StormPath Spring Boot身份驗證Cookie生成

Question

我剛開始爲我們正在構建的新Rest API平臺使用stormpath-default-spring-boot-starter（1.2.0）庫。我希望在驗證用戶時通過以下代碼生成訪問cookie，以便隨後的API調用可以通過cookie進行身份驗證。帳戶已通過身份驗證，但Cookie未生成。

AuthenticationRequest request = UsernamePasswordRequests.builder() 
.setUsernameOrEmail(userId) 
.setPassword(pwd) 
.withResponseOptions(UsernamePasswordRequests.options().withAccount()) 
.build(); 
Account account = null; 

try { 
account = app.authenticateAccount(request).getAccount(); 
} 
catch (ResourceException ex) { 
throw(ex); 
} 

Following here is the property file entries, 

stormpath.spring.security.enabled = false 
security.basic.enabled = false 

Help is much appreciated. 

Answer 1

我想你可能會在這裏混合上下文。

您提供的代碼看起來像直接使用Java SDK而不使用集成時所需的手動代碼類型，如Stormpath Spring Boot集成。

當您使用Stormpath Default Spring Boot Starter時，您會自動獲得一堆端點，您可以使用這些端點進行身份驗證並設置Cookie。

例如，您有一個/login端點。

如果你打開示例應用程序，你應該能夠去：

curl localhost:8080/login

你會得到一個登錄模式，看起來是這樣的：

{ 
    "form": { 
     "fields": [ 
      { 
       "name": "login", 
       "label": "Username or Email", 
       "placeholder": "Username or Email", 
       "required": true, 
       "type": "text" 
      }, 
      { 
       "name": "password", 
       "label": "Password", 
       "placeholder": "Password", 
       "required": true, 
       "type": "password" 
      } 
     ] 
    } 
} 

你然後可以使用POST進行身份驗證：

curl -v -H "Content-Type: application/json" -X POST \ 
-d '{"login": "<email>", "password": "<password>"}' \ 
http://localhost:8080/login 

您會看到這樣的響應：

> POST /login HTTP/1.1 
> Host: localhost:8080 
< HTTP/1.1 200 
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly 
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly 
< Content-Type: application/json 
< Transfer-Encoding: chunked 
< Date: Mon, 05 Dec 2016 05:30:25 GMT 
< 
* Connection #0 to host localhost left intact 
{ 
    "account": { 
     "href": "https://api.stormpath.com/v1/accounts/<account id>", 
     "createdAt": "2016-03-04T06:29:48.506Z", 
     "modifiedAt": "2016-08-17T18:01:07.812Z", 
     "username": "<username>", 
     "email": "<email>", 
     "givenName": "<givenName>", 
     "middleName": null, 
     "surname": "<surname>", 
     "status": "ENABLED", 
     "fullName": "<full name>", 
     "emailVerificationStatus": null, 
     "passwordModifiedAt": "2016-05-24T02:14:01.000Z" 
    } 
} 

該響應包含兩個access_token和refresh_token餅乾以及包含該帳戶信息的JSON響應。

如果你想使用的OAuth2，你有一個/oauth/token端點同時支持grant_type=password和grant_type=client_credentials流量：

curl -v -X POST \ 
-d grant_type=password -d username=<email> -d password=<password> \ 
http://localhost:8080/oauth/token 

你會得到這樣的迴應：

> POST /oauth/token HTTP/1.1 
> Host: localhost:8080 
< HTTP/1.1 200 
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly 
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly 
< Cache-Control: no-store, no-cache 
< Pragma: no-cache 
< Content-Type: application/json;charset=ISO-8859-1 
< Content-Length: 933 
< Date: Mon, 05 Dec 2016 05:38:53 GMT 
< 
* Connection #0 to host localhost left intact 
{ 
    "access_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...", 
    "refresh_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...", 
    "token_type": "Bearer", 
    "expires_in": 3600 
} 

希望這有助於！

完全披露：我是Stormpath的Java開發人員福音工作者之一