Comments (5)
@John-Chan
在前面的代码片段中,有两行
OAuth2.GrantType grantType = (OAuth2.GrantType) getAttribute(request, "grantType");
String grantTypeValue = grantType.getValue(getAttributeAsString(request, "grantTypeValue"));
得到的 OAuth2.GrantType grantType 这个枚举是使用在注解中配置的 grantType 信息,然后下一行有一句
grantType.getValue(getAttributeAsString(request, "grantTypeValue"))
会先从注解中拿到 grantTypeValue
的配置作为默认值传入 OAuth2.GrantType.getValue(defaultGrantTypeValue)
中拿到具体的 grantTypeValue 信息。
在 OAuth2.GrantType.getValue(defaultGrantTypeValue) 中的代码如下:
/**
* 获取 GrantType 的实际请求参数值
*
* @param defaultValue 默认的一个参数值,这个参数传入的应该为 @OAuth2.grantTypeValue 的值
* @return GrantType 实际请求值
*/
public String getValue(String defaultValue) {
if (StringUtils.isBlank(defaultValue)) {
// 当 @OAuth2.grantTypeValue 未设置值时,使用 @OAuth2.grantType 默认值
return value;
}
return defaultValue;
}
因此使用 grantType = OAuth2.GrantType.PASSWORD
表示使用注解中的 username/passwrod 参数,然后再配合 grantTypeValue = 'CustomGrantTypeValue'
配置,把默认的 grantTypeValue = 'password'
强制覆盖为 'CustomGrantTypeValue'
from forest.
可以使用 grantTypeValue 属性
from forest.
多谢!
from forest.
我发现使用使用 grantTypeValue 属性后,发起获取token的请求时,就把用户名密码信息给丢了。
日志对比
POST https://XXX/v1/token HTTPS
Body: client_id=XX&client_secret=XX&scope=openid%20email%20profile&grant_type=password
POST https://XXX/v1/token HTTPS
Body: client_id=XX&client_secret=XX&scope=openid%20email%20profile&grant_type=password&username=XX%40163.com&password=XX
我看了下代码,发现
private Map<String, Object> createRequestBody(String clientId, ForestRequest request, boolean fillAccount) {
Map<String, Object> body = new LinkedHashMap<>();
body.put("client_id", clientId);
body.put("client_secret", getAttributeAsString(request, "clientSecret"));
body.put("scope", getAttributeAsString(request, "scope"));
OAuth2.GrantType grantType = (OAuth2.GrantType) getAttribute(request, "grantType");
String grantTypeValue = grantType.getValue(getAttributeAsString(request, "grantTypeValue"));
body.put("grant_type", grantTypeValue);
if (fillAccount && grantType == OAuth2.GrantType.PASSWORD) {
body.put("username", getAttributeAsString(request, "username"));
body.put("password", getAttributeAsString(request, "password"));
}
return body;
}
最后的判断逻辑里面并没有判断 grantTypeValue 的情况,我不确定是不是bug。所以 grantTypeValue 还是不能替代 grantType
from forest.
@John-Chan
当初设计如此,当 grantType == OAuth2.GrantType.PASSWORD 时会使用 注解中的 username/password 信息
当 grantType == OAuth2.GrantType.CLIENT_CREDENTIALS 时,表示是不需要 username/passwrod 的,
所以,假如你的请求是需要带上 username/passwrod 的,可以把 grantType 设置为 OAuth2.GrantType.PASSWORD, 然后设置 grantTypeValue 强制覆盖请求中的 grantType 信息
from forest.
Related Issues (20)
- forest-solon-plugin 初始化失败
- 在@Get 请求方式下,方法参数 @JSONBody 失效,没有生成Body数据块 HOT 3
- 使用代理时,多线程并发问题
- Algorithm constraints check failed on signature algorithm: SHA1withRSA
- 支持请求地址从yaml配置文件读取吗 HOT 2
- springboot3.2.0启动信息警告提示 HOT 7
- 使用application.yml配置数据时,可以引用任意位置的变量吗? HOT 1
- 声明式接口能否单独设置这个接口都请求超时时间
- 支持jax-rs系列注解 HOT 1
- 拦截器主动抛出异常为何还会执行后续的response.getResult()操作?
- 如果接口和方法都有注解,哪个优先?
- 使用@RefreshScope时报错,服务无法启动
- Java8时间序列化异常 HOT 2
- 是否有计划支持 http5?
- 代码编译报错
- forest-spring-boot3-starter的protobuf-java需要升级
- request URL is empty
- com.dtflys.forest.http.ForestURL#getAuthority有一个判断条件觉得困惑
- 代码的一点疑惑:com.dtflys.forest.reflection.SpringForestObjectFactory#getObject
- bug:在项目运行一段时间后会报StackOverflowError HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forest.