vor 1 Jahr · 5916f14bc7
--- a/core-security/src/main/java/com/qmth/boot/core/security/config/SecurityProperties.java
+++ b/core-security/src/main/java/com/qmth/boot/core/security/config/SecurityProperties.java
@@ -31,6 +31,11 @@ public class SecurityProperties {
 
				     @DurationMin(seconds = 0)
			
 
				     private Duration timeMaxAhead = Duration.ofSeconds(5);
			
 
				 
			
 
				+    /**
			
 
				+     * 调试模式，默认不开启；开启后不验证密文直接验证通过
			
 
				+     */
			
 
				+    private boolean debugMode = false;
			
 
				+
			
 
				     public Duration getTimeMaxDelay() {
			
 
				         return timeMaxDelay;
			
 
				     }
			
@@ -46,4 +51,12 @@ public class SecurityProperties {
 
				     public void setTimeMaxAhead(Duration timeMaxAhead) {
			
 
				         this.timeMaxAhead = timeMaxAhead;
			
 
				     }
			
 
				+
			
 
				+    public boolean isDebugMode() {
			
 
				+        return debugMode;
			
 
				+    }
			
 
				+
			
 
				+    public void setDebugMode(boolean debugMode) {
			
 
				+        this.debugMode = debugMode;
			
 
				+    }
			
 
				 }
			
--- a/core-security/src/main/java/com/qmth/boot/core/security/service/impl/BaseAuthorizationSupport.java
+++ b/core-security/src/main/java/com/qmth/boot/core/security/service/impl/BaseAuthorizationSupport.java
@@ -61,8 +61,8 @@ public class BaseAuthorizationSupport implements AuthorizationSupport {
 
				         if (ae == null) {
			
 
				             throw AuthorizationException.IDENTITY_NOT_FOUND;
			
 
				         }
			
 
				-        // 验证签名的密文部分
			
 
				-        if (!entity.validate(ae.getSecret())) {
			
 
				+        // 非调试模式下验证签名的密文部分
			
 
				+        if (!securityProperties.isDebugMode() && !entity.validate(ae.getSecret())) {
			
 
				             throw entity.getType() == SignatureType.SECRET ?
			
 
				                     AuthorizationException.SECRET_ERROR :
			
 
				                     AuthorizationException.TOKEN_ERROR;
			
--- a/core-security/src/test/java/com/qmth/boot/test/core/security/AuthTest.java
+++ b/core-security/src/test/java/com/qmth/boot/test/core/security/AuthTest.java
@@ -36,6 +36,7 @@ public class AuthTest {
 
				 
			
 
				     @Test
			
 
				     public void testAuthSecret() {
			
 
				+        properties.setDebugMode(false);
			
 
				         long time = System.currentTimeMillis();
			
 
				         String accessKey = "123456";
			
 
				         String accessSecret = "secret";
			
@@ -75,6 +76,7 @@ public class AuthTest {
 
				 
			
 
				     @Test
			
 
				     public void testAuthToken() {
			
 
				+        properties.setDebugMode(false);
			
 
				         long time = System.currentTimeMillis();
			
 
				         String sessionId = "123456";
			
 
				         String token = "token";
			
@@ -138,4 +140,18 @@ public class AuthTest {
 
				         Assert.assertEquals(entity.getSecret(), token);
			
 
				     }
			
 
				 
			
 
				+    @Test
			
 
				+    public void testDebug() {
			
 
				+        properties.setDebugMode(true);
			
 
				+        long time = System.currentTimeMillis();
			
 
				+        String sessionId = "123456";
			
 
				+        String token = "token";
			
 
				+        authorization.secret = token + token;
			
 
				+        String signature = SignatureEntity.build(SignatureType.TOKEN, method, tokenPath, time, sessionId, token);
			
 
				+
			
 
				+        AccessEntity entity = support.validateSignature(signature, method, tokenPath, String.valueOf(time));
			
 
				+        Assert.assertNotNull(entity);
			
 
				+        Assert.assertEquals(entity.getIdentity(), sessionId);
			
 
				+    }
			
 
				+
			
 
				 }