accessToken.getScope() != null

2026-06-01 10:21:26 +08:00 · 2017-12-21 14:11:46 +08:00
parent c2fea04378
commit 7300a908c6
1 changed files with 2 additions and 2 deletions
--- a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java
@@ -41,7 +41,7 @@ import static org.hswebframework.web.oauth2.core.ErrorType.*;
 public class DefaultRefreshTokenGranter extends AbstractAuthorizationService implements RefreshTokenGranter {

    //默认有效时间为1年
-    private long refreshTokenTimeOut = 365 * 24 * 60 * 60 * 1000L;
+    private long refreshTokenTimeOut = 365_24_60_60_1000L;

    public void setRefreshTokenTimeOut(long refreshTokenTimeOut) {
        this.refreshTokenTimeOut = refreshTokenTimeOut;
@@ -71,7 +71,7 @@ public class DefaultRefreshTokenGranter extends AbstractAuthorizationService imp
            return accessToken;
        }
        Set<String> newRange = request.getScope() != null ? request.getScope() : accessToken.getScope();
-        if (!accessToken.getScope().containsAll(newRange)) {
+        if (accessToken.getScope() != null && !accessToken.getScope().containsAll(newRange)) {
            throw new GrantTokenException(ErrorType.SCOPE_OUT_OF_RANGE);
        }
        accessToken.setAccessToken(accessTokenService.createToken().getAccessToken());