/code><\/pre>\n<p>\u672c\u6587\u8f6c\u8f7d\u53c2\u8003 <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/blog.csdn.net\/yaomingyang\/column\/info\/41645\" title=\"\u539f\u6587\">\u539f\u6587<\/a> \u5e76\u52a0\u4ee5\u8c03\u8bd5<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\/oauth\/token \u7aef\u70b9 \u7aef\u70b9\u8fc7\u6ee4\u5668TokenEndpointAuthenticationFilter  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[354],"tags":[353],"class_list":["post-1419","post","type-post","status-publish","format-standard","hentry","category-spring-security","tag-oauth2"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1419"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1419\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}