模式三校验 ticket 增加签名校验

2025-06-28 13:34:18 +08:00 · 2024-04-27 02:07:18 +08:00 · 2024-04-27 02:07:18 +08:00 · a180330215
commit a180330215
parent c8bcfa19d6
2 changed files with 28 additions and 17 deletions
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoProcessor.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoProcessor.java
@ -133,22 +133,25 @@ public class SaSsoProcessor {
 	public Object ssoCheckTicket() {
 		ParamName paramName = ssoTemplate.paramName;
 		
-		// 获取参数 
+		// 1、获取参数
 		SaRequest req = SaHolder.getRequest();
 		String client = req.getParam(paramName.client);
 		String ticket = req.getParamNotNull(paramName.ticket);
 		String sloCallback = req.getParam(paramName.ssoLogoutCall);
-		
-		// 校验ticket，获取 loginId 
+
+		// 2、校验签名
+		ssoTemplate.getSignTemplate().checkRequest(req);
+
+		// 3、校验ticket，获取 loginId
 		Object loginId = ssoTemplate.checkTicket(ticket, client);
 		if(SaFoxUtil.isEmpty(loginId)) {
 			return SaResult.error("无效ticket：" + ticket);
 		}

-		// 注册此客户端的单点注销回调URL 
+		// 4、注册此客户端的单点注销回调URL
 		ssoTemplate.registerSloCallbackUrl(loginId, sloCallback);
 		
-		// 给 client 端响应结果
+		// 5、给 client 端响应结果
 		return SaResult.data(loginId);
 	}

@ -454,8 +457,10 @@ public class SaSsoProcessor {
 				}
 			}
 			
-			// 发起请求 
+			// 构建请求URL
 			String checkUrl = ssoTemplate.buildCheckTicketUrl(ticket, ssoLogoutCall);
+
+			// 发起请求
 			SaResult result = ssoTemplate.request(checkUrl);

 			// 校验 
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
@ -473,25 +473,31 @@ public class SaSsoTemplate {
 	 * @return 构建完毕的URL 
 	 */
 	public String buildCheckTicketUrl(String ticket, String ssoLogoutCallUrl) {
-		// 裸地址 
-		String url = SaSsoManager.getConfig().splicingCheckTicketUrl();
 		
+		// s1：先收集应该增加的参数：client、ticket、ssoLogoutCall
+		Map<String, Object> paramMap = new TreeMap<>();
+
 		// 拼接 client 参数
 		String client = getSsoConfig().getClient();
 		if(SaFoxUtil.isNotEmpty(client)) {
-			url = SaFoxUtil.joinParam(url, paramName.client, client);
+			paramMap.put(paramName.client, client);
 		}
-		
-		// 拼接ticket参数 
-		url = SaFoxUtil.joinParam(url, paramName.ticket, ticket);
-		
-		// 拼接单点注销时的回调URL 
+
+		// 拼接 ticket 参数
+		paramMap.put(paramName.ticket, ticket);
+
+		// 拼接单点注销时的回调 URL
 		if(ssoLogoutCallUrl != null) {
-			url = SaFoxUtil.joinParam(url, paramName.ssoLogoutCall, ssoLogoutCallUrl);
+			paramMap.put(paramName.ssoLogoutCall, ssoLogoutCallUrl);
 		}
-		
+
+		// s2：构建 url 地址
+		String url = SaSsoManager.getConfig().splicingCheckTicketUrl();
+		String paramStr = getSignTemplate().addSignParamsAndJoin(paramMap);
+		String finalUrl = SaFoxUtil.joinParam(url, paramStr);
+
 		// 返回 
-		return url;
+		return finalUrl;
 	}

 	/**