diff --git a/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/java/com/pj/h5/H5Controller.java b/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/java/com/pj/h5/H5Controller.java index dfc9a68b..944b20ca 100644 --- a/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/java/com/pj/h5/H5Controller.java +++ b/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/java/com/pj/h5/H5Controller.java @@ -21,7 +21,7 @@ public class H5Controller { * 获取 redirectUrl */ @RequestMapping("/sso/getRedirectUrl") - public SaResult getRedirectUrl(String redirect, String mode, String client) { + public SaResult getRedirectUrl(String client, String redirect, String mode) { // 未登录情况下,返回 code=401 if(StpUtil.isLogin() == false) { return SaResult.code(401); @@ -30,7 +30,7 @@ public class H5Controller { redirect = SaFoxUtil.decoderUrl(redirect); if(SaSsoConsts.MODE_SIMPLE.equals(mode)) { // 模式一 - SaSsoUtil.checkRedirectUrl(redirect); + SaSsoUtil.checkRedirectUrl(client, redirect); return SaResult.data(redirect); } else { // 模式二或模式三 diff --git a/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/resources/application.yml b/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/resources/application.yml index 901f2838..08f103e2 100644 --- a/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/resources/application.yml +++ b/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso-server/src/main/resources/application.yml @@ -19,6 +19,14 @@ sa-token: # ------- SSO-模式三相关配置 (下面的配置在使用SSO模式三时打开) # 是否打开模式三 is-http: true + + allow-anon-client: false + clients: + sso-client2: + client: sso-client2 + allow-url: http://sa-sso-client1.com:9002/sso/login + + sign: # API 接口调用秘钥 secret-key: kQwIOrYvnXmSDkwEiFngrKidMcdrgKor diff --git a/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso2-client/src/main/resources/application.yml b/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso2-client/src/main/resources/application.yml index 70ed2d43..716c130c 100644 --- a/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso2-client/src/main/resources/application.yml +++ b/sa-token-demo/sa-token-demo-sso/sa-token-demo-sso2-client/src/main/resources/application.yml @@ -10,6 +10,9 @@ sa-token: server-url: http://sa-sso-server.com:9000 # 在 sso-server 端前后端分离时打开这个(上面的不要注释,auth-url 配置项和 server-url 要同时存在) # auth-url: http://127.0.0.1:8848/sa-token-demo-sso-server-h5/sso-auth.html + + client: sso-client2 + sign: # API 接口调用秘钥 secret-key: kQwIOrYvnXmSDkwEiFngrKidMcdrgKor diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoClientModel.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoClientModel.java new file mode 100644 index 00000000..ca4ad286 --- /dev/null +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoClientModel.java @@ -0,0 +1,128 @@ +/* + * Copyright 2020-2099 sa-token.cc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package cn.dev33.satoken.sso.config; + + +import cn.dev33.satoken.sso.template.SaSsoServerTemplate; +import cn.dev33.satoken.util.SaFoxUtil; + +import java.io.Serializable; +import java.util.List; + +/** + * Sa-Token SSO 客户端信息配置 + * + * @author click33 + * @since 1.42.0 + */ +public class SaSsoClientModel implements Serializable { + + private static final long serialVersionUID = -6541180061782004705L; + + /** + * 当前 Client 名称标识,用于和 ticket 码的互相锁定 + */ + public String client; + + /** + * 所有允许的授权回调地址,多个用逗号隔开 (不在此列表中的URL将禁止下放ticket) + */ + public String allowUrl = "*"; + + /** + * 是否打开单点注销功能 + */ + public Boolean isSlo = true; + + + + // 额外方法 + + /** + * 以数组形式写入允许的授权回调地址 + * @param url 所有集合 + * @return 对象自身 + */ + public SaSsoClientModel setAllow(String ...url) { + this.setAllowUrl(SaFoxUtil.arrayJoin(url)); + return this; + } + + + // get set + + /** + * @return 当前 Client 名称标识 + */ + public String getClient() { + return client; + } + + /** + * @param client 当前 Client 名称标识 + */ + public SaSsoClientModel setClient(String client) { + this.client = client; + return this; + } + + /** + * @return 所有允许的授权回调地址,多个用逗号隔开 (不在此列表中的URL将禁止下放ticket) + */ + public String getAllowUrl() { + return allowUrl; + } + + /** + * @param allowUrl 所有允许的授权回调地址,多个用逗号隔开 (不在此列表中的URL将禁止下放ticket) + * @return 对象自身 + */ + public SaSsoClientModel setAllowUrl(String allowUrl) { + // 提前校验一下配置的 allowUrl 是否合法,让开发者尽早发现错误 + if(SaFoxUtil.isNotEmpty(allowUrl)) { + List allowUrlList = SaFoxUtil.convertStringToList(allowUrl); + SaSsoServerTemplate.checkAllowUrlListStaticMethod(allowUrlList); + } + this.allowUrl = allowUrl; + return this; + } + + /** + * @return 是否打开单点注销功能 + */ + public Boolean getIsSlo() { + return isSlo; + } + + /** + * @param isSlo 是否打开单点注销功能 + * @return 对象自身 + */ + public SaSsoClientModel setIsSlo(Boolean isSlo) { + this.isSlo = isSlo; + return this; + } + + @Override + public String toString() { + return "SaSsoClientModel [" + + "client=" + client + + ", allowUrl=" + allowUrl + + ", isSlo=" + isSlo + + "]"; + } + +} diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoServerConfig.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoServerConfig.java index 4249fb6a..971ab578 100644 --- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoServerConfig.java +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/config/SaSsoServerConfig.java @@ -27,7 +27,9 @@ import cn.dev33.satoken.util.SaFoxUtil; import cn.dev33.satoken.util.SaResult; import java.io.Serializable; +import java.util.LinkedHashMap; import java.util.List; +import java.util.Map; /** * Sa-Token SSO 单点登录模块 配置类 (Server端) @@ -82,11 +84,44 @@ public class SaSsoServerConfig implements Serializable { */ public int maxRegClient = 32; + /** + * 是否允许匿名 Client 接入 + */ + public Boolean allowAnonClient = true; + /** * 是否校验参数签名(方便本地调试用的一个配置项,生产环境请务必为true) */ public Boolean isCheckSign = true; + /** + * Client 信息配置列表 + */ + public Map clients = new LinkedHashMap<>(); + + + // 额外方法 + + /** + * 以数组形式写入允许的授权回调地址 + * @param url 所有集合 + * @return 对象自身 + */ + public SaSsoServerConfig setAllow(String ...url) { + this.setAllowUrl(SaFoxUtil.arrayJoin(url)); + return this; + } + + /** + * 添加一个应用 + * @param client / + * @return 对象自身 + */ + public SaSsoServerConfig addClient(SaSsoClientModel client) { + this.clients.put(client.getClient(), client); + return this; + } + // get set @@ -245,12 +280,41 @@ public class SaSsoServerConfig implements Serializable { } /** - * 以数组形式写入允许的授权回调地址 - * @param url 所有集合 + * 获取 是否允许匿名 Client 接入 + * + * @return / + */ + public Boolean getAllowAnonClient() { + return this.allowAnonClient; + } + + /** + * 设置 是否允许匿名 Client 接入 + * + * @param allowAnonClient / + */ + public SaSsoServerConfig setAllowAnonClient(Boolean allowAnonClient) { + this.allowAnonClient = allowAnonClient; + return this; + } + + /** + * 获取 Client 信息配置列表 + * + * @return clients Client 信息配置列表 + */ + public Map getClients() { + return this.clients; + } + + /** + * 设置 Client 信息配置列表 + * + * @param clients Client 信息配置列表 * @return 对象自身 */ - public SaSsoServerConfig setAllow(String ...url) { - this.setAllowUrl(SaFoxUtil.arrayJoin(url)); + public SaSsoServerConfig setClients(Map clients) { + this.clients = clients; return this; } @@ -266,6 +330,8 @@ public class SaSsoServerConfig implements Serializable { + ", autoRenewTimeout=" + autoRenewTimeout + ", maxRegClient=" + maxRegClient + ", isCheckSign=" + isCheckSign + + ", allowAnonClient=" + allowAnonClient + + ", clients=" + clients + "]"; } @@ -301,4 +367,76 @@ public class SaSsoServerConfig implements Serializable { throw new SaSsoException("请配置 Http 请求处理器").setCode(SaSsoErrorCode.CODE_30010); }; + /** + * 获取 SSO-Server端:未登录时返回的View + * + * @return notLoginView SSO-Server端:未登录时返回的View + */ + public NotLoginViewFunction getNotLoginView() { + return this.notLoginView; + } + + /** + * 设置 SSO-Server端:未登录时返回的View + * + * @param notLoginView SSO-Server端:未登录时返回的View + */ + public void setNotLoginView(NotLoginViewFunction notLoginView) { + this.notLoginView = notLoginView; + } + + /** + * 获取 SSO-Server端:登录函数 + * + * @return doLoginHandle SSO-Server端:登录函数 + */ + public DoLoginHandleFunction getDoLoginHandle() { + return this.doLoginHandle; + } + + /** + * 设置 SSO-Server端:登录函数 + * + * @param doLoginHandle SSO-Server端:登录函数 + */ + public void setDoLoginHandle(DoLoginHandleFunction doLoginHandle) { + this.doLoginHandle = doLoginHandle; + } + + /** + * 获取 SSO-Server端:在校验 ticket 后,给 sso-client 端追加返回信息的函数 + * + * @return checkTicketAppendData SSO-Server端:在校验 ticket 后,给 sso-client 端追加返回信息的函数 + */ + public CheckTicketAppendDataFunction getCheckTicketAppendData() { + return this.checkTicketAppendData; + } + + /** + * 设置 SSO-Server端:在校验 ticket 后,给 sso-client 端追加返回信息的函数 + * + * @param checkTicketAppendData SSO-Server端:在校验 ticket 后,给 sso-client 端追加返回信息的函数 + */ + public void setCheckTicketAppendData(CheckTicketAppendDataFunction checkTicketAppendData) { + this.checkTicketAppendData = checkTicketAppendData; + } + + /** + * 获取 SSO-Server端:发送Http请求的处理函数 + * + * @return sendHttp SSO-Server端:发送Http请求的处理函数 + */ + public SendHttpFunction getSendHttp() { + return this.sendHttp; + } + + /** + * 设置 SSO-Server端:发送Http请求的处理函数 + * + * @param sendHttp SSO-Server端:发送Http请求的处理函数 + */ + public void setSendHttp(SendHttpFunction sendHttp) { + this.sendHttp = sendHttp; + } + } diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientModel.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientInfo.java similarity index 91% rename from sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientModel.java rename to sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientInfo.java index f6616971..05748f29 100644 --- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientModel.java +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientInfo.java @@ -21,12 +21,12 @@ import cn.dev33.satoken.sso.util.SaSsoConsts; import java.io.Serializable; /** - * Sa-Token SSO Model + * Sa-Token SSO 应用信息 * * @author click33 * @since 1.38.0 */ -public class SaSsoClientModel implements Serializable { +public class SaSsoClientInfo implements Serializable { private static final long serialVersionUID = 1406115065849845073L; @@ -65,13 +65,13 @@ public class SaSsoClientModel implements Serializable { */ public int index; - public SaSsoClientModel() { + public SaSsoClientInfo() { } /** * 模式三构建 */ - public SaSsoClientModel(String client, String sloCallbackUrl, int index) { + public SaSsoClientInfo(String client, String sloCallbackUrl, int index) { this.mode = SaSsoConsts.SSO_MODE_3; this.client = client; this.sloCallbackUrl = sloCallbackUrl; @@ -95,7 +95,7 @@ public class SaSsoClientModel implements Serializable { * @param mode 此 client 登录模式(1=模式一,2=模式二,3=模式三) * @return / */ - public SaSsoClientModel setMode(int mode) { + public SaSsoClientInfo setMode(int mode) { this.mode = mode; return this; } @@ -115,7 +115,7 @@ public class SaSsoClientModel implements Serializable { * @param client 客户端标识 * @return / */ - public SaSsoClientModel setClient(String client) { + public SaSsoClientInfo setClient(String client) { this.client = client; return this; } @@ -155,7 +155,7 @@ public class SaSsoClientModel implements Serializable { * @param sloCallbackUrl 单点注销回调url * @return / */ - public SaSsoClientModel setSloCallbackUrl(String sloCallbackUrl) { + public SaSsoClientInfo setSloCallbackUrl(String sloCallbackUrl) { this.sloCallbackUrl = sloCallbackUrl; return this; } @@ -175,7 +175,7 @@ public class SaSsoClientModel implements Serializable { * @param regTime 此 client 注册信息的时间,13位时间戳 * @return / */ - public SaSsoClientModel setRegTime(long regTime) { + public SaSsoClientInfo setRegTime(long regTime) { this.regTime = regTime; return this; } @@ -195,7 +195,7 @@ public class SaSsoClientModel implements Serializable { * @param index 此账号有记录以来为第几次登录,默认从0开始递增 * @return / */ - public SaSsoClientModel setIndex(int index) { + public SaSsoClientInfo setIndex(int index) { this.index = index; return this; } diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientModel2.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientModel2.java new file mode 100644 index 00000000..1d45d12d --- /dev/null +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/model/SaSsoClientModel2.java @@ -0,0 +1,28 @@ +/* + * Copyright 2020-2099 sa-token.cc + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package cn.dev33.satoken.sso.model; + + +/** + * Sa-Token SSO Model + * + * @author click33 + * @since 1.38.0 + */ +@Deprecated +public class SaSsoClientModel extends SaSsoClientInfo { + +} \ No newline at end of file diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java index 359092a8..168cecc3 100644 --- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java @@ -105,8 +105,9 @@ public class SaSsoServerProcessor { return cfg.notLoginView.get(); } // ---- 情况2:在SSO认证中心已经登录,需要重定向回 Client 端,而这又分为两种方式: - String mode = req.getParam(paramName.mode, ""); + String mode = req.getParam(paramName.mode, SaSsoConsts.MODE_TICKET); String redirect = req.getParam(paramName.redirect); + String client = req.getParam(paramName.client); // 方式1:直接重定向回Client端 (mode=simple) if(mode.equals(SaSsoConsts.MODE_SIMPLE)) { @@ -118,16 +119,15 @@ public class SaSsoServerProcessor { } return res.redirect(cfg.getHomeRoute()); } - ssoServerTemplate.checkRedirectUrl(redirect); + ssoServerTemplate.checkRedirectUrl(client, redirect); return res.redirect(redirect); } else { - // 方式2:带着ticket参数重定向回Client端 (mode=ticket) + // 方式2:带着 ticket 参数重定向回Client端 (mode=ticket) // 校验提供的client是否为非法字符 - String client = req.getParam(paramName.client); - if(SaSsoConsts.CLIENT_WILDCARD.equals(client)) { - throw new SaSsoException("无效 client 标识:" + client).setCode(SaSsoErrorCode.CODE_30013); - } + // if(SaSsoConsts.CLIENT_WILDCARD.equals(client)) { + // throw new SaSsoException("无效 client 标识:" + client).setCode(SaSsoErrorCode.CODE_30013); + // } // 若 redirect 为空,则选择 homeRoute,若 homeRoute 也为空,则抛出异常 if(SaFoxUtil.isEmpty(redirect)) { diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java index 29101235..c872032f 100644 --- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoServerTemplate.java @@ -18,10 +18,11 @@ package cn.dev33.satoken.sso.template; import cn.dev33.satoken.SaManager; import cn.dev33.satoken.session.SaSession; import cn.dev33.satoken.sso.SaSsoManager; +import cn.dev33.satoken.sso.config.SaSsoClientModel; import cn.dev33.satoken.sso.config.SaSsoServerConfig; import cn.dev33.satoken.sso.error.SaSsoErrorCode; import cn.dev33.satoken.sso.exception.SaSsoException; -import cn.dev33.satoken.sso.model.SaSsoClientModel; +import cn.dev33.satoken.sso.model.SaSsoClientInfo; import cn.dev33.satoken.sso.util.SaSsoConsts; import cn.dev33.satoken.strategy.SaStrategy; import cn.dev33.satoken.util.SaFoxUtil; @@ -239,18 +240,61 @@ public class SaSsoServerTemplate extends SaSsoTemplate { /** * 获取:所有允许的授权回调地址,多个用逗号隔开 (不在此列表中的URL将禁止下放ticket) - * @return see note + * + * @param client / + * @return / */ - public String getAllowUrl() { - // 默认从配置文件中返回 - return getServerConfig().getAllowUrl(); +// public String getAllowUrl(String client) { +// if(SaFoxUtil.isEmpty(client)) { +// return getServerConfig().getAllowUrl(); +// } else { +// return getClientNotNull(client).getAllowUrl(); +// } +// } + + /** + * 获取应用信息,无效 client 则抛出异常 + * + * @param client / + * @return / + */ + public SaSsoClientModel getClientNotNull(String client) { + if(SaFoxUtil.isEmpty(client)) { + SaSsoServerConfig serverConfig = getServerConfig(); + if(serverConfig.getAllowAnonClient()) { + SaSsoClientModel scm = new SaSsoClientModel(); + scm.setAllowUrl(serverConfig.getAllowUrl()); + scm.setIsSlo(serverConfig.getIsSlo()); + return scm; + } else { + throw new SaSsoException("client 标识不可为空"); + } + } else { + SaSsoClientModel scm = getClient(client); + if(scm == null) { + throw new SaSsoException("未能获取应用信息,client=" + client).setCode(SaSsoErrorCode.CODE_30013); + } + return scm; + } + } + + /** + * 获取应用信息,无效 client 返回 null + * + * @param client / + * @return / + */ + public SaSsoClientModel getClient(String client) { + return getServerConfig().getClients().get(client); } /** * 校验重定向url合法性 + * + * @param client 应用标识 * @param url 下放ticket的url地址 */ - public void checkRedirectUrl(String url) { + public void checkRedirectUrl(String client, String url) { // 1、是否是一个有效的url if( ! SaFoxUtil.isUrl(url) ) { @@ -289,7 +333,8 @@ public class SaSsoServerTemplate extends SaSsoTemplate { } // 4、判断是否在 [ 允许的地址列表 ] 之中 - List allowUrlList = Arrays.asList(getAllowUrl().replaceAll(" ", "").split(",")); + String allowUrlString = getClientNotNull(client).getAllowUrl(); + List allowUrlList = Arrays.asList(allowUrlString.replaceAll(" ", "").split(",")); checkAllowUrlList(allowUrlList); if( ! SaStrategy.instance.hasElement.apply(allowUrlList, url) ) { throw new SaSsoException("非法redirect:" + url).setCode(SaSsoErrorCode.CODE_30002); @@ -356,7 +401,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate { } // step.1 遍历通知 Client 端注销会话 - List scmList = session.get(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, ArrayList::new); + List scmList = session.get(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, ArrayList::new); scmList.forEach(scm -> { notifyClientLogout(loginId, scm, false); }); @@ -370,7 +415,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate { * @param scmList / * @return / */ - public int calcNextIndex(List scmList) { + public int calcNextIndex(List scmList) { // 如果目前还没有任何登录记录,则直接返回0 if(scmList == null || scmList.isEmpty()) { return 0; @@ -403,10 +448,10 @@ public class SaSsoServerTemplate extends SaSsoTemplate { SaSession session = getStpLogic().getSessionByLoginId(loginId); // 取出原来的 - List scmList = session.get(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, ArrayList::new); + List scmList = session.get(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, ArrayList::new); // 将 新登录client 加入到集合中 - SaSsoClientModel scm = new SaSsoClientModel(client, sloCallbackUrl, calcNextIndex(scmList)); + SaSsoClientInfo scm = new SaSsoClientInfo(client, sloCallbackUrl, calcNextIndex(scmList)); scmList.add(scm); // 如果登录的client数量超过了限制,则从最早的一个登录开始清退 @@ -414,7 +459,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate { if(maxRegClient != -1) { for (;;) { if(scmList.size() > maxRegClient) { - SaSsoClientModel removeScm = scmList.remove(0); + SaSsoClientInfo removeScm = scmList.remove(0); notifyClientLogout(loginId, removeScm, true); } else { break; @@ -432,7 +477,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate { * @param scm 客户端信息对象 * @param autoLogout 是否为超过 maxRegClient 的自动注销 */ - public void notifyClientLogout(Object loginId, SaSsoClientModel scm, boolean autoLogout) { + public void notifyClientLogout(Object loginId, SaSsoClientInfo scm, boolean autoLogout) { // 如果给个null值,不进行任何操作 if(scm == null || scm.mode != SaSsoConsts.SSO_MODE_3) { @@ -471,7 +516,7 @@ public class SaSsoServerTemplate extends SaSsoTemplate { public String buildRedirectUrl(Object loginId, String client, String redirect) { // 校验 重定向地址 是否合法 - checkRedirectUrl(redirect); + checkRedirectUrl(client, redirect); // 删掉 旧Ticket deleteTicket(getTicketValue(loginId)); @@ -510,6 +555,13 @@ public class SaSsoServerTemplate extends SaSsoTemplate { } + // ---------------------- 重构 ---------------------- + + + + + + // ------------------- 返回相应key ------------------- /** diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoUtil.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoUtil.java index 5b63e8af..2ed7a8ad 100644 --- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoUtil.java +++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/template/SaSsoUtil.java @@ -95,20 +95,24 @@ public class SaSsoUtil { return SaSsoServerProcessor.instance.ssoServerTemplate.checkTicket(ticket, client); } - /** - * 获取:所有允许的授权回调地址,多个用逗号隔开 (不在此列表中的URL将禁止下放ticket) - * @return see note - */ - public static String getAllowUrl() { - return SaSsoServerProcessor.instance.ssoServerTemplate.getAllowUrl(); - } +// /** +// * 获取:所有允许的授权回调地址,多个用逗号隔开 (不在此列表中的URL将禁止下放ticket) +// * +// * @param client 应用标识 +// * @return / +// */ +// public static String getAllowUrl(String client) { +// return SaSsoServerProcessor.instance.ssoServerTemplate.getAllowUrl(client); +// } /** * 校验重定向url合法性 - * @param url 下放ticket的url地址 + * + * @param client 应用标识 + * @param url 下放ticket的url地址 */ - public static void checkRedirectUrl(String url) { - SaSsoServerProcessor.instance.ssoServerTemplate.checkRedirectUrl(url); + public static void checkRedirectUrl(String client, String url) { + SaSsoServerProcessor.instance.ssoServerTemplate.checkRedirectUrl(client, url); }