Jackson定制版Session，避免timeout属性的序列化

2025-09-20 02:29:27 +08:00 · 2022-02-04 11:40:30 +08:00
parent 9ffc85e749
commit 978c8dd71e
5 changed files with 75 additions and 32 deletions
--- a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
@@ -548,7 +548,7 @@ public class StpLogic {
 		if(loginId == null) {
 			throw NotLoginException.newInstance(loginType, NotLoginException.INVALID_TOKEN, tokenValue);
 		}
- 		// 如果是已经过期，则抛出已经过期 
+ 		// 如果是已经过期，则抛出：已经过期 
 		if(loginId.equals(NotLoginException.TOKEN_TIMEOUT)) {
 			throw NotLoginException.newInstance(loginType, NotLoginException.TOKEN_TIMEOUT, tokenValue);
 		}
@@ -612,7 +612,7 @@ public class StpLogic {
 		}
 		// loginId为null或者在异常项里面，均视为未登录, 返回null 
 		Object loginId = getLoginIdNotHandle(tokenValue);
- 		if(loginId == null || NotLoginException.ABNORMAL_LIST.contains(loginId)) {
+ 		if(isValidLoginId(loginId) == false) {
 			return null;
 		}
 		// 如果已经[临时过期] 
@@ -653,10 +653,17 @@ public class StpLogic {
 	 * @return 账号id
 	 */
 	public Object getLoginIdByToken(String tokenValue) {
 		// token为空时，直接返回null 
 		if(tokenValue == null) {
 	 		return null;
 		}
- 		return getLoginIdNotHandle(tokenValue);
+ 		// loginId为无效值时，直接返回null 
 		String loginId = getLoginIdNotHandle(tokenValue);
 		if(isValidLoginId(loginId) == false) {
 			return null;
 		}
 		// 
 		return loginId;
 	}
 	 /**
--- a/sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaSessionForJacksonCustomized.java
+++ b/sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaSessionForJacksonCustomized.java
@@ -0,0 +1,33 @@
 package cn.dev33.satoken.dao;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import cn.dev33.satoken.session.SaSession;
 /**
 * Jackson定制版SaSession，忽略 timeout 属性的序列化 
 *  
 * @author kong
 *
 */
@JsonIgnoreProperties("timeout")
 public class SaSessionForJacksonCustomized extends SaSession {
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = -7600983549653130681L;
 	public SaSessionForJacksonCustomized() {
 		super();
 	}
 	/**
 	 * 构建一个Session对象
 	 * @param id Session的id
 	 */
 	public SaSessionForJacksonCustomized(String id) {
 		super(id);
 	}
 }
--- a/sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaTokenDaoRedisJackson.java
+++ b/sa-token-plugin/sa-token-dao-redis-jackson/src/main/java/cn/dev33/satoken/dao/SaTokenDaoRedisJackson.java
@@ -1,23 +1,5 @@
 package cn.dev33.satoken.dao;
 import cn.dev33.satoken.util.SaFoxUtil;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
 import org.springframework.data.redis.serializer.StringRedisSerializer;
 import org.springframework.stereotype.Component;
 import java.lang.reflect.Field;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
@@ -28,6 +10,27 @@ import java.util.List;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
 import org.springframework.data.redis.serializer.StringRedisSerializer;
 import org.springframework.stereotype.Component;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.deser.LocalTimeDeserializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateSerializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalDateTimeSerializer;
 import com.fasterxml.jackson.datatype.jsr310.ser.LocalTimeSerializer;
 import cn.dev33.satoken.strategy.SaStrategy;
 import cn.dev33.satoken.util.SaFoxUtil;
 /**
 * Sa-Token持久层接口 [Redis版] (使用 jackson 序列化方式)
 * 
@@ -90,6 +93,8 @@ public class SaTokenDaoRedisJackson implements SaTokenDao {
 			timeModule.addSerializer(new LocalTimeSerializer(TIME_FORMATTER));
 			timeModule.addDeserializer(LocalTime.class, new LocalTimeDeserializer(TIME_FORMATTER));
 			this.objectMapper.registerModule(timeModule);
 			// 重写Session生成策略 
 			SaStrategy.me.createSession = (sessionId) -> new SaSessionForJacksonCustomized(sessionId);
 		} catch (Exception e) {
 			System.err.println(e.getMessage());
 		}
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java
@@ -30,19 +30,19 @@ public class SaOAuth2Config implements Serializable {
 	/** 是否在每次 Refresh-Token 刷新 Access-Token 时，产生一个新的 Refresh-Token */
 	public Boolean isNewRefresh = false;
-	/** Code授权码 保存的时间(单位秒) 默认五分钟 */
+	/** Code授权码 保存的时间(单位：秒) 默认五分钟 */
 	public long codeTimeout = 60 * 5;
-	/** Access-Token 保存的时间(单位秒) 默认两个小时 */
+	/** Access-Token 保存的时间(单位：秒) 默认两个小时 */
 	public long accessTokenTimeout = 60 * 60 * 2;
-	/** Refresh-Token 保存的时间(单位秒) 默认30 天 */
+	/** Refresh-Token 保存的时间(单位：秒) 默认30 天 */
 	public long refreshTokenTimeout = 60 * 60 * 24 * 30;
-	/** Client-Token 保存的时间(单位秒) 默认两个小时 */
+	/** Client-Token 保存的时间(单位：秒) 默认两个小时 */
 	public long clientTokenTimeout = 60 * 60 * 2;
-	/** Past-Client-Token 保存的时间(单位秒) 默认為 null */
+	/** Past-Client-Token 保存的时间(单位：秒) 默认為 null */
 	public Long pastClientTokenTimeout = null;
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java
@@ -256,9 +256,10 @@ public class SaOAuth2Handle {
 		String username = req.getParamNotNull(Param.username);
 		String password = req.getParamNotNull(Param.password);
 		String clientId = req.getParamNotNull(Param.client_id);
 		String scope = req.getParam(Param.scope, "");
-		// 2、校验client_id
+		// 2、校验 ClientScope
-		SaOAuth2Util.checkClientModel(clientId);
+		SaOAuth2Util.checkContract(clientId, scope);
 		// 3、防止因前端误传token造成逻辑干扰
 		SaHolder.getStorage().set(StpUtil.stpLogic.splicingKeyJustCreatedSave(), "no-token");
@@ -273,10 +274,7 @@ public class SaOAuth2Handle {
 		RequestAuthModel ra = new RequestAuthModel();
 		ra.clientId = clientId;
 		ra.loginId = StpUtil.getLoginId();
-		ra.scope = req.getParam(Param.scope, "");
+		ra.scope = scope;
 		// 6、校验 ClientScope
 		SaOAuth2Util.checkContract(clientId, ra.scope);
 		// 7、生成 Access-Token
 		AccessTokenModel at = SaOAuth2Util.generateAccessToken(ra, true);