Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Javaで実装して学ぶOAuth 2.0!
Search
Masatoshi Tada
May 20, 2017
Technology
10
15k
Javaで実装して学ぶOAuth 2.0!
JJUG CCC 2017 Springでの発表資料です。
Masatoshi Tada
May 20, 2017
Tweet
Share
More Decks by Masatoshi Tada
See All by Masatoshi Tada
プロになるためのSpring上級知識 #jsug / advanced-spring-for-professionals
masatoshitada
3
1.9k
OpenID Connect 1.0 with Spring Security #jjug_ccc #jjug_ccc_b / oidc-with-spring-security
masatoshitada
1
1.3k
Flaskのセキュリティどうしてます?アクセス制御ライブラリCasbin入門! #pycharity / flask-authz-with-casbin
masatoshitada
0
830
今こそ知りたいSpring DI×AOP / spring-di-aop-for-every-developers
masatoshitada
4
1.9k
OAuth 2.0 with Spring Security #jjug_ccc #jjug_ccc_b / oauth2-with-spring-security
masatoshitada
4
1.8k
基礎から分かる!アプリケーション開発者のためのKubernetes入門 / kubernetes-basics-for-application-developers
masatoshitada
10
3.5k
2時間で分かる!Kubernetesとは何なのか / what-is-kubernetes
masatoshitada
0
890
Introduction to Resilience4j
masatoshitada
2
1k
SpringOne Platform 2019報告会 -概要、Resilience4j、LT- #jsug / springone-platform-2019
masatoshitada
0
1.1k
Other Decks in Technology
See All in Technology
アクセス制御にまつわる改善 / Improving access control
itkq
0
520
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
380
データベース02: データベースの概念
trycycle
0
150
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
開発パフォーマンスを最大化するための開発体制
ham0215
2
190
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
340
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
2
1.6k
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
150
Azure Container Apps + Bicep 〜 こんな感じで運用しています
kaz29
2
440
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
100
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
120
Featured
See All Featured
Embracing the Ebb and Flow
colly
80
4.1k
Designing the Hi-DPI Web
ddemaree
276
33k
Product Roadmaps are Hard
iamctodd
44
9.7k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
659
120k
Gamification - CAS2011
davidbonilla
76
4.6k
Building an army of robots
kneath
300
41k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Code Reviewing Like a Champion
maltzj
514
39k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Side Projects
sachag
451
41k
KATA
mclloyd
15
12k
The Pragmatic Product Professional
lauravandoore
25
5.8k
Transcript
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 +BWBͰֶ࣮ͯ͠Ϳ 0"VUIʂ
ג ΧαϨΞϧଟాਅහ ++6($$$4QSJOH
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ͜ͷηογϣϯʹ͍ͭͯ ▸
ೝՄϓϩτίϧʮ0"VUIʯʹ͍ͭͯɺ جૅ͔Βৄ͘͠ղઆ͠·͢ ▸ +BWBͰೝՄαʔόʔɾϦιʔεαʔόʔɾ ΫϥΠΞϯτΛ࣮ͨ͠ྫղઆ͠·͢ 2
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ࣗݾհ ▸
ଟాਅහʢ!TVLF@NBTBʣ ▸ ݚमτϨʔφʔ!ΧαϨΞϧ ▸ ઐɿ+BWB&&4QSJOH ▸ 1JWPUBMೝఆߨࢣ ▸ (MBTT'JTIϢʔβʔձӡӦϝϯόʔ ▸ ++6($$$ɿճ࿈ଓճͷొஃ 3
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 גࣜձࣾΧαϨΞϧ ▸
*5ڭҭˍγεςϜ։ൃ ▸ IUUQTXXXDBTBSFBMDPKQMTTFSWJDF PQFOTFNJOBSUPQJOEFYIUNM ▸ ଞࣾʹແ͍ϓϩάϥϛϯάݚम͕ڧΈʂ ▸ +BWB&&ɺ4QSJOHɺ1JWPUBMೝఆίʔεɺ"QQMFೝఆίʔ εɺ+BWB4DSJQUɺJ04ɺ"OESPJEɺɾɾɾ 4
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 5
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 6
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUIͱʁ 3'$ΑΓ
▸ ೝՄͷྲྀΕΛنఆͨ͠ϓϩτίϧ ▸ ʮαʔυύʔςΟʔΞϓϦέʔγϣϯʹΑΔ)551 αʔϏεͷݶఆతͳΞΫηεΛՄೳʹ͢ΔೝՄϑϨʔ ϜϫʔΫͰ͋Δʯ ▸ 0"VUIͱશ͘ͷผ ▸ ʮ0"VUIϓϩτίϧΛഇࢭ͠ɺͦͷସͱͳΔ ͷʯ 7
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ೝূͱೝՄ ▸
ೝূ "VUIFOUJDBUJPO"VUI/ "VUI$ ▸ ຊਓ֬ೝɻ͍ΘΏΔϩάΠϯɻ ▸ ೝՄ "VUIPSJ[BUJPO"VUI; ▸ ຊਓ֬ೝޙʹɺͦͷਓʹͦͷॲཧͷ࣮ߦݖݶ͕͋Δ͔ Ͳ͏͔ͷ֬ೝɻ 8
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ΞΫηετʔΫϯͱ ▸
ΫϥΠΞϯτ͕ϦιʔεαʔόʔʹΞΫηε͢Δ ࡍͷʮ௨ߦखܗʯͷΑ͏ͳͷ ▸ ೝՄαʔόʔ͔Βൃߦ͞ΕΔ 9 GET /api/todos HTTP 1.1 Host: resource-server.com Authorization:Bearer yd2Dcweij334SSx ΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 είʔϓͱ ▸
ΫϥΠΞϯτ͕ΞΫηεՄೳͳൣғ 10
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 11
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUIͷొਓ ᶃ
ϦιʔεΦʔφʔ 3FTPVSDF0XOFS ᶄ Ϧιʔεαʔόʔ 3FTPVSDF4FSWFS ᶅ ΫϥΠΞϯτ $MJFOU ᶆ ೝՄαʔόʔ "VUIPSJ[BUJPO4FSWFS 12 υΩϡϝϯτϥΠϒϥϦͰසग़ → ਖ਼֬ʹ֮͑Δ͜ͱ͕ॏཁʂ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃϦιʔεΦʔφʔ ▸
อޢ͞ΕͨϦιʔεͷΞΫηεΛڐՄ͢Δਓؒ ▸ ػցͷ߹͋Δ ▸ 5XJUUFSͳΒʮਓਓͷϢʔβʔʯ 13
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶄϦιʔεαʔόʔ ▸
อޢ͞ΕͨϦιʔεΛϗετ͢Δαʔόʔ ▸ ϦιʔεʹΞΫηε͢ΔʹΞΫηετʔΫϯ͕ඞཁ ▸ 5XJUUFSͳΒʮͭͿ͖αʔόʔʯ 14
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶅΫϥΠΞϯτ ▸
ϦιʔεΦʔφʔͷೝՄΛಘͯɺͦͷཧͱͯ͠อ ޢ͞ΕͨϦιʔεʹΞΫηε͢ΔΞϓϦέʔγϣϯ ▸ αʔόʔαΠυ8FCΞϓϦɺΫϥΠΞϯταΠυ8FCΞ ϓϦɺωΠςΟϒΞϓϦͳͲଟछଟ༷ ▸ 5XJUUFSͳΒʮUXJUUFSDPNʯʮ5XFFU%FDLʯʮJ04 "OESPJE༻ΫϥΠΞϯτʯʮ%PPSLFFQFSʯͳͲ 15
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶆೝՄαʔόʔ ▸
ϦιʔεΦʔφʔͷೝূͱೝՄऔಘͷޭޙɺ ΞΫηετʔΫϯΛΫϥΠΞϯτʹൃߦ͢Δαʔ όʔ ▸ 5XJUUFSͳΒʮϢʔβʔใαʔόʔʯ 16
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 5XJUUFSͰొਓ·ͱΊ 17
twitter.com ࠓCCC! ָ͠Έͩͳʔ Ϧιʔε Φʔφʔ ΫϥΠΞϯτ Ϧιʔεαʔόʔ ೝՄαʔόʔ ೝՄ ΞΫηε τʔΫϯ ༩ ΞΫηε τʔΫϯ ͭͿ͖ ̔ܦաʁ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <$.>+BWBݚम࣮ࢪதʂ ▸
+BWB&&+4'ɺ+1"ɺ$%*ʹΑΔεϚʔτ։ൃ ▸ +BWB&&+"934 ▸ 4QSJOH͡Ίͯͷ4QSJOH.7$ ▸ &⒎FDUJWF+BWBͷཧղͱ'JOE#VHTͷ׆༻ ▸ ͱ͜ͱΜ͏ʂ+6OJUϑΝϛϦʔ 18 https://www.casareal.co.jp/ls/service/openseminar/java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 19
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ΫϥΠΞϯτͷछྨʹΑΔͭͷάϥϯτλΠϓ ᶃ
ೝՄίʔυάϥϯτ ▸ ओʹαʔόʔαΠυ8FCΞϓϦ ᶄ ΠϯϓϦγοτάϥϯτ ▸ ओʹΫϥΠΞϯταΠυ8FCΞϓϦ ᶅ ϦιʔεΦʔφʔύεϫʔυΫϨσϯγϟϧάϥϯτ ▸ ओʹϦιʔεαʔόʔެࣜͷωΠςΟϒΞϓϦ ᶆ ΫϥΠΞϯτΫϨσϯγϟϧάϥϯτ ▸ ΫϥΠΞϯτࣗͷใʹΞΫηε͢Δ߹ͳͲ 20 ←ࠓճίϨ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ೝՄίʔυάϥϯτͷಛ ▸
ೝՄαʔόʔɺ·ͣΞΫηετʔΫϯͷҾ݊ ೝՄίʔυ ΛΫϥΠΞϯτʹൃߦ͢Δ ▸ ϦμΠϨΫτͱΫΤϦύϥϝʔλΛར༻ͯ͠ɺ8FCϒϥβ Λܦ༝ͯ͢͠ ▸ ΫϥΠΞϯτɺೝՄίʔυΛೝՄαʔόʔʹఏࣔ͠ɺ ΞΫηετʔΫϯΛड͚औΔ ▸ 8FCϒϥβʹΞΫηετʔΫϯΛ͞ͳ͍Α͏ʹ͢Δ ͨΊʢ͠8FCϒϥβ͕ѱ͍ਓʹͬऔΒΕͯͨΒΞτͳͷͰʣ 21
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ॏཁͳͭͷΤϯυϙΠϯτ ᶃ
ೝՄΤϯυϙΠϯτ ೝՄαʔόʔ ▸ ೝՄը໘ΛϨεϙϯε͢Δ63- ᶄ τʔΫϯΤϯυϙΠϯτ ೝՄαʔόʔ ▸ ΞΫηετʔΫϯΛൃߦ͢Δ63- ᶅ ϦμΠϨΫτΤϯυϙΠϯτ ΫϥΠΞϯτ ▸ ೝՄίʔυൃߦޙͷϦμΠϨΫτઌͷ63- 22
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ೝՄίʔυʹΑΔΞΫηετʔΫϯऔಘ 23
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ※ ※Webϒϥβɺ༷ॻͰʮϢʔβʔΤʔδΣϯτʯͱهࡌ͞Ε͍ͯ·͢ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ΞΫηετʔΫϯΛར༻ͨ͠ϦιʔεΞΫηε 24
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ٻॻ࡞ ࢿྉ༣ૹ Ϧιʔε αʔόʔ ᶃϦΫΤετ ᶅΞΫηε ɹτʔΫϯ ɹݕূ ᶆϢʔβʔใείʔϓ ᶈϨεϙϯε ᶉϨεϙϯε ᶇείʔϓΛ ɹνΣοΫ ᶄϦιʔεʹΞΫηε with ΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUI༷Ͱະఆٛͷ෦ᶃ 25
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ Ͳ͏ೝՄ͢Δ͔ܾ·ͬͯͳ͍ ˠ։ൃऀ͕࡞ΓࠐΉඞཁ͕͋Δ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUI༷Ͱະఆٛͷ෦ᶄ 26
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ٻॻ࡞ ࢿྉ༣ૹ Ϧιʔε αʔόʔ ᶃϦΫΤετ ᶅΞΫηε ɹτʔΫϯ ɹݕূ ᶆϢʔβʔใείʔϓ ᶈϨεϙϯε ᶉϨεϙϯε ᶇείʔϓΛ ɹνΣοΫ ᶄϦιʔεʹΞΫηε with ΞΫηετʔΫϯ ΞΫηετʔΫϯΛ ૹΔ෦Ҏ֎ ΄ͱΜͲະఆٛ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ΞΫηετʔΫϯείʔϓͷνΣοΫํ๏ "
Ϧιʔεαʔόʔ͔ΒೝՄ αʔόʔʹ͍߹ΘͤΔ # ڞ༗σʔλϕʔεͳͲΛར ༻͢Δ $ ϦιʔεαʔόʔͱೝՄαʔ όʔΛಉҰαʔόʔʹ͢Δ 27 ←ࠓճίϨ ※είʔϓΞΫηετʔΫϯ ʹؚΊΔํ๏͋ΔʢJWTʣ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUIͱʮೝূʯ ▸
0"VUIʮೝՄʯ ▸ ͔͠͠ʮೝূʯ͕ඞཁͳՕॴ͍͔ͭ͋͘Δ 28
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ೝূ͕ඞཁͳՕॴᶃ 29
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ ೝՄͨ͠ͷຊʹϦιʔεΦʔφʔʁ ˠϦιʔεΦʔφʔͷIDɾύεϫʔυͰೝূ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ೝূ͕ඞཁͳՕॴᶄ 30
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ ೝՄίʔυΛૹ͖ͬͯͨͷຊʹΫϥΠΞϯτʁ ˠclient_idɾclient_secretͰBASICೝূ ※client_idͱclient_secretɺೝՄαʔόʔʹࣄલʹൃߦͯ͠Β͏
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ೝূ͕ඞཁͳՕॴᶅ 31
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ٻॻ࡞ ࢿྉ༣ૹ Ϧιʔε αʔόʔ ᶃϦΫΤετ ᶅΞΫηε ɹτʔΫϯ ɹݕূ ᶆϢʔβʔใείʔϓ ᶈϨεϙϯε ᶉϨεϙϯε ᶇείʔϓΛ ɹνΣοΫ ᶄϦιʔεʹΞΫηε with ΞΫηετʔΫϯ ΞΫηετʔΫϯΛૹ͖ͬͯͨͷ ຊʹϦιʔεαʔόʔʁ ˠϦιʔεαʔόʔͷIDɾύεϫʔυ ͰBASICೝূ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ΞΫηετʔΫϯͷೝূʁ ▸
ΞΫηετʔΫϯൃߦޙͷϦιʔεΦʔφʔຊਓ ֬ೝ͠ͳ͍ ▸ ΞΫηετʔΫϯʹ༗ޮظݶΛ͚ͭΔɺ ΞΫηετʔΫϯͷ࠶ൃߦ SFGSFTIτʔΫϯ ɺ ΞΫηετʔΫϯͷണୣ SFWPLF ɺ ͳͲͷߟྀඞਢ ▸ ࣌ؒͷ߹্ɺࠓճ༰ʹؚΊ·ͤΜ 32
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUIͱ҉߸Խ ▸
҉߸Խඞਢ ▸ ೝՄίʔυɺΞΫηετʔΫϯɺೝূใͳͲɺ ػີใ͕ωοτϫʔΫ্ʹඈͼަ͏ͨΊ ▸ ͯ͢ͷ௨৴Λ)5514Ͱߦͬͨํ͕Α͍ 33 ̍̔ܦաʁ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <$.>1JWPUBMೝఆݚम࣮ࢪதʂ ▸
$PSF4QSJOH ▸ ᶃ݄ʙɺᶄ݄ʙ ▸ ϋΠϨϕϧͳʮ4QSJOHͷجૅʯ ▸ %*ɺ"01ɺςετɺ%#ɺτϥϯβΫγϣϯɺ 8FCɺ3&45ɺ4FDVSJUZɺ4QSJOH#PPUɺ .JDSPTFSWJDFTʜ 34 https://www.casareal.co.jp/ls/service/openseminar/pivotal
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 35
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ࠓճͷαϯϓϧΞϓϦ ▸
50%0ཧΞϓϦ ▸ ೝՄαʔόʔ ▸ Ϧιʔεαʔόʔ ▸ ಡΈॻ͖ΫϥΠΞϯτ ▸ ಡΉ͚ͩΫϥΠΞϯτ 36 ٻॻ࡞ ࢿྉ༣ૹ JSON HTML ΞΫηε τʔΫϯ ݕূ ίʔυ -> https://github.com/MasatoshiTada/oltu-todo
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 %&.0 37
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 "QBDIF0MUV ▸
0"VUIͷ+BWBʹΑΔࢀর࣮తͳଘࡏ ▸ IUUQTPMUVBQBDIFPSH ▸ 0"VUI༷Ͱܾ·͍ͬͯΔ෦ͷΈ࣮͞ Ε͍ͯΔ ▸ ࣗͰ࡞ΓࠐΉ෦͕ଟʑ͋Δ ▸ 0QFO*%$POOFDUɺ+85ͳͲͷػೳ͋Δ 38
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0MUVͷػೳ ▸
ڞ௨ ▸ ϦΫΤετϨεϙϯεΛΈཱͯΔ ▸ ඞཁͳύϥϝʔλؚ͕·Ε͍ͯΔ͔νΣοΫ͢Δ ▸ ೝՄαʔόʔ ▸ ೝՄίʔυΞΫηετʔΫϯΛੜ͢Δʢ.%PS 66*%ʣ ▸ ΞΫηετʔΫϯΛؚΉ+40/Λੜ͢Δ 39
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0MUVͷػೳ ଓ͖
▸ Ϧιʔεαʔόʔ ▸ ΞΫηετʔΫϯΛݕূ͢ΔαʔϒϨοτϑΟϧλʔ ▸ ΫϥΠΞϯτ ▸ ΞΫηετʔΫϯΛೝՄαʔόʔ͔Βऔಘ͢Δ 40
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ͦͷଞͷ0"VUIରԠϥΠϒϥϦ ▸
4QSJOH4FDVSJUZ0"VUI ▸ ߴػೳ͕ͩެࣜυΩϡϝϯτ͕গͳ͍ ▸ IUUQTQSPKFDUTTQSJOHJPTQSJOHTFDVSJUZPBVUIEPDT PBVUIIUNM ▸ 5FSBTPMVOB։ൃΨΠυϥΠϯ͕ৄ͍͠ʢઅ0"VUIʣ ▸ 4QSJOH4FDVSJUZʹ0"VUIػೳ͕ՃΘΔ༧ఆ ▸ IUUQTHJUIVCDPNTQSJOHQSPKFDUTTQSJOHTFDVSJUZUSFF NBTUFSPBVUI 41
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ͦͷଞͷ0"VUIରԠϥΠϒϥϦ ଓ͖
▸ QBDK ▸ IUUQXXXQBDKPSH ▸ ༷ʑͳϑϨʔϜϫʔΫͱͷ࿈ܞϥΠϒϥϦ͕͋Δ ▸ 4QSJOH.7$ɺ+"934ɺ1MBZɺ4QBSLɺɾɾɾ ▸ 4QSJOHҎ֎ͳΒ͔ͬͪ͜ʁʢະௐࠪʣ 42
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ͦͷଞͷ0"VUIରԠϥΠϒϥϦ ଓ͖
▸ +BWB&&4FDVSJUZ"1* ▸ +BWB&&͔Βͷ৽ػೳ ▸ 0"VUI&&͔Βͷ༧ఆ ▸ ࢀর࣮4PUFSJB ▸ IUUQTHJUIVCDPNKBWBFFTFDVSJUZTQFDTPUFSJB 43
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0MUVҎ֎ͷ༻ٕज़ ▸
͋͑ͯͷ+BWB&& ▸ +"934 +FSTFZ ▸ .7$ 0[BSL ▸ 1BZBSB.JDSP1SPpMF ࣮ߦՄೳ+"3 ▸ 5IZNFMFBG 44 ̎̑ܦաʁ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <$.>1JWPUBMೝఆݚम࣮ࢪதʂ ▸
4QSJOH#PPU%FWFMPQFS ▸ ॳճɿ݄ʙ ▸ 4QSJOH#PPUͷجૅ͔ΒԠ༻·Ͱ ▸ 1JWPUBMͱڞ࠵ͰମݧηϛφʔΓ·͢ʂ 45 https://www.casareal.co.jp/ls/service/openseminar/pivotal
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 46
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃॳճΞΫηε 47
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃॳճΞΫηε ▸
ΫϥΠΞϯτ͕·ͩΞΫηετʔΫϯΛ࣋ͬͯ ͍ͳ͍ ˠೝՄαʔόʔͷೝՄΤϯυϙΠϯτϦμΠϨ Ϋτ͢Δ ▸ ೝՄΤϯυϙΠϯτͷΞΫηεʹඞཁͳΫΤϦύϥ ϝʔλՃ͢Δ 48
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃॳճΞΫηε 49
ύϥϝʔλ໊ ҙຯ response_type ඞͣ”code”(ೝՄίʔυൃߦΛද͢) redirect_uri ϦμΠϨΫτΤϯυϙΠϯτͷURL state CSRFτʔΫϯ client_id ΫϥΠΞϯτΛࣝผ͢ΔID ▸ ඞཁͳΫΤϦύϥϝʔλҰཡ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃॳճΞΫηε ▸
ೝՄΤϯυϙΠϯτϦμΠϨΫτ͢Δίʔυ 50 // ϦμΠϨΫτઌͷURLΛΈཱͯΔ OAuthClientRequest oAuthRequest = OAuthClientRequest .authorizationLocation(“https://localhost:8888/api/authorize”) .setResponseType(“code”) .setClientId(“readwriteclient”) .setRedirectURI(“https://localhost:8081/api/redirect”) .setState("xyz") .buildQueryMessage(); // ೝՄΤϯυϙΠϯτϦμΠϨΫτ return Response.status(Response.Status.FOUND) .location(URI.create(oAuthRequest.getLocationUri())) .build(); readwrite-client/src/main/java/com/example/readwriteclient/web/exception/mapper/AccessTokenRequiredExceptionMapper.java ೝՄΤϯυϙΠϯτURL response_type client_id redirect_uri state※ ※stateͷ”xyz”ԾͷͰ͢ɻຊདྷϥϯμϜͳจࣈྻʹ͠·͢ɻ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃॳճΞΫηε ▸
ΫϥΠΞϯτ͔Β8FCϒϥβͷϨεϙϯε ▸ ೝՄαʔόʔͷೝՄΤϯυϙΠϯτϦμΠϨΫτ 51 302 FOUND Location: https://localhost:8888/api/authorize? response_type=code&redirect_uri=https%3A%2F%2Flo calhost%3A8081%2Fapi%2Fredirect&state=xyz&client _id=readwriteclient
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτʙᶅೝՄը໘ 52
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτʙᶅೝՄը໘ ▸
8FCϒϥβ͕ɺઌ΄ͲͷϦμΠϨΫτͰࢦఆ ͞Εͨ63-ʹϦΫΤετ 53 GET https://localhost:8888/api/authorize? response_type=code&redirect_uri=https%3A%2F%2Flo calhost%3A8081%2Fapi%2Fredirect&state=xyz&client _id=readwriteclient
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτʙᶅೝՄը໘ ▸
ೝՄΤϯυϙΠϯτͷίʔυ 54 @GET @Controller public String goToApprovalView(@Context HttpServletRequest req) throws OAuthProblemException, OAuthSystemException { // ϦΫΤετͷੜʢඞཁͳύϥϝʔλͷνΣοΫߦ͏ʣ OAuthAuthzRequest oAuthRequest = new OAuthAuthzRequest(req); …(தུ)… // ೝՄը໘ϑΥϫʔυ models.put("client", client); models.put("state", oAuthRequest.getState()); return "approval.html"; } authorization-server/src/main/java/com/example/authorizationserver/web/controller/AuthorizationController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτʙᶅೝՄը໘ ▸
ೝՄը໘͕Ϩεϙϯε͞ΕΔ 55
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶆೝՄʙᶇೝՄίʔυൃߦʴϦμΠϨΫτ 56
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶆೝՄʙᶇೝՄίʔυൃߦʴϦμΠϨΫτ ▸
ೝՄը໘ʹϦιʔεΦʔφʔͷ*%ɾύεϫʔυ Λೖྗͯ͠ೝՄ͢Δ 57
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶆೝՄʙᶇೝՄίʔυൃߦʴϦμΠϨΫτ ▸
ೖྗ͞Εͨ*%ͳͲΛड͚औΔίϯτϩʔϥʔ 58 @POST public Response approve(@FormParam("loginId") String loginId, @FormParam("password") String password, @FormParam("client_id") String clientId, @Context HttpServletRequest httpServletRequest) { // ϦιʔεΦʔφʔͷೝূ ResourceOwner resourceOwner = resourceOwnerService.findByLoginId(loginId); if (!resourceOwner.getPassword().equals(password)) { throw new NotAuthorizedException(…); } // ೝՄίʔυͷൃߦ OAuthIssuer oAuthIssuer = new OAuthIssuerImpl(new MD5Generator()); String authCode = oAuthIssuer.authorizationCode(); authorization-server/src/main/java/com/example/authorizationserver/web/controller/ApprovalController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶆೝՄʙᶇೝՄίʔυൃߦʴϦμΠϨΫτ 59
// ΫϥΠΞϯτͷऔಘ Client client = clientService.getClient(clientId); // ೝՄίʔυͱϦιʔεΦʔφʔΛϗϧμʔʹอଘ authorizationCodeHolder.addResourceOwner( authCode, resourceOwner); authorizationCodeHolder.addClient(authCode, client); // Ϩεϙϯεͷ࡞ OAuthResponse oAuthResponse = OAuthASResponse .authorizationResponse(httpServletRequest, 302) .setCode(authCode) // ೝՄίʔυ .setParam(“state”, state) // state .location(client.getRedirectUri()) // redirect_uri .buildQueryMessage(); // ΫϥΠΞϯτͷϦμΠϨΫτΤϯυϙΠϯτʹϦμΠϨΫτ return Response.status(oAuthResponse.getResponseStatus()) .location(URI.create(oAuthResponse.getLocationUri())) .build(); } authorization-server/src/main/java/com/example/authorizationserver/web/controller/ApprovalController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶆೝՄʙᶇೝՄίʔυൃߦʴϦμΠϨΫτ 60
▸ ೝՄαʔόʔ͔Β8FCϒϥβͷϨεϙϯε ▸ ΫϥΠΞϯτͷϦμΠϨΫτΤϯυϙΠϯτϦμΠ ϨΫτ 302 FOUND Location: https://localhost:8081/api/redirect? code=876c4b7339cd3a3bd416a0772fdbf8af&state=xyz ೝՄίʔυ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ 61
ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ᶃॳճΞΫηε ᶄೝՄΤϯυϙΠϯτʹϦμΠϨΫτ ᶅೝՄը໘ ᶆೝՄ ᶇೝՄίʔυൃߦʴϦμΠϨΫτ ᶈೝՄίʔυ ᶉΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ ▸
8FCϒϥβ͕ɺΫϥΠΞϯτͷϦμΠϨΫτ ΤϯυϙΠϯτʹϦΫΤετ 62 GET https://localhost:8081/api/redirect? code=876c4b7339cd3a3bd416a0772fdbf8af&state=xyz ೝՄίʔυ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ ▸
ΫϥΠΞϯτͷϦμΠϨΫτΤϯυϙΠϯτͷίʔυ 63 @GET @Controller public String redirect(@QueryParam("code") String authCode) { // τʔΫϯΤϯυϙΠϯτͷϦΫΤετͷੜ OAuthClientRequest oAuthClientRequest = OAuthClientRequest .tokenLocation("https://localhost:8888/api/token") .setClientId("readwriteclient") .setClientSecret("password") .setRedirectURI("https://localhost:8081/api/redirect") .setCode(authCode) .setGrantType(GrantType.AUTHORIZATION_CODE) .buildBodyMessage(); // BASICೝূϔομʔΛՃ oAuthClientRequest.addHeader(HttpHeaders.AUTHORIZATION, Constants.AUTH_HEADER_VALUE); readwrite-client/src/main/java/com/example/readwriteclient/web/controller/RedirectController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ 64
// τʔΫϯΤϯυϙΠϯτʹϦΫΤετͯ͠ɺΞΫηετʔΫϯΛऔಘ OAuthClient oAuthClient = new OAuthClient( new URLConnectionClient()); OAuthJSONAccessTokenResponse oAuthAccessTokenResponse = oAuthClient.accessToken(oAuthClientRequest); String accessToken = oAuthAccessTokenResponse.getAccessToken(); // ηογϣϯείʔϓͳϗϧμʔʹΞΫηετʔΫϯΛอଘ accessTokenHolder.setAccessToken(accessToken); // Ұཡը໘ʹϦμΠϨΫτ return "redirect:/todo/index"; } readwrite-client/src/main/java/com/example/readwriteclient/web/controller/RedirectController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ ▸
τʔΫϯΤϯυϙΠϯτͷϦΫΤετ༰ ▸ ΫϥΠΞϯτˠೝՄαʔόʔ 65 POST /api/token Host: localhost:8888 Authorization: Basic cmVhZHdyaXRlY2xpZW50OnBhc3N3b3Jk Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=876c4b7339cd3a3bd416 a0772fdbf8af&redirect_uri=https%3A%2F%2Flocalhost%3A808 1%2Fapi%2Fredirect
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ ▸
τʔΫϯΤϯυϙΠϯτͷίʔυ 66 @POST @Produces(MediaType.APPLICATION_JSON) public Response token( @Context HttpServletRequest httpServletRequest) { // τʔΫϯϦΫΤετʹඞཁͳύϥϝʔλΛνΣοΫ OAuthTokenRequest oauthRequest = new OAuthTokenRequest(httpServletRequest); …(தུ)… // ΞΫηετʔΫϯͱϦϑϨογϡτʔΫϯൃߦ OAuthIssuer oAuthIssuer = new OAuthIssuerImpl(new MD5Generator()); String accessToken = oAuthIssuer.accessToken(); String refreshToken = oAuthIssuer.refreshToken(); authorization-server/src/main/java/com/example/authorizationserver/web/controller/TokenController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ 67
// Ϩεϙϯε͢ΔJSONͷ࡞ OAuthResponse oAuthResponse = OAuthASResponse .tokenResponse(Response.Status.OK.getStatusCode()) .setAccessToken(accessToken) .setExpiresIn("3600") .setRefreshToken(refreshToken) .buildJSONMessage(); ɹ// ΫϥΠΞϯτʹ200 OKͰϨεϙϯε return Response.ok(oAuthResponse.getBody()) .build(); authorization-server/src/main/java/com/example/authorizationserver/web/controller/TokenController.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶈೝՄίʔυʙᶉΞΫηετʔΫϯ ▸
τʔΫϯΤϯυϙΠϯτ͔Βͷ+40/Ϩεϙϯε ▸ ೝՄαʔόʔˠΫϥΠΞϯτ 68 200 OK {"access_token":"ffb085abdadf4235c33aa0f042a4f5eb","ref resh_token":"b1669b4c5fdc984f9bd5252bc2f50f52","expires _in":3600} ΞΫηετʔΫϯ ̏̔ܦաʁ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <$.>+BWB4DSJQUݚम࣮ࢪதʂ ▸
"OHVMBS 5ZQF4DSJQU ▸ 3FBDU 3FEVY ▸ /PEFKT ▸ &$."4DSJQUجຊจ๏ 69 https://www.casareal.co.jp/ls/service/openseminar/html
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 70
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃϦΫΤετ ʙᶄϦιʔεʹΞΫηεXJUIΞΫηετʔΫϯ
71 ೝՄαʔόʔ ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ٻॻ࡞ ࢿྉ༣ૹ Ϧιʔε αʔόʔ ᶃϦΫΤετ ᶅΞΫηε ɹτʔΫϯ ɹݕূ ᶆϢʔβʔใείʔϓ ᶈϨεϙϯε ᶉϨεϙϯε ᶇείʔϓΛ ɹνΣοΫ ᶄϦιʔεʹΞΫηε with ΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃϦΫΤετ ʙᶄϦιʔεʹΞΫηεXJUIΞΫηετʔΫϯ
▸ ΫϥΠΞϯτ͔ΒϦιʔεαʔόʔʹϦΫΤετ ▸ ΞΫηετʔΫϯΛ"VUIPSJ[BUJPOϔομʔʹՃ 72 GET /api/v1/todos Authorization : Bearer ffb085abdadf4235c33aa0f042a4f5eb ΞΫηετʔΫϯ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 73 ೝՄαʔόʔ
ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ٻॻ࡞ ࢿྉ༣ૹ Ϧιʔε αʔόʔ ᶃϦΫΤετ ᶅΞΫηε ɹτʔΫϯ ɹݕূ ᶆϢʔβʔใείʔϓ ᶈϨεϙϯε ᶉϨεϙϯε ᶇείʔϓΛ ɹνΣοΫ ᶄϦιʔεʹΞΫηε with ΞΫηετʔΫϯ ᶅΞΫηετʔΫϯݕূʙᶆϢʔβʔใείʔϓ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶅΞΫηετʔΫϯݕূʙᶆϢʔβʔใείʔϓ ▸
ϦΫΤετΛड͚औͬͨϦιʔεαʔόʔɺ ϔομʔͰૹΒΕ͖ͯͨΞΫηετʔΫϯͷ ਖ਼ੑΛνΣοΫ͢Δ ▸ ຊʹೝՄαʔόʔ͕ൃߦͨ͠ͷʁ ▸ ຊʹ͜ͷΫϥΠΞϯτʹରͯ͠ൃߦ͞Εͨͷʁ 74
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶅΞΫηετʔΫϯݕূʙᶆϢʔβʔใείʔϓ ▸
"QBDIF0MUVͰɺϦιʔεαʔόʔ༻ͷ αʔϒϨοτϑΟϧλʔ͕༻ҙ͞Ε͍ͯΔ 75 <filter> <filter-name>OAuthFilter</filter-name> <filter-class> org.apache.oltu.oauth2.rsfilter.OAuthFilter </filter-class> </filter> <filter-mapping> <filter-name>OAuthFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> resource-server/src/main/webapp/WEB-INF/web.xml
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶅΞΫηετʔΫϯݕূʙᶆϢʔβʔใείʔϓ ▸
0"VUI'JMUFS͔Βɺ0"VUI341SPWJEFS࣮Ϋ ϥε͕ݺΕΔ ▸ XFCYNMʹԼهͷఆ͕ٛඞཁ 76 <context-param> <param-name>oauth.rs.provider-class</param-name> <param-value> com.example.resourceserver.oauth.MyOAuthRSProvider </param-value> </context-param> resource-server/src/main/webapp/WEB-INF/web.xml
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶅΞΫηετʔΫϯݕূʙᶆϢʔβʔใείʔϓ 77
public class MyOAuthRSProvider implements OAuthRSProvider { @Override public OAuthDecision validateRequest(String rsId, String accessToken, HttpServletRequest httpServletRequest) { // ೝՄαʔόʔHTTPΞΫηεͯ͠ΞΫηετʔΫϯͷਖ਼ੑνΣοΫ MultivaluedHashMap<String, String> formParams = …; formParams.putSingle("access_token", accessToken); Response response = ClientBuilder.newBuilder() .build() .target("https://localhost:8888/api/check_token") .request() .header("Content-Type", "application/x-www-form-urlencoded") .header("Authorization", Constants.AUTH_HEADER_VALUE) .post(Entity.form(formParams)); // ΞΫηετʔΫϯਖ਼ͳΒ200͕ฦͬͯ͘Δ if (response.getStatusInfo().equals(Response.Status.OK)) { // ΓΛฦ͢ } resource-server/src/main/java/com/example/resourceserver/oauth/MyOAuthRSProvider.java
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶅΞΫηετʔΫϯݕূʙᶆϢʔβʔใείʔϓ 78
▸ ೝՄαʔόʔ͔ΒͷϨεϙϯε 200 OK Content-Type: application/json { “login_id” : “user1”, “client” : { “client_id” : “readwriteclient”, … “scope_types” : [“read”, “write”] } } είʔϓใ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 79 ೝՄαʔόʔ
ΫϥΠΞϯτ Ϧιʔε Φʔφʔ Web ϒϥβ ٻॻ࡞ ࢿྉ༣ૹ Ϧιʔε αʔόʔ ᶃϦΫΤετ ᶅΞΫηε ɹτʔΫϯ ɹݕূ ᶆϢʔβʔใείʔϓ ᶈϨεϙϯε ᶉϨεϙϯε ᶇείʔϓΛ ɹνΣοΫ ᶄϦιʔεʹΞΫηε with ΞΫηετʔΫϯ ᶇείʔϓΛνΣοΫʙᶉϨεϙϯε
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶇείʔϓΛνΣοΫʙᶉϨεϙϯε ▸
Ϧιʔεαʔόʔͷίϯτϩʔϥʔϝιουʹ !3PMFT"MMPXFEͰείʔϓΛࢦఆ 80 @Path("/todos") public class TodoController { @RolesAllowed("read") @GET @Produces("application/json") public Response findAll() { … } @RolesAllowed("write") @POST @Consumes("application/json") public Response add(Todo todo) { … } } resource-server/src/main/java/com/example/resourceserver/web/controller/TodoController.java ̐̌ܦաʁ
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <$.>ଞʹ͍Ζ͍Ζ࣮ࢪதʂ ▸
4XJGU ▸ "OESPJE ▸ 4DBMB ▸ 3VCZ 81 https://www.casareal.co.jp/ls/service/openseminar/html
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 82
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUI༷ॻΑΓ ▸
ຊࢿྉͰະհͷࣄ߲ ▸ ೝՄίʔυϦμΠϨΫτ63*ͷૢ࡞ ▸ ϑΟογϯάΞλοΫ ▸ ΫϩεαΠτϦΫΤετϑΥʔδΣϦ ɾɾɾͳͲ ▸ ඞ༷ͣॻΛνΣοΫ͠·͠ΐ͏ʂ ▸ IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJP SGDKBIUNMBODIPS 83
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ηΩϡϦςΟؔ࿈ͷ༷ॻ ▸
3'$0"VUI5ISFBU.PEFMBOE 4FDVSJUZ$POTJEFSBUJPOT ▸ IUUQXXXSGDFEJUPSPSHJOGPSGD ▸ 3'$0"VUI5PLFO3FWPDBUJPO ▸ IUUQPQFOJEGPVOEBUJPOKBQBOHJUIVCJP SGDKBIUNM 84
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <$.> Ր
1BZBSB.FFUVQ ▸ 1BZBSB։ൃνʔϜͷॳདྷه೦Πϕϯτʂ ▸ ৭ʑͱؾʹͳΔ͜ͱΛฉ͍ͪΌ͍·͠ΐ͏ʂ ▸ ͓ਃࠐΈͪ͜Β ▸ IUUQTHMBTTpTIEPPSLFFQFSKQFWFOUT 85
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ᶃ 0"VUIͱʁ
ᶄ 0"VUIͷొਓ ᶅ 0"VUIͷೝՄͷྲྀΕ ᶆ αϯϓϧΞϓϦͷߏ ᶇ ৄࡉͱ࣮ɿΞΫηετʔΫϯऔಘ·Ͱ ᶈ ৄࡉͱ࣮ɿϦιʔεΞΫηε·Ͱ ᶉ ͦͷଞͷηΩϡϦςΟߟྀࣄ߲ ᶊ ·ͱΊ 86
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 0"VUIཧղͷϙΠϯτ ▸
༻ޠΛਖ਼֬ʹཧղ͠Α͏ʂ ▸ ୭͕୭ʹϦΫΤετ͍ͯ͠Δͷ͔ΛɺਤͰཧղ͠Α ͏ʂ ▸ ༷Ͱܾ·͍ͬͯΔ෦ɾܾ·͍ͬͯͳ͍෦Λ͖ͬ ͪΓ͚Α͏ʂ ▸ ຊࢿྉͰղઆͨ͜͠ͱ͕શͯͰͳ͍ͷͰɺ༷ॻ ΛඞͣνΣοΫ͠Α͏ʂ 87
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 "QBDIF0MUV͑Δ͔ʁ ▸
͋͘·Ͱʮֶश༻ʯͱ͍͏ͷ͕ݸਓతͳײ ▸ ػೳ͕࠷ݶͰੜ࢈ੑ͋·Γྑ͘ͳ͍ ▸ υΩϡϝϯτ͕গͳ͍ʴக໋తͳؒҧ͍ ▸ ͦͷଞͷηΩϡϦςΟࣄ߲ͯࣗ͢ݾ ▸ جຊతʹ4QSJOH4FDVSJUZ0"VUIQBDKͳ ͲΛͬͨ΄͏͕ྑ͍͔ 88
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 "QBDIF0MUVͷৄࡉ ▸
ΧαϨΞϧ0SHBOJ[BUJPOͷ2JJUBʹॻ͖·͢ ʢۙެ։ʂʣ ▸ ೝՄαʔόʔͷ࣮ ▸ Ϧιʔεαʔόʔͷ࣮ ▸ ΫϥΠΞϯτͷ࣮ 89
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 ͞Βʹֶश͢ΔͨΊʹ ▸
0"VUI༷ॻຊޠ൛ ▸ IUUQTPQFOJEGPVOEBUJPOKBQBOHJUIVCJPSGDKBIUNM ▸ 0"VUIΛ͡ΊΑ͏ ▸ IUUQTXXXPSFJMMZDPKQCPPLT ▸ 0"VUIશϑϩʔͷਤղͱಈը ▸ IUUQRJJUBDPN5BLBIJLP,BXBTBLJJUFNTFCGBG ▸ ࠓߋฉ͚ͳ͍0"VUI ▸ IUUQTXXXTMJEFTIBSFOFUQIQITBPBVUI 90
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 <ืू>τϨʔφʔΛͬͯΈ͍ͨํʂ ▸
͖ͳٕज़Λͱ͜ͱΜͬͯ ੈͷதʹΊΒΕΔʂ ▸ ߨࢣະܦݧ0,ʂ ▸ ϗϫΠτاۀʂ ▸ !TVLF@NBTBʢଟాʣ·Ͱ ͓ؾܰʹ5XJUUFS%.͍ͩ͘͞ʂ 91
(C) CASAREAL, Inc. All rights reserved. #jjug_ccc #ccc_e5 &OKPZ+BWB0"VUI ▸
͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ 92