优化代码及配置

Author: suninformation

pom.xml

@@ -155,7 +155,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -167,7 +167,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpmime</artifactId>
-            <version>4.5.12</version>
+            <version>4.5.13</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-codec</groupId>

src/main/java/net/ymate/module/sso/SingleSignOn.java

@@ -86,7 +86,7 @@ public String getName() {
     public void initialize(IApplication owner) throws Exception {
         if (!initialized) {
             //
-            YMP.showVersion("Initializing ymate-module-sso-${version}", new Version(2, 0, 0, SingleSignOn.class, Version.VersionType.Alpha));
+            YMP.showVersion("Initializing ymate-module-sso-${version}", new Version(2, 0, 0, SingleSignOn.class, Version.VersionType.Release));
             //
             this.owner = owner;
             if (config == null) {

src/main/java/net/ymate/module/sso/controller/GeneralAuthController.java

@@ -26,6 +26,7 @@
 import net.ymate.platform.webmvc.annotation.RequestParam;
 import net.ymate.platform.webmvc.base.Type;
 import net.ymate.platform.webmvc.context.WebContext;
+import net.ymate.platform.webmvc.util.WebErrorCode;
 import net.ymate.platform.webmvc.util.WebUtils;
 import net.ymate.platform.webmvc.view.IView;
 import net.ymate.platform.webmvc.view.View;
@@ -44,7 +45,7 @@ public class GeneralAuthController {
     private SingleSignOn owner;
 
     /**
-     * 当存在跨域获取SSO令牌的情况时，需要调整SSO客户端的参数配置：webmvc.redirect_login_url=authorize?redirect_url=${redirect_url}，服务端则仍保持原参数配置不变即可。
+     * 当存在跨域获取SSO令牌的情况时，需要调整SSO客户端的参数配置：module.sso.token_invalid_redirect_url=authorize?redirect_url=${redirect_url}，服务端则仍保持原参数配置不变即可。
      * <p>
      * 注意: 需要保证Cookie作用域名包含子域
      *
@@ -68,8 +69,12 @@ public IView authorize(@RequestParam(Type.Const.REDIRECT_URL) String redirectUrl
             // 当前服务端用户已登录，则重定向至redirectUrl地址
             return View.redirectView(redirectUrl);
         }
-        // 当前服务端用户尚未登录，则重定向登录视图
-        return View.redirectView(ExpressionUtils.bind(WebUtils.buildRedirectUrl(null, WebContext.getRequest(), redirectUrl, true))
-                .set(Type.Const.REDIRECT_URL, WebUtils.encodeUrl(redirectUrl)).getResult());
+        // 当前服务端用户尚未登录，则重定向登录视图，若未设置令牌无效重定向URL地址则直接显示错误提示视图
+        String tokenInvalidRedirectUrl = owner.getConfig().getTokenInvalidRedirectUrl();
+        if (StringUtils.isBlank(tokenInvalidRedirectUrl)) {
+            return View.redirectView(ExpressionUtils.bind(WebUtils.buildRedirectUrl(null, WebContext.getRequest(), tokenInvalidRedirectUrl, true))
+                    .set(Type.Const.REDIRECT_URL, WebUtils.encodeUrl(redirectUrl)).getResult());
+        }
+        return WebUtils.buildErrorView(WebUtils.getOwner(), WebErrorCode.userSessionInvalidOrTimeout());
     }
 }

src/main/java/net/ymate/module/sso/impl/DefaultTokenAdapter.java

@@ -35,6 +35,7 @@
 import org.apache.commons.logging.LogFactory;
 
 import javax.crypto.BadPaddingException;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.HashMap;
 import java.util.Map;
@@ -142,17 +143,26 @@ public boolean validateToken(IToken token) throws Exception {
     public IToken getToken() {
         IToken token = null;
         try {
+            HttpServletRequest httpServletRequest = WebContext.getRequest();
             // 优先从请求参数中获取Token数据（一般用于API接口而非浏览器）
-            token = decryptToken(WebContext.getRequest().getParameter(owner.getConfig().getTokenParamName()));
+            token = decryptToken(httpServletRequest.getParameter(owner.getConfig().getTokenParamName()));
             if (token == null) {
                 // 尝试从请求头中获取Token数据
-                token = decryptToken(WebContext.getRequest().getHeader(owner.getConfig().getTokenHeaderName()));
+                token = decryptToken(httpServletRequest.getHeader(owner.getConfig().getTokenHeaderName()));
                 if (token == null) {
-                    // 尝试从Cookie中获取Token数据
-                    String tokenStr = CookieHelper.bind(WebContext.getContext().getOwner())
-                            .getCookie(owner.getConfig().getTokenCookieName())
-                            .toStringValue();
+                    // 兼容请求头：Authorization: Bearer <token>
+                    String tokenStr = StringUtils.trimToNull(httpServletRequest.getHeader(Type.HttpHead.AUTHORIZATION));
+                    if (StringUtils.startsWithIgnoreCase(tokenStr, "Bearer")) {
+                        tokenStr = StringUtils.trimToNull(StringUtils.substring(tokenStr, "Bearer".length()));
+                    }
                     token = decryptToken(tokenStr);
+                    if (token == null) {
+                        // 尝试从Cookie中获取Token数据
+                        tokenStr = CookieHelper.bind(WebContext.getContext().getOwner())
+                                .getCookie(owner.getConfig().getTokenCookieName())
+                                .toStringValue();
+                        token = decryptToken(tokenStr);
+                    }
                 }
             }
         } catch (Exception e) {