mirror of
https://gitee.com/dromara/sa-token.git
synced 2025-05-06 21:57:59 +08:00
将检测授权类型交给client去校验而非全局
This commit is contained in:
Lee
parent
ad4f2fee7e
commit
03fed93422
@ -1,11 +1,11 @@
|
||||
package cn.dev33.satoken.oauth2.config;
|
||||
|
||||
import cn.dev33.satoken.util.SaResult;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.function.BiFunction;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
import cn.dev33.satoken.util.SaResult;
|
||||
|
||||
/**
|
||||
* Sa-Token-OAuth2 配置类 Model
|
||||
* @author kong
|
||||
@ -16,15 +16,19 @@ public class SaOAuth2Config implements Serializable {
|
||||
private static final long serialVersionUID = -6541180061782004705L;
|
||||
|
||||
/** 是否打开模式:授权码(Authorization Code) */
|
||||
@Deprecated
|
||||
public Boolean isCode = true;
|
||||
|
||||
/** 是否打开模式:隐藏式(Implicit) */
|
||||
@Deprecated
|
||||
public Boolean isImplicit = false;
|
||||
|
||||
/** 是否打开模式:密码式(Password) */
|
||||
@Deprecated
|
||||
public Boolean isPassword = false;
|
||||
|
||||
/** 是否打开模式:凭证式(Client Credentials) */
|
||||
@Deprecated
|
||||
public Boolean isClient = false;
|
||||
|
||||
/** 是否在每次 Refresh-Token 刷新 Access-Token 时,产生一个新的 Refresh-Token */
|
||||
|
||||
@ -59,6 +59,7 @@ public class SaOAuth2Consts {
|
||||
public static String refresh_token = "refresh_token";
|
||||
public static String password = "password";
|
||||
public static String client_credentials = "client_credentials";
|
||||
public static String implicit = "implicit";
|
||||
}
|
||||
|
||||
/** 表示OK的返回结果 */
|
||||
|
||||
@ -35,10 +35,13 @@ public class SaOAuth2Handle {
|
||||
SaResponse res = SaHolder.getResponse();
|
||||
SaOAuth2Config cfg = SaOAuth2Manager.getConfig();
|
||||
|
||||
//读取client_id,此参数在所有模式中必填
|
||||
String clientId = req.getParamNotNull(Param.client_id);
|
||||
|
||||
// ------------------ 路由分发 ------------------
|
||||
|
||||
// 模式一:Code授权码
|
||||
if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.code) && cfg.isCode) {
|
||||
if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.code) && (SaOAuth2Util.supportType(clientId,GrantType.authorization_code) || cfg.isCode)) {
|
||||
return authorize(req, res, cfg);
|
||||
}
|
||||
|
||||
@ -68,17 +71,17 @@ public class SaOAuth2Handle {
|
||||
}
|
||||
|
||||
// 模式二:隐藏式
|
||||
if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.token) && cfg.isImplicit) {
|
||||
if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.token) && (SaOAuth2Util.supportType(clientId,GrantType.implicit) || cfg.isImplicit)) {
|
||||
return authorize(req, res, cfg);
|
||||
}
|
||||
|
||||
// 模式三:密码式
|
||||
if(req.isPath(Api.token) && req.isParam(Param.grant_type, GrantType.password) && cfg.isPassword) {
|
||||
if(req.isPath(Api.token) && req.isParam(Param.grant_type, GrantType.password) && (SaOAuth2Util.supportType(clientId,GrantType.password) || cfg.isPassword)) {
|
||||
return password(req, res, cfg);
|
||||
}
|
||||
|
||||
// 模式四:凭证式
|
||||
if(req.isPath(Api.client_token) && req.isParam(Param.grant_type, GrantType.client_credentials) && cfg.isClient) {
|
||||
if(req.isPath(Api.client_token) && req.isParam(Param.grant_type, GrantType.client_credentials) && (SaOAuth2Util.supportType(clientId,GrantType.client_credentials) || cfg.isClient)) {
|
||||
return clientToken(req, res, cfg);
|
||||
}
|
||||
|
||||
|
||||
@ -1,21 +1,17 @@
|
||||
package cn.dev33.satoken.oauth2.logic;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import cn.dev33.satoken.SaManager;
|
||||
import cn.dev33.satoken.context.model.SaRequest;
|
||||
import cn.dev33.satoken.oauth2.SaOAuth2Manager;
|
||||
import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception;
|
||||
import cn.dev33.satoken.oauth2.logic.SaOAuth2Consts.Param;
|
||||
import cn.dev33.satoken.oauth2.model.AccessTokenModel;
|
||||
import cn.dev33.satoken.oauth2.model.ClientTokenModel;
|
||||
import cn.dev33.satoken.oauth2.model.CodeModel;
|
||||
import cn.dev33.satoken.oauth2.model.RefreshTokenModel;
|
||||
import cn.dev33.satoken.oauth2.model.RequestAuthModel;
|
||||
import cn.dev33.satoken.oauth2.model.SaClientModel;
|
||||
import cn.dev33.satoken.oauth2.model.*;
|
||||
import cn.dev33.satoken.strategy.SaStrategy;
|
||||
import cn.dev33.satoken.util.SaFoxUtil;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Sa-Token-OAuth2 模块 代码实现
|
||||
* @author kong
|
||||
@ -922,4 +918,12 @@ public class SaOAuth2Template {
|
||||
return SaManager.getConfig().getTokenName() + ":oauth2:grant-scope:" + clientId + ":" + loginId;
|
||||
}
|
||||
|
||||
/**
|
||||
* 检查是否支持的type类型
|
||||
*/
|
||||
public Boolean supportType(String clientId,String type){
|
||||
SaClientModel saClientModel = checkClientModel(clientId);
|
||||
return Arrays.asList(saClientModel.getAllowType().split(",")).contains(type);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -292,6 +292,16 @@ public class SaOAuth2Util {
|
||||
public static String getGrantScope(String clientId, Object loginId) {
|
||||
return saOAuth2Template.getGrantScope(clientId, loginId);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取:检查是否支持的授权类型
|
||||
* @param clientId 应用id
|
||||
* @param type 授权类型
|
||||
* @return 是否
|
||||
*/
|
||||
public static Boolean supportType(String clientId, String type) {
|
||||
return saOAuth2Template.supportType(clientId, type);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@ -31,15 +31,21 @@ public class SaClientModel implements Serializable {
|
||||
*/
|
||||
public String allowUrl;
|
||||
|
||||
/**
|
||||
* 应用允许授权的所有URL, 多个用逗号隔开
|
||||
*/
|
||||
public String allowType;
|
||||
|
||||
public SaClientModel() {
|
||||
|
||||
}
|
||||
public SaClientModel(String clientId, String clientSecret, String contractScope, String allowUrl) {
|
||||
public SaClientModel(String clientId, String clientSecret, String contractScope, String allowUrl,String allowType) {
|
||||
super();
|
||||
this.clientId = clientId;
|
||||
this.clientSecret = clientSecret;
|
||||
this.contractScope = contractScope;
|
||||
this.allowUrl = allowUrl;
|
||||
this.allowType = allowType;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -105,6 +111,22 @@ public class SaClientModel implements Serializable {
|
||||
this.allowUrl = allowUrl;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return 应用允许的授权模式, 多个用逗号隔开
|
||||
*/
|
||||
public String getAllowType() {
|
||||
return allowType;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param allowType 应用允许的授权模式, 多个用逗号隔开
|
||||
* @return 对象自身
|
||||
*/
|
||||
public SaClientModel setAllowType(String allowType) {
|
||||
this.allowType = allowType;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user