CAS integrated OAuth, using Sina Weibo account login Example

Source: Internet
Author: User
Tags cas oauth

CAS officials are already developing integrated plug-ins for CAs and OAuth, using the Scribe-up project to obtain user-authorized basic information. Planned in the cas3.5.0 version of the launch, but now available, the following will be Sina Weibo, for example, how to use Sina Weibo account to log in to CAS, to https://github.com/Jasig/cas/tree/master/ Cas-server-support-oauth Download the source code, add the Cas-server-support-oauth dependencies to your CAs project.

Define two classes First, Sinaweiboapi20.java and Sinaweiboprovider.java,sinaweiboapi20.java mainly define the authorized links of Sina Weibo, Sinaweiboprovider.java mainly to obtain user information after authorization.

Sinaweiboapi20.java

public class SinaWeiboApi20 extends DefaultApi20 {private static final String Authorize_url = "Https://api.weibo.com/oa
  Uth2/authorize?client_id=%s&redirect_uri=%s&response_type=code ";

  private static final String Scoped_authorize_url = Authorize_url + "&scope=%s";
  @Override public Verb Getaccesstokenverb () {return verb.post;
  @Override public Accesstokenextractor Getaccesstokenextractor () {return new jsontokenextractor (); @Override public String Getaccesstokenendpoint () {return "Https://api.weibo.com/oauth2/access_token?grant_ty
  Pe=authorization_code "; @Override public String getauthorizationurl (oauthconfig config) {//Append scope if present if (config.h Asscope ()) {return String.Format (Scoped_authorize_url, Config.getapikey (), Oauthencoder.encode (Config.getCallba
    CK ()), Oauthencoder.encode (Config.getscope ()); else {return String.Format (Authorize_url, Config.getapikey (), oautheNcoder.encode (Config.getcallback ())); }
  }
}

Sinaweiboprovider.java

public class Sinaweiboprovider extends Baseoauth20provider {@Override protected void Internalinit () {if (SCOP e!= null) {service = new Servicebuilder (). Provider (Sinaweiboapi20.class). Apikey (Key). Apisecret (Secret).
    Callback (Callbackurl). Scope (Scope). build (); else {service = new Servicebuilder (). Provider (Sinaweiboapi20.class). Apikey (Key). Apisecret (Secret). Call
    Back (Callbackurl). build ();
    } string[] names = new string[] {"UID", "username"};
    for (String name:names) {mainattributes.put (name, NULL); }} @Override protected String Getprofileurl () {return "https://api.weibo.com/2/statuses/user_timeline.
  JSON "; @Override protected UserProfile extractuserprofile (String body) {userprofile userprofile = new UserProfile ()
    ;
    Jsonnode JSON = Jsonhelper.getfirstnode (body);
    Arraynode statuses = (arraynode) json.get ("statuses");
    Jsonnode Userjson = statuses.get (0). Get ("user"); If (JSON!= NULL)
      {Userprofilehelper.addidentifier (userprofile, Userjson, "id");
            For (String Attribute:mainAttributes.keySet ()) {Userprofilehelper.addattribute (userprofile, JSON, attribute,
      Mainattributes.get (attribute));
    } Jsonnode Subjson = Userjson.get ("id");
      
    if (Subjson!= null) {userprofilehelper. AddAttribute (userprofile, "UID", Subjson.getintvalue ());
    } Subjson = Userjson.get ("domain");     
    if (Subjson!= null) {Userprofilehelper.addattribute (userprofile, "username", Subjson.gettextvalue ());
  return userprofile;
 }

}

Add Sinaweiboprovider Bean declaration to Applicationcontext.xml

<bean id= "Sinaweibo" class= "Com.xxx.oauth.provider.SinaWeiboProvider" >
		<property "key" Name= " Sinaweibo_key "/> <property name= Secret" value= "Sinaweibo_secret"/> <property name=
		" Callbackurl "value=" Https://sso.xxx.com:9443/login "/>
	</bean>

Where Callbackurl is your sign-in address for CAs.

Defining oauthaction Beans in Cas-servlet.xml

<bean id= "oauthaction" class= "Org.jasig.cas.support.oauth.web.flow.OAuthAction"
   		p: centralauthenticationservice-ref= "Centralauthenticationservice"  >
		<property name= "providers" >
			<list>
				<ref bean= "Sinaweibo"/>				
			</list>
		</property>
	</bean>

The primary function of adding oauthaction to the login-webflow.xml of CAS is to intercept information returned by the OAuth service provider.

<action-state id= "Oauthaction" > 
		<evaluate expression= "oauthaction"/> <transition on= 
		" Success "to=" Sendticketgrantingticket "/> 
		<transition on=" error "to=" Ticketgrantingticketexistscheck "/ >
	</action-state>


Add Oauthauthenticationhandler to the authenticationhandlers in Deployerconfigcontext.xml to support OAuth validation

<property name= "Authenticationhandlers" >
			<list>		
				<bean class= " Org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler "> 
					<property Name= "Providers" >       
						<list>         
						    <ref bean= "Sinaweibo"/>         			      
						</list>     
					</property >   
				</bean>				
			</list>
		</property>

Add Oauthcredentialstoprincipalresolver to the credentialstoprincipalresolvers in Deployerconfigcontext.xml.

<property name= "Credentialstoprincipalresolvers" >
			<list>		
				<bean class= " Org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver ">	
				</bean >
			</list>
		</property>

If you want to get the user information returned from OAuth, You must add Oauthauthenticationmetadatapopulator to the Deployerconfigcontext.xml authenticationmetadatapopulators.

<property name= "Authenticationmetadatapopulators" > 
			<list> 
				<bean class= " Org.jasig.cas.support.oauth.authentication.OAuthAuthenticationMetaDataPopulator "/> 
			</list> 
		</property>

The last step is to add a link to the login page with Sina Weibo account login

Done!

References: Https://wiki.jasig.org/display/CASUM/OAuth+client+support

This article address: http://blog.csdn.net/laigood12345/article/details/7567247

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.