提交 f44ceeee 编写于 作者: 智布道's avatar 智布道 👁

增加忽略校验 redirectUri 的配置

上级 ec4c009e
......@@ -155,6 +155,13 @@ public class AuthConfig {
* @since 1.16.0
*/
private String authServerId;
/**
* 忽略校验 {@code redirectUri} 参数,默认不开启。当 {@code ignoreCheckRedirectUri} 为 {@code true} 时,
* {@link me.zhyd.oauth.utils.AuthChecker#checkConfig(AuthConfig, AuthSource)} 将不会校验 {@code redirectUri} 的合法性。
*
* @since 1.16.1
*/
private boolean ignoreCheckRedirectUri;
/**
* 适配 builder 模式 set 值的情况
......
......@@ -25,7 +25,8 @@ public class AuthChecker {
* @since 1.6.1-beta
*/
public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
boolean isSupported = StringUtils.isNotEmpty(config.getClientId())
&& StringUtils.isNotEmpty(config.getClientSecret());
if (isSupported && AuthDefaultSource.ALIPAY == source) {
isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
}
......@@ -56,6 +57,12 @@ public class AuthChecker {
*/
public static void checkConfig(AuthConfig config, AuthSource source) {
String redirectUri = config.getRedirectUri();
if (config.isIgnoreCheckRedirectUri()) {
return;
}
if (StringUtils.isEmpty(redirectUri)) {
throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
}
if (!GlobalAuthUtils.isHttpProtocol(redirectUri) && !GlobalAuthUtils.isHttpsProtocol(redirectUri)) {
throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册