From a2289dc6a1c6bce4532f1f33a6d67e4764f8e168 Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Fri, 16 Aug 2024 23:25:27 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=8D=E5=87=86=E7=A1=AE?=
 =?UTF-8?q?=E7=9A=84=E6=B3=A8=E9=87=8A=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sa-token-doc/plugin/api-sign.md                               | 2 +-
 .../cn/dev33/satoken/sso/template/SaSsoServerTemplate.java    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sa-token-doc/plugin/api-sign.md b/sa-token-doc/plugin/api-sign.md
index 268b0a07..0267f3e6 100644
--- a/sa-token-doc/plugin/api-sign.md
+++ b/sa-token-doc/plugin/api-sign.md
@@ -223,7 +223,7 @@ public SaResult addMoney(long userId, long money, String nonce, String sign) {
 long userId = 10001;
 long money = 1000;
 String nonce = SaFoxUtil.getRandomString(32); // 随机32位字符串
-long timestamp = System.currentTimeMillis(); // 随机32位字符串
+long timestamp = System.currentTimeMillis(); // 系统当前时间戳 
 String secretKey = "xxxxxxxxxxxxxxxxxxxx";
 
 // 计算 sign 参数
diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java
index d5367e17..29101235 100644
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java
@@ -276,7 +276,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate {
             //       http://sa-sso-server.com:9000/sso/auth?redirect=http://sa-sso-client1.com@sa-token.cc
             //
             //  那么这个url就会绕过 allow-url 的校验，ticket 被下发到了第三方服务器地址：
-            //       https://sa-token.cc/?ticket=i8vDfbpqBViMe01QoLY1kHROJWYvv9plBtvTZ6kk77KK0e0U4Xj99NPfSZEYjRul
+            //       http://sa-token.cc/?ticket=i8vDfbpqBViMe01QoLY1kHROJWYvv9plBtvTZ6kk77KK0e0U4Xj99NPfSZEYjRul
             //
             //  造成了ticket 参数劫持
             //  所以此处需要禁止在 url 中出现 @ 字符
@@ -327,7 +327,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate {
                 //       http://sa-sso-server.com:9000/sso/auth?redirect=http://sa-token.cc/a.sa-sso-client1.com/sso/login
                 //
                 //  那么这个 url 就会绕过 allow-url 的校验，ticket 被下发到了第三方服务器地址：
-                //       https://sa-token.cc/a.sa-sso-client1.com/sso/login?ticket=v2KKMUFK7dDsMMzXLQ3aWGsyGUjrA0dBB2jeOWrpCnC8b5ScmXXQSv20mIwPK7Cx
+                //       http://sa-token.cc/a.sa-sso-client1.com/sso/login?ticket=v2KKMUFK7dDsMMzXLQ3aWGsyGUjrA0dBB2jeOWrpCnC8b5ScmXXQSv20mIwPK7Cx
                 //
                 //  造成了 ticket 参数劫持
                 //  所以此处需要禁止 allow-url 配置项的中间位置出现 * 字符（出现在末尾是没有问题的）