我需要构建一种处理OAuth2流的Java Proxy +。想法是登录此“ Proxy +”并执行OAuth2流程,直到Proxy +收到令牌+刷新令牌为止。之后,使用用户名和密码或其他可以进行会话的登录到Proxy +。代理通常会处理您的所有Web请求,并将Oauth2令牌添加到每个请求。如有必要,还刷新令牌。
您将如何实现代理部分,以在其中接收和增强请求,以及可能请求刷新令牌。这个问题与OAuth2流程无关,而不是与如何首先获得令牌有关。
我认为我尝试了一个servlet过滤器来拦截所有请求并增强请求。这样,它对于所有调用的URL也是通用的。还有更好的主意吗?
找到了更好的方法,这是通用代理的Spring方法:-)
@RequestMapping("/**")
public ResponseEntity<byte[]> genericRequest(RequestEntity<?> inboundRequestEntity, HttpServletRequest request) {
URI outboundUri = UriComponentsBuilder.fromHttpUrl(this.targetBaseUrl)
.path(removeUrlPart(request))
.query(request.getQueryString())
.build(true)
.toUri();
HttpHeaders headers = filterHeaders(inboundRequestEntity.getHeaders());
BodyBuilder builder = RequestEntity
.method(requireNonNull(inboundRequestEntity.getMethod()), outboundUri)
.headers(headers);
RequestEntity<?> outboundRequestEntity = inboundRequestEntity.hasBody() ? builder.body(requireNonNull(inboundRequestEntity.getBody())) : builder.build();
try {
LOGGER.info("Will call url '{}' with method '{}'", outboundRequestEntity.getUrl(), outboundRequestEntity.getMethod());
ResponseEntity<byte[]> responseEntity = this.restTemplate.exchange(outboundRequestEntity);
return ResponseEntity.status(responseEntity.getStatusCode())
.headers(filterHeaders(responseEntity.getHeaders()))
.body(responseEntity.getBody());
} catch (
HttpStatusCodeException e) {
return ResponseEntity.status(e.getRawStatusCode())
.headers(filterHeaders(e.getResponseHeaders()))
.body(e.getResponseBodyAsByteArray());
}
}
private static HttpHeaders filterHeaders(HttpHeaders originalHeaders) {
HttpHeaders filteredResponseHeaders = new HttpHeaders();
filteredResponseHeaders.putAll(originalHeaders);
filteredResponseHeaders.remove(CONTENT_LENGTH);
filteredResponseHeaders.remove(DATE);
return filteredResponseHeaders;
}