How Springboot implements third-party login to the website
Step 1: Create an interface that inherits AuthService, WeChatAuthService, as follows
public interface WeChatAuthService extends AuthService {
public JSONObject getUserInfo(String accessToken, String openId);
}Step 2: The specific implementation of WeChatService is as follows
@Service
public class WeChatAuthServiceImpl extends DefaultAuthServiceImpl implements WeChatAuthService {
private Logger logger = LoggerFactory.getLogger(WeChatAuthServiceImpl.class);
//请求此地址即跳转到二维码登录界面
private static final String AUTHORIZATION_URL =
"https://open.weixin.qq.com/connect/qrconnect?appid=%s&redirect_uri=%s&response_type=code&scope=%s&state=%s#wechat_redirect";
// 获取用户 openid 和access——toke 的 URL
private static final String ACCESSTOKE_OPENID_URL =
"https://api.weixin.qq.com/sns/oauth3/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code";
private static final String REFRESH_TOKEN_URL =
"https://api.weixin.qq.com/sns/oauth3/refresh_token?appid=%s&grant_type=refresh_token&refresh_token=%s";
private static final String USER_INFO_URL =
"https://api.weixin.qq.com/sns/userinfo?access_token=%s&openid=%s&lang=zh_CN";
private static final String APP_ID="xxxxxx";
private static final String APP_SECRET="xxxxxx";
private static final String SCOPE = "snsapi_login";
private String callbackUrl = "https://www.xxx.cn/auth/wechat"; //回调域名
@Override
public String getAuthorizationUrl() throws UnsupportedEncodingException {
callbackUrl = URLEncoder.encode(callbackUrl,"utf-8");
String url = String.format(AUTHORIZATION_URL,APP_ID,callbackUrl,SCOPE,System.currentTimeMillis());
return url;
}
@Override
public String getAccessToken(String code) {
String url = String.format(ACCESSTOKE_OPENID_URL,APP_ID,APP_SECRET,code);
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url);
URI uri = builder.build().encode().toUri();
String resp = getRestTemplate().getForObject(uri, String.class);
logger.error("getAccessToken resp = "+resp);
if(resp.contains("openid")){
JSONObject jsonObject = JSONObject.parseObject(resp);
String access_token = jsonObject.getString("access_token");
String openId = jsonObject.getString("openid");;
JSONObject res = new JSONObject();
res.put("access_token",access_token);
res.put("openId",openId);
res.put("refresh_token",jsonObject.getString("refresh_token"));
return res.toJSONString();
}else{
throw new ServiceException("获取token失败,msg = "+resp);
}
}
//微信接口中,token和openId是一起返回,故此方法不需实现
@Override
public String getOpenId(String accessToken) {
return null;
}
@Override
public JSONObject getUserInfo(String accessToken, String openId){
String url = String.format(USER_INFO_URL, accessToken, openId);
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url);
URI uri = builder.build().encode().toUri();
String resp = getRestTemplate().getForObject(uri, String.class);
logger.error("getUserInfo resp = "+resp);
if(resp.contains("errcode")){
throw new ServiceException("获取用户信息错误,msg = "+resp);
}else{
JSONObject data =JSONObject.parseObject(resp);
JSONObject result = new JSONObject();
result.put("id",data.getString("unionid"));
result.put("nickName",data.getString("nickname"));
result.put("avatar",data.getString("headimgurl"));
return result;
}
}
//微信的token只有2小时的有效期,过时需要重新获取,所以官方提供了
//根据refresh_token 刷新获取token的方法,本项目仅仅是获取用户
//信息,并将信息存入库,所以两个小时也已经足够了
@Override
public String refreshToken(String refresh_token) {
String url = String.format(REFRESH_TOKEN_URL,APP_ID,refresh_token);
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url);
URI uri = builder.build().encode().toUri();
ResponseEntity<JSONObject> resp = getRestTemplate().getForEntity(uri,JSONObject.class);
JSONObject jsonObject = resp.getBody();
String access_token = jsonObject.getString("access_token");
return access_token;
}
}Step 3:
Called in Controller, the code is as follows:
@RequestMapping(value = "/wxLoginPage",method = RequestMethod.GET)
public JSONObject wxLoginPage() throws Exception {
String uri = weChatAuthService.getAuthorizationUrl();
return loginPage(uri);
}
@RequestMapping(value = "/wechat")
public void callback(String code,HttpServletRequest request,HttpServletResponse response) throws Exception {
String result = weChatAuthService.getAccessToken(code);
JSONObject jsonObject = JSONObject.parseObject(result);
String access_token = jsonObject.getString("access_token");
String openId = jsonObject.getString("openId");
// String refresh_token = jsonObject.getString("refresh_token");
// 保存 access_token 到 cookie,两小时过期
Cookie accessTokencookie = new Cookie("accessToken", access_token);
accessTokencookie.setMaxAge(60 *2);
response.addCookie(accessTokencookie);
Cookie openIdCookie = new Cookie("openId", openId);
openIdCookie.setMaxAge(60 *2);
response.addCookie(openIdCookie);
//根据openId判断用户是否已经登陆过
KmsUser user = userService.getUserByCondition(openId);
if (user == null) {
response.sendRedirect(request.getContextPath() + "/student/html/index.min.html#/bind?type="+Constants.LOGIN_TYPE_WECHAT);
} else {
//如果用户已存在,则直接登录
response.sendRedirect(request.getContextPath() + "/student/html/index.min.html#/app/home?open_id=" + openId);
}
}Step 4:
Front-end js , first request auth/wxLoginPage to obtain the authorization address. After the user authorizes it, /auth/wechat will be called back. Just perform logical processing in this method.
Pitfalls encountered:
1. When configuring the callback domain name on the WeChat official website, there is no need for some http or https protocol, you only need to write the domain, for example http://baidu.com, you only need to fill in baidu.com. If you want to jump to a method of a Controller under the project, such as baidu.com/auth/wechat, just configure it. You need to configure baidu.com, and you don’t need to specify the subsequent auth/wechat. You can just write the subsequent address when configuring the callback address in the code. The code should be configured as https://baidu.com/auth/wechat
2. When jumping to the authorization QR code interface, you will sometimes encounter a situation where the QR code cannot be displayed. This is because of the callback address in the code. According to the configuration in the above code, it should be No problem
The above is the detailed content of How Springboot implements third-party login to the website. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How Springboot integrates Jasypt to implement configuration file encryption
Jun 01, 2023 am 08:55 AM
Introduction to Jasypt Jasypt is a java library that allows a developer to add basic encryption functionality to his/her project with minimal effort and does not require a deep understanding of how encryption works. High security for one-way and two-way encryption. , standards-based encryption technology. Encrypt passwords, text, numbers, binaries... Suitable for integration into Spring-based applications, open API, for use with any JCE provider... Add the following dependency: com.github.ulisesbocchiojasypt-spring-boot-starter2. 1.1Jasypt benefits protect our system security. Even if the code is leaked, the data source can be guaranteed.
How SpringBoot integrates Redisson to implement delay queue
May 30, 2023 pm 02:40 PM
Usage scenario 1. The order was placed successfully but the payment was not made within 30 minutes. The payment timed out and the order was automatically canceled. 2. The order was signed and no evaluation was conducted for 7 days after signing. If the order times out and is not evaluated, the system defaults to a positive rating. 3. The order is placed successfully. If the merchant does not receive the order for 5 minutes, the order is cancelled. 4. The delivery times out, and push SMS reminder... For scenarios with long delays and low real-time performance, we can Use task scheduling to perform regular polling processing. For example: xxl-job Today we will pick
How to use Redis to implement distributed locks in SpringBoot
Jun 03, 2023 am 08:16 AM
1. Redis implements distributed lock principle and why distributed locks are needed. Before talking about distributed locks, it is necessary to explain why distributed locks are needed. The opposite of distributed locks is stand-alone locks. When we write multi-threaded programs, we avoid data problems caused by operating a shared variable at the same time. We usually use a lock to mutually exclude the shared variables to ensure the correctness of the shared variables. Its scope of use is in the same process. If there are multiple processes that need to operate a shared resource at the same time, how can they be mutually exclusive? Today's business applications are usually microservice architecture, which also means that one application will deploy multiple processes. If multiple processes need to modify the same row of records in MySQL, in order to avoid dirty data caused by out-of-order operations, distribution needs to be introduced at this time. The style is locked. Want to achieve points
How to solve the problem that springboot cannot access the file after reading it into a jar package
Jun 03, 2023 pm 04:38 PM
Springboot reads the file, but cannot access the latest development after packaging it into a jar package. There is a situation where springboot cannot read the file after packaging it into a jar package. The reason is that after packaging, the virtual path of the file is invalid and can only be accessed through the stream. Read. The file is under resources publicvoidtest(){Listnames=newArrayList();InputStreamReaderread=null;try{ClassPathResourceresource=newClassPathResource("name.txt");Input
How to implement Springboot+Mybatis-plus without using SQL statements to add multiple tables
Jun 02, 2023 am 11:07 AM
When Springboot+Mybatis-plus does not use SQL statements to perform multi-table adding operations, the problems I encountered are decomposed by simulating thinking in the test environment: Create a BrandDTO object with parameters to simulate passing parameters to the background. We all know that it is extremely difficult to perform multi-table operations in Mybatis-plus. If you do not use tools such as Mybatis-plus-join, you can only configure the corresponding Mapper.xml file and configure The smelly and long ResultMap, and then write the corresponding sql statement. Although this method seems cumbersome, it is highly flexible and allows us to
How SpringBoot customizes Redis to implement cache serialization
Jun 03, 2023 am 11:32 AM
1. Customize RedisTemplate1.1, RedisAPI default serialization mechanism. The API-based Redis cache implementation uses the RedisTemplate template for data caching operations. Here, open the RedisTemplate class and view the source code information of the class. publicclassRedisTemplateextendsRedisAccessorimplementsRedisOperations, BeanClassLoaderAware{//Declare key, Various serialization methods of value, the initial value is empty @NullableprivateRedisSe
Comparison and difference analysis between SpringBoot and SpringMVC
Dec 29, 2023 am 11:02 AM
SpringBoot and SpringMVC are both commonly used frameworks in Java development, but there are some obvious differences between them. This article will explore the features and uses of these two frameworks and compare their differences. First, let's learn about SpringBoot. SpringBoot was developed by the Pivotal team to simplify the creation and deployment of applications based on the Spring framework. It provides a fast, lightweight way to build stand-alone, executable
How to get the value in application.yml in springboot
Jun 03, 2023 pm 06:43 PM
In projects, some configuration information is often needed. This information may have different configurations in the test environment and the production environment, and may need to be modified later based on actual business conditions. We cannot hard-code these configurations in the code. It is best to write them in the configuration file. For example, you can write this information in the application.yml file. So, how to get or use this address in the code? There are 2 methods. Method 1: We can get the value corresponding to the key in the configuration file (application.yml) through the ${key} annotated with @Value. This method is suitable for situations where there are relatively few microservices. Method 2: In actual projects, When business is complicated, logic
