diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java index 3eadd4cb..0baac953 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java @@ -46,9 +46,9 @@ public class SaOAuth2DataConverterDefaultImpl implements SaOAuth2DataConverter { return new ArrayList<>(); } // 兼容以下三种分隔符:空格、逗号、%20、加号 - scopeString = scopeString.replaceAll(" ", ","); - scopeString = scopeString.replaceAll("%20", ","); - scopeString = scopeString.replaceAll("+", ","); + scopeString = scopeString.replace(" ", ","); + scopeString = scopeString.replace("%20", ","); + scopeString = scopeString.replace("+", ","); return SaFoxUtil.convertStringToList(scopeString); } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java index f81d7e38..31778c59 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java @@ -78,6 +78,9 @@ public class SaClientModel implements Serializable { /** 单独配置此Client:Lower-Client-Token 保存的时间(单位:秒) [默认取全局配置] */ public long lowerClientTokenTimeout; + /** 是否允许此应用自动确认授权(高危配置,禁止向不被信任的第三方开启此选项) */ + public Boolean isAutoConfirm = false; + public SaClientModel() { SaOAuth2ServerConfig config = SaOAuth2Manager.getServerConfig(); @@ -88,7 +91,7 @@ public class SaClientModel implements Serializable { this.lowerClientTokenTimeout = config.getLowerClientTokenTimeout(); } public SaClientModel(String clientId, String clientSecret, List contractScopes, List allowRedirectUris) { - super(); + this(); this.clientId = clientId; this.clientSecret = clientSecret; this.contractScopes = contractScopes; @@ -274,7 +277,26 @@ public class SaClientModel implements Serializable { this.lowerClientTokenTimeout = lowerClientTokenTimeout; return this; } - + + /** + * 获取 是否允许此应用自动确认授权(高危配置,禁止向不被信任的第三方开启此选项) + * + * @return / + */ + public Boolean getIsAutoConfirm() { + return this.isAutoConfirm; + } + + /** + * 设置 是否允许此应用自动确认授权(高危配置,禁止向不被信任的第三方开启此选项) + * + * @param isAutoConfirm / + * @return 对象自身 + */ + public SaClientModel setIsAutoConfirm(Boolean isAutoConfirm) { + this.isAutoConfirm = isAutoConfirm; + return this; + } // @Override @@ -291,6 +313,7 @@ public class SaClientModel implements Serializable { ", refreshTokenTimeout=" + refreshTokenTimeout + ", clientTokenTimeout=" + clientTokenTimeout + ", lowerClientTokenTimeout=" + lowerClientTokenTimeout + + ", isAutoConfirm=" + isAutoConfirm + '}'; } diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java index edef23d5..b48e00a0 100644 --- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java +++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java @@ -138,7 +138,10 @@ public class SaOAuth2ServerProcessor { // 6、判断:如果此次申请的Scope,该用户尚未授权,则转到授权页面 boolean isNeedCarefulConfirm = oauth2Template.isNeedCarefulConfirm(ra.loginId, ra.clientId, ra.scopes); if(isNeedCarefulConfirm) { - return cfg.confirmView.apply(ra.clientId, ra.scopes); + SaClientModel cm = oauth2Template.checkClientModel(ra.clientId); + if( ! cm.getIsAutoConfirm()) { + return cfg.confirmView.apply(ra.clientId, ra.scopes); + } } // 7、判断授权类型,重定向到不同地址