开发文档

token

URI

http://{Keycloak server}:{Keycloak port}/auth/realms/imanager/protocol/openid-connect/token

支持的方法

POST

介绍

根据账户信息获取 token,没有token不能访问iManager。

支持的表述格式:JSON。

HTTP 请求方法

对如下 URI 执行 HTTP 请求,以 json 输出格式为例加以说明,其中,{Keycloak server}是Keycloak服务器名,需要用服务器IP替换;{Keycloak port}是Keycloak端口,需要用实际端口替换。

http://{Keycloak server}:{Keycloak port}/auth/realms/imanager/protocol/openid-connect/token

Post 请求

用户获取 Token。

请求头格式

Content-Type: application/x-www-form-urlencoded

Host: {Keycloak server}:{Keycloak port}

请求参数

获取 Token 时应在请求体中传递如下参数:

名称 类型 含义
client_id String 产品名称(固定为“imanager”)
username String 用户名
password String 用户密码
grant_type String 获取类型(固定为“password”)

响应结构

名称 说明
access_token 获取到的凭证
expires_in 凭证有效时间;单位:秒
refresh_expires_in 刷新凭证过期时间;单位:秒
refresh_token 凭证过期后用于获取新的凭证
token_type 凭证种类

响应示例

对 tokens 资源执行 POST 请求,URL: http://192.168.17.139:30474/auth/realms/imanager/protocol/openid-connect/token,如下所示:

请求头:

Content-Type: application/x-www-form-urlencoded
Host: 192.168.17.139:30474

请求体:

client_id=imanager&username=admin&password=admin&grant_type=password

返回的内容如下:

{
"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlWVE3WDVFaGMxeV9mbUl5RGtoZEhFejlxSjNPYWp1enR3RG9ybW8zaGFnIn0.eyJqdGkiOiIyMjA0ODNiMi05OGZjLTRmZDYtYmY2ZS1mOTkxYmE2NTAwZGYiLCJleHAiOjE1NTE4NjUwMDEsIm5iZiI6MCwiaWF0IjoxNTUxODY0NzAxLCJpc3MiOiJodHRwOi8vMTkyLjE2OC4xNy4xMzk6MzA0NzQvYXV0aC9yZWFsbXMvaW1hbmFnZXIiLCJhdWQiOiJpbWFuYWdlciIsInN1YiI6ImJkYTBlYmY1LWE3OGEtNDljMS05M2NkLWIyN2FhN2E2MzkxYyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImltYW5hZ2VyIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZWEzNTZkMmMtOWM2MS00OTE0LTk3ZGYtZDY2NDAyMDYwNWEwIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsImFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iLCJ1c2VycyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImlzZXJ2ZXItMTQiOnsicm9sZXMiOlsiQURNSU4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJsb2NhbGUiOiJ6aC1DTiJ9.ej6Ct3oY7EJaaqIGltaJeyBlyC6lbo7ovQ6Hj6s9VSLPweoA7ugz5EGJiFdKcUojYen_RpdHSYsrwuFtYVEu9iTLDVdnxqmpGon90_XsuyA0TQEj9nJQ7IU7WaaqeHdSDMwA7m-QZHXZ0hkURyun18uTcp6JqkXWrynT9_wZZqe_ICpAUxsNUx4p3rBxxt6dlNmvPOLoqv8SIs9_wpJ0MoHKZ0RLR0Fwr14eHcCIHwgleMcOKqMHwCE_GmIVEvgZbO-SiaZQ6Vv4aP670FB_1DnEwqperTeFxpKQLdDfjOe-xF82DaNqBufAdm7FyG4OPc991ixm33fM8Yl-lmTM-Q",
"expires_in":300,
"refresh_expires_in":1800,
"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2MTRkMDkwZi0wMDYzLTRmNWQtYWJkNy03NjExMDViOGFjZDAifQ.eyJqdGkiOiI0Y2YzMzBiMS1mYjA0LTQzOTMtYTAyMy1kZWRhY2UzYjAxMDUiLCJleHAiOjE1NTE4NjY1MDEsIm5iZiI6MCwiaWF0IjoxNTUxODY0NzAxLCJpc3MiOiJodHRwOi8vMTkyLjE2OC4xNy4xMzk6MzA0NzQvYXV0aC9yZWFsbXMvaW1hbmFnZXIiLCJhdWQiOiJpbWFuYWdlciIsInN1YiI6ImJkYTBlYmY1LWE3OGEtNDljMS05M2NkLWIyN2FhN2E2MzkxYyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJpbWFuYWdlciIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6ImVhMzU2ZDJjLTljNjEtNDkxNC05N2RmLWQ2NjQwMjA2MDVhMCIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsImFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iLCJ1c2VycyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImlzZXJ2ZXItMTQiOnsicm9sZXMiOlsiQURNSU4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.wYCP_SBRaMILwFHr63vudKASt7KV9eBHzQMet3XPUFw",
"token_type":"bearer",
"not-before-policy":0,
"session_state":"0dd081f8-caaf-4c3c-8f5e-d45f707f5569",
"scope":"email profile"
}

得到类似以上的返回内容,则成功获取token,token为”access_token”中的内容。有了”access_token”,用户才可以顺利访问iManager。

使用token

通过POST请求获取”access_token”后,在未登录的状态下执行资源请求,以 http://{iManager server}:{iManager port}/imanager/dashboard/web/api/alert/problem 为例。有三种实现资源请求的方式:Authroization Header、Form-Encoded Body Parameter、URI Query Parameter,这三种方式按优先级依次递减。

注:

  1. “access_token”的有效时间为五分钟。token过期后,请用”refresh_token”获取新的token(“refresh_token”有效时间为三十分钟),或重新获取”access_token”。
  2. 这里URL中的{iManager server}{iManager port}为iManager的IP和端口(获取”access_token”时使用的是Keycloak的IP与端口)。

Authorization Header

请求头格式:

GET {resource} HTTP/1.1

Host: {server}:{port}
Authorization: Bearer {access_token}

实例:

GET http://192.168.17.139:31100/imanager/dashboard/web/api/alert/problem HTTP/1.1

Host: 192.168.17.139:31100

authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlWVE3WDVFaGMxeV9mbUl5RGtoZEhFejlxSjNPYWp1enR3RG9ybW8zaGFnIn0.eyJqdGkiOiIyMjA0ODNiMi05OGZjLTRmZDYtYmY2ZS1mOTkxYmE2NTAwZGYiLCJleHAiOjE1NTE4NjUwMDEsIm5iZiI6MCwiaWF0IjoxNTUxODY0NzAxLCJpc3MiOiJodHRwOi8vMTkyLjE2OC4xNy4xMzk6MzA0NzQvYXV0aC9yZWFsbXMvaW1hbmFnZXIiLCJhdWQiOiJpbWFuYWdlciIsInN1YiI6ImJkYTBlYmY1LWE3OGEtNDljMS05M2NkLWIyN2FhN2E2MzkxYyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImltYW5hZ2VyIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZWEzNTZkMmMtOWM2MS00OTE0LTk3ZGYtZDY2NDAyMDYwNWEwIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsImFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iLCJ1c2VycyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImlzZXJ2ZXItMTQiOnsicm9sZXMiOlsiQURNSU4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJsb2NhbGUiOiJ6aC1DTiJ9.ej6Ct3oY7EJaaqIGltaJeyBlyC6lbo7ovQ6Hj6s9VSLPweoA7ugz5EGJiFdKcUojYen_RpdHSYsrwuFtYVEu9iTLDVdnxqmpGon90_XsuyA0TQEj9nJQ7IU7WaaqeHdSDMwA7m-QZHXZ0hkURyun18uTcp6JqkXWrynT9_wZZqe_ICpAUxsNUx4p3rBxxt6dlNmvPOLoqv8SIs9_wpJ0Mo`HKZ0RLR0Fwr14eHcCIHwgleMcOKqMHwCE_GmIVEvgZbO-SiaZQ6Vv4aP670FB_1DnEwqperTeFxpKQLdDfjOe-xF82DaNqBufAdm7FyG4OPc991ixm33fM8Yl-lmTM-Q`

返回的 json 格式的响应结果如下:

{
  "number":0,
  "from":0,
  "to":0
}

Form-Encoded Body Parameter

当客户端无法使用Authorization Header时,使用该方法。

请求头格式:

POST {resource} HTTP/1.1

Host: `server:port
Content-Type: application/x-www-form-urlencoded

请求体格式:

access_token={access_token}

注:
`Form-Encoded Body Parameter不支持GET请求,请求体必须遵循application/x-www-form-urlencoded编码,不支持Json等格式,参数间以“&”隔开。

URI Query Parameter

当以上两种方式都无法请求时,使用该方法:

请求头格式:

GET {resource}?access_token={access_token} HTTP/1.1

Host: serer:port
Cache-Control: no-store

实例:

Get http://192.168.17.139:31100/imanager/dashboard/web/api/alert/problem?access_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlWVE3WDVFaGMxeV9mbUl5RGtoZEhFejlxSjNPYWp1enR3RG9ybW8zaGFnIn0.eyJqdGkiOiIyMjA0ODNiMi05OGZjLTRmZDYtYmY2ZS1mOTkxYmE2NTAwZGYiLCJleHAiOjE1NTE4NjUwMDEsIm5iZiI6MCwiaWF0IjoxNTUxODY0NzAxLCJpc3MiOiJodHRwOi8vMTkyLjE2OC4xNy4xMzk6MzA0NzQvYXV0aC9yZWFsbXMvaW1hbmFnZXIiLCJhdWQiOiJpbWFuYWdlciIsInN1YiI6ImJkYTBlYmY1LWE3OGEtNDljMS05M2NkLWIyN2FhN2E2MzkxYyIsInR5cCI6IkJlYXJlciIsImF6cCI6ImltYW5hZ2VyIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiZWEzNTZkMmMtOWM2MS00OTE0LTk3ZGYtZDY2NDAyMDYwNWEwIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsImFkbWluIiwidW1hX2F1dGhvcml6YXRpb24iLCJ1c2VycyJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImlzZXJ2ZXItMTQiOnsicm9sZXMiOlsiQURNSU4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJsb2NhbGUiOiJ6aC1DTiJ9.ej6Ct3oY7EJaaqIGltaJeyBlyC6lbo7ovQ6Hj6s9VSLPweoA7ugz5EGJiFdKcUojYen_RpdHSYsrwuFtYVEu9iTLDVdnxqmpGon90_XsuyA0TQEj9nJQ7IU7WaaqeHdSDMwA7m-QZHXZ0hkURyun18uTcp6JqkXWrynT9_wZZqe_ICpAUxsNUx4p3rBxxt6dlNmvPOLoqv8SIs9_wpJ0MoHKZ0RLR0Fwr14eHcCIHwgleMcOKqMHwCE_GmIVEvgZbO-SiaZQ6Vv4aP670FB_1DnEwqperTeFxpKQLdDfjOe-xF82DaNqBufAdm7FyG4OPc991ixm33fM8Yl-lmTM-Q HTTP/1.1`

Host: 192.168.17.139:31100
Cache-Control: no-store

返回的 json 格式的响应结果如下:

{
   "number":0,
   "from":0,
   "to":0
}