博客之QQ登录功能(一)
流程图
上图spring social 封装了1-8步需要的工作
1、新建包和书写配置文件
public class QQProperties {
//App唯一标 识
private String appId = "100550231";
private String appSecret = "69b6ab57b22f3c2fe6a6149274e3295e";
//QQ供应商
private String providerId = "callback.do";
//拦截器拦截的请求
private String filterProcessesUrl = "/qqLogin";
//get set 方法
//...
}
@ConfigurationProperties(prefix = "blog.security")
public class BlogSecurityProperties {
private QQProperties qqProperties = new QQProperties();
//get set...
}
@Configuration
//让我们的配置生效
@EnableConfigurationProperties (BlogSecurityProperties.class)
public class BlogSecurityConfig {
}
2、获取QQ用户信息
package com.zzz.blog.social.qq.api;
public interface QQ {
//返回一个QQ的用户信息
QQUserInfo getUserInfo();
}
package com.zzz.blog.social.qq.api;
import org.springframework.social.oauth2.AbstractOAuth2ApiBinding;
public class QQImpl extends AbstractOAuth2ApiBinding implements QQ{
private static final String URL_GET_USERINFO = "https://graph.qq.com/user/get_user_info?oauth_consumer_key=%s&openid=%s";
//外界赋值
private String appId;
//用户的唯一 标识,url
private String openId;
private ObjectMapper objectMapper = new ObjectMapper();
@Override
public QQUserInfo getUserInfo() {
// TODO Auto-generated method stub
return null;
}
}
package com.zzz.blog.social.qq.api;
public class QQUserInfo {
private String is_lost;
private String province;
private String city;
private String year;
private String constellation;
private String ret;
private String msg;
private String nickname;
private String figureurl;
private String figureurl_1;
private String figureurl_2;
private String figureurl_qq_1;
private String figureurl_qq_2;
private String figureurl_qq;
private String figureurl_type;
private String gender_type;
private String gender;
private String is_yellow_vip;
private String vip;
private String yellow_vip_level;
private String level;
private String is_yellow_year_vip;
private String openId;
//get/set...
}
修改代码:
//获取用户信息
@Override
public QQUserInfo getUserInfo() {
//拼接参数
String url = String.format(URL_GET_USERINFO, appId, openId);
//发送请求
String result = getRestTemplate().getForObject(url, String.class);
//处理返回值
QQUserInfo userInfo = null;
try {
userInfo = objectMapper.readValue(result, QQUserInfo.class);
userInfo. setOpenId(openId);
} catch (JsonProcessingException e) {
throw new RuntimeException(" 获取用户信息失败!");
}
return userInfo;
}
3、如何获得OpenId以及AppId
public class QQImpl extends AbstractOAuth2ApiBinding implements QQ{
private static final String URL_GET_USERINFO = "https://graph.qq.com/user/get_user_info?pauth_consumer_key=%s&openid=%s";
private static final String URL_GET_OPENID = "https://graph.qq.com/oauth2.0/me?access_token=%s";
//外界赋值
private String appId;
//用户的唯一 标识,url
private String openId;
private ObjectMapper objectMapper = new ObjectMapper();
public QQImpl(String accessToken, String appId) {
//自动拼接一个参数
super(accessToken, TokenStrategy.ACCESS_TOKEN_PARAMETER) ;
//赋值appid
this.appId = appId;
//赋值openid
//通过url获得openid
//拼接参数
String url = String.format(URL_GET_OPENID, accessToken);
//发送请求
String result = getRestTemplate().getForObject(url, String.class);
//处理返回值
//callback( {"client_ id":"100550231", ”openid":"CDF1A28F8698E326D173DE17437FB098"} );
result = StringUtils.replace(result, "callback( ","");
result = StringUtils.replace(result, " );","");
//{"client_ id": "100550231","openid": "CDF1A28F8698E326D173DE17437FB098"}
OpenId id = null;
try {
id = objectMapper.readValue(result, OpenId.class);
} catch (JsonProcessingException e) {
throw new RuntimeException( "获取OpenId失败! ! ");
}
//赋值openid
this.openId = id.getOpenid();
}
//获取用户信息
@Override
public QQUserInfo getUserInfo() {
...
}
}
package com.zzz.blog.social.qq.api;
public class OpenId {
private String client_id;
private String openid;
//get/set
}
4、完成QQOAuth2Template
package com.zzz.blog.social.qq.template;
import ...
public class QQOAuth2Template extends OAuth2Template{
public QQOAuth2Template(String clientId, String clientSecret, String authorizeUrl, String accessTokenUrl) {
super(clientId, clientSecret, authorizeUrl, accessTokenUrl);
//使clientId、clientSecret可以拼接到一起
setUseParametersForClientAuthentication(true);
}
//添加text/html
@Override
protected RestTemplate createRestTemplate() {
RestTemplate template = super.createRestTemplate();
template.getMessageConverters().add(new StringHttpMessageConverter(Charset.forName("UTF-8")));
return template;
}
//把请求的格式按照qq的标准,做了一些自定义信息 自己处理请求 按&分割字符,分割后如下
//access_token=FE04***** *****************CCE2 items[0]
//expires_in=7776000 item[0]
//refresh_token=88E4********* **************BE14 item[1]
@Override
protected AccessGrant postForAccessGrant(String accessTokenUrl, MultiValueMap<String, String> parameters) {
String responseStr = getRestTemplate().postForObject(accessTokenUrl, parameters, String.class);
//StringUtils.split只切割了一次,坑
String[] items = StringUtils.split(responseStr, "&");
String[] item = StringUtils.split(items[1], "&");
String access_token =StringUtils.replace(items[0], "access_token=", "");
Long expires_in = new Long(StringUtils.replace(item[0], "expires_in=", ""));
String refresh_token = StringUtils.replace(item[1], "refresh_token=", "");
return new AccessGrant(access_token, null, refresh_token, expires_in);
}
}
5、完成QQAdapter与ServiceProvider
package com.zzz.blog.social.qq.connection;
import ...
public class QQAdapter implements ApiAdapter<QQ>{
@Override
public boolean test(QQ api) {
// 始终为true
return true;
}
@Override
public void setConnectionValues(QQ api, ConnectionValues values) {
//获取userinfo
QQUserInfo userInfo = api. getUserInfo();
//获取用户名称
values.setDisplayName(userInfo.getNickname());
//获取头像
values.setImageUrl(userInfo.getFigureurl_qq_1());
//获取个人主页
values.setProfileUrl(null);
//openid,用户在服务商中的唯一标识
values.setProviderUserId(userInfo.getOpenId());
}
@Override
public UserProfile fetchUserProfile(QQ api) {
// TODO Auto-generated method stub
return null;
}
@Override
public void updateStatus(QQ api, String message) {
// TODO Auto-generated method stub
}
}
package com.zzz.blog.social.qq.connection;
import ...
public class QQServiceProvider extends AbstractOAuth2ServiceProvider<QQ>{
//将用户导向认证服务器中的ur1地址,用户在该地址上进行授权
private static final String URL_AUTHORIZE = "https://graph.qq.com/oauth2.0/authorize";
//在获取令牌的时候,需要访问的url
private static final String URL_ACCESSTOEKN = "https://graph.qq.com/oauth2.0/token";
private String appId;
//1-6
public QQServiceProvider(String appId,String appSecret) {
super(new QQOAuth2Template(appId, appSecret, URL_AUTHORIZE, URL_ACCESSTOEKN));
this.appId = appId;
}
//7-8
@Override
public QQ getApi(String accessToken) {
// TODO Auto-generated method stub
return new QQImpl(accessToken, appId);
}
}
6、完成QQConfig与ConnectionFactory
package com.zzz.blog.social.qq.connection;
import ...
public class QQConnectionFactory extends OAuth2ConnectionFactory<QQ>{
public QQConnectionFactory(String providerId, String appId,String appSecret) {
super(providerId, new QQServiceProvider(appId, appSecret), new QQAdapter());
}
}
package com.zzz.blog.social.qq.config;
import ...
@Configuration
@EnableSocial
@Order(2)
public class QQConfig extends SocialConfigurerAdapter{
@Autowired
private BlogSecurityProperties blogSecurityProperties;
//添加qq创建connection的工厂
@Override
public void addConnectionFactories(ConnectionFactoryConfigurer connectionFactoryConfigurer,
Environment environment) {
QQProperties qqConfig = blogSecurityProperties.getQqProperties();
QQConnectionFactory qqConnectionFactory = new QQConnectionFactory(qqConfig.getProviderId(), qqConfig.getAppId(), qqConfig.getAppSecret());
connectionFactoryConfigurer.addConnectionFactory(qqConnectionFactory);
}
//获取登陆人
@Override
public UserIdSource getUserIdSource() {
return new AuthenticationNameUserIdSource();
}
}
7、创建表以及创建操作表的类JdbcUsersConnectionRepository
package com.zzz.blog.social.qq.config;
import ...
@Configuration
@EnableSocial
@Order(1)
public class SocialConfig extends SocialConfigurerAdapter{
@Autowired
private DataSource dataSource;
//登录之后,直接将QQ的数据保存在数据库
@Override
public UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator) {
JdbcUsersConnectionRepository repository = new JdbcUsersConnectionRepository(dataSource, connectionFactoryLocator, Encryptors.noOpText());
return repository;
}
//改变拦截的请求
//在注册的过程中,拿到了这个SpringSocial中的信息
//业务完成之后,把用户的id传给了SpringSocial
//打开ConnectController
}
找到socailJDBC表格式,在数据库中执行sql
8、改变拦截的请求
package com.zzz.blog.social.qq.config;
import ...
public class ZZZSpringSocialConfigurer extends SpringSocialConfigurer{
private String filterProcessesUrl;
public ZZZSpringSocialConfigurer(String filterProcessesUrl) {
this.filterProcessesUrl = filterProcessesUrl;
}
//将默认的拦截改为qqLogin
@Override
protected <T> T postProcess(T object) {
//获得filter
SocialAuthenticationFilter filter = (SocialAuthenticationFilter)super.postProcess(object);
//设置字段
filter.setFilterProcessesUrl(filterProcessesUrl);
return (T) filter;
}
}
//改变拦截的请求 /auth -> /qqLogin
@Bean
public SpringSocialConfigurer zzzSocialSecurityConfig() {
String filterProcessesUrl = blogSecurityProperties.getQqProperties().getFilterProcessesUrl();
ZZZSpringSocialConfigurer zzzSpringSocialConfigurer = new ZZZSpringSocialConfigurer(filterProcessesUrl);
return zzzSpringSocialConfigurer;
}
9、将Social中的配置生效到SpringSecurity中
在SocialConfig类中添加代码
//在注册的过程中,拿到了这个SpringSocial中的信息
//业务完成之后,把用户的id传给了SpringSocial
@Bean
public ProviderSignInUtils providerSignInUtils() {
return new ProviderSignInUtils(connectionFactoryLocator, getUsersConnectionRepository(connectionFactoryLocator));
}
//打开ConnectController
@Bean
public ConnectController connectController(ConnectionFactoryLocator connectionFactoryLocator,ConnectionRepository connectionRepository) {
return new ConnectController(connectionFactoryLocator, connectionRepository);
}
添加apply配置socialconfig
package com.zzz.blog.config;
import ...
//安全配置类
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
//SpringSecurity加密方法返回值
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private SpringSocialConfigurer zzzSocialSecurityConfig;
//做拦截
@Override
protected void configure(HttpSecurity http) throws Exception {
// 请求授权
http.formLogin().and().authorizeRequests()
//授权放行
.antMatchers("/*.html").permitAll()
//所有请求
.anyRequest()
//都需要身份认证
.authenticated().and()
//43、使用Layer打开select-mood子页面并配置SpringSecurity允许Iframe嵌入页面
.headers().frameOptions().disable().and()
//跨站请求伪造的防护
.csrf().disable()
//添加我们所写的spring social配置
.apply(zzzSocialSecurityConfig);
}
}
10、创建Visitor实体并实现SocialUserDetailsService接口查找Visitor
package com.zzz.blog.domain;
import ...
@Entity
public class Visitor {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String username;
private String password;
private String image;
protected Visitor() {
}
public Visitor(Long id, String username, String password, String image) {
super();
this.id = id;
this.username = username;
this.password = password;
this.image = image;
}
//get/set
}
package com.zzz.blog.repository;
import ...
public interface VisitorRepository extends CrudRepository<Visitor, Long>{
}
@Component
public class SocialVisitorServiceImpl implements SocialUserDetailsService{
@Autowired
private VisitorRepository visitorRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public SocialUserDetails loadUserByUserId(String userId) throws UsernameNotFoundException {
//根据userId查找访客
Optional<Visitor> optional = visitorRepository.findById(new Long(userId));
Visitor visitor = optional.get();
if (visitor == null) {
throw new UsernameNotFoundException(userId);
}
return new SocialUser(visitor.getUsername(), passwordEncoder.encode(visitor.getPassword()), true, true, true, true, AuthorityUtils.commaSeparatedStringToAuthorityList("VISITOR"));
}
}
11、实现ConnectionSignUp接口添加Visitor
package com.zzz.blog.social.qq.signup;
import ...
@Component
public class DemoConnectionSignUp implements ConnectionSignUp{
@Autowired
private VisitorService visitorService;
//根据社交用户的信息,创建一个Visitor并返回唯一标识
@Override
public String execute(Connection<?> connection) {
Visitor visitor = new Visitor(null, connection.getDisplayName(), "123456", connection.getImageUrl());
visitor = visitorService.saveVisitory(visitor);
return visitor.getId().toString();
}
}
package com.zzz.blog.service;
import ...
@Service
public interface VisitorService {
Visitor saveVisitory(Visitor visitor);
}
package com.zzz.blog.service;
import ...
@Service
public interface VisitorService {
Visitor saveVisitory(Visitor visitor);
}
package com.zzz.blog.service;
import ...
@Component
public class VisitorServiceImpl implements VisitorService{
@Autowired
private VisitorRepository visitorRepository;
@Override
public Visitor saveVisitory(Visitor visitor) {
return visitorRepository.save(visitor);
}
}
SocialConfig添加setConnectionSignUp执行方法
@Autowired
private ConnectionSignUp connectionSignUp;
//登录之后,直接将QQ的数据保存在数据库
@Override
public UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator) {
JdbcUsersConnectionRepository repository = new JdbcUsersConnectionRepository(dataSource, connectionFactoryLocator, Encryptors.noOpText());
repository.setConnectionSignUp(connectionSignUp);
return repository;
}
12、测试QQ登录
application.properties添加代码如下(修改端口):
server.port=80
login.html修改超链接代码如下:
<a href="/qqLogin/callback.do" class="login100-social-item bg2">
<i class="fa fa-qq">i>
a>
修改C:\Windows\System32\drivers\etc\hosts文件
127.0.0.1 www.pinzhi365.com
这是别人提供的测试地址。我们也可以到QQ互联官网https://connect.qq.com/上注册用户,创建应用。
其中回调地址的写法:网站地址/拦截器拦截的路径/服务提供商。
创建完修改QQProperties类上的对应配置即可。
测试通过,控制台打印了添加visitor数据的sql。