Giter Club home page Giter Club logo

oltu-oauth2-example's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

panda7240 azkfrm felixup heylear hhqqnu jackhu1990 tinyxiao dalvikchen madiarsa swmwlm nbsw yinwer81 zhouyinyan yyzz1987431 virgilfork zhangpanpan1 impulsehu rucky2013 tifancy huluxin luohoufu tanyhuan02 littleyang mataszhang wishesbest1986 zhuyoufeng zhaoyanjie001 clickear kira8565 qiushuizy jasonwuen source-open linbren liuyatao eluwei luohua09 shingz96 javadavid chenglinjava68 bittle devenfan sonergokdogan yafengli nk3310 michaelshih mangotomato barudisshu fanlinglong jeftom jpoppy rocketk ruoo limpidck bjgxjob alphadyz jowp12 zhygit bxyb214 skyformat99 sampson2016 runjen tuwt sighttviewliu ygr15893000 jerry-lin imjerrybao queyknight chenghaojun zhouz206 w0lker zhanruicc jackman0925 haobeiwei marvel-007 helloworldtang zengkid lendo jiamingliu93 tielei60 lwhtarena wclwksn eviding alireza-kasraei omge aaronwong1989 vclisunlang lihua123569 jlmak xinglu choudou5 azhsrdj 523bruceli xiepeikuan dingfangwen leorian tandingbo duwenlei ieven hbowang jnan88

oltu-oauth2-example's Issues

关于token过期的事情

非常棒的关于oauth2的例子,对我帮助很大,非常感谢你!
有一个问题想请教一下,我看你的例子里面access_token是保存在cache里面,如何控制token的过期呢,好像没看到在哪里有验证啊!

同学,您这个项目引入了49个开源组件,存在76个漏洞,辛苦升级一下

检测到 ameizi/oltu-oauth2-example 一共引入了49个开源组件,存在76个漏洞

漏洞标题:Oracle MySQL 输入验证错误漏洞
缺陷组件:mysql:[email protected]
漏洞编号:CVE-2021-2471
漏洞描述:Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。
Oracle MySQL 的 MySQL Connectors 产品中存在输入验证错误漏洞,该漏洞允许高特权攻击者通过多种协议访问网络来破坏 MySQL 连接器。成功攻击此漏洞会导致对关键数据的未授权访问或对所有 MySQL 连接器可访问数据的完全访问,以及导致 MySQL 连接器挂起或频繁重复崩溃。
影响范围:(∞, 8.0.27)
最小修复版本:8.0.27
缺陷组件引入路径:cn.zetark.oauth2.server:[email protected]>mysql:[email protected]

另外还有76个漏洞,详细报告:https://mofeisec.com/jr?p=ica11d

请问admin的密码是什么?

我试着用postman创建用户,没有用不知道为啥。
直接在数据库里插入新用户也不对。
所以可以方便告诉一下admin密码吗?还有创建用户为啥不对,我提交的json如下:

{
    "id": "2",
    "username": "etoa",
    "password": "113",
    "salt": "I love cookies"
}

如果是使用tomcat6部署,需要去掉servlet和jsp的依赖

在 zetark-oauth2-server 工程的pom文件中 把如下三个依赖加上 provided,然后在运行.否则会报一些jsp中错误。

javax.servlet
javax.servlet-api
3.0.1
provided

<dependency>
    <groupId>javax.servlet.jsp</groupId>
    <artifactId>jsp-api</artifactId>
    <version>2.2</version>
    <scope>provided</scope>
</dependency>
<dependency>
    <groupId>javax.servlet</groupId>
    <artifactId>jstl</artifactId>
    <version>1.2</version>
    <scope>provided</scope>
</dependency>

请问怎么没有scope相关的设计?

你好,oauth2.0根据scope来判断不同的access_token对接口访问的权限,我看代码中好像有没这块的校验 。
我一直困惑在api接口上如何方便的引入scope,即api和scope的绑定如何做和何时验证才是最方便的呢?
不知你是否对这方面进行过研究,是否有好的方案?

memory leak

Oct 09, 2020 4:25:53 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads
SEVERE: The web application [/zetark-oauth2-server] appears to have started a thread named [Druid-ConnectionPool-Destory-1003784793] but has failed to stop it. This is very likely to create a memory leak.
看着有问题,java能写出来内存泄露来

English doc

It'is possible to have English documentation ?

授权码code应该只能用一次

OAuth2的授权中,code换取token的code,只能使用一次。而现在代码中可以使用若干次
应该改为如下
@OverRide
public boolean checkAuthCode(String authCode) {
try {
String exist = (String) cache.get(authCode).get();
if (!StringUtils.isEmpty(exist)) {
cache.put(authCode, null);
// 1
return true;
} else {
// 2
return false;
}
}
catch (Exception e) {
// 3
return false;
}
}
如果非空时,应给清空,1表示成功并要清除code,2表示已清除(失效的code),3表示错误的code(从未生成过的)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.