shiro教程-第十八章

shiro-example-chapter17-client/pom.xml

@@ -25,12 +25,6 @@
         </dependency>
 
 
-        <dependency>
-            <groupId>org.apache.oltu.oauth2</groupId>
-            <artifactId>org.apache.oltu.oauth2.common</artifactId>
-            <version>0.31</version>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.oltu.oauth2</groupId>
             <artifactId>org.apache.oltu.oauth2.client</artifactId>

shiro-example-chapter17-client/src/main/java/com/github/zhangkaitao/shiro/chapter18/oauth2/OAuth2AuthenticationFilter.java

@@ -70,14 +70,15 @@ protected boolean onAccessDenied(ServletRequest request, ServletResponse respons
 
         String error = request.getParameter("error");
         String errorDescription = request.getParameter("error_description");
-        if(!StringUtils.isEmpty(error)) {
+        if(!StringUtils.isEmpty(error)) {//如果服务端返回了错误
             WebUtils.issueRedirect(request, response, failureUrl + "?error=" + error + "error_description=" + errorDescription);
             return false;
         }
 
         Subject subject = getSubject(request, response);
         if(!subject.isAuthenticated()) {
             if(StringUtils.isEmpty(request.getParameter(authcCodeParam))) {
+                //如果用户没有身份验证，且没有auth code，则重定向到服务端授权
                 saveRequestAndRedirectToLogin(request, response);
                 return false;
             }

shiro-example-chapter17-client/src/main/java/com/github/zhangkaitao/shiro/chapter18/oauth2/OAuth2Realm.java

@@ -50,7 +50,7 @@ public void setRedirectUrl(String redirectUrl) {
 
     @Override
     public boolean supports(AuthenticationToken token) {
-        return token instanceof OAuth2Token;
+        return token instanceof OAuth2Token;//表示此Realm只支持OAuth2Token类型
     }
 
     @Override
@@ -73,6 +73,8 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     private String extractUsername(String code) {
 
         try {
+            OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
+
             OAuthClientRequest accessTokenRequest = OAuthClientRequest
                     .tokenLocation(accessTokenUrl)
                     .setGrantType(GrantType.AUTHORIZATION_CODE)
@@ -82,7 +84,6 @@ private String extractUsername(String code) {
                     .setRedirectURI(redirectUrl)
                     .buildQueryMessage();
 
-            OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
             OAuthAccessTokenResponse oAuthResponse = oAuthClient.accessToken(accessTokenRequest, OAuth.HttpMethod.POST);
 
             String accessToken = oAuthResponse.getAccessToken();

shiro-example-chapter17-client/src/main/resources/spring-config-shiro.xml

@@ -89,7 +89,7 @@
         <property name="arguments" ref="securityManager"/>
     </bean>
 
-    <!-- 基于Form表单的身份验证过滤器 -->
+    <!-- OAuth2身份验证过滤器 -->
     <bean id="oAuth2AuthenticationFilter" class="com.github.zhangkaitao.shiro.chapter18.oauth2.OAuth2AuthenticationFilter">
         <property name="authcCodeParam" value="code"/>
         <property name="failureUrl" value="/oauth2Failure.jsp"/>

shiro-example-chapter17-server/pom.xml

@@ -24,13 +24,6 @@
             <version>3.2.1</version>
         </dependency>
 
-
-        <dependency>
-            <groupId>org.apache.oltu.oauth2</groupId>
-            <artifactId>org.apache.oltu.oauth2.common</artifactId>
-            <version>0.31</version>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.oltu.oauth2</groupId>
             <artifactId>org.apache.oltu.oauth2.authzserver</artifactId>

shiro-example-chapter17-server/src/main/java/com/github/zhangkaitao/shiro/chapter17/service/ClientService.java

@@ -20,6 +20,6 @@ public interface ClientService {
     List<Client> findAll();
 
     Client findByClientId(String clientId);
-    Client findByClientSecret(String clientId);
+    Client findByClientSecret(String clientSecret);
 
 }

shiro-example-chapter17-server/src/main/java/com/github/zhangkaitao/shiro/chapter17/service/UserService.java

@@ -10,8 +10,6 @@
  * <p>Version: 1.0
  */
 public interface UserService {
-
-
     /**
      * 创建用户
      * @param user
@@ -29,9 +27,6 @@ public interface UserService {
      */
     public void changePassword(Long userId, String newPassword);
 
-    public boolean checkUsernamePassword(String username, String password);
-
-
     User findOne(Long userId);
 
     List<User> findAll();

shiro-example-chapter17-server/src/main/java/com/github/zhangkaitao/shiro/chapter17/service/UserServiceImpl.java

@@ -53,21 +53,6 @@ public void changePassword(Long userId, String newPassword) {
         userDao.updateUser(user);
     }
 
-    @Override
-    public boolean checkUsernamePassword(String username, String password) {
-        User dbUser = findByUsername(username);
-        if(dbUser == null) {
-            return false;
-        }
-
-        User tmpUser = new User();
-        tmpUser.setUsername(dbUser.getUsername());
-        tmpUser.setSalt(dbUser.getSalt());
-        tmpUser.setPassword(password);
-        passwordHelper.encryptPassword(tmpUser);
-        return tmpUser.getPassword().equals(dbUser.getPassword());
-    }
-
     @Override
     public User findOne(Long userId) {
         return userDao.findOne(userId);