SpringBoot基于JustAuth实现第三方授权登录
1. 简介
随着科技时代日渐繁荣,越来越多的应用融入我们的生活。不同的应用系统不同的用户密码,造成了极差的用户体验。要是能使用常见的应用账号实现全应用的认证登录,将会更加促进应用产品的推广,为生活增加无限乐趣。
本文基于JustAuth实现第三方授权登录,选择JustAuth原因如下:
- 支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐、Gitlab、美团、饿了么和推特等第三方平台的授权登录;
- 无需去第三方平台找寻繁杂而庞大的SDK文档,JustAuth提供了及其简单的接入方式;
- 支持自定义OAuth平台;
- 支持多种方式的State缓存;
- 支持自定义Http实现;
- 自定义 Scope,支持更完善的授权体系;
- 与SpringBoot完美集成,也可整合Spring Security等安全框架;
- 官网文档详细、完善,按照文档即可完成需求落地。
官网:https://justauth.wiki/#/
2. 初始化数据库
创建数据库justauth,并初始化表结构:
DROP TABLE IF EXISTS `justauth`.`t_ja_user`;
CREATE TABLE `justauth`.`t_ja_user` (
`uuid` varchar(64) NOT NULL COMMENT '用户第三方系统的唯一id',
`username` varchar(100) DEFAULT NULL COMMENT '用户名',
`nickname` varchar(100) DEFAULT NULL COMMENT '用户昵称',
`avatar` varchar(255) DEFAULT NULL COMMENT '用户头像',
`blog` varchar(255) DEFAULT NULL COMMENT '用户网址',
`company` varchar(50) DEFAULT NULL COMMENT '所在公司',
`location` varchar(255) DEFAULT NULL COMMENT '位置',
`email` varchar(50) DEFAULT NULL COMMENT '用户邮箱',
`gender` varchar(10) DEFAULT NULL COMMENT '性别',
`remark` varchar(500) DEFAULT NULL COMMENT '用户备注(各平台中的用户个人介绍)',
`source` varchar(20) DEFAULT NULL COMMENT '用户来源',
PRIMARY KEY (`uuid`)
);
3. 示例代码
使用SpringBoot插件justauth-spring-boot-starter搭建工程。
- 创建项目
- 修改pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.c3stones</groupId>
<artifactId>spring-boot-justauth-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>spring-boot-justauth-demo</name>
<description>Spring Boot JustAuth Demo</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.8.RELEASE</version>
<relativePath />
</parent>
<dependencies>
<dependency>
<groupId>com.xkcoding.justauth</groupId>
<artifactId>justauth-spring-boot-starter</artifactId>
<version>1.3.4.beta</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.3.1</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.4.1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<!--阿里云私服 -->
<repository>
<id>aliyun</id>
<name>aliyun</name>
<url>http://maven.aliyun.com/nexus/content/groups/public</url>
</repository>
<!--中央仓库 -->
<repository>
<id>oss snapshot</id>
<name>oss snapshot</name>
<url>http://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</project>
- 创建响应实体
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
/**
* 响应实体
*
* @author CL
*
*/
@Getter
@Setter
@AllArgsConstructor
@NoArgsConstructor
public class Response {
/**
* 响应码
*/
private int code;
/**
* 响应消息体
*/
private String msg;
/**
* 失败响应
*
* @param msg 响应消息体
* @return
*/
public static Response error(String msg) {
return new Response(500, msg);
}
/**
* 成功响应
*
* @param msg 响应消息体
* @return
*/
public static Response success(String msg) {
return new Response(200, msg);
}
}
- 创建Redis配置类
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.data.redis.RedisAutoConfiguration;
import org.springframework.cache.Cache;
import org.springframework.cache.annotation.CachingConfigurerSupport;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.cache.interceptor.CacheErrorHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.cache.RedisCacheConfiguration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.RedisSerializationContext;
import org.springframework.data.redis.serializer.StringRedisSerializer;
/**
* Redis配置类
*
* @author CL
*
*/
@Slf4j
@EnableCaching
@Configuration
@AutoConfigureAfter(RedisAutoConfiguration.class)
public class RedisConfig extends CachingConfigurerSupport {
/**
* 注入RedisTemplate
*
* @param redisConnectionFactory Redis连接工厂
* @return
*/
@Bean(name = "redisTemplate")
@ConditionalOnMissingBean(name = "redisTemplate")
public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
RedisTemplate<Object, Object> template = new RedisTemplate<>();
template.setValueSerializer(new Jackson2JsonRedisSerializer<Object>(Object.class));
template.setHashValueSerializer(new Jackson2JsonRedisSerializer<>(Object.class));
template.setKeySerializer(new StringRedisSerializer());
template.setHashKeySerializer(new StringRedisSerializer());
template.setConnectionFactory(redisConnectionFactory);
return template;
}
/**
* 缓存错误处理
*/
@Bean
@Override
public CacheErrorHandler errorHandler() {
log.info("初始化 -> [{}]", "Redis CacheErrorHandler");
return new CacheErrorHandler() {
@Override
public void handleCacheGetError(RuntimeException e, Cache cache, Object key) {
log.error("Redis occur handleCacheGetError:key -> [{}]", key, e);
}
@Override
public void handleCachePutError(RuntimeException e, Cache cache, Object key, Object value) {
log.error("Redis occur handleCachePutError:key -> [{}];value -> [{}]", key, value, e);
}
@Override
public void handleCacheEvictError(RuntimeException e, Cache cache, Object key) {
log.error("Redis occur handleCacheEvictError:key -> [{}]", key, e);
}
@Override
public void handleCacheClearError(RuntimeException e, Cache cache) {
log.error("Redis occur handleCacheClearError:", e);
}
};
}
/**
* 注入Redis缓存配置类
*
* @return
*/
@Bean(name = { "redisCacheConfiguration" })
public RedisCacheConfiguration redisCacheConfiguration() {
RedisCacheConfiguration configuration = RedisCacheConfiguration.defaultCacheConfig();
configuration = configuration
.serializeKeysWith(
RedisSerializationContext.SerializationPair.fromSerializer(new StringRedisSerializer()))
.serializeValuesWith(RedisSerializationContext.SerializationPair
.fromSerializer(new Jackson2JsonRedisSerializer<>(Object.class)));
return configuration;
}
}
- 创建Token缓存到Redis工具类
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.BoundHashOperations;
import org.springframework.data.redis.core.RedisTemplate;
import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.model.AuthToken;
/**
* 授权Token缓存Redis
*
* @author CL
*
*/
@Configuration
public class JustAuthTokenCache {
@SuppressWarnings("rawtypes")
@Autowired
private RedisTemplate redisTemplate;
private BoundHashOperations<String, String, AuthToken> valueOperations;
@SuppressWarnings("unchecked")
@PostConstruct
public void init() {
valueOperations = redisTemplate.boundHashOps("JUSTAUTH::TOKEN");
}
/**
* 保存Token
*
* @param uuid 用户uuid
* @param authUser 授权用户
* @return
*/
public AuthToken saveorUpdate(String uuid, AuthToken authToken) {
valueOperations.put(uuid, authToken);
return authToken;
}
/**
* 根据用户uuid查询Token
*
* @param uuid 用户uuid
* @return
*/
public AuthToken getByUuid(String uuid) {
Object token = valueOperations.get(uuid);
if (null == token) {
return null;
}
return JSONObject.parseObject(JSONObject.toJSONString(token), AuthToken.class);
}
/**
* 查询所有Token
*
* @return
*/
public List<AuthToken> listAll() {
return new LinkedList<>(Objects.requireNonNull(valueOperations.values()));
}
/**
* 根据用户uuid移除Token
*
* @param uuid 用户uuid
* @return
*/
public void remove(String uuid) {
valueOperations.delete(uuid);
}
}
- 创建实体类
import java.io.Serializable;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import lombok.AllArgsConstructor;
import lombok.NoArgsConstructor;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
/**
* 授权用户信息
*
* @author CL
*
*/
@NoArgsConstructor
@AllArgsConstructor
@TableName(value = "t_ja_user")
public class JustAuthUser extends AuthUser implements Serializable {
private static final long serialVersionUID = 1L;
/**
* 用户第三方系统的唯一id。在调用方集成该组件时,可以用uuid + source唯一确定一个用户
*/
@TableId(type = IdType.INPUT)
private String uuid;
/**
* 用户授权的token信息
*/
@TableField(exist = false)
private AuthToken token;
/**
* 第三方平台返回的原始用户信息
*/
@TableField(exist = false)
private JSONObject rawUserInfo;
/**
* 自定义构造函数
*
* @param authUser 授权成功后的用户信息,根据授权平台的不同,获取的数据完整性也不同
*/
public JustAuthUser(AuthUser authUser) {
super(authUser.getUuid(), authUser.getUsername(), authUser.getNickname(), authUser.getAvatar(),
authUser.getBlog(), authUser.getCompany(), authUser.getLocation(), authUser.getEmail(),
authUser.getRemark(), authUser.getGender(), authUser.getSource(), authUser.getToken(),
authUser.getRawUserInfo());
}
}
- 创建Mapper
import org.apache.ibatis.annotations.Mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.c3stones.entity.JustAuthUser;
/**
* 授权用户Mapper
*
* @author CL
*
*/
@Mapper
public interface JustAuthUserMapper extends BaseMapper<JustAuthUser> {
}
- 创建Service
import com.baomidou.mybatisplus.extension.service.IService;
import com.c3stones.entity.JustAuthUser;
/**
* 授权用户Service
*
* @author CL
*
*/
public interface JustAuthUserService extends IService<JustAuthUser> {
/**
* 保存或更新授权用户
*
* @param justAuthUser 授权用户
* @return
*/
boolean saveOrUpdate(JustAuthUser justAuthUser);
/**
* 根据用户uuid查询信息
*
* @param uuid 用户uuid
* @return
*/
JustAuthUser getByUuid(String uuid);
/**
* 根据用户uuid移除信息
*
* @param uuid 用户uuid
* @return
*/
boolean removeByUuid(String uuid);
}
- 创建Service实现类
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.c3stones.cache.JustAuthTokenCache;
import com.c3stones.entity.JustAuthUser;
import com.c3stones.mapper.JustAuthUserMapper;
import com.c3stones.service.JustAuthUserService;
/**
* 授权用户Service实现
*
* @author CL
*
*/
@Service
public class JustAuthUserServiceImpl extends ServiceImpl<JustAuthUserMapper, JustAuthUser>
implements JustAuthUserService {
@Autowired
private JustAuthTokenCache justAuthTokenCache;
/**
* 保存或更新授权用户
*
* @param justAuthUser 授权用户
* @return
*/
@Override
public boolean saveOrUpdate(JustAuthUser justAuthUser) {
justAuthTokenCache.saveorUpdate(justAuthUser.getUuid(), justAuthUser.getToken());
return super.saveOrUpdate(justAuthUser);
}
/**
* 根据用户uuid查询信息
*
* @param uuid 用户uuid
* @return
*/
@Override
public JustAuthUser getByUuid(String uuid) {
JustAuthUser justAuthUser = super.getById(uuid);
if (justAuthUser != null) {
justAuthUser.setToken(justAuthTokenCache.getByUuid(uuid));
}
return justAuthUser;
}
/**
* 根据用户uuid移除信息
*
* @param uuid 用户uuid
* @return
*/
@Override
public boolean removeByUuid(String uuid) {
justAuthTokenCache.remove(uuid);
return super.removeById(uuid);
}
}
- 创建授权Controller
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import com.alibaba.fastjson.JSON;
import com.c3stones.common.Response;
import com.c3stones.entity.JustAuthUser;
import com.c3stones.service.JustAuthUserService;
import com.xkcoding.justauth.AuthRequestFactory;
import lombok.extern.slf4j.Slf4j;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.request.AuthRequest;
import me.zhyd.oauth.utils.AuthStateUtils;
/**
* 授权Controller
*
* @author CL
*
*/
@Slf4j
@RestController
@RequestMapping("/oauth")
public class AuthController {
@Autowired
private AuthRequestFactory factory;
@Autowired
private JustAuthUserService justAuthUserService;
/**
* 登录
*
* @param type 第三方系统类型,例如:gitee/baidu
* @param response
* @throws IOException
*/
@GetMapping("/login/{type}")
public void login(@PathVariable String type, HttpServletResponse response) throws IOException {
AuthRequest authRequest = factory.get(type);
response.sendRedirect(authRequest.authorize(AuthStateUtils.createState()));
}
/**
* 登录回调
*
* @param type 第三方系统类型,例如:gitee/baidu
* @param callback
* @return
*/
@SuppressWarnings("unchecked")
@RequestMapping("/{type}/callback")
public Response login(@PathVariable String type, AuthCallback callback) {
AuthRequest authRequest = factory.get(type);
AuthResponse<AuthUser> response = authRequest.login(callback);
log.info("【response】= {}", JSON.toJSONString(response));
if (response.ok()) {
justAuthUserService.saveOrUpdate(new JustAuthUser(response.getData()));
return Response.success(JSON.toJSONString(response));
}
return Response.error(response.getMsg());
}
/**
* 收回
*
* @param type 第三方系统类型,例如:gitee/baidu
* @param uuid 用户uuid
* @return
*/
@SuppressWarnings("unchecked")
@RequestMapping("/revoke/{type}/{uuid}")
public Response revoke(@PathVariable String type, @PathVariable String uuid) {
AuthRequest authRequest = factory.get(type);
JustAuthUser justAuthUser = justAuthUserService.getByUuid(uuid);
if (null == justAuthUser) {
return Response.error("用户不存在");
}
AuthResponse<AuthToken> response = null;
try {
response = authRequest.revoke(justAuthUser.getToken());
if (response.ok()) {
justAuthUserService.removeByUuid(justAuthUser.getUuid());
return Response.success("用户 [" + justAuthUser.getUsername() + "] 的 授权状态 已收回!");
}
return Response.error("用户 [" + justAuthUser.getUsername() + "] 的 授权状态 收回失败!" + response.getMsg());
} catch (AuthException e) {
return Response.error(e.getErrorMsg());
}
}
/**
* 刷新
*
* @param type 第三方系统类型,例如:gitee/baidu
* @param uuid 用户uuid
* @return
*/
@SuppressWarnings("unchecked")
@RequestMapping("/refresh/{type}/{uuid}")
@ResponseBody
public Response refresh(@PathVariable String type, @PathVariable String uuid) {
AuthRequest authRequest = factory.get(type);
JustAuthUser justAuthUser = justAuthUserService.getByUuid(uuid);
if (null == justAuthUser) {
return Response.error("用户不存在");
}
AuthResponse<AuthToken> response = null;
try {
response = authRequest.refresh(justAuthUser.getToken());
if (response.ok()) {
justAuthUser.setToken(response.getData());
justAuthUserService.saveOrUpdate(justAuthUser);
return Response.success("用户 [" + justAuthUser.getUsername() + "] 的 access token 已刷新!新的 accessToken: "
+ response.getData().getAccessToken());
}
return Response.error("用户 [" + justAuthUser.getUsername() + "] 的 access token 刷新失败!" + response.getMsg());
} catch (AuthException e) {
return Response.error(e.getErrorMsg());
}
}
}
- 创建启动类
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* 启动类
*
* @author CL
*
*/
@SpringBootApplication
public class JustAuthApplication {
public static void main(String[] args) {
SpringApplication.run(JustAuthApplication.class, args);
}
}
- 创建配置文件
在resources目录下创建application.yml,其中client-id和client-secret待在对应的开放平台创建应用后回填。
server:
port: 8443
spring:
datasource:
driverClassName: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/justauth?useSSL=false&useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
username: root
password: 123456
redis:
host: 127.0.0.1
port: 6379
password: 123456
# 连接超时时间(记得添加单位,Duration)
timeout: 2000ms
# Redis默认情况下有16个分片,这里配置具体使用的分片
database: 0
lettuce:
pool:
# 连接池最大连接数(使用负值表示没有限制) 默认 8
maxActive: 8
# 连接池中的最大空闲连接 默认 8
maxIdle: 8
# Mybatis-plus配置
mybatis-plus:
mapper-locations: classpath:mapper/*.xml
global-config:
db-config:
id-type: AUTO
configuration:
# 打印sql
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
# 日志配置
logging:
level:
com.xkcoding: debug
# 第三方系统认证
justauth:
enabled: true
type:
BAIDU:
client-id: xxxxxx
client-secret: xxxxxx
redirect-uri: http://127.0.0.1:8443/oauth/baidu/callback
GITEE:
client-id: xxx
client-secret: xxx
redirect-uri: http://127.0.0.1:8443/oauth/gitee/callback
cache:
# 缓存类型(default-使用JustAuth内置的缓存、redis-使用Redis缓存、custom-自定义缓存)
type: redis
# 缓存前缀,目前只对redis缓存生效,默认 JUSTAUTH::STATE::
prefix: 'JUATAUTH::STATE::'
# 超时时长,目前只对redis缓存生效,默认3分钟
timeout: 3m
4. 创建应用
- 百度创建应用
- 注册百度开发者账号。
1.1 注册开发者账号:百度Passport - 创建第三方授权应用
2.1 配置应用:开发者服务管理
2.2 创建工程
2.3 安全设置
将配置文件中justauth.type.BAIDU.redirect-uri的值http://127.0.0.1:8443/oauth/baidu/callback复制到授权回调页文本框中。
2.4 信息回填
将API Key和Secret Key复制到配置文件中的justauth.type.BAIDU.client-id、justauth.type.BAIDU.client-secret属性。
其他第三方平台创建请浏览:集成第三方
5. 测试
- 登录
浏览器访问地址:http://127.0.0.1:8443/oauth/login/baidu,即可获取到对应信息。
请观察数据库及Redis中数据变化。 - 刷新Token
浏览器访问地址:http://127.0.0.1:8443/oauth/refresh/baidu/[uuid],其中uuid为数据库表中的uuid。
目前插件中已实现的可刷新的第三方应用有限,请查看AuthRequest.refresh方法的实现类。
请观察Redis中数据变化。 - 移除Token
浏览器访问地址:http://127.0.0.1:8443/oauth/revoke/baidu/[uuid],其中uuid为数据库表中的uuid。
目前插件中已实现的可刷新的第三方应用有限,请查看AuthRequest.revoke方法的实现类。
请观察数据库及Redis中数据变化。
