feat: 对接华为认证

pom.xml

@@ -55,6 +55,13 @@
             <version>2.0.0.M2</version>
         </dependency>
 
+        <!--配置处理-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -69,6 +76,13 @@
             <groupId>com.dragonsoft</groupId>
             <artifactId>duceap-security-dids</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.12</version>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 
     <repositories>

src/main/assembly/conf/application.yml

@@ -1,95 +1,11 @@
-server:
-  port: 8866
-  servlet:
-    context-path: /approve-gateway
-
 spring:
-  application:
-    name: approve-gateway
-  cloud:
-    nacos:
-      discovery:
-        server-addr: 127.0.0.1:8848
-
-zuul:
-  retryable: true
-  # 这个配置必须保留，才会传递Authorization，cookie等
-  sensitive-headers:
-  host:
-    connect-timeout-millis: 60000
-    socket-timeout-millis: 60000
-ribbon:
-  ConnectTimeout: 60000 # 连接超时时间(ms)
-  ReadTimeout: 60000 # 通信超时时间(ms)
-  OkToRetryOnAllOperations: true # 是否对所有操作重试
-  MaxAutoRetriesNextServer: 2 # 同一服务不同实例的重试次数
-  MaxAutoRetries: 1 # 同一实例的重试次数
-hystrix:
-  command:
-    default:
-      execution:
-        isolation:
-          thread:
-            timeoutInMillisecond: 60000 # 熔断超时时长：6000ms
-
-
-duceap:
-  license:
-    dataCacheMethod: apollo
-    #配置用来指定license对接的后端项目地址(格式：ip:port/context，如http://10.10.10.10:8080/ctx)，默认使用HttpServletRequest.getLocalAddr()方法获取ip地址，应用在docker部署环境中无法获取机子的真实ip地址 考虑以配置参数的形式传入
-    #address: http://10.10.10.10:8080/ctx
-    enabled: false
-  apollo:
-    client:
-      host: http://192.168.10.27:8070 #配置中心地址(portal端)
-  security:
-    ##配置登陆方式，dids、dssoac、dcuc
-    type: dids
-    ##dids登录配置#
-    dids2:
-      ##应用代码
-      appCode: YHZX0000000000000001
-      useSSO: true
-      ##单点登录服务器地址
-      SSOLoginUrl: http://10.201.7.30:9090/didsserver/login
-      ##单点登录服务接口地址
-      SSOValidateUrl: http://10.201.7.30:9090/didsserver/serviceValidate
-      ##对接系统地址(ip:端口/上下文/login) 开发环境中, ip端口需要配置成代理的前端地址(请全程使用真实的ip 而不是localhost或者127.0.0.1，否则会导致登录失败)
-      SSOServiceUrl: http://10.11.0.59:1645/approve-gateway/login
-      accessType: 1
-      ##单点登录服务接口地址
-      webServiceUrl: http://10.201.7.30:9090/didsserver/webservices/
-      jndi: JDBC/DIDS
-      filterType: 1
-      ##若匹配该地址，则无须过滤
-      noFilterUrl: /api/v1/,v1/,v2/api-docs,services,hessian,commons,install.action,.xml,/install,/widgets-src/,/authorizationPage.html,/importAuthorizationFile.html,/license/LicenseManagerServlet,/authorizationFile/
-    dcuc:
-      casServerUrlPrefix: http://192.168.10.2:8877/sso
-      serverName: http://10.11.0.59:1645
-      ignorePattern: /js/*|/img/*|/css/*|/authorizationPage.html|/importAuthorizationFile.html|/license/LicenseManagerServlet|/authorizationFile/|/api/v1
-      ApiUrl: http://192.168.10.2:8860/dcuc
-      appCode: YHZX0000000000000001
-#=========================apollo配置信息============================#
+  profiles:
+    include: base
+#apollo配置
 apollo:
+  autoUpdateInjectedSpringProperties: false
   bootstrap:
-    enabled: true #是否启用apollo
-    namespaces: application, dragonsoft.approve-common #命名空间，默认application
-  cluster: default #集群，默认default
-  meta: http://192.168.10.27:8080 #配置中心地址(服务端)
-
-approve:
-  filter:
-    hw:
-      app:
-        secret: test
-        key: test
-      # 华为网关地址
-      host: http://10.11.1.164:11480
-      # 过滤器开关
-      enabled: false
-    dcuc:
-      # dcuc主机地址
-      host: http://10.11.0.14:8870
-      # 过滤器开关
-      enabled: true
-
+    enabled: true
+    namespaces: application,dragonsoft.dcuc
+  cluster: default
+  meta: http://192.168.10.80:8081

src/main/java/com/dragonsoft/dcuc/approvegateway/Constants.java

@@ -0,0 +1,34 @@
+package com.dragonsoft.dcuc.approvegateway;
+
+/**
+ * <p>
+ * 常量
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/6/21
+ */
+public final class Constants {
+
+    /**
+     * 用户令牌
+     */
+    public static final String USER_TOKEN = "userToken";
+
+    /**
+     * 应用令牌
+     */
+    public static final String APP_TOKEN = "appToken";
+
+    /**
+     * BIM token
+     */
+    public static final String BIM_TOKEN = "bimToken";
+
+    /**
+     * 华为
+     */
+    public static final String HUA_WEI = "huaWei";
+
+
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/business/BimBusiness.java

@@ -0,0 +1,126 @@
+package com.dragonsoft.dcuc.approvegateway.business;
+
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.http.HttpRequest;
+import com.dragonsoft.dcuc.approvegateway.pojo.*;
+import com.dragonsoft.dcuc.approvegateway.properties.DcucApproveProperties;
+import com.dragonsoft.duceap.commons.util.UUIDUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+/**
+ * <p>
+ * 竹云认证相关业务
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/6/21
+ */
+@Slf4j
+@Service
+public class BimBusiness {
+
+    @Autowired
+    private DcucApproveProperties dcucApproveProperties;
+
+    /**
+     * 获取 token
+     *
+     * @return token
+     */
+    public String getToken() {
+        String url = dcucApproveProperties.getBimIdentityUrl() + "/api/rest/management/ExtApiMgmtAuthService/login";
+
+        BimLoginReqVO bimLoginReqVo = new BimLoginReqVO();
+        bimLoginReqVo.setLoginId(dcucApproveProperties.getBimLoginId());
+        bimLoginReqVo.setSecretKey(dcucApproveProperties.getBimSecretKey());
+
+        String requestJson = JsonUtils.toJSONString(bimLoginReqVo);
+        log.debug("Bim login request:{}", requestJson);
+        String respJson = HttpRequest.post(url)
+                .body(requestJson)
+                .execute()
+                .body();
+        log.debug("Bim login respJson:{}", respJson);
+
+        BimRespVO bimRespVo = JsonUtils.parseObject(respJson, BimRespVO.class);
+        if (!bimRespVo.getSuccess()) {
+            log.error("Bim login token error :{}", respJson);
+            return "";
+        }
+
+        Object data = bimRespVo.getData();
+        return (String) data;
+    }
+
+    /**
+     * 退出 token
+     *
+     * @param token token
+     */
+    public void logoutToken(String token) {
+
+        String url = dcucApproveProperties.getBimIdentityUrl() + "/api/rest/management/ExtApiMgmtAuthService/logout";
+
+        BimLogoutReqVO bimLogoutReqVo = new BimLogoutReqVO();
+        bimLogoutReqVo.setToken(token);
+
+        String requestJson = JsonUtils.toJSONString(bimLogoutReqVo);
+        log.debug("Bim logout requestJson:{}", requestJson);
+        String respJson = HttpRequest.post(url)
+                .body(requestJson)
+                .execute()
+                .body();
+        log.debug("Bim logout respJson:{}", respJson);
+
+        BimRespVO bimRespVo = JsonUtils.parseObject(respJson, BimRespVO.class);
+        if (!bimRespVo.getSuccess()) {
+            log.error("Bim logout token error :{}", respJson);
+        }
+    }
+
+
+    /**
+     * 获取用户信息
+     *
+     * @param userToken 用户令牌
+     * @param token     token
+     * @return 用户信息
+     */
+    public BimUserInfoItemRespVO getUserInfoByUserToken(String userToken, String token) {
+
+        if (StrUtil.isBlank(userToken)) {
+            throw new IllegalArgumentException("UserToken is blank.");
+        }
+
+        String messageId = UUIDUtils.getUUID();
+
+        BimUserInfoReqVO bimUserInfoReqVO = new BimUserInfoReqVO();
+        bimUserInfoReqVO.setToken(token);
+        bimUserInfoReqVO.setMessageId(messageId);
+        bimUserInfoReqVO.setUserToken(userToken);
+
+        String reqJson = JsonUtils.toJSONString(bimUserInfoReqVO);
+
+        log.info("UserInfo req :{}", reqJson);
+
+        String url = dcucApproveProperties.getBimIdentityUrl() + "/api/rest/customization/ExpApiCustomDragonitService/getUserInfoByUserToken";
+
+        log.info("UserInfo req url:{}", reqJson);
+        String postResp = HttpRequest.post(url)
+                .body(reqJson)
+                .execute()
+                .body();
+        log.info("UserInfo resp :{}", postResp);
+
+        BimUserInfoRespVO bimRespVo = JsonUtils.parseObject(postResp, BimUserInfoRespVO.class);
+
+        if (!bimRespVo.getSuccess()) {
+            log.error("UserInfo error:{}", postResp);
+        }
+
+        return bimRespVo.getData();
+    }
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/controller/LoginDemoController.java → src/main/java/com/dragonsoft/dcuc/approvegateway/controller/ApproveLoginController.java

@@ -18,10 +18,11 @@ import javax.servlet.http.HttpServletResponse;
 import java.net.URLEncoder;
 
 /**
- * Created by lidr on 2021/2/24
+ * @author lidr
+ * @date 2021/2/24
  */
 @RestController
-public class LoginDemoController {
+public class ApproveLoginController {
     @Autowired(required = false)
     private DidsProperties didsProperties;
     @Autowired(required = false)
@@ -32,7 +33,7 @@ public class LoginDemoController {
     @RequestMapping({"/gateway/logout"})
     public void logout(HttpServletRequest request, HttpServletResponse response) throws Exception {
         String type = securityProperties.getType();
-        if(type.equalsIgnoreCase("dcuc")){
+        if (type.equalsIgnoreCase("dcuc")) {
             String redirectUrl = request.getParameter("redirectUrl") != null ? request.getParameter("redirectUrl") : this.dcucProperties.getServerName();
             String logoutUrl = this.dcucProperties.getCasServerUrlPrefix() + "/logout?service=" + URLEncoder.encode(redirectUrl, "UTF-8");
             ResponseLink responseLink = ResponseLink.logout(logoutUrl);
@@ -42,15 +43,15 @@ public class LoginDemoController {
             } else {
                 DcucLogoutHandler.logout(request, response, redirectUrl);
             }
-        }else {
+        } else {
             String ssoUrl = PropUtils.getInstance().getConfigItem("dids2.SSOLoginUrl").replace("/login", "");
             String redirectUrl = StringUtils.defaultIfEmpty(request.getParameter("redirectUrl"), StringUtils.substringBeforeLast(this.didsProperties.getSSOServiceUrl(), "/login"));
             String logoutUrl = ssoUrl + "/logout?service=" + redirectUrl;
             ResponseLink responseLink = ResponseLink.logout(logoutUrl);
-            if(RequestUtils.isXmlHttpRequest(request)){
+            if (RequestUtils.isXmlHttpRequest(request)) {
                 request.getSession().invalidate();
-                ResponseUtils.outJson(responseLink,response);
-            }else {
+                ResponseUtils.outJson(responseLink, response);
+            } else {
                 request.getSession().invalidate();
                 response.sendRedirect(logoutUrl);
             }

src/main/java/com/dragonsoft/dcuc/approvegateway/filter/HwTokenPreFilter.java → src/main/java/com/dragonsoft/dcuc/approvegateway/filter/BimTokenPreFilter.java

@@ -3,15 +3,18 @@ package com.dragonsoft.dcuc.approvegateway.filter;
 import com.alibaba.fastjson.JSON;
 import com.dragonsoft.approve.component.TokenOperate;
 import com.dragonsoft.approve.model.TokenInfo;
-import com.dragonsoft.dcuc.approvegateway.util.ApiGwUtils;
+import com.dragonsoft.dcuc.approvegateway.Constants;
+import com.dragonsoft.dcuc.approvegateway.business.BimBusiness;
+import com.dragonsoft.dcuc.approvegateway.properties.DcucApproveProperties;
+import com.dragonsoft.duceap.web.SecurityProperties;
 import com.netflix.zuul.ZuulFilter;
 import com.netflix.zuul.context.RequestContext;
 import com.netflix.zuul.exception.ZuulException;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.time.DateUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
@@ -21,50 +24,23 @@ import java.util.Date;
  * @Date: 2021/1/14 10:57
  * @Description:
  */
-//@Component
-public class HwTokenPreFilter extends ZuulFilter {
+@Slf4j
+@Component
+public class BimTokenPreFilter extends ZuulFilter {
 
-    private static final Logger logger = LoggerFactory.getLogger(HwTokenPreFilter.class);
+    private static final Logger logger = LoggerFactory.getLogger(BimTokenPreFilter.class);
 
-    /**
-     * 华为网关API获取AppToken的URI
-     */
-    private static final String ACCESS_TOKEN_URI = "/v1/apigw/oauth2/token";
-
-    public static final String HW_TOKEN = "HW_TOKEN";
-
-    /**
-     * 容忍时间
-     */
-    public static final int TOLERATE_TIME = 5 * 60;
-
-    /**
-     * 华为AppKey
-     */
-    @Value("${approve.filter.hw.app.key:}")
-    private String hwAppKey;
-
-    /**
-     * 华为AppSecret
-     */
-    @Value("${approve.filter.hw.app.secret:}")
-    private String hwAppSecret;
-
-    /**
-     * 华为网关地址URL
-     */
-    @Value("${approve.filter.hw.host:}")
-    private String hwGatewayHost;
-
-    /**
-     * 华为网关是否开启
-     */
-    @Value("${approve.filter.hw.enabled:true}")
-    private Boolean hwEnabled;
+    @Autowired
+    private SecurityProperties securityProperties;
 
     @Autowired
     private TokenOperate tokenComponent;
 
+    @Autowired
+    private BimBusiness bimBusiness;
+
+    @Autowired
+    private DcucApproveProperties dcucApproveProperties;
 
     @Override
     public String filterType() {
@@ -78,13 +54,14 @@ public class HwTokenPreFilter extends ZuulFilter {
 
     @Override
     public boolean shouldFilter() {
-        return hwEnabled;
+        String type = securityProperties.getType();
+        return type.equalsIgnoreCase(Constants.HUA_WEI);
     }
 
     @Override
     public Object run() throws ZuulException {
         RequestContext ctx = RequestContext.getCurrentContext();
-        ctx.set(HW_TOKEN, getTokenOauth());
+        ctx.set(Constants.BIM_TOKEN, getTokenOauth());
         return null;
     }
 
@@ -96,19 +73,28 @@ public class HwTokenPreFilter extends ZuulFilter {
     public TokenInfo getTokenOauth() {
         TokenInfo tokenInfo = tokenComponent.fetchTokenInfo();
 
+        Date currentDate = new Date();
         //token正常直接返回
-        if (null != tokenInfo && new Date().before(tokenInfo.getOverdueTime())) {
-            logger.info("HwTokenInfo=【{}】", JSON.toJSONString(tokenInfo));
+        if (null != tokenInfo && currentDate.before(tokenInfo.getOverdueTime())) {
+            logger.debug("HwTokenInfo=【{}】", JSON.toJSONString(tokenInfo));
             return tokenInfo;
         }
 
-        //token过期或者不存在
-        Date currentDate = new Date();
-        //调用华为网关获取accessToken
-        tokenInfo = ApiGwUtils.getAccessToken(hwGatewayHost + ACCESS_TOKEN_URI, hwAppKey, hwAppSecret);
+        if (tokenInfo != null) {
+            String accessToken = tokenInfo.getAccessToken();
+            bimBusiness.logoutToken(accessToken);
+        }
+
+        //调用竹云认证获取 token
+        String token = bimBusiness.getToken();
+        tokenInfo = new TokenInfo();
+        tokenInfo.setAccessToken(token);
+
         //设置缓存
-        tokenInfo.setOverdueTime(DateUtils.addSeconds(currentDate, tokenInfo.getExpiresIn() - TOLERATE_TIME));
+        Integer bimTokenExpireSecond = dcucApproveProperties.getBimTokenExpireSecond();
+        tokenInfo.setOverdueTime(DateUtils.addSeconds(currentDate, bimTokenExpireSecond));
         tokenComponent.pushHwTokenInfo(tokenInfo);
         return tokenInfo;
     }
+
 }

src/main/java/com/dragonsoft/dcuc/approvegateway/filter/BimUserInfoPreFilter.java

@@ -0,0 +1,92 @@
+package com.dragonsoft.dcuc.approvegateway.filter;
+
+import com.alibaba.fastjson.JSONObject;
+import com.dragonsoft.approve.common.ErrorCode;
+import com.dragonsoft.approve.model.TokenInfo;
+import com.dragonsoft.dcuc.approvegateway.Constants;
+import com.dragonsoft.dcuc.approvegateway.business.BimBusiness;
+import com.dragonsoft.dcuc.approvegateway.pojo.BimUserInfoItemRespVO;
+import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
+import com.dragonsoft.duceap.base.exception.ApplicationException;
+import com.dragonsoft.duceap.base.utils.UserContextUtils;
+import com.dragonsoft.duceap.security.jwt.JwtTokenUtils;
+import com.dragonsoft.duceap.web.SecurityProperties;
+import com.netflix.zuul.ZuulFilter;
+import com.netflix.zuul.context.RequestContext;
+import com.netflix.zuul.exception.ZuulException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author huangzqa
+ */
+@Component
+public class BimUserInfoPreFilter extends ZuulFilter {
+
+    private static final Logger logger = LoggerFactory.getLogger(BimUserInfoPreFilter.class);
+
+    @Autowired
+    private SecurityProperties securityProperties;
+
+    @Autowired
+    private BimBusiness bimBusiness;
+
+    @Override
+    public String filterType() {
+        return "pre";
+    }
+
+    @Override
+    public int filterOrder() {
+        return -10;
+    }
+
+    @Override
+    public boolean shouldFilter() {
+        String type = securityProperties.getType();
+        return type.equalsIgnoreCase(Constants.HUA_WEI);
+    }
+
+    @Override
+    public Object run() throws ZuulException {
+        RequestContext ctx = RequestContext.getCurrentContext();
+        BaseSecurityUser currentUser = UserContextUtils.getCurrentUser();
+        logger.info("====登录用户信息：{}====", JSONObject.toJSONString(currentUser));
+        if (currentUser != null) {
+            String jwtToken = JwtTokenUtils.getAlgorithmGen(JwtTokenUtils.AlgorithmType.HS256).sign(currentUser);
+            ctx.addZuulRequestHeader(JwtTokenUtils.AUTHORIZATION_HEADER, JwtTokenUtils.TOKEN_PREFIX + jwtToken);
+            logger.info("登录jwtToken：{}", jwtToken);
+        } else {
+            BaseSecurityUser securityUser = getSecurityUser();
+            UserContextUtils.setCurrentUser(securityUser);
+        }
+        return null;
+    }
+
+    private BaseSecurityUser getSecurityUser() {
+        RequestContext ctx = RequestContext.getCurrentContext();
+        HttpServletRequest request = ctx.getRequest();
+
+        String userToken = request.getHeader("userToken");
+
+        BaseSecurityUser baseSecurityUser;
+        try {
+            String accessToken = ((TokenInfo) ctx.get(Constants.BIM_TOKEN)).getAccessToken();
+            BimUserInfoItemRespVO bimUserInfoItemRespVO = bimBusiness.getUserInfoByUserToken(userToken, accessToken);
+            baseSecurityUser = new BaseSecurityUser();
+            baseSecurityUser.setId(bimUserInfoItemRespVO.getYhId());
+            baseSecurityUser.setName(bimUserInfoItemRespVO.getXm());
+            baseSecurityUser.setPoliceNo(bimUserInfoItemRespVO.getJh());
+            baseSecurityUser.setSecurityOrg(bimUserInfoItemRespVO.getDwdm());
+        } catch (Exception e) {
+            logger.error("用户信息获取失败", e);
+            throw new ApplicationException(ErrorCode.USER_INFO_ERROR.getCode(), ErrorCode.USER_INFO_ERROR.getMsg());
+        }
+
+        return baseSecurityUser;
+    }
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/filter/DcucJwtTokenPreFilter.java

@@ -1,134 +0,0 @@
-package com.dragonsoft.dcuc.approvegateway.filter;
-
-import com.alibaba.fastjson.JSONObject;
-import com.dragonsoft.approve.common.ErrorCode;
-import com.dragonsoft.approve.model.TokenInfo;
-import com.dragonsoft.dcuc.approvegateway.pojo.OauthUserVo;
-import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
-import com.dragonsoft.duceap.base.exception.ApplicationException;
-import com.dragonsoft.duceap.base.utils.UserContextUtils;
-import com.dragonsoft.duceap.core.entity.response.ResponseResult;
-import com.dragonsoft.duceap.security.jwt.JwtTokenUtils;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.netflix.zuul.ZuulFilter;
-import com.netflix.zuul.context.RequestContext;
-import com.netflix.zuul.exception.ZuulException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.*;
-import org.springframework.stereotype.Component;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-import org.springframework.web.client.RestTemplate;
-
-import java.util.Optional;
-
-@Component
-public class DcucJwtTokenPreFilter extends ZuulFilter {
-
-    private static final Logger logger = LoggerFactory.getLogger(DcucJwtTokenPreFilter.class);
-
-    /**
-     * 获取用户信息接口
-     */
-    private static final String AUTH_USER_PATH = "/dcuc/api/user-service/v2/users/oauth";
-
-    /**
-     * 认证服务url
-     */
-    @Value("${approve.filter.dcuc.host:}")
-    private String oauthServiceHost;
-
-    /**
-     * 华为网关是否开启
-     */
-    @Value("${approve.filter.dcuc.enabled:true}")
-    private Boolean dcucEnabled;
-
-    @Override
-    public String filterType() {
-        return "pre";
-    }
-
-    @Override
-    public int filterOrder() {
-        return -10;
-    }
-
-    @Override
-    public boolean shouldFilter() {
-        return dcucEnabled;
-    }
-
-    @Override
-    public Object run() throws ZuulException {
-        RequestContext ctx = RequestContext.getCurrentContext();
-        BaseSecurityUser currentUser = UserContextUtils.getCurrentUser();
-        logger.info("====登录用户信息：{}====", JSONObject.toJSONString(currentUser));
-        if (currentUser != null) {
-            String jwtToken = JwtTokenUtils.getAlgorithmGen(JwtTokenUtils.AlgorithmType.HS256).sign(currentUser);
-            ctx.addZuulRequestHeader(JwtTokenUtils.AUTHORIZATION_HEADER, JwtTokenUtils.TOKEN_PREFIX + jwtToken);
-            logger.info("登录jwtToken：{}", jwtToken);
-        }
-        return null;
-    }
-
-    private BaseSecurityUser getSecurityUser() {
-        RequestContext ctx = RequestContext.getCurrentContext();
-
-        //        logger.info();
-        String userToken = ctx.getRequest().getHeader("token");
-        String appToken = ctx.getRequest().getHeader("appToken");
-
-        HttpHeaders headers = new HttpHeaders();
-        //设置ContentType
-        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
-        //应用token
-        headers.add("dcucAppToken", appToken);
-        //用户token
-        headers.add("dcucUserToken", userToken);
-        logger.info("userToken=【{}】，appToken=【{}】", userToken, appToken);
-
-        //是否需要获取华为网关accessToken，公司内部无华为网关环境
-        if (Optional.ofNullable(ctx.get(HwTokenPreFilter.HW_TOKEN)).isPresent()) {
-            String accessToken = ((TokenInfo) ctx.get(HwTokenPreFilter.HW_TOKEN)).getAccessToken();
-            String authorization = JwtTokenUtils.TOKEN_PREFIX + accessToken;
-            headers.add("Authorization", authorization);
-            logger.info("华为accessToken=【{}】", accessToken);
-        }
-
-        BaseSecurityUser baseSecurityUser = null;
-        try {
-            HttpEntity<MultiValueMap<String, Object>> requestEntity = new HttpEntity<MultiValueMap<String, Object>>(new LinkedMultiValueMap(), headers);
-            RestTemplate restTemplate = new RestTemplate();
-            //远程调用用户中心接口
-            ResponseEntity<ResponseResult> exchange = restTemplate.exchange(oauthServiceHost + AUTH_USER_PATH, HttpMethod.GET, requestEntity, ResponseResult.class);
-            logger.info("远程调用返回结果resEntity=【{}】,请求url=【{}】", JSONObject.toJSONString(exchange), oauthServiceHost + AUTH_USER_PATH);
-            //判断请求是否成功
-            if (exchange.getStatusCode() == HttpStatus.OK) {
-                ResponseResult responseResult = exchange.getBody();
-                if (String.valueOf(HttpStatus.OK.value()).equals(responseResult.getStatusCode())) {
-                    OauthUserVo oauthUserVo = new ObjectMapper().convertValue(responseResult.getResult(), OauthUserVo.class);
-                    baseSecurityUser = new BaseSecurityUser();
-                    baseSecurityUser.setId(oauthUserVo.getId());
-                    baseSecurityUser.setName(oauthUserVo.getName());
-                    baseSecurityUser.setPoliceNo(oauthUserVo.getPoliceNumber());
-                    baseSecurityUser.setSecurityOrg(oauthUserVo.getOrgCode());
-//                    baseSecurityUser.setCode(oauthUserVo.getOrgCode());
-//                    baseSecurityUser.setUserName();
-//                    baseSecurityUser.setSecurityRoles();
-                }
-            }
-        } catch (Exception e) {
-            logger.error("用户信息获取失败", e);
-            throw new ApplicationException(ErrorCode.USER_INFO_ERROR.getCode(), ErrorCode.USER_INFO_ERROR.getMsg());
-        }
-        if (null == baseSecurityUser) {
-            logger.error("用户信息获取失败，用户信息为空！");
-            throw new ApplicationException(ErrorCode.USER_INFO_ERROR.getCode(), ErrorCode.USER_INFO_ERROR.getMsg());
-        }
-
-        return baseSecurityUser;
-    }
-}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimLoginReqVO.java

@@ -0,0 +1,15 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimLoginReqVO {
+
+    private String loginId;
+
+    private String secretKey;
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimLogoutReqVO.java

@@ -0,0 +1,13 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimLogoutReqVO {
+
+    private String token;
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimRespExceptionVO.java

@@ -0,0 +1,18 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimRespExceptionVO {
+
+    private String name;
+
+    private String message;
+
+    private String trace;
+
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimRespVO.java

@@ -0,0 +1,23 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimRespVO {
+
+    private Boolean success;
+
+    private Object data;
+
+    private String errorCode;
+
+    private String errorMessage;
+
+    private BimRespExceptionVO errorException;
+
+
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimUserInfoItemRespVO.java

@@ -0,0 +1,67 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimUserInfoItemRespVO {
+
+    /**
+     * 消息id
+     */
+    private String messageId;
+
+    /**
+     * true表示查询成功
+     */
+    private String result;
+
+    /**
+     * 结果描述
+     */
+    private String resultDescription;
+
+    /**
+     * 用户id
+     */
+    private String yhId;
+
+    /**
+     * 姓名
+     */
+    private String xm;
+
+    /**
+     * 警号
+     */
+    private String jh;
+
+    /***
+     * 身份证号
+     */
+    private String sfzh;
+
+    /**
+     * 单位代码
+     */
+    private String dwdm;
+
+    /**
+     * 单位名称
+     */
+    private String dwmc;
+
+    /**
+     * 职位
+     */
+    private String zw;
+
+    /**
+     * 用户名
+     */
+    private String yhm;
+
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimUserInfoReqVO.java

@@ -0,0 +1,26 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimUserInfoReqVO {
+
+    /**
+     * token
+     */
+    private String token;
+
+    /**
+     * 消息ID
+     */
+    private String messageId;
+
+    /**
+     * 用户令牌
+     */
+    private String userToken;
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/BimUserInfoRespVO.java

@@ -0,0 +1,23 @@
+package com.dragonsoft.dcuc.approvegateway.pojo;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/9
+ **/
+@Data
+public class BimUserInfoRespVO {
+
+    private Boolean success;
+
+    private BimUserInfoItemRespVO data;
+
+    private String errorCode;
+
+    private String errorMessage;
+
+    private BimRespExceptionVO errorException;
+
+
+}

src/main/java/com/dragonsoft/dcuc/approvegateway/pojo/OauthUserVo.java

@@ -1,117 +0,0 @@
-package com.dragonsoft.dcuc.approvegateway.pojo;
-
-import java.io.Serializable;
-
-/**
- * 代码千万行,注释第一行,编码不规范,同事两行泪
- *
- * @author huang(jy)
- * @version 1.0
- * @date 2020/12/10 9:22
- */
-public class OauthUserVo implements Serializable {
-    private static final long serialVersionUID = -7843750020214903309L;
-
-    //id（主键标识：UUID
-    private String id;
-
-    //姓名
-    private String name;
-
-    //省份证号
-    private String idcard;
-
-    //警号
-    private String policeNumber;
-
-    //机构名称
-    private String orgName;
-
-    //机构代码
-    private String orgCode;
-
-    //职务
-    private String postType;
-
-    //人员类型
-    private String userType;
-
-
-    public OauthUserVo() {
-    }
-
-    public OauthUserVo(String id, String name, String idcard, String policeNumber, String orgName, String orgCode, String postType, String userType) {
-        this.id = id;
-        this.name = name;
-        this.idcard = idcard;
-        this.policeNumber = policeNumber;
-        this.orgName = orgName;
-        this.orgCode = orgCode;
-        this.postType = postType;
-        this.userType = userType;
-    }
-
-    public String getId() {
-        return id;
-    }
-
-    public void setId(String id) {
-        this.id = id;
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
-    public String getIdcard() {
-        return idcard;
-    }
-
-    public void setIdcard(String idcard) {
-        this.idcard = idcard;
-    }
-
-    public String getPoliceNumber() {
-        return policeNumber;
-    }
-
-    public void setPoliceNumber(String policeNumber) {
-        this.policeNumber = policeNumber;
-    }
-
-    public String getOrgName() {
-        return orgName;
-    }
-
-    public void setOrgName(String orgName) {
-        this.orgName = orgName;
-    }
-
-    public String getOrgCode() {
-        return orgCode;
-    }
-
-    public void setOrgCode(String orgCode) {
-        this.orgCode = orgCode;
-    }
-
-    public String getPostType() {
-        return postType;
-    }
-
-    public void setPostType(String postType) {
-        this.postType = postType;
-    }
-
-    public String getUserType() {
-        return userType;
-    }
-
-    public void setUserType(String userType) {
-        this.userType = userType;
-    }
-}

src/main/java/com/dragonsoft/dcuc/approvegateway/properties/DcucApproveProperties.java

@@ -0,0 +1,45 @@
+package com.dragonsoft.dcuc.approvegateway.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+/**
+ * <p>
+ * 审批配置
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/6/21
+ */
+@Data
+@ConfigurationProperties(prefix = "dcuc.approve")
+@Component
+public class DcucApproveProperties {
+
+    /**
+     * 竹云认证地址
+     */
+    private String bimIdentityUrl;
+
+    /**
+     * 竹云应用方标识
+     */
+    private String bimLoginId;
+
+    /**
+     * 竹云应用方秘钥
+     */
+    private String bimSecretKey;
+
+    /**
+     * 竹云 token 存储 key
+     */
+    private String bimTokenStoreKey = "bimTokenKey";
+
+    /**
+     * 竹云 token 失效时间（单位秒）
+     */
+    private Integer bimTokenExpireSecond = 9 * 60;
+
+}

src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -0,0 +1,39 @@
+{
+  "properties": [
+    {
+      "name": "apollo.meta",
+      "type": "java.lang.String",
+      "description": "apollo配置中心地址(服务端)."
+    },
+    {
+      "name": "app.id",
+      "type": "java.lang.String",
+      "description": "apollo appid，当app.id没有配置情况下将读取spring.application.name值."
+    },
+    {
+      "name": "apollo.bootstrap.namespaces",
+      "type": "java.lang.String",
+      "description": "apollo 命名空间，支持多个逗号隔开。按命名空间顺序依次加载，可用于公共配置."
+    },
+    {
+      "name": "apollo.bootstrap.enabled",
+      "type": "java.lang.String",
+      "description": "apollo 是否启用apollo."
+    },
+    {
+      "name": "apollo.cluster",
+      "type": "java.lang.String",
+      "description": "apollo 集群，默认default."
+    },
+    {
+      "name": "apollo.autoUpdateInjectedSpringProperties",
+      "type": "java.lang.String",
+      "description": "apollo 取消placeholder的自动更新功能(默认true)."
+    },
+    {
+      "name": "duceap.license.enabled",
+      "type": "java.lang.String",
+      "description": "License认证开关，默认开启."
+    }
+  ]
+}

src/main/resources/application-base.yml

@@ -0,0 +1,75 @@
+server:
+  port: 8866
+  servlet:
+    context-path: /approve-gateway
+spring:
+  application:
+    name: approve-gateway
+  cloud:
+    nacos:
+      discovery:
+        server-addr: 127.0.0.1:8848
+
+zuul:
+  retryable: true
+  # 这个配置必须保留，才会传递Authorization，cookie等
+  sensitive-headers:
+  host:
+    connect-timeout-millis: 60000
+    socket-timeout-millis: 60000
+
+ribbon:
+  ConnectTimeout: 60000 # 连接超时时间(ms)
+  ReadTimeout: 60000 # 通信超时时间(ms)
+  OkToRetryOnAllOperations: true # 是否对所有操作重试
+  MaxAutoRetriesNextServer: 2 # 同一服务不同实例的重试次数
+  MaxAutoRetries: 1 # 同一实例的重试次数
+hystrix:
+  command:
+    default:
+      execution:
+        isolation:
+          thread:
+            timeoutInMillisecond: 60000 # 熔断超时时长：6000ms
+
+duceap:
+  license:
+    dataCacheMethod: apollo
+    #配置用来指定license对接的后端项目地址(格式：ip:port/context，如http://10.10.10.10:8080/ctx)，默认使用HttpServletRequest.getLocalAddr()方法获取ip地址，应用在docker部署环境中无法获取机子的真实ip地址 考虑以配置参数的形式传入
+    #address: http://10.10.10.10:8080/ctx
+    enabled: false
+  apollo:
+    client:
+      host: http://192.168.10.27:8070 #配置中心地址(portal端)
+  security:
+    ##配置登陆方式，dids、dssoac、dcuc
+    type: dcuc
+    ##dids登录配置#
+    dids2:
+      ##应用代码
+      appCode: YHZX0000000000000001
+      useSSO: true
+      ##单点登录服务器地址
+      SSOLoginUrl: http://10.201.7.30:9090/didsserver/login
+      ##单点登录服务接口地址
+      SSOValidateUrl: http://10.201.7.30:9090/didsserver/serviceValidate
+      ##对接系统地址(ip:端口/上下文/login) 开发环境中, ip端口需要配置成代理的前端地址(请全程使用真实的ip 而不是localhost或者127.0.0.1，否则会导致登录失败)
+      SSOServiceUrl: http://10.11.0.240:1645/approve-gateway/login
+      accessType: 1
+      ##单点登录服务接口地址
+      webServiceUrl: http://10.201.7.30:9090/didsserver/webservices/
+      jndi: JDBC/DIDS
+      filterType: 1
+      ##若匹配该地址，则无须过滤
+      noFilterUrl: /api/v1/,/v1/,/v2/api-docs,services,hessian,commons,install.action,.xml,/install,/widgets-src/,/authorizationPage.html,/importAuthorizationFile.html,/license/LicenseManagerServlet,/authorizationFile/
+    dcuc:
+      casServerUrlPrefix: http://192.168.10.2:8877/sso
+      serverName: http://10.11.0.240:1645 http://10.254.11.185:1645
+      ignorePattern: /v2/api-docs,/api/v1/process-types,api/v1/process-type,api/v1/apply,services,hessian,commons,install.action,.xml,/install,/widgets-src/,/authorizationPage.html,/importAuthorizationFile.html,/license/LicenseManagerServlet,/authorizationFile/
+      ApiUrl: http://192.168.10.2:8860/dcuc
+      appCode: YHZX0000000000000001
+dcuc:
+  approve:
+    bim-identity-url: https://127.0.0.1:8443/bim-server
+    bim-login-id: app1
+    bim-secret-key: app1@123

src/main/resources/application.yml

@@ -1,95 +1,14 @@
-server:
-  port: 8866
-  servlet:
-    context-path: /approve-gateway
-
 spring:
-  application:
-    name: approve-gateway
-  cloud:
-    nacos:
-      discovery:
-        server-addr: 127.0.0.1:8848
-
-zuul:
-  retryable: true
-  # 这个配置必须保留，才会传递Authorization，cookie等
-  sensitive-headers:
-  host:
-    connect-timeout-millis: 60000
-    socket-timeout-millis: 60000
-
-ribbon:
-  ConnectTimeout: 60000 # 连接超时时间(ms)
-  ReadTimeout: 60000 # 通信超时时间(ms)
-  OkToRetryOnAllOperations: true # 是否对所有操作重试
-  MaxAutoRetriesNextServer: 2 # 同一服务不同实例的重试次数
-  MaxAutoRetries: 1 # 同一实例的重试次数
-hystrix:
-  command:
-    default:
-      execution:
-        isolation:
-          thread:
-            timeoutInMillisecond: 60000 # 熔断超时时长：6000ms
-
-duceap:
-  license:
-    dataCacheMethod: apollo
-    #配置用来指定license对接的后端项目地址(格式：ip:port/context，如http://10.10.10.10:8080/ctx)，默认使用HttpServletRequest.getLocalAddr()方法获取ip地址，应用在docker部署环境中无法获取机子的真实ip地址 考虑以配置参数的形式传入
-    #address: http://10.10.10.10:8080/ctx
-    enabled: false
-  apollo:
-    client:
-      host: http://192.168.10.27:8070 #配置中心地址(portal端)
-  security:
-    ##配置登陆方式，dids、dssoac、dcuc
-    type: dcuc
-    ##dids登录配置#
-    dids2:
-      ##应用代码
-      appCode: YHZX0000000000000001
-      useSSO: true
-      ##单点登录服务器地址
-      SSOLoginUrl: http://10.201.7.30:9090/didsserver/login
-      ##单点登录服务接口地址
-      SSOValidateUrl: http://10.201.7.30:9090/didsserver/serviceValidate
-      ##对接系统地址(ip:端口/上下文/login) 开发环境中, ip端口需要配置成代理的前端地址(请全程使用真实的ip 而不是localhost或者127.0.0.1，否则会导致登录失败)
-      SSOServiceUrl: http://10.11.0.240:1645/approve-gateway/login
-      accessType: 1
-      ##单点登录服务接口地址
-      webServiceUrl: http://10.201.7.30:9090/didsserver/webservices/
-      jndi: JDBC/DIDS
-      filterType: 1
-      ##若匹配该地址，则无须过滤
-      noFilterUrl: /api/v1/,/v1/,/v2/api-docs,services,hessian,commons,install.action,.xml,/install,/widgets-src/,/authorizationPage.html,/importAuthorizationFile.html,/license/LicenseManagerServlet,/authorizationFile/
-    dcuc:
-      casServerUrlPrefix: http://192.168.10.2:8877/sso
-      serverName: http://10.11.0.240:1645 http://10.254.11.185:1645
-      ignorePattern: /v2/api-docs,/api/v1/process-types,api/v1/process-type,api/v1/apply,services,hessian,commons,install.action,.xml,/install,/widgets-src/,/authorizationPage.html,/importAuthorizationFile.html,/license/LicenseManagerServlet,/authorizationFile/
-      ApiUrl: http://192.168.10.2:8860/dcuc
-      appCode: YHZX0000000000000001
-
-#=========================apollo配置信息============================#
+  profiles:
+    include: base
+#apollo配置
 apollo:
+  autoUpdateInjectedSpringProperties: false
   bootstrap:
-    enabled: false #是否启用apollo
-    namespaces: application, dragonsoft.approve-common #命名空间，默认application
-  cluster: default #集群，默认default
-  meta: http://192.168.10.27:8080 #配置中心地址(服务端)
-
-approve:
-  filter:
-    hw:
-      app:
-        secret: test
-        key: test
-      # 华为网关地址
-      host: http://10.11.1.164:11480
-      # 过滤器开关
-      enabled: false
-    dcuc:
-      # dcuc主机地址
-      host: http://192.168.10.2:8870
-      # 过滤器开关
-      enabled: true
+    enabled: false
+    namespaces: application,dragonsoft.dcuc
+  cluster: default
+  meta: http://192.168.10.80:8081
+duceap:
+  license:
+    enabled: false