master
yixian 5 years ago
parent 6740488ef1
commit 60baa2682a

@ -19,7 +19,6 @@ import javax.annotation.Resource;
public class AppPermissionSupportImpl implements AppPermissionSupport { public class AppPermissionSupportImpl implements AppPermissionSupport {
@Resource @Resource
private SysAppsMapper sysAppsMapper; private SysAppsMapper sysAppsMapper;
private final String signTemplate = "%s&%s&%s&%s&%s";
private Logger logger = LoggerFactory.getLogger(getClass()); private Logger logger = LoggerFactory.getLogger(getClass());
@Override @Override
@ -40,7 +39,7 @@ public class AppPermissionSupportImpl implements AppPermissionSupport {
throw new ForbiddenException("Timeout"); throw new ForbiddenException("Timeout");
} }
String auth = app.getString("auth_code"); String auth = app.getString("auth_code");
String str = String.format(signTemplate, appid, auth, timestamp, requestUri, ip); String str = String.join("&", appid, auth, timestamp + "", requestUri);
logger.debug("sso-str before hash:{}", str); logger.debug("sso-str before hash:{}", str);
String hash = DigestUtils.sha256Hex(str).toLowerCase(); String hash = DigestUtils.sha256Hex(str).toLowerCase();
if (!StringUtils.equals(hash, sign)) { if (!StringUtils.equals(hash, sign)) {

Loading…
Cancel
Save