iSharkFly-Open/Sa-Token
1
0
Fork 0
mirror of synced 2026-05-22 14:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: 优化 OAuth2 模块在请求中读取 Client 信息算法

Browse Source
This commit is contained in:
click33
2026-03-01 12:08:46 +08:00
parent 750c346353
commit 4b176d49d5
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/resolver/SaOAuth2DataResolverDefaultImpl.java
+10 -10
View File
@@ -18,6 +18,7 @@ package cn.dev33.satoken.oauth2.data.resolver;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
import cn.dev33.satoken.oauth2.SaOAuth2Manager;
import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts;
import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts.Param;
import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts.TokenType;
import cn.dev33.satoken.oauth2.data.model.AccessTokenModel;
@@ -53,20 +54,14 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver {
// 优先从请求参数中获取
String clientId = request.getParam(SaOAuth2Consts.Param.client_id);
String clientSecret = request.getParam(SaOAuth2Consts.Param.client_secret);
String authorizationValue = SaHttpBasicUtil.getAuthorizationValue();
if(SaFoxUtil.isNotEmpty(clientId)) {
// 如果请求参数中没有提供 client_secret 参数,则尝试从 Authorization 中获取
// 防止请求参数只存在client_id,而client_secret只存在Authorization中的场景导致的获取client_secret失败
if (SaFoxUtil.isEmpty(clientSecret) && SaFoxUtil.isNotEmpty(authorizationValue)) {
int index = authorizationValue.indexOf(StrUtil.COLON);
if (index >= 0) {
clientSecret = authorizationValue.substring(index + 1);
}
}
// 此处必须 clientId 和 clientSecret 都有值才可以采用,fix pr: https://gitee.com/dromara/sa-token/pulls/346
if(SaFoxUtil.isNotEmpty(clientId) && SaFoxUtil.isNotEmpty(clientSecret)) {
return new ClientIdAndSecretModel(clientId, clientSecret);
}
// 如果请求参数中没有提供 client_id 参数,则尝试从 Authorization 中获取
String authorizationValue = SaHttpBasicUtil.getAuthorizationValue();
if(SaFoxUtil.isNotEmpty(authorizationValue)) {
String[] arr = authorizationValue.split(":");
clientId = arr[0];
@@ -76,6 +71,11 @@ public class SaOAuth2DataResolverDefaultImpl implements SaOAuth2DataResolver {
return new ClientIdAndSecretModel(clientId, clientSecret);
}
// 如果只提供了 clientId 参数,也为其构建一个 ClientIdAndSecretModel 对象,clientSecret 置空
if(SaFoxUtil.isNotEmpty(clientId)) {
return new ClientIdAndSecretModel(clientId, null);
}
// 如果都没有提供,则抛出异常
throw new SaOAuth2Exception("请提供 client 信息").setCode(SaOAuth2ErrorCode.CODE_30191);
}