floraachy/sa-token
1
0
Fork 0
mirror of https://gitee.com/dromara/sa-token.git synced 2024-12-02 11:57:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

ticket与client锁定.

Browse Source
This commit is contained in:
click33 2022-12-27 12:31:37 +08:00
parent 90d14ef23b
commit 28b3c0567a
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/SaSsoTemplate.java
View File

@ -203,16 +203,19 @@ public class SaSsoTemplate {
String loginId = SaManager.getSaTokenDao().get(splicingTicketSaveKey(ticket));
if(loginId != null) {
// 如果是 "a,b" 的格式则只取最前面的一项
// 如果是 "a,b" 的格式则解析出对应的 Client
String ticketClient = null;
if(loginId.indexOf(",") > -1) {
String[] arr = loginId.split(",");
loginId = arr[0];
ticketClient = arr[1];
}
// 如果指定了 client 标识则校验一下 client 标识是否一致
if(SaFoxUtil.isNotEmpty(client) && SaFoxUtil.notEquals(client, arr[1])) {
throw new SaSsoException("该 ticket 不属于 client=" + client + ", ticket 值: " + ticket)
.setCode(SaSsoErrorCode.CODE_30011);
}
// 如果指定了 client 标识则校验一下 client 标识是否一致
if(SaFoxUtil.isNotEmpty(client) && SaFoxUtil.notEquals(client, ticketClient)) {
throw new SaSsoException("该 ticket 不属于 client=" + client + ", ticket 值: " + ticket)
.setCode(SaSsoErrorCode.CODE_30011);
}
// 删除 ticket 信息使其只有一次性有效