diff --git a/pig-auth/src/main/java/com/pig4cloud/pig/auth/endpoint/PigTokenEndpoint.java b/pig-auth/src/main/java/com/pig4cloud/pig/auth/endpoint/PigTokenEndpoint.java index ea2e4bb9..f1d8016e 100755 --- a/pig-auth/src/main/java/com/pig4cloud/pig/auth/endpoint/PigTokenEndpoint.java +++ b/pig-auth/src/main/java/com/pig4cloud/pig/auth/endpoint/PigTokenEndpoint.java @@ -32,6 +32,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; @@ -66,7 +67,7 @@ public class PigTokenEndpoint { @GetMapping("/logout") public R logout(@RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authHeader) { if (StringUtils.hasText(authHeader)) { - String tokenValue = authHeader.replace("Bearer", "").trim(); + String tokenValue = authHeader.replace(OAuth2AccessToken.BEARER_TYPE, StrUtil.EMPTY).trim(); OAuth2AccessToken accessToken = tokenStore.readAccessToken(tokenValue); if (accessToken == null || StrUtil.isBlank(accessToken.getValue())) { return new R<>(false, "退出失败,token 为空"); @@ -118,16 +119,16 @@ public class PigTokenEndpoint { Map map = new HashMap<>(8); - map.put("token_type", token.getTokenType()); - map.put("access_token", token.getValue()); - map.put("expires_in", token.getExpiresIn() + ""); + map.put(OAuth2AccessToken.TOKEN_TYPE, token.getTokenType()); + map.put(OAuth2AccessToken.ACCESS_TOKEN, token.getValue()); + map.put(OAuth2AccessToken.EXPIRES_IN, token.getExpiresIn() + ""); OAuth2Authentication oAuth2Auth = tokenStore.readAuthentication(token); Authentication authentication = oAuth2Auth.getUserAuthentication(); - map.put("client_id", oAuth2Auth.getOAuth2Request().getClientId()); - map.put("grant_type", oAuth2Auth.getOAuth2Request().getGrantType()); + map.put(OAuth2Utils.CLIENT_ID, oAuth2Auth.getOAuth2Request().getClientId()); + map.put(OAuth2Utils.GRANT_TYPE, oAuth2Auth.getOAuth2Request().getGrantType()); if (authentication instanceof UsernamePasswordAuthenticationToken) { UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) authentication; diff --git a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigWebResponseExceptionTranslator.java b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigWebResponseExceptionTranslator.java index 0a062407..42b77c53 100755 --- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigWebResponseExceptionTranslator.java +++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigWebResponseExceptionTranslator.java @@ -89,10 +89,10 @@ public class PigWebResponseExceptionTranslator implements WebResponseExceptionTr int status = e.getHttpErrorCode(); HttpHeaders headers = new HttpHeaders(); - headers.set("Cache-Control", "no-store"); - headers.set("Pragma", "no-cache"); + headers.set(HttpHeaders.CACHE_CONTROL, "no-store"); + headers.set(HttpHeaders.PRAGMA, "no-cache"); if (status == HttpStatus.UNAUTHORIZED.value() || (e instanceof InsufficientScopeException)) { - headers.set("WWW-Authenticate", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary())); + headers.set(HttpHeaders.WWW_AUTHENTICATE, String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary())); } // 客户端异常直接返回客户端,不然无法解析