Merge branch 'dev' of github.com:dromara/sa-token into dev

2024-11-30 02:48:10 +08:00 · 2021-09-27 01:35:47 +08:00 · 2021-09-27 01:35:47 +08:00 · 3e09e68b6e
commit 3e09e68b6e
parent 9aa6e5db42 022e286904
7 changed files with 72 additions and 25 deletions
--- a/sa-token-core/src/main/java/cn/dev33/satoken/config/SaTokenConfig.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/config/SaTokenConfig.java
@ -41,6 +41,12 @@ public class SaTokenConfig implements Serializable {
 	/** 是否尝试从cookie里读取token */
 	private Boolean isReadCookie = true;

+	/** 使用Cookie时,是否为HttpOnly */
+	private Boolean isCookieHttpOnly = false;
+
+	/** 使用Cookie时,是否为Secure */
+	private Boolean isCookieSecure = false;
+
 	/** token风格(默认可取值：uuid、simple-uuid、random-32、random-64、random-128、tik) */
 	private String tokenStyle = "uuid";

@ -220,6 +226,38 @@ public class SaTokenConfig implements Serializable {
 		return this;
 	}

+	/**
+	 * @return 使用Cookie时,是否为HttpOnly
+	 */
+	public Boolean getIsCookieHttpOnly() {
+		return isCookieHttpOnly;
+	}
+
+	/**
+	 * @param isCookieHttpOnly 使用Cookie时,是否为HttpOnly
+	 * @return 对象自身
+	 */
+	public SaTokenConfig setIsCookieHttpOnly(Boolean isCookieHttpOnly) {
+		this.isCookieHttpOnly = isCookieHttpOnly;
+		return this;
+	}
+
+	/**
+	 * @return 使用Cookie时,是否为Secure
+	 */
+	public Boolean getIsCookieSecure() {
+		return isCookieSecure;
+	}
+
+	/**
+	 * @param isCookieSecure 使用Cookie时,是否为Secure
+	 * @return 对象自身
+	 */
+	public SaTokenConfig setIsCookieSecure(Boolean isCookieSecure) {
+		this.isCookieSecure = isCookieSecure;
+		return this;
+	}
+
 	/**
 	 * @return token风格(默认可取值：uuid、simple-uuid、random-32、random-64、random-128、tik)
 	 */
@ -433,7 +471,9 @@ public class SaTokenConfig implements Serializable {
 	public String toString() {
 		return "SaTokenConfig [tokenName=" + tokenName + ", timeout=" + timeout + ", activityTimeout=" + activityTimeout
 				+ ", isConcurrent=" + isConcurrent + ", isShare=" + isShare + ", isReadBody=" + isReadBody
-				+ ", isReadHead=" + isReadHead + ", isReadCookie=" + isReadCookie + ", tokenStyle=" + tokenStyle
+				+ ", isReadHead=" + isReadHead + ", isReadCookie=" + isReadCookie
+				+ ", isCookieHttpOnly=" + isCookieHttpOnly + ", isCookieSecure=" + isCookieSecure
+				+ ", tokenStyle=" + tokenStyle
 				+ ", dataRefreshPeriod=" + dataRefreshPeriod + ", tokenSessionCheckLogin=" + tokenSessionCheckLogin
 				+ ", autoRenew=" + autoRenew + ", cookieDomain=" + cookieDomain + ", tokenPrefix=" + tokenPrefix
 				+ ", isPrint=" + isPrint + ", isLog=" + isLog + ", jwtSecretKey=" + jwtSecretKey + ", idTokenTimeout="
--- a/sa-token-core/src/main/java/cn/dev33/satoken/context/model/SaResponse.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/context/model/SaResponse.java
@ -18,21 +18,23 @@ public interface SaResponse {
 	 * @param name Cookie名称
 	 */
 	public void deleteCookie(String name);
-	
+
 	/**
-	 * 写入指定Cookie 
+	 * 写入指定Cookie
 	 * @param name     Cookie名称
 	 * @param value    Cookie值
 	 * @param path     Cookie路径
 	 * @param domain   Cookie的作用域
 	 * @param timeout  过期时间 （秒）
+	 * @param isHttpOnly 是否为HttpOnly
+	 * @param isSecure 是否为Secure
 	 */
-	public void addCookie(String name, String value, String path, String domain, int timeout);
+	public void addCookie(String name, String value, String path, String domain, int timeout, boolean isHttpOnly, boolean isSecure);

 	/**
-	 * 设置响应状态码 
+	 * 设置响应状态码
 	 * @param sc 响应状态码
-	 * @return 对象自身 
+	 * @return 对象自身
 	 */
 	public SaResponse setStatus(int sc);
 	
--- a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
@ -109,9 +109,9 @@ public class StpLogic {
 		}
 		
 		// 注入Cookie 
-		if(config.getIsReadCookie()){
+		if (config.getIsReadCookie()) {
 			SaResponse response = SaHolder.getResponse();
-			response.addCookie(getTokenName(), tokenValue, "/", config.getCookieDomain(), cookieTimeout);
+			response.addCookie(getTokenName(), tokenValue, "/", config.getCookieDomain(), cookieTimeout, config.getIsCookieHttpOnly(), config.getIsCookieSecure());
 		}
 	}
 	
--- a/sa-token-doc/doc/README.md
+++ b/sa-token-doc/doc/README.md
@ -143,6 +143,8 @@ StpUtil.switchTo(10044);                  // 将当前会话身份临时切换

 - **[ easy-admin ]**：[一个基于SpringBoot2 + Sa-Token + Mybatis-Plus + Snakerflow + Layui 的后台管理系统，灵活多变可前后端分离，也可单体，内置代码生成器、权限管理、工作流引擎等](https://gitee.com/lakernote/easy-admin)

+- **[ RuoYi-Vue-Plus ]**：[基于RuoYi-Vue集成 SaToken+Lombok+Mybatis-Plus+Undertow+knife4j+Hutool+Feign 重写所有原生业务 定期与RuoYi-Vue同步](https://gitee.com/JavaLionLi/RuoYi-Vue-Plus/tree/satoken/)
+
 如果您的项目使用了Sa-Token，欢迎提交pr

 ## 友情链接
--- a/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/model/SaResponseForReactor.java
+++ b/sa-token-starter/sa-token-reactor-spring-boot-starter/src/main/java/cn/dev33/satoken/reactor/model/SaResponseForReactor.java
@ -43,34 +43,35 @@ public class SaResponseForReactor implements SaResponse {
 	 */
 	@Override
 	public void deleteCookie(String name) {
-		addCookie(name, null, null, null, 0);
+		addCookie(name, null, null, null, 0, false, false);
 	}

 	/**
-	 * 写入指定Cookie 
+	 * 写入指定Cookie
 	 */
 	@Override
-	public void addCookie(String name, String value, String path, String domain, int timeout) {
-		
+	public void addCookie(String name, String value, String path, String domain, int timeout, boolean isHttpOnly, boolean isSecure) {
 		// 构建CookieBuilder
 		ResponseCookieBuilder builder = ResponseCookie.from(name, value)
-				.domain(domain)
-				.path(path)
-				.maxAge(timeout)
+			    .domain(domain)
+			    .path(path)
+			    .maxAge(timeout)
+			    .httpOnly(isHttpOnly)
+			    .secure(isHttpOnly)
 				;
-		
-		// set path 
+
+		// set path
 		if(SaFoxUtil.isEmpty(path) == true) {
 			path = "/";
 		}
 		builder.path(path);
-		
-		// set domain 
+
+		// set domain
 		if(SaFoxUtil.isEmpty(domain) == false) {
 			builder.domain(domain);
 		}
-		
-		// 写入Cookie 
+
+		// 写入Cookie
 		response.addCookie(builder.build());
 	}

--- a/sa-token-starter/sa-token-servlet/src/main/java/cn/dev33/satoken/servlet/model/SaResponseForServlet.java
+++ b/sa-token-starter/sa-token-servlet/src/main/java/cn/dev33/satoken/servlet/model/SaResponseForServlet.java
@ -42,14 +42,14 @@ public class SaResponseForServlet implements SaResponse {
 	 */
 	@Override
 	public void deleteCookie(String name) {
-		addCookie(name, null, null, null, 0);
+		addCookie(name, null, null, null, 0, false, false);
 	}

 	/**
-	 * 写入指定Cookie 
+	 * 写入指定Cookie
 	 */
 	@Override
-	public void addCookie(String name, String value, String path, String domain, int timeout) {
+	public void addCookie(String name, String value, String path, String domain, int timeout, boolean isHttpOnly, boolean isSecure) {
 		Cookie cookie = new Cookie(name, value);
 		if(SaFoxUtil.isEmpty(path) == true) {
 			path = "/";
@ -59,6 +59,8 @@ public class SaResponseForServlet implements SaResponse {
 		}
 		cookie.setPath(path);
 		cookie.setMaxAge(timeout);
+		cookie.setHttpOnly(isHttpOnly);
+		cookie.setSecure(isSecure);
 		response.addCookie(cookie);
 	}

--- a/sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/model/SaResponseForSolon.java
+++ b/sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/model/SaResponseForSolon.java
@ -28,7 +28,7 @@ public class SaResponseForSolon implements SaResponse {
    }

    @Override
-    public void addCookie(String name, String value, String path, String domain, int timeout) {
+    public void addCookie(String name, String value, String path, String domain, int timeout, boolean isHttpOnly, boolean isSecure) {
        if (Utils.isNotEmpty(path)) {
            path = "/";
        }