OAuth2.0模块 beta

sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaTokenDaoRedisJackson.java

@@ -99,6 +99,9 @@ public class SaTokenDaoRedisJackson implements SaTokenDao {
 	 */
 	@Override
 	public void set(String key, String value, long timeout) {
+		if(timeout == 0 || timeout <= SaTokenDao.NOT_VALUE_EXPIRE)  {
+			return;
+		}
 		// 判断是否为永不过期 
 		if(timeout == SaTokenDao.NEVER_EXPIRE) {
 			stringRedisTemplate.opsForValue().set(key, value);
@@ -170,6 +173,9 @@ public class SaTokenDaoRedisJackson implements SaTokenDao {
 	 */
 	@Override
 	public void setObject(String key, Object object, long timeout) {
+		if(timeout == 0 || timeout <= SaTokenDao.NOT_VALUE_EXPIRE)  {
+			return;
+		}
 		// 判断是否为永不过期 
 		if(timeout == SaTokenDao.NEVER_EXPIRE) {
 			objectRedisTemplate.opsForValue().set(key, object);

sa-token-plugin/sa-token-dao-redis/src/main/java/cn/dev33/satoken/dao/SaTokenDaoRedis.java

@@ -79,6 +79,9 @@ public class SaTokenDaoRedis implements SaTokenDao {
 	 */
 	@Override
 	public void set(String key, String value, long timeout) {
+		if(timeout == 0 || timeout <= SaTokenDao.NOT_VALUE_EXPIRE)  {
+			return;
+		}
 		// 判断是否为永不过期 
 		if(timeout == SaTokenDao.NEVER_EXPIRE) {
 			stringRedisTemplate.opsForValue().set(key, value);
@@ -149,6 +152,9 @@ public class SaTokenDaoRedis implements SaTokenDao {
 	 */
 	@Override
 	public void setObject(String key, Object object, long timeout) {
+		if(timeout == 0 || timeout <= SaTokenDao.NOT_VALUE_EXPIRE)  {
+			return;
+		}
 		// 判断是否为永不过期 
 		if(timeout == SaTokenDao.NEVER_EXPIRE) {
 			objectRedisTemplate.opsForValue().set(key, object);

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java

@@ -1,5 +1,12 @@
 package cn.dev33.satoken.oauth2.config;
 
+import java.util.function.BiFunction;
+import java.util.function.Function;
+import java.util.function.Supplier;
+
+import cn.dev33.satoken.exception.SaTokenException;
+import cn.dev33.satoken.util.SaResult;
+
 /**
  * sa-token oauth2 配置类 Model
  * @author kong
@@ -22,6 +29,11 @@ public class SaOAuth2Config {
 	 */
 	private long refreshTokenTimeout = 60 * 60 * 24 * 30;
 
+	/**
+	 * client_token默认保存的时间(单位秒) 默认两个小时 
+	 */
+	private long clientTokenTimeout = 60 * 60 * 2;
+
 	
 	/**
 	 * @return codeTimeout
@@ -71,9 +83,121 @@ public class SaOAuth2Config {
 		return this;
 	}
 
+	/**
+	 * @return clientTokenTimeout
+	 */
+	public long getClientTokenTimeout() {
+		return clientTokenTimeout;
+	}
+
+	/**
+	 * @param clientTokenTimeout 要设置的 clientTokenTimeout
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setClientTokenTimeout(long clientTokenTimeout) {
+		this.clientTokenTimeout = clientTokenTimeout;
+		return this;
+	}
+
+	
+	
+
+	// -------------------- SaOAuth2Handle 所有回调函数 -------------------- 
+	
+
+	/**
+	 * OAuth-Server端：未登录时返回的View 
+	 */
+	public Supplier<Object> notLoginView = () -> "当前会话在OAuth-Server认证中心尚未登录";
+
+	/**
+	 * OAuth-Server端：重定向URL无效时返回的View  
+	 */
+	public BiFunction<String, String, Object> invalidUrlView = (clientId, url) -> "无效重定向URL：" + url;
+	
+	/**
+	 * OAuth-Server端：Client请求的Scope暂未签约时返回的View 
+	 */
+	public BiFunction<String, String, Object> invalidScopeView = (clientId, scope) -> "请求的Scope暂未签约";
+	
+	/**
+	 * OAuth-Server端：确认授权时返回的View 
+	 */
+	public BiFunction<String, String, Object> confirmView = (clientId, scope) -> "本次操作需要用户授权";
+
+	/**
+	 * OAuth-Server端：登录函数 
+	 */
+	public BiFunction<String, String, Object> doLoginHandle = (name, pwd) -> SaResult.error();
+
+	/**
+	 * SSO-Client端：发送Http请求的处理函数 
+	 */
+	public Function<String, Object> sendHttp = url -> {throw new SaTokenException("请配置Http处理器");};
+
+
+	/**
+	 * @param notLoginView OAuth-Server端：未登录时返回的View 
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setNotLoginView(Supplier<Object> notLoginView) {
+		this.notLoginView = notLoginView;
+		return this;
+	}
+
+	/**
+	 * @param invalidScopeView OAuth-Server端：重定向URL无效时返回的View 
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setInvalidUrlView(BiFunction<String, String, Object> invalidUrlView) {
+		this.invalidUrlView = invalidUrlView;
+		return this;
+	}
+
+	/**
+	 * @param invalidScopeView OAuth-Server端：Client请求的Scope暂未签约时返回的View 
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setInvalidScopeView(BiFunction<String, String, Object> invalidScopeView) {
+		this.invalidScopeView = invalidScopeView;
+		return this;
+	}
+
+	/**
+	 * @param confirmView OAuth-Server端：确认授权时返回的View 
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setConfirmView(BiFunction<String, String, Object> confirmView) {
+		this.confirmView = confirmView;
+		return this;
+	}
+	
+	/**
+	 * @param doLoginHandle OAuth-Server端：登录函数 
+	 * @return 对象自身
+	 */
+	public SaOAuth2Config setDoLoginHandle(BiFunction<String, String, Object> doLoginHandle) {
+		this.doLoginHandle = doLoginHandle;
+		return this;
+	}
+
+	/**
+	 * @param sendHttp 发送Http请求的处理函数 
+	 * @return 对象自身 
+	 */
+	public SaOAuth2Config setSendHttp(Function<String, Object> sendHttp) {
+		this.sendHttp = sendHttp;
+		return this;
+	}
+
 	
 	
 	
 	
-	
+	@Override
+	public String toString() {
+		return "SaOAuth2Config [codeTimeout=" + codeTimeout + ", accessTokenTimeout=" + accessTokenTimeout
+				+ ", refreshTokenTimeout=" + refreshTokenTimeout + "]";
+	}
+
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/exception/SaOAuth2Exception.java

@@ -0,0 +1,35 @@
+package cn.dev33.satoken.oauth2.exception;
+
+import cn.dev33.satoken.exception.SaTokenException;
+
+/**
+ * 一个异常：代表OAuth2认证流程错误 
+ * 
+ * @author kong
+ */
+public class SaOAuth2Exception extends SaTokenException {
+
+	/**
+	 * 序列化版本号
+	 */
+	private static final long serialVersionUID = 6806129545290130114L;
+	
+	/**
+	 * 一个异常：代表OAuth2认证流程错误 
+	 */
+	public SaOAuth2Exception(String message) {
+		super(message);
+	}
+
+	/**
+	 * 如果flag==true，则抛出message异常 
+	 * @param flag 标记
+	 * @param message 异常信息 
+	 */
+	public static void throwBy(boolean flag, String message) {
+		if(flag) {
+			throw new SaOAuth2Exception(message);
+		}
+	}
+	
+}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Consts.java

@@ -0,0 +1,92 @@
+package cn.dev33.satoken.oauth2.logic;
+
+/**
+ * Sa-Token-OAuth2 所有常量 
+ * @author kong
+ *
+ */
+public class SaOAuth2Consts {
+
+	/**
+	 * 所有API接口 
+	 * @author kong 
+	 */
+	public static final class Api {
+		
+		/** OAuth-Server端：授权地址 */ 
+		public static String authorize = "/oauth2/authorize";
+
+	}
+	
+	/**
+	 * 所有参数名称 
+	 * @author kong 
+	 */
+	public static final class Param {
+		
+		/** authorize 的 返回值类型 */
+		public static String response_type = "response_type";
+
+		/** client_id 参数名称 */
+		public static String client_id = "client_id";
+		
+		/** client_secret 参数名称 */
+		public static String client_secret = "client_secret";
+		
+		/** redirect_uri 参数名称 */
+		public static String redirect_uri = "redirect_uri";
+
+		/** scope 参数名称 */
+		public static String scope = "scope";
+		
+		/** state */
+		public static String state = "state";
+
+		/** code 参数名称 */
+		public static String code = "code";
+
+		/** token 参数名称 */
+		public static String token = "token";
+		
+		/** grant_type 参数名称 */
+		public static String grant_type = "grant_type";
+		
+	}
+
+	/**
+	 * 所有授权类型 
+	 */
+	public static final class AuthType {
+
+		/** 方式一：授权码 */ 
+		public static String code = "code";
+
+		/** 方式二：隐藏式 */ 
+		public static String token = "token";
+
+		/** 方式三：密码式 */ 
+		public static String password = "password";
+
+		/** 方式四：凭证式 */ 
+		public static String client_credentials = "client_credentials";
+
+		public static String authorization_code = "authorization_code";
+		
+	}
+	
+	
+
+	/**
+	 * 在保存授权码时用到的key 
+	 */
+	public static final String UNLIMITED_DOMAIN = "*";
+	
+
+	/** 表示OK的返回结果 */
+	public static final String OK = "ok";
+
+	/** 表示请求没有得到任何有效处理 */
+	public static final String NOT_HANDLE = "not handle";
+	
+	
+}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java

@@ -0,0 +1,125 @@
+package cn.dev33.satoken.oauth2.logic;
+
+import cn.dev33.satoken.context.SaHolder;
+import cn.dev33.satoken.context.model.SaRequest;
+import cn.dev33.satoken.context.model.SaResponse;
+import cn.dev33.satoken.oauth2.SaOAuth2Manager;
+import cn.dev33.satoken.oauth2.config.SaOAuth2Config;
+import cn.dev33.satoken.oauth2.logic.SaOAuth2Consts.AuthType;
+import cn.dev33.satoken.oauth2.logic.SaOAuth2Consts.Param;
+import cn.dev33.satoken.oauth2.model.AccessTokenModel;
+import cn.dev33.satoken.oauth2.model.CodeModel;
+import cn.dev33.satoken.oauth2.model.RequestAuthModel;
+import cn.dev33.satoken.router.SaRouter;
+import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
+
+/**
+ * Sa-Token-OAuth2 请求处理类封装 
+ * @author kong
+ *
+ */
+public class SaOAuth2Handle {
+	
+	/**
+	 * 处理Server端请求 
+	 * @return 处理结果 
+	 */
+	public static Object authorize() {
+		
+		// 获取变量 
+		SaRequest req = SaHolder.getRequest();
+		SaResponse res = SaHolder.getResponse();
+		SaOAuth2Config cfg = SaOAuth2Manager.getConfig();
+		// StpLogic stpLogic = SaSsoUtil.saSsoTemplate.stpLogic;
+		// match(Api.authorize) && 
+		
+		// 授权  
+		if(req.isParam(Param.response_type, AuthType.code)) {
+			// 1、构建请求Model  TODO： 貌似这个RequestAuthModel对象也可以省略掉 
+			RequestAuthModel ra = SaOAuth2Util.generateRequestAuth(req, StpUtil.getLoginId());
+			
+			// 2、如果尚未登录, 则先去登录 
+			if(StpUtil.isLogin() == false) {
+				return cfg.notLoginView.get();
+			}
+			
+			// 3、判断：重定向域名的格式是否合法 
+			boolean isRigh = SaOAuth2Util.isRightUrl(ra.clientId, ra.redirectUri);
+			if(isRigh == false) {
+				return cfg.invalidUrlView.apply(ra.clientId, ra.redirectUri);
+			}
+			
+			// 4、判断：此次申请的Scope，该Client是否已经签约 
+			boolean isContract = SaOAuth2Util.isContract(ra.clientId, ra.scope);
+			if(isContract == false) {
+				return cfg.invalidScopeView.apply(ra.clientId, ra.scope);
+			}
+			
+			// 5、判断：此次申请的Scope，该用户是否已经授权过了 
+			boolean isGrant = SaOAuth2Util.isGrant(StpUtil.getLoginId(), ra.clientId, ra.scope);
+			if(isGrant == false) {
+				// 如果尚未授权，则转到授权页面，开始授权操作  
+				return cfg.confirmView.apply(ra.clientId, ra.scope);
+			}
+
+			// 6、开始重定向授权，下放code 
+			CodeModel codeModel = SaOAuth2Util.generateCode(ra); 
+			String redirectUri = SaOAuth2Util.buildRedirectUri(ra.redirectUri, codeModel.code, ra.state);
+			return res.redirect(redirectUri); 
+		}
+		
+		
+		
+
+		// 默认返回 
+		return SaOAuth2Consts.NOT_HANDLE;
+	}
+	
+	/**
+	 * 获取Token 
+	 * @return
+	 */
+	public static Object token() {
+		
+		// 获取变量 
+		SaRequest req = SaHolder.getRequest();
+		// SaResponse res = SaHolder.getResponse();
+		// SaOAuth2Config cfg = SaOAuth2Manager.getConfig();
+
+		// 根据code换token  
+		if(req.isParam(Param.grant_type, AuthType.authorization_code)) {
+			System.out.println("------------获取token，，，");
+			
+			// 获取参数 
+			String code = req.getParamNotNull(Param.code); 					// code码 
+			String clientId = req.getParamNotNull(Param.client_id); 		// 应用id
+			String clientSecret = req.getParamNotNull(Param.client_secret); // 应用秘钥 
+			String redirectUri = req.getParam(Param.redirect_uri); 	// 应用秘钥 
+			
+			// 校验参数 
+			SaOAuth2Util.checkCodeIdSecret(code, clientId, clientSecret, redirectUri);
+			
+			// 构建 access_token 
+			AccessTokenModel token = SaOAuth2Util.generateAccessToken(code);
+
+			// 返回 
+			return SaResult.data(token.toLineMap()); 
+		}
+		
+		// 默认返回 
+		return SaOAuth2Consts.NOT_HANDLE;
+	}
+	
+	
+	
+
+	/**
+	 * 路由匹配算法 
+	 * @param pattern 路由表达式 
+	 * @return 是否可以匹配 
+	 */
+	static boolean match(String pattern) {
+		return SaRouter.isMatch(pattern, SaHolder.getRequest().getRequestPath());
+	}
+}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Util.java

@@ -2,8 +2,11 @@ package cn.dev33.satoken.oauth2.logic;
 
 import java.util.List;
 
+import cn.dev33.satoken.context.model.SaRequest;
 import cn.dev33.satoken.oauth2.model.AccessTokenModel;
+import cn.dev33.satoken.oauth2.model.ClientTokenModel;
 import cn.dev33.satoken.oauth2.model.CodeModel;
+import cn.dev33.satoken.oauth2.model.RefreshTokenModel;
 import cn.dev33.satoken.oauth2.model.RequestAuthModel;
 
 /**
@@ -14,8 +17,29 @@ import cn.dev33.satoken.oauth2.model.RequestAuthModel;
 public class SaOAuth2Util {
 
 	public static SaOAuth2Template saOAuth2Template = new SaOAuth2Template();
+
+	/**
+	 * 根据 SaRequest 对象创建 RequestAuthModel
+	 * @param req SaRequest对象 
+	 * @param loginId 账号id 
+	 * @return RequestAuthModel对象 
+	 */
+	public static RequestAuthModel generateRequestAuth(SaRequest req, Object loginId) {
+		return saOAuth2Template.generateRequestAuth(req, loginId);
+	}
+	
+
+
 	
 	
+	
+	
+	
+	
+	
+	// ---------------------------------------------- 分界线 -----------------------------------------------------
+	
+	 
 	// ------------------- 获取数据 
 	
 	/**
@@ -47,6 +71,15 @@ public class SaOAuth2Util {
 
 	
 	// ------------------- 数据校验 
+
+	/**
+	 * [OK] 判断：该Client是否签约了指定的Scope 
+	 * @param clientId 应用id
+	 * @param scope 权限 
+	 */
+	public static boolean isContract(String clientId, String scope) {
+		return saOAuth2Template.isContract(clientId, scope);
+	}
 	
 	/**
 	 * 指定 loginId 是否对一个 Client 授权给了指定 Scope 
@@ -60,14 +93,25 @@ public class SaOAuth2Util {
 	}
 	
 	/**
-	 * 校验code、clientId、clientSecret 三者是否正确 
+	 * [OK] 指定Client使用指定url作为回调地址，是否合法 
+	 * @param clientId 应用id 
+	 * @param url 指定url
+	 * @return 是否合法 
+	 */
+	public static boolean isRightUrl(String clientId, String url) {
+		return saOAuth2Template.isRightUrl(clientId, url);
+	}
+	
+	/**
+	 * [OK 方法名改一下]校验code、clientId、clientSecret 三者是否正确 
 	 * @param code 授权码
 	 * @param clientId 应用id 
 	 * @param clientSecret 秘钥 
+	 * @param redirectUri 秘钥 
 	 * @return CodeModel对象 
 	 */
-	public static CodeModel checkCodeIdSecret(String code, String clientId, String clientSecret) {
-		return saOAuth2Template.checkCodeIdSecret(code, clientId, clientSecret);
+	public static CodeModel checkCodeIdSecret(String code, String clientId, String clientSecret, String redirectUri) {
+		return saOAuth2Template.checkCodeIdSecret(code, clientId, clientSecret, redirectUri);
 	}
 	
 	/**
@@ -86,7 +130,7 @@ public class SaOAuth2Util {
 	// ------------------- 逻辑相关 
 	
 	/**
-	 * 根据参数生成一个授权码并返回 
+	 * [OK] 根据参数生成一个授权码并返回 
 	 * @param authModel 请求授权参数Model 
 	 * @return 授权码Model
 	 */
@@ -94,6 +138,7 @@ public class SaOAuth2Util {
 		return saOAuth2Template.generateCode(authModel);
 	}
 	
+	
 	/**
 	 * 根据授权码获得授权码Model 
 	 * @param code 授权码 
@@ -103,23 +148,6 @@ public class SaOAuth2Util {
 		return saOAuth2Template.getCode(code);
 	}
 
-	/**
-	 * 手动更改授权码对象信息
-	 * @param code 授权码 
-	 * @param codeModel 授权码Model 
-	 */
-	public static void updateCode(String code, CodeModel codeModel) {
-		saOAuth2Template.updateCode(code, codeModel);
-	}
-
-	/**
-	 * 确认授权一个code 
-	 * @param code 授权码 
-	 */
-	public static void confirmCode(String code) {
-		saOAuth2Template.confirmCode(code);
-	}
-
 	/**
 	 * [default] 删除一个授权码 
 	 * @param code 授权码 
@@ -129,12 +157,12 @@ public class SaOAuth2Util {
 	}
 	
 	/**
-	 * [default] 根据授权码Model生成一个access_token
+	 * 根据授权码Model生成一个access_token
 	 * @param codeModel 授权码Model
 	 * @return AccessTokenModel
 	 */
-	public static AccessTokenModel generateAccessToken(CodeModel codeModel) {
-		return saOAuth2Template.generateAccessToken(codeModel);
+	public static AccessTokenModel generateAccessToken(String code) {
+		return saOAuth2Template.generateAccessToken(code);
 	}
 
 	/**
@@ -156,32 +184,14 @@ public class SaOAuth2Util {
 	}
 
 	/**
-	 * [default] 根据 refresh_token 获得其Model详细信息 (授权码Model) 
+	 * [default] 根据 refresh_token 获得其Model详细信息 
 	 * @param refreshToken refresh_token 
-	 * @return RefreshToken (授权码Model) 
+	 * @return RefreshToken 
 	 */
-	public static CodeModel getRefreshToken(String refreshToken) {
+	public static RefreshTokenModel getRefreshToken(String refreshToken) {
 		return saOAuth2Template.getRefreshToken(refreshToken);
 	}
 
-	/**
-	 * [default] 获取 access_token 的有效期 
-	 * @param accessToken access_token 
-	 * @return 有效期 
-	 */
-	public static long getAccessTokenExpiresIn(String accessToken) {
-		return saOAuth2Template.getAccessTokenExpiresIn(accessToken);
-	}
-
-	/**
-	 * [default] 获取 refresh_token 的有效期 
-	 * @param refreshToken refresh_token 
-	 * @return 有效期 
-	 */
-	public static long getRefreshTokenExpiresIn(String refreshToken) {
-		return saOAuth2Template.getRefreshTokenExpiresIn(refreshToken);
-	}
-
 	/**
 	 * [default] 获取 access_token 所代表的LoginId 
 	 * @param accessToken access_token 
@@ -191,10 +201,46 @@ public class SaOAuth2Util {
 		return saOAuth2Template.getLoginIdByAccessToken(accessToken);
 	}
 	
-	
-	
-	
-	
+	/**
+	 * 构建：AccessToken Model (根据RequestAuthModel) 用于隐藏式 
+	 * @param ra 请求授权参数Model 
+	 * @return 授权码Model 
+	 */
+	public static AccessTokenModel generateAccessToken(RequestAuthModel ra) {
+		return saOAuth2Template.generateAccessToken(ra);
+	}
+
+	/**
+	 * 构建：ClientToken Model 
+	 * @param ra 请求授权参数Model 
+	 * @return ClientToken-Model 
+	 */
+	public static ClientTokenModel generateClientToken(String clientId, String scope) {
+		return saOAuth2Template.generateClientToken(clientId, scope);
+	}
+
+	// ------------------- 自定义策略相关
+
+	/**
+	 * [OK] 构建URL：下放授权码URL 
+	 * @param redirectUri 下放地址 
+	 * @param code code参数
+	 * @param state state参数 
+	 * @return 构建完毕的URL 
+	 */
+	public static String buildRedirectUri(String redirectUri, String code, String state) {
+		return saOAuth2Template.buildRedirectUri(redirectUri, code, state);
+	}
+	/**
+	 * [OK] 构建URL：下放Token URL 
+	 * @param redirectUri 下放地址 
+	 * @param token token
+	 * @param state state参数 
+	 * @return 构建完毕的URL 
+	 */
+	public static String buildRedirectUri2(String redirectUri, String token, String state) {
+		return saOAuth2Template.buildRedirectUri2(redirectUri, token, state);
+	}
 	
 	
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/AccessTokenModel.java

@@ -1,5 +1,8 @@
 package cn.dev33.satoken.oauth2.model;
 
+import java.util.LinkedHashMap;
+import java.util.Map;
+
 /**
  * Model: access_token
  * @author kong
@@ -10,177 +13,100 @@ public class AccessTokenModel {
 	/**
 	 * access_token 值
 	 */
-	private String accessToken;
+	public String accessToken;
 	
 	/**
 	 * refresh_token 值
 	 */
-	private String refreshToken;
+	public String refreshToken;
 	
 	/**
-	 * access_token 剩余有效时间 (秒) 
+	 * access_token 到期时间 
 	 */
-	private long expiresIn;
+	public long expiresTime;
 
 	/**
-	 * refresh_token 剩余有效期 (秒)  
+	 * refresh_token 到期时间   
 	 */
-	private long refreshExpiresIn;
+	public long refreshExpiresTime;
 
-	/**
-	 * 此 access_token令牌 是由哪个code码创建 
-	 */
-	private String code;
-	
 	/**
 	 * 应用id 
 	 */
-	private String clientId;
-	
-	/**
-	 * 授权范围
-	 */
-	private String scope;
+	public String clientId;
 
+	/**
+	 * 账号id 
+	 */
+	public Object loginId;
+	
 	/**
 	 * 开放账号id 
 	 */
-	private String openid;
+	public String openid;
 
 	/**
-	 * 其他自定义数据 
+	 * 授权范围
 	 */
-	private Object tag;
+	public String scope;  
 
-	
+	public AccessTokenModel() {}
 	/**
-	 * @return accessToken
+	 * 构建一个 
+	 * @param accessToken accessToken
+	 * @param clientId 应用id 
+	 * @param scope 请求授权范围 
+	 * @param loginId 对应的账号id 
 	 */
-	public String getAccessToken() {
-		return accessToken;
-	}
-
-	/**
-	 * @param accessToken 要设置的 accessToken
-	 */
-	public void setAccessToken(String accessToken) {
+	public AccessTokenModel(String accessToken, String clientId, Object loginId, String scope) {
+		super();
 		this.accessToken = accessToken;
-	}
-
-	/**
-	 * @return refreshToken
-	 */
-	public String getRefreshToken() {
-		return refreshToken;
-	}
-
-	/**
-	 * @param refreshToken 要设置的 refreshToken
-	 */
-	public void setRefreshToken(String refreshToken) {
-		this.refreshToken = refreshToken;
-	}
-
-	/**
-	 * @return expiresIn
-	 */
-	public long getExpiresIn() {
-		return expiresIn;
-	}
-
-	/**
-	 * @param expiresIn 要设置的 expiresIn
-	 */
-	public void setExpiresIn(long expiresIn) {
-		this.expiresIn = expiresIn;
-	}
-
-	/**
-	 * @return refreshExpiresIn
-	 */
-	public long getRefreshExpiresIn() {
-		return refreshExpiresIn;
-	}
-
-	/**
-	 * @param refreshExpiresIn 要设置的 refreshExpiresIn
-	 */
-	public void setRefreshExpiresIn(long refreshExpiresIn) {
-		this.refreshExpiresIn = refreshExpiresIn;
-	}
-
-	/**
-	 * @return code
-	 */
-	public String getCode() {
-		return code;
-	}
-
-	/**
-	 * @param code 要设置的 code
-	 */
-	public void setCode(String code) {
-		this.code = code;
-	}
-
-	/**
-	 * @return clientId
-	 */
-	public String getClientId() {
-		return clientId;
-	}
-
-	/**
-	 * @param clientId 要设置的 clientId
-	 */
-	public void setClientId(String clientId) {
 		this.clientId = clientId;
-	}
-
-	/**
-	 * @return scope
-	 */
-	public String getScope() {
-		return scope;
-	}
-
-	/**
-	 * @param scope 要设置的 scope
-	 */
-	public void setScope(String scope) {
+		this.loginId = loginId;
 		this.scope = scope;
 	}
+	
+	@Override
+	public String toString() {
+		return "AccessTokenModel [accessToken=" + accessToken + ", refreshToken=" + refreshToken
+				+ ", accessTokenTimeout=" + expiresTime + ", refreshTokenTimeout=" + refreshExpiresTime
+				+ ", clientId=" + clientId + ", scope=" + scope + ", openid=" + openid + "]";
+	}
+
 
 	/**
-	 * @return openid
+	 * 获取：此 Access-Token 的剩余有效期（秒）
+	 * @return see note 
 	 */
-	public String getOpenid() {
-		return openid;
+	public long getExpiresIn() {
+		long s = (expiresTime - System.currentTimeMillis()) / 1000;
+		return s < 1 ? -2 : s;
 	}
 
 	/**
-	 * @param openid 要设置的 openid
+	 * 获取：此 Refresh-Token 的剩余有效期（秒）
+	 * @return see note 
 	 */
-	public void setOpenid(String openid) {
-		this.openid = openid;
+	public long getRefreshExpiresIn() {
+		long s = (refreshExpiresTime - System.currentTimeMillis()) / 1000;
+		return s < 1 ? -2 : s;
 	}
-
-	/**
-	 * @return tag
-	 */
-	public Object getTag() {
-		return tag;
-	}
-
-	/**
-	 * @param tag 要设置的 tag
-	 */
-	public void setTag(Object tag) {
-		this.tag = tag;
-	}
-
-	
 	
 	
+	/**
+	 * 将所有属性转换为下划线形式的Map 
+	 * @return
+	 */
+	public Map<String, Object> toLineMap() {
+		Map<String, Object> map = new LinkedHashMap<String, Object>();
+		map.put("access_token", accessToken);
+		map.put("refresh_token", refreshToken);
+		map.put("expires_in", getExpiresIn());
+		map.put("refresh_expires_in", getRefreshExpiresIn());
+		map.put("client_id", clientId);
+		map.put("scope", scope);
+		map.put("openid", openid);
+		return map;
+	}
 	
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/ClientTokenModel.java

@@ -0,0 +1,78 @@
+package cn.dev33.satoken.oauth2.model;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Model: client_token
+ * @author kong
+ *
+ */
+public class ClientTokenModel {
+
+	/**
+	 * client_token 值
+	 */
+	public String clientToken;
+	
+	/**
+	 * client_token 到期时间 
+	 */
+	public long expiresTime;
+
+	/**
+	 * 应用id 
+	 */
+	public String clientId;
+
+	/**
+	 * 授权范围
+	 */
+	public String scope;  
+
+	public ClientTokenModel() {}
+	
+	/**
+	 * 构建一个 
+	 * @param accessToken accessToken
+	 * @param clientId 应用id 
+	 * @param scope 请求授权范围 
+	 * @param loginId 对应的账号id 
+	 */
+	public ClientTokenModel(String accessToken, String clientId, String scope) {
+		super();
+		this.clientToken = accessToken;
+		this.clientId = clientId;
+		this.scope = scope;
+	}
+	
+	@Override
+	public String toString() {
+		return "ClientTokenModel [clientToken=" + clientToken + ", expiresTime=" + expiresTime + ", clientId="
+				+ clientId + ", scope=" + scope + "]";
+	}
+	
+	/**
+	 * 获取：此 Client-Token 的剩余有效期（秒）
+	 * @return see note 
+	 */
+	public long getExpiresIn() {
+		long s = (expiresTime - System.currentTimeMillis()) / 1000;
+		return s < 1 ? -2 : s;
+	}
+	
+	/**
+	 * 将所有属性转换为下划线形式的Map 
+	 * @return
+	 */
+	public Map<String, Object> toLineMap() {
+		Map<String, Object> map = new LinkedHashMap<String, Object>();
+		map.put("client_token", clientToken);
+		map.put("expires_in", getExpiresIn());
+		map.put("client_id", clientId);
+		map.put("scope", scope);	
+		return map;
+	}
+	
+	
+}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/CodeModel.java

@@ -7,48 +7,31 @@ package cn.dev33.satoken.oauth2.model;
  */
 public class CodeModel {
 
-	/**
+	/** 
 	 * 授权码 
 	 */
-	private String code;
+	public String code;
 	
 	/**
 	 * 应用id 
 	 */
-	private String clientId;
+	public String clientId;
 	
 	/**
 	 * 授权范围
 	 */
-	private String scope;
+	public String scope;
 
 	/**
 	 * 对应账号id 
 	 */
-	private Object loginId;
+	public Object loginId;
 
 	/**
-	 * 用户是否已经确认了这个授权 
+	 * 重定向的地址 
 	 */
-	private Boolean isConfirm;
-
-	/**
-	 * 确认授权后重定向的地址 
-	 */
-	private String redirectUri;
-
-	/**
-	 * 拒绝授权后重定向的地址 
-	 */
-	private String rejectUri;
-
-
-	/**
-	 * 其他自定义数据 
-	 */
-	private Object tag;
+	public String redirectUri;
 	
-
 	/**
 	 * 构建一个 
 	 */
@@ -62,16 +45,15 @@ public class CodeModel {
 	 * @param scope 请求授权范围 
 	 * @param loginId 对应的账号id 
 	 */
-	public CodeModel(String code, String clientId, String scope, Object loginId) {
+	public CodeModel(String code, String clientId, String scope, Object loginId, String redirectUri) {
 		super();
 		this.code = code;
 		this.clientId = clientId;
 		this.scope = scope;
 		this.loginId = loginId;
-		this.isConfirm = false;
+		this.redirectUri = redirectUri;
 	}
 
-
 	
 	/**
 	 * @return code
@@ -128,21 +110,7 @@ public class CodeModel {
 	public void setLoginId(Object loginId) {
 		this.loginId = loginId;
 	}
-
-	/**
-	 * @return isConfirm
-	 */
-	public Boolean getIsConfirm() {
-		return isConfirm;
-	}
-
-	/**
-	 * @param isConfirm 要设置的 isConfirm
-	 */
-	public void setIsConfirm(Boolean isConfirm) {
-		this.isConfirm = isConfirm;
-	}
-
+	
 	/**
 	 * @return redirectUri
 	 */
@@ -156,36 +124,11 @@ public class CodeModel {
 	public void setRedirectUri(String redirectUri) {
 		this.redirectUri = redirectUri;
 	}
-
-	/**
-	 * @return rejectUri
-	 */
-	public String getRejectUri() {
-		return rejectUri;
+	
+	@Override
+	public String toString() {
+		return "CodeModel [code=" + code + ", clientId=" + clientId + ", scope=" + scope + ", loginId=" + loginId
+				+ ", redirectUri=" + redirectUri + "]";
 	}
-	/**
-	 * @param rejectUri 要设置的 rejectUri
-	 */
-	public void setRejectUri(String rejectUri) {
-		this.rejectUri = rejectUri;
-	}
-	
-	/**
-	 * @return tag
-	 */
-	public Object getTag() {
-		return tag;
-	}
-
-	/**
-	 * @param tag 要设置的 tag
-	 */
-	public void setTag(Object tag) {
-		this.tag = tag;
-	}
-	
-	
-	
-	
 	
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/RefreshTokenModel.java

@@ -0,0 +1,54 @@
+package cn.dev33.satoken.oauth2.model;
+/**
+ * Model: refresh_token
+ * @author kong
+ *
+ */
+public class RefreshTokenModel {
+ 
+	/**
+	 * refresh_token 值
+	 */
+	public String refreshToken;
+
+	/**
+	 * refresh_token到期时间 
+	 */
+	public long expiresTime;
+	
+	/**
+	 * 应用id 
+	 */
+	public String clientId;
+	
+	/**
+	 * 授权范围
+	 */
+	public String scope;
+
+	/**
+	 * 对应账号id 
+	 */
+	public Object loginId;
+
+	/**
+	 * 对应账号id 
+	 */
+	public String openid;
+
+	@Override
+	public String toString() {
+		return "RefreshTokenModel [refreshToken=" + refreshToken + ", expiresTime=" + expiresTime
+				+ ", clientId=" + clientId + ", scope=" + scope + ", loginId=" + loginId + ", openid=" + openid + "]";
+	}
+
+	/**
+	 * 获取：此 Refresh-Token 的剩余有效期（秒）
+	 * @return see note 
+	 */
+	public long getExpiresIn() {
+		long s = (expiresTime - System.currentTimeMillis()) / 1000;
+		return s < 1 ? -2 : s;
+	}
+	
+}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/RequestAuthModel.java

@@ -13,32 +13,32 @@ public class RequestAuthModel {
 	/**
 	 * 应用id 
 	 */
-	private String clientId;
+	public String clientId;
 	 
 	/**
 	 * 授权范围
 	 */
-	private String scope;
+	public String scope;
 	
 	/**
 	 * 对应的账号id 
 	 */
-	private Object loginId;
+	public Object loginId;
 	
 	/**
 	 * 待重定向URL
 	 */
-	private String redirectUri; 
+	public String redirectUri; 
 	
 	/**
 	 * 授权类型, 非必填 
 	 */
-	private String responseType;
+	public String responseType;
 
 	/**
 	 * 状态标识, 可为null 
 	 */
-	private String state;
+	public String state;
 
 	
 	/**
@@ -156,5 +156,6 @@ public class RequestAuthModel {
 		}
 		return this;
 	}
+
 	
 }

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/ScopeModel.java

@@ -1,73 +1,73 @@
-package cn.dev33.satoken.oauth2.model;
-
-/**
- * 权限Model 
- * @author kong
- *
- */
-public class ScopeModel {
-
-	/**
-	 * 权限名称  
-	 */
-	private String name;
-
-	/**
-	 * 详细介绍
-	 */
-	private String introduce;
-
-
-	/**
-	 * 构造一个
-	 */
-	public ScopeModel() {
-		super();
-	}
-	/**
-	 * 构造一个 
-	 * @param name 权限名称
-	 * @param introduce 权限详细介绍 
-	 */
-	public ScopeModel(String name, String introduce) {
-		super();
-		this.name = name;
-		this.introduce = introduce;
-	}
-	
-	/**
-	 * @return name
-	 */
-	public String getName() {
-		return name;
-	}
-
-	/**
-	 * @param name 要设置的 name
-	 */
-	public void setName(String name) {
-		this.name = name;
-	}
-
-	/**
-	 * @return introduce
-	 */
-	public String getIntroduce() {
-		return introduce;
-	}
-
-	/**
-	 * @param introduce 要设置的 introduce
-	 */
-	public void setIntroduce(String introduce) {
-		this.introduce = introduce;
-	}
-
-	
-	
-
-	
-	
-	
-	
-}
+//package cn.dev33.satoken.oauth2.model;
+//
+///**
+// * 权限Model 
+// * @author kong
+// *
+// */
+//public class ScopeModel {
+//
+//	/**
+//	 * 权限名称  
+//	 */
+//	private String name;
+//
+//	/**
+//	 * 详细介绍
+//	 */
+//	private String introduce;
+//
+//
+//	/**
+//	 * 构造一个
+//	 */
+//	public ScopeModel() {
+//		super();
+//	}
+//	/**
+//	 * 构造一个 
+//	 * @param name 权限名称
+//	 * @param introduce 权限详细介绍 
+//	 */
+//	public ScopeModel(String name, String introduce) {
+//		super();
+//		this.name = name;
+//		this.introduce = introduce;
+//	}
+//	
+//	/**
+//	 * @return name
+//	 */
+//	public String getName() {
+//		return name;
+//	}
+//
+//	/**
+//	 * @param name 要设置的 name
+//	 */
+//	public void setName(String name) {
+//		this.name = name;
+//	}
+//
+//	/**
+//	 * @return introduce
+//	 */
+//	public String getIntroduce() {
+//		return introduce;
+//	}
+//
+//	/**
+//	 * @param introduce 要设置的 introduce
+//	 */
+//	public void setIntroduce(String introduce) {
+//		this.introduce = introduce;
+//	}
+//
+//	
+//	
+//
+//	
+//	
+//	
+//	
+//}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/util/SaOAuth2Consts.java

@@ -1,15 +0,0 @@
-package cn.dev33.satoken.oauth2.util;
-
-/**
- * sa-token oauth2 模块 用到的所有常量 
- * @author kong
- *
- */
-public class SaOAuth2Consts {
-
-	/**
-	 * 在保存授权码时用到的key 
-	 */
-	public static final String UNLIMITED_DOMAIN = "*";
-	
-}