From 1bc59dc14cb3bb5ce0d7928b54f40f9415f1fab3 Mon Sep 17 00:00:00 2001 From: click33 <2393584716@qq.com> Date: Tue, 20 Aug 2024 17:34:18 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20=5FFINALLY=5FWORK=5FSCOPE?= =?UTF-8?q?=20=E6=9C=80=E7=BB=88=E6=9D=83=E9=99=90=E5=A4=84=E7=90=86?= =?UTF-8?q?=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oauth2/oauth2-custom-scope-handler.md | 45 ++++++++++++++++++- .../satoken/oauth2/consts/SaOAuth2Consts.java | 7 ++- .../oauth2/strategy/SaOAuth2Strategy.java | 9 ++++ 3 files changed, 59 insertions(+), 2 deletions(-) diff --git a/sa-token-doc/oauth2/oauth2-custom-scope-handler.md b/sa-token-doc/oauth2/oauth2-custom-scope-handler.md index 2a391c80..17e9548e 100644 --- a/sa-token-doc/oauth2/oauth2-custom-scope-handler.md +++ b/sa-token-doc/oauth2/oauth2-custom-scope-handler.md @@ -175,4 +175,47 @@ http://sa-oauth-server.com:8000/oauth2/token 拿到 userinfo。 #### 总结 -相比于自定义接口模式,自定义权限处理器模式可以少一次网络请求,提前拿到 `userinfo` 信息。 \ No newline at end of file +相比于自定义接口模式,自定义权限处理器模式可以少一次网络请求,让 oauth2-client 端提前拿到 `userinfo` 信息。 + + + +### 4、最终权限处理器 +当一个自定义权限处理器,监听的 scope 字符串为 `_FINALLY_WORK_SCOPE` 时,则代表这个权限处理器为“最终权限处理器”。 + +最终权限处理器会永远在所有权限处理器工作完成之后执行一次,即使 oauth2-client 端没有申请任何 scope,最终权限处理器也会固定执行。 + +示例: +``` java +/** + * 最终权限处理器:在所有权限处理器工作完成之后,执行此权限处理器 + */ +@Component +public class FinallyWorkScopeHandler implements SaOAuth2ScopeHandlerInterface { + + @Override + public String getHandlerScope() { + return SaOAuth2Consts._FINALLY_WORK_SCOPE; + } + + @Override + public void workAccessToken(AccessTokenModel at) { + // 在所有权限处理器工作完成之后,执行此处方法加工 AccessToken + // System.out.println(123); + } + + @Override + public void workClientToken(ClientTokenModel ct) { + // System.out.println(456); + } +} +``` + + + + + + + + + + diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java index a6e104c4..9311a0a3 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java @@ -111,5 +111,10 @@ public class SaOAuth2Consts { /** 表示请求没有得到任何有效处理 {msg: "not handle"} */ public static final String NOT_HANDLE = "{\"msg\": \"not handle\"}"; - + + /** + * 最终权限处理器标识符:在所有权限处理器执行之后,执行此 scope 标识符代表的权限处理器 + */ + public static final String _FINALLY_WORK_SCOPE = "_FINALLY_WORK_SCOPE"; + } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java index 05aa59f5..f1dc0187 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/strategy/SaOAuth2Strategy.java @@ -16,6 +16,7 @@ package cn.dev33.satoken.oauth2.strategy; import cn.dev33.satoken.SaManager; +import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts; import cn.dev33.satoken.oauth2.function.strategy.*; import cn.dev33.satoken.oauth2.scope.CommonScope; import cn.dev33.satoken.oauth2.scope.handler.OidcScopeHandler; @@ -92,6 +93,10 @@ public final class SaOAuth2Strategy { } } } + SaOAuth2ScopeHandlerInterface finallyWorkScopeHandler = scopeHandlerMap.get(SaOAuth2Consts._FINALLY_WORK_SCOPE); + if(finallyWorkScopeHandler != null) { + finallyWorkScopeHandler.workAccessToken(at); + } }; /** @@ -106,6 +111,10 @@ public final class SaOAuth2Strategy { } } } + SaOAuth2ScopeHandlerInterface finallyWorkScopeHandler = scopeHandlerMap.get(SaOAuth2Consts._FINALLY_WORK_SCOPE); + if(finallyWorkScopeHandler != null) { + finallyWorkScopeHandler.workClientToken(ct); + } }; /**