lsm/sa-token
1
0
Fork 0
mirror of https://gitee.com/dromara/sa-token.git synced 2025-06-28 13:34:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

模式三校验 ticket 增加签名校验

Browse Source
This commit is contained in:
click33 2024-04-27 02:07:18 +08:00
parent c8bcfa19d6
commit a180330215
2 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoProcessor.java
View File

@ -133,22 +133,25 @@ public class SaSsoProcessor {
public Object ssoCheckTicket() { public Object ssoCheckTicket() {
ParamName paramName = ssoTemplate.paramName; ParamName paramName = ssoTemplate.paramName;
// 获取参数 // 1获取参数
SaRequest req = SaHolder.getRequest(); SaRequest req = SaHolder.getRequest();
String client = req.getParam(paramName.client); String client = req.getParam(paramName.client);
String ticket = req.getParamNotNull(paramName.ticket); String ticket = req.getParamNotNull(paramName.ticket);
String sloCallback = req.getParam(paramName.ssoLogoutCall); String sloCallback = req.getParam(paramName.ssoLogoutCall);
// 校验ticket获取 loginId // 2校验签名
ssoTemplate.getSignTemplate().checkRequest(req);
// 3校验ticket获取 loginId
Object loginId = ssoTemplate.checkTicket(ticket, client); Object loginId = ssoTemplate.checkTicket(ticket, client);
if(SaFoxUtil.isEmpty(loginId)) { if(SaFoxUtil.isEmpty(loginId)) {
return SaResult.error("无效ticket" + ticket); return SaResult.error("无效ticket" + ticket);
} }
// 注册此客户端的单点注销回调URL // 4注册此客户端的单点注销回调URL
ssoTemplate.registerSloCallbackUrl(loginId, sloCallback); ssoTemplate.registerSloCallbackUrl(loginId, sloCallback);
// client 端响应结果 // 5 client 端响应结果
return SaResult.data(loginId); return SaResult.data(loginId);
} }
@ -454,8 +457,10 @@ public class SaSsoProcessor {
} }
} }
// 发起请求 // 构建请求URL
String checkUrl = ssoTemplate.buildCheckTicketUrl(ticket, ssoLogoutCall); String checkUrl = ssoTemplate.buildCheckTicketUrl(ticket, ssoLogoutCall);
// 发起请求
SaResult result = ssoTemplate.request(checkUrl); SaResult result = ssoTemplate.request(checkUrl);
// 校验 // 校验

28
sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
View File

@ -473,25 +473,31 @@ public class SaSsoTemplate {
* @return 构建完毕的URL * @return 构建完毕的URL
*/ */
public String buildCheckTicketUrl(String ticket, String ssoLogoutCallUrl) { public String buildCheckTicketUrl(String ticket, String ssoLogoutCallUrl) {
// 裸地址
String url = SaSsoManager.getConfig().splicingCheckTicketUrl();
// s1先收集应该增加的参数clientticketssoLogoutCall
Map<String, Object> paramMap = new TreeMap<>();
// 拼接 client 参数 // 拼接 client 参数
String client = getSsoConfig().getClient(); String client = getSsoConfig().getClient();
if(SaFoxUtil.isNotEmpty(client)) { if(SaFoxUtil.isNotEmpty(client)) {
url = SaFoxUtil.joinParam(url, paramName.client, client); paramMap.put(paramName.client, client);
} }
// 拼接ticket参数 // 拼接 ticket 参数
url = SaFoxUtil.joinParam(url, paramName.ticket, ticket); paramMap.put(paramName.ticket, ticket);
// 拼接单点注销时的回调URL // 拼接单点注销时的回调 URL
if(ssoLogoutCallUrl != null) { if(ssoLogoutCallUrl != null) {
url = SaFoxUtil.joinParam(url, paramName.ssoLogoutCall, ssoLogoutCallUrl); paramMap.put(paramName.ssoLogoutCall, ssoLogoutCallUrl);
} }
// s2构建 url 地址
String url = SaSsoManager.getConfig().splicingCheckTicketUrl();
String paramStr = getSignTemplate().addSignParamsAndJoin(paramMap);
String finalUrl = SaFoxUtil.joinParam(url, paramStr);
// 返回 // 返回
return url; return finalUrl;
} }
/** /**