diff --git a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/SaOAuth2ServerApplication.java b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/SaOAuth2ServerApplication.java index d8c7a741..33cadea4 100644 --- a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/SaOAuth2ServerApplication.java +++ b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/SaOAuth2ServerApplication.java @@ -4,8 +4,6 @@ import cn.dev33.satoken.oauth2.SaOAuth2Manager; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import java.net.MalformedURLException; - /** * 启动:Sa-OAuth2 Server端 * @author click33 @@ -13,7 +11,7 @@ import java.net.MalformedURLException; @SpringBootApplication public class SaOAuth2ServerApplication { - public static void main(String[] args) throws MalformedURLException { + public static void main(String[] args) { SpringApplication.run(SaOAuth2ServerApplication.class, args); System.out.println("\nSa-Token-OAuth2 Server端启动成功,配置如下:"); System.out.println(SaOAuth2Manager.getServerConfig()); diff --git a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2ServerController.java b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2ServerController.java index bc473a8a..929bdd4f 100644 --- a/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2ServerController.java +++ b/sa-token-demo/sa-token-demo-oauth2/sa-token-demo-oauth2-server/src/main/java/com/pj/oauth2/SaOAuth2ServerController.java @@ -1,6 +1,7 @@ package com.pj.oauth2; import cn.dev33.satoken.context.SaHolder; +import cn.dev33.satoken.oauth2.SaOAuth2Manager; import cn.dev33.satoken.oauth2.config.SaOAuth2ServerConfig; import cn.dev33.satoken.oauth2.processor.SaOAuth2ServerProcessor; import cn.dev33.satoken.oauth2.template.SaOAuth2Util; @@ -8,7 +9,6 @@ import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.util.SaResult; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.ModelAndView; @@ -63,8 +63,9 @@ public class SaOAuth2ServerController { // 获取 userinfo 信息:昵称、头像、性别等等 @RequestMapping("/oauth2/userinfo") - public SaResult userinfo(@RequestParam("access_token") String accessToken) { + public SaResult userinfo() { // 获取 Access-Token 对应的账号id + String accessToken = SaOAuth2Manager.getDataResolver().readAccessToken(SaHolder.getRequest()); Object loginId = SaOAuth2Util.getLoginIdByAccessToken(accessToken); System.out.println("-------- 此Access-Token对应的账号id: " + loginId); diff --git a/sa-token-doc/oauth2/readme.md b/sa-token-doc/oauth2/readme.md index 5776fb42..9a34cb52 100644 --- a/sa-token-doc/oauth2/readme.md +++ b/sa-token-doc/oauth2/readme.md @@ -40,8 +40,9 @@ 2. oauth2-client 第三方公司端 1. 第三方公司登录 oauth-server 数据前台申请端,申请注册应用,拿到 `clientId`、`clientSecret` 等数据。 - 2. 在自己系统通过 `clientId`、`clientSecret` 等参数对接 oauth2-server 授权端,拿到 `access_token`。 - 3. 通过 `access_token` 调用 oauth2-server 资源端接口,拿到对应资源数据。 + 2. 根据自己的业务选择对应的 scope 申请签约,等待平台端审核通过。 + 3. 在自己系统通过 `clientId`、`clientSecret` 等参数对接 oauth2-server 授权端,拿到 `access_token`。 + 4. 通过 `access_token` 调用 oauth2-server 资源端接口,拿到对应资源数据。 3. 用户端操作 1. 打开第三方公司开发的网站或APP等程序。 diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java index d2ab4bb8..bdb8c650 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/consts/SaOAuth2Consts.java @@ -58,6 +58,7 @@ public class SaOAuth2Consts { public static String name = "name"; public static String pwd = "pwd"; public static String build_redirect_uri = "build_redirect_uri"; + public static String Authorization = "Authorization"; } /** diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolver.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolver.java index 4dd957b9..5ea2b7dd 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolver.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolver.java @@ -18,8 +18,8 @@ package cn.dev33.satoken.oauth2.data.resolver; import cn.dev33.satoken.context.model.SaRequest; import cn.dev33.satoken.oauth2.data.model.AccessTokenModel; import cn.dev33.satoken.oauth2.data.model.ClientTokenModel; -import cn.dev33.satoken.oauth2.data.model.request.RequestAuthModel; import cn.dev33.satoken.oauth2.data.model.request.ClientIdAndSecretModel; +import cn.dev33.satoken.oauth2.data.model.request.RequestAuthModel; import cn.dev33.satoken.util.SaResult; import java.util.Map; @@ -42,6 +42,14 @@ public interface SaOAuth2DataResolver { */ ClientIdAndSecretModel readClientIdAndSecret(SaRequest request); + /** + * 数据读取:从请求对象中读取 AccessToken + * + * @param request / + * @return / + */ + String readAccessToken(SaRequest request); + /** * 数据读取:从请求对象中构建 RequestAuthModel * @param req SaRequest对象 @@ -75,21 +83,10 @@ public interface SaOAuth2DataResolver { return SaResult.ok(); } - /** - * 构建返回值: password 模式认证 获取 token - * @param at token信息 - * @return / - */ - default Map buildPasswordReturnValue(AccessTokenModel at) { - return buildTokenReturnValue(at); - } - /** * 构建返回值: 凭证式 模式认证 获取 token * @param ct token信息 */ Map buildClientTokenReturnValue(ClientTokenModel ct); - - } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java index 339ac51a..7ccc9fe2 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java @@ -22,8 +22,8 @@ import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts; import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts.TokenType; import cn.dev33.satoken.oauth2.data.model.AccessTokenModel; import cn.dev33.satoken.oauth2.data.model.ClientTokenModel; -import cn.dev33.satoken.oauth2.data.model.request.RequestAuthModel; import cn.dev33.satoken.oauth2.data.model.request.ClientIdAndSecretModel; +import cn.dev33.satoken.oauth2.data.model.request.RequestAuthModel; import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception; import cn.dev33.satoken.util.SaFoxUtil; import cn.dev33.satoken.util.SaResult; @@ -56,7 +56,7 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver { return new ClientIdAndSecretModel(clientId, clientSecret); } - // 如果请求参数中没有提供 client_id 参数,则尝试从 base auth 中获取 + // 如果请求参数中没有提供 client_id 参数,则尝试从 Authorization 中获取 String authorizationValue = SaHttpBasicUtil.getAuthorizationValue(); if(SaFoxUtil.isNotEmpty(authorizationValue)) { String[] arr = authorizationValue.split(":"); @@ -71,6 +71,33 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver { throw new SaOAuth2Exception("请提供 client 信息"); } + /** + * 数据读取:从请求对象中读取 AccessToken + */ + @Override + public String readAccessToken(SaRequest request) { + // 优先从请求参数中获取 + String accessToken = request.getParam(SaOAuth2Consts.Param.access_token); + if(SaFoxUtil.isNotEmpty(accessToken)) { + return accessToken; + } + + // 如果请求参数中没有提供 access_token 参数,则尝试从 Authorization 中获取 + String authorizationValue = request.getHeader(SaOAuth2Consts.Param.Authorization); + if(SaFoxUtil.isEmpty(authorizationValue)) { + return null; + } + + // 判断前缀,裁剪 + String prefix = TokenType.Bearer + " "; + if(authorizationValue.startsWith(prefix)) { + return authorizationValue.substring(prefix.length()); + } + + // 前缀不符合,返回 null + return null; + } + /** * 数据读取:从请求对象中构建 RequestAuthModel */