From fa1b812a1e18b502ef40c10b14eeb281ac6c4a47 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Tue, 15 Aug 2023 15:06:26 +0800
Subject: [PATCH] =?UTF-8?q?#I7TA1R=20[BUG]Oauth2=E5=8D=8F=E8=AE=AE?=
 =?UTF-8?q?=E4=B8=ADtoken=E8=87=AA=E6=A3=80=E7=AB=AF=E7=82=B9=E7=9A=84?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/org/maxkey/util/RequestTokenUtils.java  | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/maxkey-common/src/main/java/org/maxkey/util/RequestTokenUtils.java b/maxkey-common/src/main/java/org/maxkey/util/RequestTokenUtils.java
index e17e92adc..fe7e6c128 100644
--- a/maxkey-common/src/main/java/org/maxkey/util/RequestTokenUtils.java
+++ b/maxkey-common/src/main/java/org/maxkey/util/RequestTokenUtils.java
@@ -25,8 +25,8 @@ public class RequestTokenUtils {
 	 * 从请求中获取token令牌信息,优先级顺序如下  
 	 * <p>
 	 *  1) 参数 access_token <br/>
-	 *  2) header 的Authorization或者authorization <br/>
-	 *  3) 参数 token <br/>
+	 *  2) 参数 token <br/>
+	 *  3) header 的Authorization或者authorization <br/>
 	 * </p>
 	 * 
 	 * @param request
@@ -35,14 +35,15 @@ public class RequestTokenUtils {
 	public static String resolveAccessToken(HttpServletRequest request) {
 		String access_token = request.getParameter(ACCESS_TOKEN);
 		
+		if(StringUtils.isBlank(access_token)) {
+			access_token = request.getParameter(TOKEN);
+		}
+		
 		if(StringUtils.isBlank(access_token)) {
 	    	//for header authorization bearer
 	    	access_token = AuthorizationHeaderUtils.resolveBearer(request);
 	    }
 		
-		if(StringUtils.isBlank(access_token)) {
-			access_token = request.getParameter(TOKEN);
-		}
 		return access_token;
 	}