mirror of
https://gitee.com/dromara/sa-token.git
synced 2025-10-15 18:54:54 +08:00
重构改名 PastToken -> LowerClientToken
This commit is contained in:
click33
@@ -82,7 +82,7 @@
|
||||
<h3>模式四:凭证式(Client Credentials)</h3>
|
||||
<p class="pst">以上三种模式获取的都是用户的 Access-Token,代表用户对第三方应用的授权,在OAuth2.0中还有一种针对 Client级别的授权,
|
||||
即:Client-Token,代表应用自身的资源授权</p>
|
||||
<p class="pst">Client-Token具有延迟作废特性,即:在每次获取最新Client-Token的时候,旧Client-Token不会立即过期,而是作为Past-Token再次
|
||||
<p class="pst">Client-Token具有延迟作废特性,即:在每次获取最新Client-Token的时候,旧Client-Token不会立即过期,而是作为Lower-Client-Token再次
|
||||
储存起来,资源请求方只要携带其中之一便可通过Token校验,这种特性保证了在大量并发请求时不会出现“新旧Token交替造成的授权失效”,
|
||||
保证了服务的高可用</p>
|
||||
|
||||
|
||||
@@ -60,8 +60,8 @@ public class SaOAuth2ServerConfig implements Serializable {
|
||||
/** Client-Token 保存的时间(单位:秒) 默认两个小时 */
|
||||
public long clientTokenTimeout = 60 * 60 * 2;
|
||||
|
||||
/** Past-Client-Token 保存的时间(单位:秒) 默认为 -1,代表延续 Client-Token 有效期 */
|
||||
public long pastClientTokenTimeout = -1;
|
||||
/** Lower-Client-Token 保存的时间(单位:秒) 默认为 -1,代表延续 Client-Token 有效期 */
|
||||
public long lowerClientTokenTimeout = -1;
|
||||
|
||||
/** 默认 openid 生成算法中使用的摘要前缀 */
|
||||
public String openidDigestPrefix = SaOAuth2Consts.OPENID_DEFAULT_DIGEST_PREFIX;
|
||||
@@ -228,18 +228,18 @@ public class SaOAuth2ServerConfig implements Serializable {
|
||||
}
|
||||
|
||||
/**
|
||||
* @return pastClientTokenTimeout
|
||||
* @return lowerClientTokenTimeout
|
||||
*/
|
||||
public long getPastClientTokenTimeout() {
|
||||
return pastClientTokenTimeout;
|
||||
public long getLowerClientTokenTimeout() {
|
||||
return lowerClientTokenTimeout;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param pastClientTokenTimeout 要设置的 pastClientTokenTimeout
|
||||
* @param lowerClientTokenTimeout 要设置的 lowerClientTokenTimeout
|
||||
* @return 对象自身
|
||||
*/
|
||||
public SaOAuth2ServerConfig setPastClientTokenTimeout(long pastClientTokenTimeout) {
|
||||
this.pastClientTokenTimeout = pastClientTokenTimeout;
|
||||
public SaOAuth2ServerConfig setLowerClientTokenTimeout(long lowerClientTokenTimeout) {
|
||||
this.lowerClientTokenTimeout = lowerClientTokenTimeout;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -379,7 +379,7 @@ public class SaOAuth2ServerConfig implements Serializable {
|
||||
", accessTokenTimeout=" + accessTokenTimeout +
|
||||
", refreshTokenTimeout=" + refreshTokenTimeout +
|
||||
", clientTokenTimeout=" + clientTokenTimeout +
|
||||
", pastClientTokenTimeout=" + pastClientTokenTimeout +
|
||||
", lowerClientTokenTimeout=" + lowerClientTokenTimeout +
|
||||
", openidDigestPrefix='" + openidDigestPrefix +
|
||||
", higherScope='" + higherScope +
|
||||
", lowerScope='" + lowerScope +
|
||||
|
||||
@@ -23,10 +23,13 @@ import cn.dev33.satoken.oauth2.data.model.AccessTokenModel;
|
||||
import cn.dev33.satoken.oauth2.data.model.ClientTokenModel;
|
||||
import cn.dev33.satoken.oauth2.data.model.CodeModel;
|
||||
import cn.dev33.satoken.oauth2.data.model.RefreshTokenModel;
|
||||
import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
|
||||
import cn.dev33.satoken.util.SaFoxUtil;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import static cn.dev33.satoken.oauth2.template.SaOAuth2Util.checkClientModel;
|
||||
|
||||
/**
|
||||
* Sa-Token OAuth2 数据持久层
|
||||
*
|
||||
@@ -126,20 +129,20 @@ public interface SaOAuth2Dao {
|
||||
}
|
||||
|
||||
/**
|
||||
* 持久化:Past-Token-索引
|
||||
* 持久化:Lower-Client-Token 索引
|
||||
* @param ct /
|
||||
*/
|
||||
default void savePastTokenIndex(ClientTokenModel ct) {
|
||||
default void saveLowerClientTokenIndex(ClientTokenModel ct) {
|
||||
if(ct == null) {
|
||||
return;
|
||||
}
|
||||
long ttl = ct.getExpiresIn();
|
||||
// TODO PastToken ttl 是否有必要单独配置个字段?
|
||||
// SaClientModel cm = checkClientModel(ct.clientId);
|
||||
// if (cm.getPastClientTokenTimeout() != -1) {
|
||||
// ttl = cm.getPastClientTokenTimeout();
|
||||
// }
|
||||
getSaTokenDao().set(splicingPastTokenIndexKey(ct.clientId), ct.clientToken, ttl);
|
||||
// 如果此 client 单独配置了 Lower-Client-Token 的 TTL,则使用单独配置
|
||||
SaClientModel cm = checkClientModel(ct.clientId);
|
||||
if (cm.getLowerClientTokenTimeout() != -1) {
|
||||
ttl = cm.getLowerClientTokenTimeout();
|
||||
}
|
||||
getSaTokenDao().set(splicingLowerClientTokenIndexKey(ct.clientId), ct.clientToken, ttl);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -248,20 +251,20 @@ public interface SaOAuth2Dao {
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除:Past-Token
|
||||
* @param pastToken 值
|
||||
* 删除:Lower-Client-Token
|
||||
* @param lowerClientToken 值
|
||||
*/
|
||||
default void deletePastToken(String pastToken) {
|
||||
default void deleteLowerClientToken(String lowerClientToken) {
|
||||
// 其实就是删除 ClientToken
|
||||
deleteClientToken(pastToken);
|
||||
deleteClientToken(lowerClientToken);
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除:Past-Token索引
|
||||
* 删除:Lower-Client-Token索引
|
||||
* @param clientId 应用id
|
||||
*/
|
||||
default void deletePastTokenIndex(String clientId) {
|
||||
getSaTokenDao().delete(splicingPastTokenIndexKey(clientId));
|
||||
default void deleteLowerClientTokenIndex(String clientId) {
|
||||
getSaTokenDao().delete(splicingLowerClientTokenIndexKey(clientId));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -372,12 +375,12 @@ public interface SaOAuth2Dao {
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取:Past-Token Value
|
||||
* 获取:Lower-Client-Token Value
|
||||
* @param clientId 应用id
|
||||
* @return .
|
||||
*/
|
||||
default String getPastTokenValue(String clientId) {
|
||||
return getSaTokenDao().get(splicingPastTokenIndexKey(clientId));
|
||||
default String getLowerClientTokenValue(String clientId) {
|
||||
return getSaTokenDao().get(splicingLowerClientTokenIndexKey(clientId));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -482,12 +485,12 @@ public interface SaOAuth2Dao {
|
||||
}
|
||||
|
||||
/**
|
||||
* 拼接key:Past-Token 索引
|
||||
* 拼接key:Lower-Client-Token 索引
|
||||
* @param clientId clientId
|
||||
* @return key
|
||||
*/
|
||||
default String splicingPastTokenIndexKey(String clientId) {
|
||||
return getSaTokenConfig().getTokenName() + ":oauth2:past-token-index:" + clientId;
|
||||
default String splicingLowerClientTokenIndexKey(String clientId) {
|
||||
return getSaTokenConfig().getTokenName() + ":oauth2:lower-client-token-index:" + clientId;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -204,17 +204,17 @@ public class SaOAuth2DataGenerateDefaultImpl implements SaOAuth2DataGenerate {
|
||||
|
||||
SaOAuth2Dao dao = SaOAuth2Manager.getDao();
|
||||
|
||||
// 1、删掉旧 Past-Token
|
||||
dao.deleteClientToken(dao.getPastTokenValue(clientId));
|
||||
// 1、删掉旧 Lower-Client-Token
|
||||
dao.deleteClientToken(dao.getLowerClientTokenValue(clientId));
|
||||
|
||||
// 2、将旧Client-Token 标记为新 Past-Token
|
||||
// 2、将旧Client-Token 标记为新 Lower-Client-Token
|
||||
ClientTokenModel oldCt = dao.getClientToken(dao.getClientTokenValue(clientId));
|
||||
dao.savePastTokenIndex(oldCt);
|
||||
dao.saveLowerClientTokenIndex(oldCt);
|
||||
|
||||
// 2.5、如果配置了 PastClientToken 的 ttl ,则需要更新一下
|
||||
// 2.5、如果配置了 Lower-Client-Token 的 ttl ,则需要更新一下
|
||||
SaClientModel cm = SaOAuth2Manager.getDataLoader().getClientModelNotNull(clientId);
|
||||
if(oldCt != null && cm.getPastClientTokenTimeout() != -1) {
|
||||
oldCt.expiresTime = System.currentTimeMillis() + (cm.getPastClientTokenTimeout() * 1000);
|
||||
if(oldCt != null && cm.getLowerClientTokenTimeout() != -1) {
|
||||
oldCt.expiresTime = System.currentTimeMillis() + (cm.getLowerClientTokenTimeout() * 1000);
|
||||
dao.saveClientToken(oldCt);
|
||||
}
|
||||
|
||||
|
||||
@@ -70,8 +70,8 @@ public class SaClientModel implements Serializable {
|
||||
/** 单独配置此Client:Client-Token 保存的时间(单位秒) [默认取全局配置] */
|
||||
public long clientTokenTimeout;
|
||||
|
||||
/** 单独配置此Client:Past-Client-Token 保存的时间(单位:秒) [默认取全局配置] */
|
||||
public long pastClientTokenTimeout;
|
||||
/** 单独配置此Client:Lower-Client-Token 保存的时间(单位:秒) [默认取全局配置] */
|
||||
public long lowerClientTokenTimeout;
|
||||
|
||||
|
||||
public SaClientModel() {
|
||||
@@ -80,7 +80,7 @@ public class SaClientModel implements Serializable {
|
||||
this.accessTokenTimeout = config.getAccessTokenTimeout();
|
||||
this.refreshTokenTimeout = config.getRefreshTokenTimeout();
|
||||
this.clientTokenTimeout = config.getClientTokenTimeout();
|
||||
this.pastClientTokenTimeout = config.getPastClientTokenTimeout();
|
||||
this.lowerClientTokenTimeout = config.getLowerClientTokenTimeout();
|
||||
}
|
||||
public SaClientModel(String clientId, String clientSecret, List<String> contractScopes, List<String> allowRedirectUris) {
|
||||
super();
|
||||
@@ -236,18 +236,18 @@ public class SaClientModel implements Serializable {
|
||||
}
|
||||
|
||||
/**
|
||||
* @return 此Client:Past-Client-Token 保存的时间(单位:秒) [默认取全局配置]
|
||||
* @return 此Client:Lower-Client-Token 保存的时间(单位:秒) [默认取全局配置]
|
||||
*/
|
||||
public long getPastClientTokenTimeout() {
|
||||
return pastClientTokenTimeout;
|
||||
public long getLowerClientTokenTimeout() {
|
||||
return lowerClientTokenTimeout;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param pastClientTokenTimeout 单独配置此Client:Past-Client-Token 保存的时间(单位:秒) [默认取全局配置]
|
||||
* @param lowerClientTokenTimeout 单独配置此Client:Lower-Client-Token 保存的时间(单位:秒) [默认取全局配置]
|
||||
* @return 对象自身
|
||||
*/
|
||||
public SaClientModel setPastClientTokenTimeout(long pastClientTokenTimeout) {
|
||||
this.pastClientTokenTimeout = pastClientTokenTimeout;
|
||||
public SaClientModel setLowerClientTokenTimeout(long lowerClientTokenTimeout) {
|
||||
this.lowerClientTokenTimeout = lowerClientTokenTimeout;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -265,7 +265,7 @@ public class SaClientModel implements Serializable {
|
||||
", accessTokenTimeout=" + accessTokenTimeout +
|
||||
", refreshTokenTimeout=" + refreshTokenTimeout +
|
||||
", clientTokenTimeout=" + clientTokenTimeout +
|
||||
", pastClientTokenTimeout=" + pastClientTokenTimeout +
|
||||
", lowerClientTokenTimeout=" + lowerClientTokenTimeout +
|
||||
'}';
|
||||
}
|
||||
|
||||
|
||||
@@ -628,17 +628,17 @@ public class SaOAuth2Template {
|
||||
}
|
||||
|
||||
/**
|
||||
* 回收 PastToken,根据索引: clientId
|
||||
* 回收 Lower-Client-Token,根据索引: clientId
|
||||
*
|
||||
* @param clientId /
|
||||
*/
|
||||
public void revokePastTokenByIndex(String clientId) {
|
||||
public void revokeLowerClientTokenByIndex(String clientId) {
|
||||
SaOAuth2Dao dao = SaOAuth2Manager.getDao();
|
||||
// 删 pastToken
|
||||
String pastToken = dao.getPastTokenValue(clientId);
|
||||
if(pastToken != null) {
|
||||
dao.deletePastToken(pastToken);
|
||||
dao.deletePastTokenIndex(clientId);
|
||||
// 删 Lower-Client-Token
|
||||
String lowerClientToken = dao.getLowerClientTokenValue(clientId);
|
||||
if(lowerClientToken != null) {
|
||||
dao.deleteLowerClientToken(lowerClientToken);
|
||||
dao.deleteLowerClientTokenIndex(clientId);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -318,12 +318,12 @@ public class SaOAuth2Util {
|
||||
}
|
||||
|
||||
/**
|
||||
* 回收 PastToken,根据索引: clientId
|
||||
* 回收 Lower-Client-Token,根据索引: clientId
|
||||
*
|
||||
* @param clientId /
|
||||
*/
|
||||
public static void revokePastTokenByIndex(String clientId) {
|
||||
SaOAuth2Manager.getTemplate().revokePastTokenByIndex(clientId);
|
||||
public static void revokeLowerClientTokenByIndex(String clientId) {
|
||||
SaOAuth2Manager.getTemplate().revokeLowerClientTokenByIndex(clientId);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -19,7 +19,6 @@ import cn.dev33.satoken.session.SaSession;
|
||||
import cn.dev33.satoken.util.SaFoxUtil;
|
||||
import org.noear.snack.ONode;
|
||||
|
||||
//todo: 不能删;为保持与旧的序列化兼容
|
||||
/**
|
||||
* Snack3 定制版 SaSession,重写类型转换API
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user