|
|
|
@ -19,7 +19,6 @@ import javax.annotation.Resource;
|
|
|
|
public class AppPermissionSupportImpl implements AppPermissionSupport {
|
|
|
|
public class AppPermissionSupportImpl implements AppPermissionSupport {
|
|
|
|
@Resource
|
|
|
|
@Resource
|
|
|
|
private SysAppsMapper sysAppsMapper;
|
|
|
|
private SysAppsMapper sysAppsMapper;
|
|
|
|
private final String signTemplate = "%s&%s&%s&%s&%s";
|
|
|
|
|
|
|
|
private Logger logger = LoggerFactory.getLogger(getClass());
|
|
|
|
private Logger logger = LoggerFactory.getLogger(getClass());
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
@Override
|
|
|
|
@ -40,7 +39,7 @@ public class AppPermissionSupportImpl implements AppPermissionSupport {
|
|
|
|
throw new ForbiddenException("Timeout");
|
|
|
|
throw new ForbiddenException("Timeout");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
String auth = app.getString("auth_code");
|
|
|
|
String auth = app.getString("auth_code");
|
|
|
|
String str = String.format(signTemplate, appid, auth, timestamp, requestUri, ip);
|
|
|
|
String str = String.join("&", appid, auth, timestamp + "", requestUri);
|
|
|
|
logger.debug("sso-str before hash:{}", str);
|
|
|
|
logger.debug("sso-str before hash:{}", str);
|
|
|
|
String hash = DigestUtils.sha256Hex(str).toLowerCase();
|
|
|
|
String hash = DigestUtils.sha256Hex(str).toLowerCase();
|
|
|
|
if (!StringUtils.equals(hash, sign)) {
|
|
|
|
if (!StringUtils.equals(hash, sign)) {
|
|
|
|
|
yixian
5 years ago