Exemple #1
0
  /** 用户选择登陆渠道 */
  @RequestMapping("/preLogin.do")
  public void preLogin(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException, ApiException {
    String regMethod = request.getParameter("regMethod");
    if ("weibo".equalsIgnoreCase(regMethod)) { // 新浪微博登陆
      weibo4j.Oauth oauth = new weibo4j.Oauth();
      try {
        String openUrl = oauth.authorize("code", ConstatVar.WEIBO_APPKEY, ConstatVar.WEIBO_SECRET);
        response.sendRedirect(openUrl);
      } catch (weibo4j.model.WeiboException e) {
        e.printStackTrace();
        // TODO 跳转到错误页,提示用户重新选择注册渠道
      }
    } else if ("qq".equalsIgnoreCase(regMethod)) { // QQ登陆
      com.qq.connect.oauth.Oauth oauth = new com.qq.connect.oauth.Oauth();
      try {
        String openUrl = oauth.getAuthorizeURL(request);
        response.sendRedirect(openUrl);
      } catch (com.qq.connect.QQConnectException e) {
        e.printStackTrace();
        // TODO 跳转到错误页,提示用户重新选择注册渠道
      }
    } else if ("taobao".equalsIgnoreCase(regMethod)) { // Taobao登陆

      // TODO
    } else {
      response.sendRedirect("/loginPage.do");
    }
    return;
  }
  /**
   * 新浪登录返回接受器 接受从新浪登录后返回的信息 对enService进行解密,解密后的参数名为service,并进行URLEnCoder转码
   *
   * @param request
   * @param response
   * @return
   */
  @RequestMapping("ologin")
  public String execute(
      ModelMap model, final HttpServletRequest request, final HttpServletResponse response) {
    Map paramMap = getRequestMap(request);
    String v = paramMap.get("uv") != null ? paramMap.get("uv").toString() : null;
    if (!authorized(request, response, paramMap)) { // 非法第三方登录请求
      // model.addAttribute("redirUrl", "/login");
      // model.addAttribute("retMessage", "非法操作,系统将在3 秒后返回...");
      // return "result";
      return getRedirectLoginUrl(v);
    }

    String code = (String) paramMap.get("code");
    // String state = (String)paramMap.get("state");
    // 删除对应参数
    if (null == code || "".equals(code)) {
      return getRedirectLoginUrl(v);
    } else { // 删除对应参数
      paramMap.remove("code");
      paramMap.remove("state");
    }

    String enKey = request.getParameter(OUserConstant.ENCRYPT_SERVICE_TAG);
    if (!StringUtil.isEmpty(enKey)) {
      paramMap.remove(OUserConstant.ENCRYPT_SERVICE_TAG);
    }
    Oauth oauth = new Oauth();
    // 获取accCode
    AccessToken accToken;
    try {
      accToken = oauth.getAccessTokenByCode(code);
      if (accToken == null) {
        throw new WeiboException("code验证失败: " + code);
      }
      String paramStr = urlTransService.getUrl(enKey);
      Map<String, Object> oParaMap = new HashMap<String, Object>();
      oParaMap.put("token", accToken);
      return createdBindUrl(
          accToken.getUid(), OUserConstant.SINA_TYPE, paramStr, request, response, oParaMap);
    } catch (WeiboException e) {
      e.printStackTrace();
    }
    return getRedirectLoginUrl(v);
  }
  // 授权,生成access_token
  // 使用情形:①程序初始化;②每隔一天左右重新授权access_token
  public static void generate() {
    initAccountInfo();
    accessToken.clear();

    logger.info("用户授权中...");
    try {
      // https://api.weibo.com/oauth2/authorize?client_id=750123511&redirect_uri=https://api.weibo.com/oauth2/default.html&response_type=code
      String url = "https://api.weibo.com/oauth2/authorize";
      String redirectUri = "https://api.weibo.com/oauth2/default.html";

      for (int i = 0; i < accountInfo.size(); i++) {
        // 获取应用的信息
        clientId = WeiboConfig.getValue("client_ID");
        clientSecret = WeiboConfig.getValue("client_SERCRET");

        // 构造授权的url参数
        PostMethod postMethod = new PostMethod(url);
        postMethod.addParameter("client_id", clientId);
        postMethod.addParameter("redirect_uri", redirectUri);
        postMethod.addParameter("userId", accountInfo.get(i).getUserId());
        postMethod.addParameter("passwd", accountInfo.get(i).getPasswd());
        postMethod.addParameter("isLoginSina", "0");
        postMethod.addParameter("action", "submit");
        postMethod.addParameter("response_type", "code");
        HttpMethodParams param = postMethod.getParams();
        param.setContentCharset("UTF-8");

        // 伪造头部域信息
        List<Header> headers = new ArrayList<Header>();
        headers.add(
            new Header(
                "Referer",
                "https://api.weibo.com/oauth2/authorize?client_id="
                    + clientId
                    + "&redirect_uri="
                    + redirectUri
                    + "&from=sina&response_type=code"));
        headers.add(new Header("Host", "api.weibo.com"));
        headers.add(
            new Header(
                "User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0"));

        // 发送HTTP请求
        HttpClient client = new HttpClient();
        client.getHostConfiguration().getParams().setParameter("http.default-headers", headers);
        client.executeMethod(postMethod);

        // 获取授权响应
        int status = postMethod.getStatusCode();
        if (status == 302) {
          Header location = postMethod.getResponseHeader("location");
          if (location != null) {
            String retUrl = location.getValue();
            int begin = retUrl.indexOf("code=");
            int end = retUrl.length();
            String code = retUrl.substring(begin + 5, end);
            if (code != null) {
              Oauth oauth = new Oauth();
              String token = oauth.getAccessTokenByCode(code).getAccessToken();
              accessToken.add(token);
              logger.info("第" + (i + 1) + "个access_token:" + token);
            }
          }
        } else {
          logger.error("第" + (i + 1) + "个用户授权失败了!");
        }
      }
    } catch (Exception e) {
      e.printStackTrace();
      logger.error("授权发生异常!");
    }
  }
Exemple #4
0
  @RequestMapping("/bindWeibo")
  public void weiboLogin(HttpServletRequest request, HttpServletResponse response, String code) {
    try {
      ThirdPartyAccess xinlang = thirdPartyAccessService.findByType(ThirdPartyAccess.TYPE_XINLANG);
      GlobalSetting globalSetting = (GlobalSetting) request.getSession().getAttribute("setting");
      weibo4j.Oauth oauth = new weibo4j.Oauth();
      weibo4j.http.AccessToken accessTokenObj =
          oauth.getAccessTokenByCode(
              code,
              xinlang.getAccessKey(),
              xinlang.getAccessSecret(),
              "http://" + globalSetting.getAppUrl() + "/profile/bindWeibo");
      String accessToken = null, uid = null, tokenExpireIn = null;
      if ("".equals(accessTokenObj.getAccessToken())) {
        // 我们的网站被CSRF攻击了或者用户取消了授权
        // 做一些数据统计工作
        LOG.info("没有获取到响应参数");
      } else {
        accessToken = accessTokenObj.getAccessToken();
        tokenExpireIn = accessTokenObj.getExpireIn();

        request.getSession().setAttribute("token_expirein", String.valueOf(tokenExpireIn));

        // 利用获取到的accessToken 去获取当前用的uid -------- start
        Account am = new Account(accessToken);
        JSONObject uidObj = am.getUid();
        uid = uidObj.getString("uid");
        request.getSession().setAttribute("openId", uid);
        request.getSession().setAttribute("loginType", UserSession.TYPE_XINLANG);
        // 利用获取到的accessToken 去获取当前用户的openid --------- end
        // 为空代表首次登录,此处获取的信息尚未完全
        ThirdPartyAccount tpa = tpaService.findByOpenId(uid);
        if (tpa == null) {
          // 获取新浪微博用户的信息
          Users um = new Users(accessToken);
          weibo4j.model.User wUser = um.showUserById(uid);
          tpa = new ThirdPartyAccount();
          tpa.setOpenId(uid);
          tpa.setAccountType(UserSession.TYPE_XINLANG);
          tpa.setAccessToken(accessToken);

          tpa.setHeadIconHD(wUser.getAvatarHD());
          tpa.setHeadIconBig(wUser.getAvatarLarge());
          tpa.setHeadIconMid(wUser.getProfileImageUrl());
          tpa.setHeadIconSmall(wUser.getProfileImageUrl());
          tpa = tpaService.update(tpa);
        }
        UserSession userSession =
            (UserSession) request.getSession(false).getAttribute("userSession");
        tpa.setUser(userSession.getUser());
        tpaService.update(tpa);
        response.sendRedirect("thirdParty");
      }
    } catch (IOException e) {
      LOG.error("重定向回本站失败", e);
    } catch (WeiboException e) {
      LOG.error("连接到新浪失败", e);
    } catch (JSONException e) {
      LOG.error("JSON解析错误", e);
    }
  }