ameizi / oltu-oauth2-example Goto Github PK
View Code? Open in Web Editor NEW使用Apache Oltu 搭建Oauth2 Server及Client开放授权
License: Apache License 2.0
使用Apache Oltu 搭建Oauth2 Server及Client开放授权
License: Apache License 2.0
非常棒的关于oauth2的例子,对我帮助很大,非常感谢你!
有一个问题想请教一下,我看你的例子里面access_token是保存在cache里面,如何控制token的过期呢,好像没看到在哪里有验证啊!
检测到 ameizi/oltu-oauth2-example 一共引入了49个开源组件,存在76个漏洞
漏洞标题:Oracle MySQL 输入验证错误漏洞
缺陷组件:mysql:[email protected]
漏洞编号:CVE-2021-2471
漏洞描述:Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。
Oracle MySQL 的 MySQL Connectors 产品中存在输入验证错误漏洞,该漏洞允许高特权攻击者通过多种协议访问网络来破坏 MySQL 连接器。成功攻击此漏洞会导致对关键数据的未授权访问或对所有 MySQL 连接器可访问数据的完全访问,以及导致 MySQL 连接器挂起或频繁重复崩溃。
影响范围:(∞, 8.0.27)
最小修复版本:8.0.27
缺陷组件引入路径:cn.zetark.oauth2.server:[email protected]>mysql:[email protected]
另外还有76个漏洞,详细报告:https://mofeisec.com/jr?p=ica11d
我试着用postman创建用户,没有用不知道为啥。
直接在数据库里插入新用户也不对。
所以可以方便告诉一下admin密码吗?还有创建用户为啥不对,我提交的json如下:
{
"id": "2",
"username": "etoa",
"password": "113",
"salt": "I love cookies"
}
在 zetark-oauth2-server 工程的pom文件中 把如下三个依赖加上 provided,然后在运行.否则会报一些jsp中错误。
javax.servlet
javax.servlet-api
3.0.1
provided
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<scope>provided</scope>
</dependency>
server 的 sql 脚本在什么位置?
你好,oauth2.0根据scope来判断不同的access_token对接口访问的权限,我看代码中好像有没这块的校验 。
我一直困惑在api接口上如何方便的引入scope,即api和scope的绑定如何做和何时验证才是最方便的呢?
不知你是否对这方面进行过研究,是否有好的方案?
Oct 09, 2020 4:25:53 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
SEVERE: The web application [/zetark-oauth2-server] appears to have started a thread named [Druid-ConnectionPool-Destory-1003784793] but has failed to stop it. This is very likely to create a memory leak.
看着有问题,java能写出来内存泄露来
It'is possible to have English documentation ?
OAuth2的授权中,code换取token的code,只能使用一次。而现在代码中可以使用若干次
应该改为如下
@OverRide
public boolean checkAuthCode(String authCode) {
try {
String exist = (String) cache.get(authCode).get();
if (!StringUtils.isEmpty(exist)) {
cache.put(authCode, null);
// 1
return true;
} else {
// 2
return false;
}
}
catch (Exception e) {
// 3
return false;
}
}
如果非空时,应给清空,1表示成功并要清除code,2表示已清除(失效的code),3表示错误的code(从未生成过的)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.