Spring Security 源码分析（四）：Spring Social实现微信社交登录

前言

SpringSocial

Security

准备工作

appid

appsecret

wxfd6965ab1fc6adb2

66bb4566de776ac699ec1dbed0cc3dd1

目录结构

api

config

connect

定义返回用户信息接口

public interface Weixin {

WeixinUserInfo getUserInfo(String openId);

}

getUserInfo

openId

openid

access_token

SpringSocial

access_token

AccessGrant.java

openid

SpringSocial

AccessGrant.java

处理微信返回的access_token类(添加openid)

@Data

public class WeixinAccessGrant extends AccessGrant{

private String openId;

public WeixinAccessGrant() {

super("");

}

public WeixinAccessGrant(String accessToken, String scope, String refreshToken, Long expiresIn) {

super(accessToken, scope, refreshToken, expiresIn);

}

}

实现返回用户信息接口

public class WeiXinImpl extends AbstractOAuth2ApiBinding implements Weixin {

/**

* 获取用户信息的url

*/

private static final String WEIXIN_URL_GET_USER_INFO = "https://api.weixin.qq.com/sns/userinfo?openid=";

private ObjectMapper objectMapper = new ObjectMapper();

public WeiXinImpl(String accessToken) {

super(accessToken, TokenStrategy.ACCESS_TOKEN_PARAMETER);

}

/**

* 获取用户信息

*

* @param openId

* @return

*/

@Override

public WeixinUserInfo getUserInfo(String openId) {

String url = WEIXIN_URL_GET_USER_INFO + openId;

String result = getRestTemplate().getForObject(url, String.class);

if(StringUtils.contains(result, "errcode")) {

return null;

}

WeixinUserInfo userInfo = null;

try{

userInfo = objectMapper.readValue(result,WeixinUserInfo.class);

}catch (Exception e){

e.printStackTrace();

}

return userInfo;

}

/**

* 使用utf-8 替换默认的ISO-8859-1编码

* @return

*/

@Override

protected List<HttpMessageConverter<?>> getMessageConverters() {

List<HttpMessageConverter<?>> messageConverters = super.getMessageConverters();

messageConverters.remove(0);

messageConverters.add(new StringHttpMessageConverter(Charset.forName("UTF-8")));

return messageConverters;

}

}

QQ

微信

access_token

openid

openid

WeixinAccessGrant

WeixinOAuth2Template处理微信返回的令牌信息

@Slf4j

public class WeixinOAuth2Template extends OAuth2Template {

private String clientId;

private String clientSecret;

private String accessTokenUrl;

private static final String REFRESH_TOKEN_URL = "https://api.weixin.qq.com/sns/oauth2/refresh_token";

public WeixinOAuth2Template(String clientId, String clientSecret, String authorizeUrl, String accessTokenUrl) {

super(clientId, clientSecret, authorizeUrl, accessTokenUrl);

setUseParametersForClientAuthentication(true);

this.clientId = clientId;

this.clientSecret = clientSecret;

this.accessTokenUrl = accessTokenUrl;

}

/* (non-Javadoc)

* @see org.springframework.social.oauth2.OAuth2Template#exchangeForAccess(java.lang.String, java.lang.String, org.springframework.util.MultiValueMap)

*/

@Override

public AccessGrant exchangeForAccess(String authorizationCode, String redirectUri,

MultiValueMap<String, String> parameters) {

StringBuilder accessTokenRequestUrl = new StringBuilder(accessTokenUrl);

accessTokenRequestUrl.append("?appid="+clientId);

accessTokenRequestUrl.append("&secret="+clientSecret);

accessTokenRequestUrl.append("&code="+authorizationCode);

accessTokenRequestUrl.append("&grant_type=authorization_code");

accessTokenRequestUrl.append("&redirect_uri="+redirectUri);

return getAccessToken(accessTokenRequestUrl);

}

public AccessGrant refreshAccess(String refreshToken, MultiValueMap<String, String> additionalParameters) {

StringBuilder refreshTokenUrl = new StringBuilder(REFRESH_TOKEN_URL);

refreshTokenUrl.append("?appid="+clientId);

refreshTokenUrl.append("&grant_type=refresh_token");

refreshTokenUrl.append("&refresh_token="+refreshToken);

return getAccessToken(refreshTokenUrl);

}

@SuppressWarnings("unchecked")

private AccessGrant getAccessToken(StringBuilder accessTokenRequestUrl) {

log.info("获取access_token, 请求URL: "+accessTokenRequestUrl.toString());

String response = getRestTemplate().getForObject(accessTokenRequestUrl.toString(), String.class);

log.info("获取access_token, 响应内容: "+response);

Map<String, Object> result = null;

try {

result = new ObjectMapper().readValue(response, Map.class);

} catch (Exception e) {

e.printStackTrace();

}

//返回错误码时直接返回空

if(StringUtils.isNotBlank(MapUtils.getString(result, "errcode"))){

String errcode = MapUtils.getString(result, "errcode");

String errmsg = MapUtils.getString(result, "errmsg");

throw new RuntimeException("获取access token失败, errcode:"+errcode+", errmsg:"+errmsg);

}

WeixinAccessGrant accessToken = new WeixinAccessGrant(

MapUtils.getString(result, "access_token"),

MapUtils.getString(result, "scope"),

MapUtils.getString(result, "refresh_token"),

MapUtils.getLong(result, "expires_in"));

accessToken.setOpenId(MapUtils.getString(result, "openid"));

return accessToken;

}

/**

* 构建获取授权码的请求。也就是引导用户跳转到微信的地址。

*/

public String buildAuthenticateUrl(OAuth2Parameters parameters) {

String url = super.buildAuthenticateUrl(parameters);

url = url + "&appid="+clientId+"&scope=snsapi_login";

return url;

}

public String buildAuthorizeUrl(OAuth2Parameters parameters) {

return buildAuthenticateUrl(parameters);

}

/**

* 微信返回的contentType是html/text，添加相应的HttpMessageConverter来处理。

*/

protected RestTemplate createRestTemplate() {

RestTemplate restTemplate = super.createRestTemplate();

restTemplate.getMessageConverters().add(new StringHttpMessageConverter(Charset.forName("UTF-8")));

return restTemplate;

}

}

QQ

exchangeForAccess

微信

code

access_token

appid

secret

client_id

client_secret

WeixinServiceProvider连接服务提供商

public class WeixinServiceProvider extends AbstractOAuth2ServiceProvider<Weixin> {

/**

* 微信获取授权码的url

*/

private static final String WEIXIN_URL_AUTHORIZE = "https://open.weixin.qq.com/connect/qrconnect";

/**

* 微信获取accessToken的url(微信在获取accessToken时也已经返回openId)

*/

private static final String WEIXIN_URL_ACCESS_TOKEN = "https://api.weixin.qq.com/sns/oauth2/access_token";

public WeixinServiceProvider(String appId, String appSecret) {

super(new WeixinOAuth2Template(appId, appSecret, WEIXIN_URL_AUTHORIZE, WEIXIN_URL_ACCESS_TOKEN));

}

@Override

public Weixin getApi(String accessToken) {

return new WeiXinImpl(accessToken);

}

}

WeixinConnectionFactory连接服务提供商的工厂类

public class WeixinConnectionFactory extends OAuth2ConnectionFactory<Weixin> {

/**

* @param appId

* @param appSecret

*/

public WeixinConnectionFactory(String providerId, String appId, String appSecret) {

super(providerId, new WeixinServiceProvider(appId, appSecret), new WeixinAdapter());

}

/**

* 由于微信的openId是和accessToken一起返回的，所以在这里直接根据accessToken设置providerUserId即可，不用像QQ那样通过QQAdapter来获取

*/

@Override

protected String extractProviderUserId(AccessGrant accessGrant) {

if(accessGrant instanceof WeixinAccessGrant) {

return ((WeixinAccessGrant)accessGrant).getOpenId();

}

return null;

}

/* (non-Javadoc)

* @see org.springframework.social.connect.support.OAuth2ConnectionFactory#createConnection(org.springframework.social.oauth2.AccessGrant)

*/

public Connection<Weixin> createConnection(AccessGrant accessGrant) {

return new OAuth2Connection<Weixin>(getProviderId(), extractProviderUserId(accessGrant), accessGrant.getAccessToken(),

accessGrant.getRefreshToken(), accessGrant.getExpireTime(), getOAuth2ServiceProvider(), getApiAdapter(extractProviderUserId(accessGrant)));

}

/* (non-Javadoc)

* @see org.springframework.social.connect.support.OAuth2ConnectionFactory#createConnection(org.springframework.social.connect.ConnectionData)

*/

public Connection<Weixin> createConnection(ConnectionData data) {

return new OAuth2Connection<Weixin>(data, getOAuth2ServiceProvider(), getApiAdapter(data.getProviderUserId()));

}

private ApiAdapter<Weixin> getApiAdapter(String providerUserId) {

return new WeixinAdapter(providerUserId);

}

private OAuth2ServiceProvider<Weixin> getOAuth2ServiceProvider() {

return (OAuth2ServiceProvider<Weixin>) getServiceProvider();

}

}

WeixinAdapter将微信api返回的数据模型适配Spring Social的标准模型

public class WeixinAdapter implements ApiAdapter<Weixin> {

private String openId;

public WeixinAdapter() {

}

public WeixinAdapter(String openId) {

this.openId = openId;

}

@Override

public boolean test(Weixin api) {

return true;

}

@Override

public void setConnectionValues(Weixin api, ConnectionValues values) {

WeixinUserInfo userInfo = api.getUserInfo(openId);

values.setProviderUserId(userInfo.getOpenid());

values.setDisplayName(userInfo.getNickname());

values.setImageUrl(userInfo.getHeadimgurl());

}

@Override

public UserProfile fetchUserProfile(Weixin api) {

return null;

}

@Override

public void updateStatus(Weixin api, String message) {

}

}

WeixinAuthConfig创建工厂和设置数据源

@Configuration

public class WeixinAuthConfig extends SocialAutoConfigurerAdapter {

@Autowired

private DataSource dataSource;

@Autowired

private ConnectionSignUp myConnectionSignUp;

@Override

protected ConnectionFactory<?> createConnectionFactory() {

return new WeixinConnectionFactory(DEFAULT_SOCIAL_WEIXIN_PROVIDER_ID, SecurityConstants.DEFAULT_SOCIAL_WEIXIN_APP_ID,

SecurityConstants.DEFAULT_SOCIAL_WEIXIN_APP_SECRET);

}

@Override

public UsersConnectionRepository getUsersConnectionRepository(ConnectionFactoryLocator connectionFactoryLocator) {

JdbcUsersConnectionRepository repository = new JdbcUsersConnectionRepository(dataSource,

connectionFactoryLocator, Encryptors.noOpText());

if (myConnectionSignUp != null) {

repository.setConnectionSignUp(myConnectionSignUp);

}

return repository;

}

/**

* /connect/weixin POST请求,绑定微信返回connect/weixinConnected视图

* /connect/weixin DELETE请求,解绑返回connect/weixinConnect视图

* @return

*/

@Bean({"connect/weixinConnect", "connect/weixinConnected"})

@ConditionalOnMissingBean(name = "weixinConnectedView")

public View weixinConnectedView() {

return new SocialConnectView();

}

}

社交登录配置类

SocialAuthenticationFilter

代码下载