6 years ago · 8594c73c36
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/TwoFactor.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/TwoFactor.java
@@ -11,7 +11,7 @@ public @interface TwoFactor {
 
				 
			
 
				     long timeout() default 10 * 60 * 1000L;
			
 
				 
			
 
				-    String provider() default "totp";
			
 
				+    String provider() default "default";
			
 
				 
			
 
				     String parameter() default "verifyCode";
			
 
				 
			
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/DefaultAuthorizationAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/DefaultAuthorizationAutoConfiguration.java
@@ -60,6 +60,7 @@ public class DefaultAuthorizationAutoConfiguration {
 
				 
			
 
				     @Bean
			
 
				     @ConditionalOnMissingBean(TwoFactorValidatorManager.class)
			
 
				+    @ConfigurationProperties("hsweb.authorize.two-factor")
			
 
				     public DefaultTwoFactorValidatorManager defaultTwoFactorValidatorManager() {
			
 
				         return new DefaultTwoFactorValidatorManager();
			
 
				     }
			
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/twofactor/defaults/DefaultTwoFactorValidatorManager.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/twofactor/defaults/DefaultTwoFactorValidatorManager.java
@@ -1,5 +1,7 @@
 
				 package org.hswebframework.web.authorization.twofactor.defaults;
			
 
				 
			
 
				+import lombok.Getter;
			
 
				+import lombok.Setter;
			
 
				 import org.hswebframework.web.authorization.twofactor.TwoFactorValidator;
			
 
				 import org.hswebframework.web.authorization.twofactor.TwoFactorValidatorManager;
			
 
				 import org.hswebframework.web.authorization.twofactor.TwoFactorValidatorProvider;
			
@@ -15,6 +17,8 @@ import java.util.Map;
 
				  */
			
 
				 public class DefaultTwoFactorValidatorManager implements TwoFactorValidatorManager, BeanPostProcessor {
			
 
				 
			
 
				+    @Getter
			
 
				+    @Setter
			
 
				     private String defaultProvider = "totp";
			
 
				 
			
 
				     private Map<String, TwoFactorValidatorProvider> providers = new HashMap<>();
			
@@ -41,6 +45,9 @@ public class DefaultTwoFactorValidatorManager implements TwoFactorValidatorManag
 
				         if (bean instanceof TwoFactorValidatorProvider) {
			
 
				             TwoFactorValidatorProvider provider = ((TwoFactorValidatorProvider) bean);
			
 
				             providers.put(provider.getProvider(), provider);
			
 
				+            if (provider.getProvider().equalsIgnoreCase(defaultProvider)) {
			
 
				+                providers.put("default", provider);
			
 
				+            }
			
 
				         }
			
 
				         return bean;
			
 
				     }
			
--- a/hsweb-authorization/hsweb-authorization-basic/README.md
+++ b/hsweb-authorization/hsweb-authorization-basic/README.md
@@ -30,6 +30,26 @@
 
				 ![权限控制](./img/autz-handle-flow.png "权限控制")
			
 
				 
			
 
				 
			
 
				+## 双重验证
			
 
				+
			
 
				+配置 application.yml
			
 
				+```yml
			
 
				+hsweb:
			
 
				+    authorize:
			
 
				+        two-factor:
			
 
				+            enable: true
			
 
				+```
			
 
				+
			
 
				+在需要验证的接口上注解:
			
 
				+
			
 
				+```java
			
 
				+@PostMapping
			
 
				+@TwoFactor("update-password")
			
 
				+public ResponseMessage<Boolean> updatePassword(String password){
			
 
				+    
			
 
				+    //
			
 
				+}
			
 
				+```
			
 
				 
			
 
				 ## 注销
			
 
				 与授权同理,类`UserOnSignOut`监听`AuthorizationExitEvent` ,当触发事件后,调用`UserTokenManager`移除当前登录的token信息