Jackson定制版Session，避免timeout属性的序列化

sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaSessionForJacksonCustomized.java

@@ -0,0 +1,33 @@
+package cn.dev33.satoken.dao;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+import cn.dev33.satoken.session.SaSession;
+
+/**
+ * Jackson定制版SaSession，忽略 timeout 属性的序列化 
+ *  
+ * @author kong
+ *
+ */
+@JsonIgnoreProperties("timeout")
+public class SaSessionForJacksonCustomized extends SaSession {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -7600983549653130681L;
+
+	public SaSessionForJacksonCustomized() {
+		super();
+	}
+
+	/**
+	 * 构建一个Session对象
+	 * @param id Session的id
+	 */
+	public SaSessionForJacksonCustomized(String id) {
+		super(id);
+	}
+
+}

sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaTokenDaoRedisJackson.java

@@ -1,23 +1,5 @@
 package cn.dev33.satoken.dao;
 
-import cn.dev33.satoken.util.SaFoxUtil;
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
-import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateDeserializer;
-import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
-import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
-import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
-import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
-import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.redis.connection.RedisConnectionFactory;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
-import org.springframework.data.redis.serializer.StringRedisSerializer;
-import org.springframework.stereotype.Component;
-
 import java.lang.reflect.Field;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
@@ -28,6 +10,27 @@ import java.util.List;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import org.springframework.stereotype.Component;
+
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
+import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
+
+import cn.dev33.satoken.strategy.SaStrategy;
+import cn.dev33.satoken.util.SaFoxUtil;
+
 /**
  * Sa-Token持久层接口 [Redis版] (使用 jackson 序列化方式)
  * 
@@ -90,6 +93,8 @@ public class SaTokenDaoRedisJackson implements SaTokenDao {
 			timeModule.addSerializer(new LocalTimeSerializer(TIME_FORMATTER));
 			timeModule.addDeserializer(LocalTime.class, new LocalTimeDeserializer(TIME_FORMATTER));
 			this.objectMapper.registerModule(timeModule);
+			// 重写Session生成策略 
+			SaStrategy.me.createSession = (sessionId) -> new SaSessionForJacksonCustomized(sessionId);
 		} catch (Exception e) {
 			System.err.println(e.getMessage());
 		}

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java

@@ -30,19 +30,19 @@ public class SaOAuth2Config implements Serializable {
 	/** 是否在每次 Refresh-Token 刷新 Access-Token 时，产生一个新的 Refresh-Token */
 	public Boolean isNewRefresh = false;
 	
-	/** Code授权码 保存的时间(单位秒) 默认五分钟 */
+	/** Code授权码 保存的时间(单位：秒) 默认五分钟 */
 	public long codeTimeout = 60 * 5;
 
-	/** Access-Token 保存的时间(单位秒) 默认两个小时 */
+	/** Access-Token 保存的时间(单位：秒) 默认两个小时 */
 	public long accessTokenTimeout = 60 * 60 * 2;
 
-	/** Refresh-Token 保存的时间(单位秒) 默认30 天 */
+	/** Refresh-Token 保存的时间(单位：秒) 默认30 天 */
 	public long refreshTokenTimeout = 60 * 60 * 24 * 30;
 
-	/** Client-Token 保存的时间(单位秒) 默认两个小时 */
+	/** Client-Token 保存的时间(单位：秒) 默认两个小时 */
 	public long clientTokenTimeout = 60 * 60 * 2;
 
-	/** Past-Client-Token 保存的时间(单位秒) 默认為 null */
+	/** Past-Client-Token 保存的时间(单位：秒) 默认為 null */
 	public Long pastClientTokenTimeout = null;
 
 

sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java

@@ -256,9 +256,10 @@ public class SaOAuth2Handle {
 		String username = req.getParamNotNull(Param.username);
 		String password = req.getParamNotNull(Param.password);
 		String clientId = req.getParamNotNull(Param.client_id);
+		String scope = req.getParam(Param.scope, "");
 
-		// 2、校验client_id
-		SaOAuth2Util.checkClientModel(clientId);
+		// 2、校验 ClientScope
+		SaOAuth2Util.checkContract(clientId, scope);
 
 		// 3、防止因前端误传token造成逻辑干扰
 		SaHolder.getStorage().set(StpUtil.stpLogic.splicingKeyJustCreatedSave(), "no-token");
@@ -273,10 +274,7 @@ public class SaOAuth2Handle {
 		RequestAuthModel ra = new RequestAuthModel();
 		ra.clientId = clientId;
 		ra.loginId = StpUtil.getLoginId();
-		ra.scope = req.getParam(Param.scope, "");
-
-		// 6、校验 ClientScope
-		SaOAuth2Util.checkContract(clientId, ra.scope);
+		ra.scope = scope;
 
 		// 7、生成 Access-Token
 		AccessTokenModel at = SaOAuth2Util.generateAccessToken(ra, true);