mirror of
https://gitee.com/dromara/sa-token.git
synced 2025-09-18 17:48:03 +08:00
重构:API 接口签名所有方法均迁移至 core 核心模块。
This commit is contained in:
click33
@@ -43,11 +43,6 @@ public class SaSsoConfig implements Serializable {
|
||||
*/
|
||||
public Boolean isHttp = false;
|
||||
|
||||
/**
|
||||
* 接口调用秘钥 (用于SSO模式三单点注销的接口通信身份校验)
|
||||
*/
|
||||
public String secretkey;
|
||||
|
||||
|
||||
// ----------------- Client端相关配置
|
||||
|
||||
@@ -106,17 +101,6 @@ public class SaSsoConfig implements Serializable {
|
||||
*/
|
||||
public String serverUrl;
|
||||
|
||||
// ----------------- 其它
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* 接口调用时的时间戳允许的差距(单位:ms),-1代表不校验差距
|
||||
*/
|
||||
public long timestampDisparity = 1000 * 60 * 10;
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @return Ticket有效期 (单位: 秒)
|
||||
@@ -182,22 +166,6 @@ public class SaSsoConfig implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return 接口调用秘钥 (用于SSO模式三单点注销的接口通信身份校验)
|
||||
*/
|
||||
public String getSecretkey() {
|
||||
return secretkey;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param secretkey 接口调用秘钥 (用于SSO模式三单点注销的接口通信身份校验)
|
||||
* @return 对象自身
|
||||
*/
|
||||
public SaSsoConfig setSecretkey(String secretkey) {
|
||||
this.secretkey = secretkey;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return 当前 Client 名称标识,用于和 ticket 码的互相锁定
|
||||
*/
|
||||
@@ -325,30 +293,13 @@ public class SaSsoConfig implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return 接口调用时的时间戳允许的差距(单位:ms),-1代表不校验差距
|
||||
*/
|
||||
public long getTimestampDisparity() {
|
||||
return timestampDisparity;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param timestampDisparity 接口调用时的时间戳允许的差距(单位:ms),-1代表不校验差距
|
||||
* @return 对象自身
|
||||
*/
|
||||
public SaSsoConfig setTimestampDisparity(long timestampDisparity) {
|
||||
this.timestampDisparity = timestampDisparity;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "SaSsoConfig ["
|
||||
+ "ticketTimeout=" + ticketTimeout
|
||||
+ ", allowUrl=" + allowUrl
|
||||
+ ", isSlo=" + isSlo
|
||||
+ ", isHttp=" + isHttp
|
||||
+ ", secretkey=" + secretkey
|
||||
+ ", isHttp=" + isHttp
|
||||
+ ", client=" + client
|
||||
+ ", authUrl=" + authUrl
|
||||
+ ", checkTicketUrl=" + checkTicketUrl
|
||||
@@ -356,8 +307,7 @@ public class SaSsoConfig implements Serializable {
|
||||
+ ", userinfoUrl=" + userinfoUrl
|
||||
+ ", sloUrl=" + sloUrl
|
||||
+ ", ssoLogoutCall=" + ssoLogoutCall
|
||||
+ ", serverUrl=" + serverUrl
|
||||
+ ", timestampDisparity=" + timestampDisparity
|
||||
+ ", serverUrl=" + serverUrl
|
||||
+ "]";
|
||||
}
|
||||
|
||||
|
||||
@@ -193,7 +193,7 @@ public class SaSsoProcessor {
|
||||
String loginId = req.getParam(paramName.loginId);
|
||||
|
||||
// step.1 校验签名
|
||||
ssoTemplate.checkSign(req);
|
||||
ssoTemplate.getSignTemplate().checkRequest(req);
|
||||
|
||||
// step.2 单点注销
|
||||
ssoTemplate.ssoLogout(loginId);
|
||||
@@ -374,7 +374,7 @@ public class SaSsoProcessor {
|
||||
String loginId = req.getParamNotNull(paramName.loginId);
|
||||
|
||||
// 注销当前应用端会话
|
||||
ssoTemplate.checkSign(req);
|
||||
ssoTemplate.getSignTemplate().checkRequest(req);
|
||||
stpLogic.logout(loginId);
|
||||
|
||||
// 响应
|
||||
|
||||
@@ -2,8 +2,8 @@ package cn.dev33.satoken.sso;
|
||||
|
||||
import cn.dev33.satoken.SaManager;
|
||||
import cn.dev33.satoken.config.SaSsoConfig;
|
||||
import cn.dev33.satoken.context.model.SaRequest;
|
||||
import cn.dev33.satoken.session.SaSession;
|
||||
import cn.dev33.satoken.sign.SaSignTemplate;
|
||||
import cn.dev33.satoken.sso.error.SaSsoErrorCode;
|
||||
import cn.dev33.satoken.sso.exception.SaSsoException;
|
||||
import cn.dev33.satoken.sso.name.ApiName;
|
||||
@@ -68,8 +68,16 @@ public class SaSsoTemplate {
|
||||
public SaSsoConfig getSsoConfig() {
|
||||
return SaSsoManager.getConfig();
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* 获取底层使用的 API 签名对象
|
||||
* @return /
|
||||
*/
|
||||
public SaSignTemplate getSignTemplate() {
|
||||
return SaManager.getSaSignTemplate();
|
||||
}
|
||||
|
||||
|
||||
// ---------------------- Ticket 操作 ----------------------
|
||||
|
||||
/**
|
||||
@@ -300,7 +308,7 @@ public class SaSsoTemplate {
|
||||
SaSsoConfig cfg = SaSsoManager.getConfig();
|
||||
Set<String> urlSet = session.get(SaSsoConsts.SLO_CALLBACK_SET_KEY, HashSet::new);
|
||||
for (String url : urlSet) {
|
||||
url = addSignParams(url, loginId);
|
||||
url = joinLoginIdAndSign(url, loginId);
|
||||
cfg.getSendHttp().apply(url);
|
||||
}
|
||||
|
||||
@@ -452,7 +460,7 @@ public class SaSsoTemplate {
|
||||
*/
|
||||
public String buildSloUrl(Object loginId) {
|
||||
String url = SaSsoManager.getConfig().splicingSloUrl();
|
||||
return addSignParams(url, loginId);
|
||||
return joinLoginIdAndSign(url, loginId);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -480,32 +488,11 @@ public class SaSsoTemplate {
|
||||
}
|
||||
|
||||
// 添加签名等参数,并序列化
|
||||
return addSignParams(url, paramMap);
|
||||
}
|
||||
|
||||
|
||||
// ------------------- 返回相应key -------------------
|
||||
|
||||
/**
|
||||
* 拼接key:Ticket 查 账号Id
|
||||
* @param ticket ticket值
|
||||
* @return key
|
||||
*/
|
||||
public String splicingTicketSaveKey(String ticket) {
|
||||
return SaManager.getConfig().getTokenName() + ":ticket:" + ticket;
|
||||
}
|
||||
|
||||
/**
|
||||
* 拼接key:账号Id 反查 Ticket
|
||||
* @param id 账号id
|
||||
* @return key
|
||||
*/
|
||||
public String splicingTicketIndexKey(Object id) {
|
||||
return SaManager.getConfig().getTokenName() + ":id-ticket:" + id;
|
||||
return joinParamMapAndSign(url, paramMap);
|
||||
}
|
||||
|
||||
|
||||
// ------------------- 请求相关 -------------------
|
||||
// ------------------- 发起请求 -------------------
|
||||
|
||||
/**
|
||||
* 发出请求,并返回 SaResult 结果
|
||||
@@ -518,33 +505,20 @@ public class SaSsoTemplate {
|
||||
return new SaResult(map);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取:接口调用秘钥
|
||||
* @return see note
|
||||
*/
|
||||
public String getSecretkey() {
|
||||
// 默认从配置文件中返回
|
||||
String secretkey = SaSsoManager.getConfig().getSecretkey();
|
||||
if(SaFoxUtil.isEmpty(secretkey)) {
|
||||
throw new SaSsoException("请配置 secretkey 参数").setCode(SaSsoErrorCode.CODE_30009);
|
||||
}
|
||||
return secretkey;
|
||||
}
|
||||
|
||||
/**
|
||||
* 给 paramMap 追加 sign 等参数,并序列化为kv字符串,拼接到url后面
|
||||
* @param url 请求地址
|
||||
* @param paramMap 请求原始参数列表
|
||||
* @return 加工后的url
|
||||
*/
|
||||
public String addSignParams(String url, Map<String, Object> paramMap) {
|
||||
// 追加:时间戳、随机字符串、参数签名
|
||||
SaManager.getSaSignTemplate().addSignParams(paramMap, getSecretkey());
|
||||
public String joinParamMapAndSign(String url, Map<String, Object> paramMap) {
|
||||
// 在参数列表中追加:时间戳、随机字符串、参数签名
|
||||
SaManager.getSaSignTemplate().addSignParams(paramMap);
|
||||
|
||||
// 序列化为kv字符串
|
||||
// 将参数列表序列化为kv字符串
|
||||
String signParams = SaManager.getSaSignTemplate().joinParams(paramMap);
|
||||
|
||||
// 拼接到一起
|
||||
// 将kv字符串拼接到url后面
|
||||
return SaFoxUtil.joinParam(url, signParams);
|
||||
}
|
||||
|
||||
@@ -554,51 +528,36 @@ public class SaSsoTemplate {
|
||||
* @param loginId 账号id
|
||||
* @return 加工后的url
|
||||
*/
|
||||
public String addSignParams(String url, Object loginId) {
|
||||
public String joinLoginIdAndSign(String url, Object loginId) {
|
||||
Map<String, Object> paramMap = new LinkedHashMap<>();
|
||||
paramMap.put(paramName.loginId, loginId);
|
||||
return addSignParams(url, paramMap);
|
||||
return joinParamMapAndSign(url, paramMap);
|
||||
}
|
||||
|
||||
|
||||
// ------------------- 返回相应key -------------------
|
||||
|
||||
/**
|
||||
* 拼接key:Ticket 查 账号Id
|
||||
* @param ticket ticket值
|
||||
* @return key
|
||||
*/
|
||||
public String splicingTicketSaveKey(String ticket) {
|
||||
return SaManager.getConfig().getTokenName() + ":ticket:" + ticket;
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验签名
|
||||
* @param req request
|
||||
* 拼接key:账号Id 反查 Ticket
|
||||
* @param id 账号id
|
||||
* @return key
|
||||
*/
|
||||
public void checkSign(SaRequest req) {
|
||||
// 获取签名、时间戳、随机字符串
|
||||
String sign = req.getParamNotNull(paramName.sign);
|
||||
String timestamp = req.getParamNotNull(paramName.timestamp);
|
||||
String nonce = req.getParamNotNull(paramName.nonce);
|
||||
|
||||
// 1、校验时间戳
|
||||
SaManager.getSaSignTemplate().checkTimestamp(Long.parseLong(timestamp), SaSsoManager.getConfig().getTimestampDisparity());
|
||||
|
||||
// 2、校验随机字符串
|
||||
|
||||
// 3、校验签名
|
||||
SaManager.getSaSignTemplate().checkSign(req.getParamMap(), getSecretkey(), sign);
|
||||
public String splicingTicketIndexKey(Object id) {
|
||||
return SaManager.getConfig().getTokenName() + ":id-ticket:" + id;
|
||||
}
|
||||
|
||||
|
||||
// -------- 以下方法已废弃,仅为兼容旧版本而保留 --------
|
||||
|
||||
/**
|
||||
* 根据参数计算签名
|
||||
* @param loginId 账号id
|
||||
* @param timestamp 当前时间戳,13位
|
||||
* @param nonce 随机字符串
|
||||
* @param secretkey 账号id
|
||||
* @return 签名
|
||||
*/
|
||||
@Deprecated
|
||||
public String getSign(Object loginId, String timestamp, String nonce, String secretkey) {
|
||||
Map<String, Object> map = new TreeMap<>();
|
||||
map.put(paramName.loginId, loginId);
|
||||
map.put(paramName.timestamp, timestamp);
|
||||
map.put(paramName.nonce, nonce);
|
||||
return SaManager.getSaSignTemplate().createSign(map, secretkey);
|
||||
}
|
||||
|
||||
/**
|
||||
* 构建URL:Server端 账号资料查询地址
|
||||
* @param loginId 账号id
|
||||
@@ -607,7 +566,7 @@ public class SaSsoTemplate {
|
||||
@Deprecated
|
||||
public String buildUserinfoUrl(Object loginId) {
|
||||
String userinfoUrl = SaSsoManager.getConfig().splicingUserinfoUrl();
|
||||
return addSignParams(userinfoUrl, loginId);
|
||||
return joinLoginIdAndSign(userinfoUrl, loginId);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -618,7 +577,7 @@ public class SaSsoTemplate {
|
||||
@Deprecated
|
||||
public Object getUserinfo(Object loginId) {
|
||||
String url = buildUserinfoUrl(loginId);
|
||||
return SaSsoManager.getConfig().getSendHttp().apply(url);
|
||||
return request(url);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
package cn.dev33.satoken.sso;
|
||||
|
||||
import cn.dev33.satoken.context.model.SaRequest;
|
||||
import cn.dev33.satoken.util.SaResult;
|
||||
|
||||
import java.util.Map;
|
||||
@@ -202,7 +201,7 @@ public class SaSsoUtil {
|
||||
}
|
||||
|
||||
|
||||
// ------------------- 请求相关 -------------------
|
||||
// ------------------- 发起请求 -------------------
|
||||
|
||||
/**
|
||||
* 发出请求,并返回 SaResult 结果
|
||||
@@ -219,8 +218,8 @@ public class SaSsoUtil {
|
||||
* @param paramMap 请求原始参数列表
|
||||
* @return 加工后的url
|
||||
*/
|
||||
public static String addSignParams(String url, Map<String, Object> paramMap) {
|
||||
return ssoTemplate.addSignParams(url, paramMap);
|
||||
public static String joinParamMapAndSign(String url, Map<String, Object> paramMap) {
|
||||
return ssoTemplate.joinLoginIdAndSign(url, paramMap);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -229,32 +228,21 @@ public class SaSsoUtil {
|
||||
* @param loginId 账号id
|
||||
* @return 加工后的url
|
||||
*/
|
||||
public static String addSignParams(String url, Object loginId) {
|
||||
return ssoTemplate.addSignParams(url, loginId);
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验签名
|
||||
* @param req request
|
||||
*/
|
||||
public static void checkSign(SaRequest req) {
|
||||
ssoTemplate.checkSign(req);
|
||||
public static String joinLoginIdAndSign(String url, Object loginId) {
|
||||
return ssoTemplate.joinLoginIdAndSign(url, loginId);
|
||||
}
|
||||
|
||||
|
||||
// -------- 以下方法已废弃,仅为兼容旧版本而保留 --------
|
||||
|
||||
/**
|
||||
* 根据参数计算签名
|
||||
* 构建URL:Server端 账号资料查询地址
|
||||
* @param loginId 账号id
|
||||
* @param timestamp 当前时间戳,13位
|
||||
* @param nonce 随机字符串
|
||||
* @param secretkey 账号id
|
||||
* @return 签名
|
||||
* @return Server端 账号资料查询地址
|
||||
*/
|
||||
@Deprecated
|
||||
public static String getSign(Object loginId, String timestamp, String nonce, String secretkey) {
|
||||
return ssoTemplate.getSign(loginId, timestamp, nonce, secretkey);
|
||||
public static String buildUserinfoUrl(Object loginId) {
|
||||
return ssoTemplate.buildUserinfoUrl(loginId);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -267,14 +255,4 @@ public class SaSsoUtil {
|
||||
return ssoTemplate.getUserinfo(loginId);
|
||||
}
|
||||
|
||||
/**
|
||||
* 构建URL:Server端 账号资料查询地址
|
||||
* @param loginId 账号id
|
||||
* @return Server端 账号资料查询地址
|
||||
*/
|
||||
@Deprecated
|
||||
public static String buildUserinfoUrl(Object loginId) {
|
||||
return ssoTemplate.buildUserinfoUrl(loginId);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user