diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java index 06ecd72a..15017790 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/config/SaOAuth2Config.java @@ -1,11 +1,11 @@ package cn.dev33.satoken.oauth2.config; +import cn.dev33.satoken.util.SaResult; + import java.io.Serializable; import java.util.function.BiFunction; import java.util.function.Supplier; -import cn.dev33.satoken.util.SaResult; - /** * Sa-Token-OAuth2 配置类 Model * @author kong @@ -16,15 +16,19 @@ public class SaOAuth2Config implements Serializable { private static final long serialVersionUID = -6541180061782004705L; /** 是否打开模式:授权码(Authorization Code) */ + @Deprecated public Boolean isCode = true; /** 是否打开模式:隐藏式(Implicit) */ + @Deprecated public Boolean isImplicit = false; /** 是否打开模式:密码式(Password) */ + @Deprecated public Boolean isPassword = false; /** 是否打开模式:凭证式(Client Credentials) */ + @Deprecated public Boolean isClient = false; /** 是否在每次 Refresh-Token 刷新 Access-Token 时,产生一个新的 Refresh-Token */ diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Consts.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Consts.java index afd8108e..a538be55 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Consts.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Consts.java @@ -59,6 +59,7 @@ public class SaOAuth2Consts { public static String refresh_token = "refresh_token"; public static String password = "password"; public static String client_credentials = "client_credentials"; + public static String implicit = "implicit"; } /** 表示OK的返回结果 */ diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java index d7c5332f..0956bae4 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.java @@ -35,10 +35,13 @@ public class SaOAuth2Handle { SaResponse res = SaHolder.getResponse(); SaOAuth2Config cfg = SaOAuth2Manager.getConfig(); + //读取client_id,此参数在所有模式中必填 + String clientId = req.getParamNotNull(Param.client_id); + // ------------------ 路由分发 ------------------ // 模式一:Code授权码 - if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.code) && cfg.isCode) { + if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.code) && (SaOAuth2Util.supportType(clientId,GrantType.authorization_code) || cfg.isCode)) { return authorize(req, res, cfg); } @@ -68,17 +71,17 @@ public class SaOAuth2Handle { } // 模式二:隐藏式 - if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.token) && cfg.isImplicit) { + if(req.isPath(Api.authorize) && req.isParam(Param.response_type, ResponseType.token) && (SaOAuth2Util.supportType(clientId,GrantType.implicit) || cfg.isImplicit)) { return authorize(req, res, cfg); } // 模式三:密码式 - if(req.isPath(Api.token) && req.isParam(Param.grant_type, GrantType.password) && cfg.isPassword) { + if(req.isPath(Api.token) && req.isParam(Param.grant_type, GrantType.password) && (SaOAuth2Util.supportType(clientId,GrantType.password) || cfg.isPassword)) { return password(req, res, cfg); } // 模式四:凭证式 - if(req.isPath(Api.client_token) && req.isParam(Param.grant_type, GrantType.client_credentials) && cfg.isClient) { + if(req.isPath(Api.client_token) && req.isParam(Param.grant_type, GrantType.client_credentials) && (SaOAuth2Util.supportType(clientId,GrantType.client_credentials) || cfg.isClient)) { return clientToken(req, res, cfg); } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java index ddeedc44..32736cd7 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Template.java @@ -1,21 +1,17 @@ package cn.dev33.satoken.oauth2.logic; -import java.util.List; - import cn.dev33.satoken.SaManager; import cn.dev33.satoken.context.model.SaRequest; import cn.dev33.satoken.oauth2.SaOAuth2Manager; import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception; import cn.dev33.satoken.oauth2.logic.SaOAuth2Consts.Param; -import cn.dev33.satoken.oauth2.model.AccessTokenModel; -import cn.dev33.satoken.oauth2.model.ClientTokenModel; -import cn.dev33.satoken.oauth2.model.CodeModel; -import cn.dev33.satoken.oauth2.model.RefreshTokenModel; -import cn.dev33.satoken.oauth2.model.RequestAuthModel; -import cn.dev33.satoken.oauth2.model.SaClientModel; +import cn.dev33.satoken.oauth2.model.*; import cn.dev33.satoken.strategy.SaStrategy; import cn.dev33.satoken.util.SaFoxUtil; +import java.util.Arrays; +import java.util.List; + /** * Sa-Token-OAuth2 模块 代码实现 * @author kong @@ -922,4 +918,12 @@ public class SaOAuth2Template { return SaManager.getConfig().getTokenName() + ":oauth2:grant-scope:" + clientId + ":" + loginId; } + /** + * 检查是否支持的type类型 + */ + public Boolean supportType(String clientId,String type){ + SaClientModel saClientModel = checkClientModel(clientId); + return Arrays.asList(saClientModel.getAllowType().split(",")).contains(type); + } + } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Util.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Util.java index 068f9001..3e5a747f 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Util.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/logic/SaOAuth2Util.java @@ -292,6 +292,16 @@ public class SaOAuth2Util { public static String getGrantScope(String clientId, Object loginId) { return saOAuth2Template.getGrantScope(clientId, loginId); } + + /** + * 获取:检查是否支持的授权类型 + * @param clientId 应用id + * @param type 授权类型 + * @return 是否 + */ + public static Boolean supportType(String clientId, String type) { + return saOAuth2Template.supportType(clientId, type); + } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/SaClientModel.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/SaClientModel.java index 952f696c..c2672618 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/SaClientModel.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/model/SaClientModel.java @@ -31,15 +31,21 @@ public class SaClientModel implements Serializable { */ public String allowUrl; + /** + * 应用允许授权的所有URL, 多个用逗号隔开 + */ + public String allowType; + public SaClientModel() { } - public SaClientModel(String clientId, String clientSecret, String contractScope, String allowUrl) { + public SaClientModel(String clientId, String clientSecret, String contractScope, String allowUrl,String allowType) { super(); this.clientId = clientId; this.clientSecret = clientSecret; this.contractScope = contractScope; this.allowUrl = allowUrl; + this.allowType = allowType; } /** @@ -105,6 +111,22 @@ public class SaClientModel implements Serializable { this.allowUrl = allowUrl; return this; } + + /** + * @return 应用允许的授权模式, 多个用逗号隔开 + */ + public String getAllowType() { + return allowType; + } + + /** + * @param allowType 应用允许的授权模式, 多个用逗号隔开 + * @return 对象自身 + */ + public SaClientModel setAllowType(String allowType) { + this.allowType = allowType; + return this; + } @Override public String toString() {