il y a 1 an · 58f43a5889
--- a/framework-oauth/src/main/java/com/chelvc/framework/oauth/token/RedisTokenStore.java
+++ b/framework-oauth/src/main/java/com/chelvc/framework/oauth/token/RedisTokenStore.java
@@ -4,6 +4,8 @@ import java.time.Duration;
 
				 import java.util.Map;
			
 
				 
			
 
				 import com.chelvc.framework.base.context.SessionContextHolder;
			
 
				+import com.chelvc.framework.common.util.ObjectUtils;
			
 
				+import com.chelvc.framework.common.util.StringUtils;
			
 
				 import com.chelvc.framework.oauth.context.OAuthContextHolder;
			
 
				 import com.chelvc.framework.redis.context.RedisContextHolder;
			
 
				 import com.google.common.collect.ImmutableMap;
			
@@ -34,8 +36,9 @@ public class RedisTokenStore extends JwtTokenStore {
 
				             principal = ((UserDetails) principal).getUsername();
			
 
				         }
			
 
				         String key = OAuthContextHolder.key(principal);
			
 
				+        String scope = ObjectUtils.ifNull(OAuthContextHolder.getScope(token), StringUtils.EMPTY);
			
 
				         Map<String, ?> values = ImmutableMap.of(
			
 
				-                SessionContextHolder.HEADER_SCOPE, String.valueOf(OAuthContextHolder.getScope(token)),
			
 
				+                SessionContextHolder.HEADER_SCOPE, scope,
			
 
				                 String.valueOf(SessionContextHolder.getTerminal()), token.getValue()
			
 
				         );
			
 
				         Duration duration = RedisContextHolder.duration(token.getExpiration());
			
--- a/framework-oauth/src/main/java/com/chelvc/framework/oauth/token/RedisTokenValidator.java
+++ b/framework-oauth/src/main/java/com/chelvc/framework/oauth/token/RedisTokenValidator.java
@@ -58,7 +58,7 @@ public class RedisTokenValidator implements OAuth2TokenValidator<Jwt> {
 
				             );
			
 
				             return OAuth2TokenValidatorResult.success();
			
 
				         }
			
 
				-        String scope = ObjectUtils.size(values) > 0 ? (String) values.get(0) : null;
			
 
				+        String scope = ObjectUtils.size(values) > 0 ? (String) StringUtils.ifEmpty(values.get(0), (String) null) : null;
			
 
				         String token = ObjectUtils.size(values) > 1 ? (String) values.get(1) : null;
			
 
				         if (StringUtils.isEmpty(token)) {
			
 
				             throw new OAuth2AuthenticationException(new OAuth2Error(
			
@@ -69,11 +69,11 @@ public class RedisTokenValidator implements OAuth2TokenValidator<Jwt> {
 
				             throw new OAuth2AuthenticationException(new OAuth2Error(
			
 
				                     "TOKEN_CHANGED", ApplicationContextHolder.getMessage("Token.Changed"), null
			
 
				             ));
			
 
				-        } else if (!Objects.equals(scope, String.valueOf(OAuthContextHolder.getScope(jwt)))) {
			
 
				+        } else if (!Objects.equals(scope, OAuthContextHolder.getScope(jwt))) {
			
 
				             // 判断应用范围是否相同，如果不同则表示应用范围已被重置，需要刷新令牌
			
 
				-            String message = ApplicationContextHolder.getMessage(
			
 
				-                    "Scope.Changed", new Object[]{ApplicationContextHolder.getMessage(String.valueOf(scope))}
			
 
				-            );
			
 
				+            String arg = StringUtils.isEmpty(scope) ? StringUtils.EMPTY :
			
 
				+                    ApplicationContextHolder.getMessage(scope);
			
 
				+            String message = ApplicationContextHolder.getMessage("Scope.Changed", new Object[]{arg});
			
 
				             throw new OAuth2AuthenticationException(new OAuth2Error("SCOPE_CHANGED", message, null));
			
 
				         }