Merge branch 'huangzqa-new-version-20210404' into 'develop'

修改Tomcat打包，校验令牌

See merge request dcuc-tjdsj/auth-back!2

pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.dragoninfo</groupId>
     <artifactId>dcuc-auth-back</artifactId>
-    <version>2.1.0-SNAPSHOT</version>
+    <version>2.1.0-tjdsj-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -107,7 +107,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-auth-api</artifactId>
-            <version>2.1.0-SNAPSHOT</version>
+            <version>2.1.0-tjdsj-SNAPSHOT</version>
         </dependency>
         <!--redis缓存-->
         <dependency>
@@ -156,11 +156,18 @@
             <artifactId>spring-boot-starter-validation</artifactId>
             <version>2.4.2</version>
         </dependency>
+
         <!--配置 dcuc 结束-->
         <dependency>
             <groupId>net.unicon.cas</groupId>
             <artifactId>cas-client-autoconfig-support</artifactId>
             <version>2.1.0-GA</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>joda-time</artifactId>
+                    <groupId>joda-time</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/log4j/log4j -->
@@ -171,12 +178,6 @@
             <version>2.7.5</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpmime</artifactId>
-            <version>4.5.3</version>
-        </dependency>
-
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
@@ -253,7 +254,44 @@
             <uniqueVersion>false</uniqueVersion>
         </snapshotRepository>
     </distributionManagement>
+
+    <packaging>${project.packaging}</packaging>
     <profiles>
+        <!--war打包配置-->
+        <!--使用方式 mvn clean package -Pwar-->
+        <profile>
+            <id>war</id>
+            <properties>
+                <project.packaging>war</project.packaging>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>com.dragonsoft</groupId>
+                    <artifactId>duceap-boot-starter-web</artifactId>
+                    <!-- 移除嵌入式tomcat插件 -->
+                    <exclusions>
+                        <exclusion>
+                            <groupId>org.springframework.boot</groupId>
+                            <artifactId>spring-boot-starter-tomcat</artifactId>
+                        </exclusion>
+                    </exclusions>
+                </dependency>
+            </dependencies>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-war-plugin</artifactId>
+                        <version>2.1.1</version>
+                        <configuration>
+                            <failOnMissingWebXml>false</failOnMissingWebXml>
+                            <!--排除licenseignore包，用来禁用许可开关，防止生产环境通过关闭开关，绕过许可-->
+                            <packagingExcludes>WEB-INF/lib/duceap-support-licenseignore*.jar</packagingExcludes>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>jar</id>
             <activation>

src/main/assembly/conf/logback.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-	<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
-		<encoder>
-			<pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-		</encoder>
-	</appender>
-
-	<appender name="rollingFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
-		<file>logs/dcuc-authweb.log</file>
-		<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-			<fileNamePattern>logs/dcuc-authweb.%d{yyyy-MM-dd}.log</fileNamePattern>
-		</rollingPolicy>
-		<encoder>
-			<pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-		</encoder>
-	</appender>
-
-	<!--<appender name="rollingFileThread" class="ch.qos.logback.core.rolling.RollingFileAppender">
-		<file>logs/duceap2.log</file>
-		<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-			<fileNamePattern>logs/duceap2.%d{yyyy-MM-dd}.log</fileNamePattern>
-		</rollingPolicy>
-		<encoder>
-			<pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-		</encoder>
-		<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
-			<evaluator>
-				<expression>
-					<![CDATA[
-						 !event.getThreadName().contains("DefaultQuartzScheduler")
-         			]]>
-				</expression>
-			</evaluator>
-			<OnMatch>DENY</OnMatch>
-			<OnMismatch>NEUTRAL</OnMismatch>
-		</filter>
-	</appender>-->
-
-	<!-- project default level -->
-	<logger name="java.sql.Connection" level="INFO" />
-	<logger name="java.sql.Statement" level="INFO" />
-	<logger name="java.sql.PreparedStatement" level="INFO" />
-	<logger name="com.dragonsoft" level="DEBUG" />
-	<logger name="com.dragoninfo" level="DEBUG" />
-
-
-	<!--log4jdbc -->
-	<logger name="jdbc.sqltiming" level="INFO"/>
-
-	<root level="INFO">
-		<appender-ref ref="console" />
-		<appender-ref ref="rollingFile" />
-	</root>
-
-	<!--<logger name="com.dragonsoft.duceap" level="DEBUG"><appender-ref ref="rollingFileThread" /></logger>-->
-</configuration>

src/main/java/com/dragoninfo/dcuc/authweb/ConsumerTomcatApplication.java

@@ -0,0 +1,22 @@
+package com.dragoninfo.dcuc.authweb;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/4
+ **/
+@SpringBootApplication(scanBasePackages = {"com.dragonsoft", "com.dragoninfo"})
+public class ConsumerTomcatApplication extends SpringBootServletInitializer {
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
+        return builder.sources(ConsumerTomcatApplication.class);
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(ConsumerTomcatApplication.class, args);
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/business/HwIdentityBusiness.java

@@ -0,0 +1,128 @@
+package com.dragoninfo.dcuc.authweb.business;
+
+import cn.hutool.http.HttpRequest;
+import com.dragoninfo.dcuc.authweb.config.DcucAuthWebConfig;
+import com.dragoninfo.dcuc.authweb.enums.HwTokenResultEnum;
+import com.dragoninfo.dcuc.authweb.vo.hwtoken.HwTokenCheckReqContentVO;
+import com.dragoninfo.dcuc.authweb.vo.hwtoken.HwTokenCheckReqVO;
+import com.dragoninfo.dcuc.authweb.vo.hwtoken.HwTokenCheckRespContentVO;
+import com.dragoninfo.dcuc.authweb.vo.hwtoken.HwTokenCheckRespVO;
+import com.dragonsoft.duceap.commons.util.date.DateConst;
+import com.dragonsoft.duceap.commons.util.date.DateUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @author huangzqa
+ * @date 2021/3/30
+ **/
+@Slf4j
+@Service
+public class HwIdentityBusiness {
+
+    @Autowired
+    private DcucAuthWebConfig dcucAuthWebConfig;
+
+    /**
+     * 校验令牌
+     *
+     * @param userToken 用户令牌
+     * @param appToken  应用令牌
+     * @return 是否有效
+     */
+    public boolean checkToken(String userToken, String appToken) {
+
+        HwTokenCheckReqVO hwTokenCheckReqVO = new HwTokenCheckReqVO();
+
+        HwTokenCheckReqContentVO hwTokenCheckReqContentVO = new HwTokenCheckReqContentVO();
+        hwTokenCheckReqContentVO.setAppToken(appToken);
+        hwTokenCheckReqContentVO.setUserToken(userToken);
+        hwTokenCheckReqContentVO.setMessageId(DateUtils.getDateFormat(DateConst.DB_STORE_DATE));
+        hwTokenCheckReqContentVO.setEsn(dcucAuthWebConfig.getHwIdentityEsn());
+
+        hwTokenCheckReqVO.setContent(Collections.singletonList(hwTokenCheckReqContentVO));
+
+        HwTokenCheckRespVO hwTokenCheckRespVO = sendRequest(hwTokenCheckReqVO);
+
+        List<HwTokenCheckRespContentVO> content = hwTokenCheckRespVO.getContent();
+
+        String validValue = HwTokenResultEnum.VALID.getValue();
+        for (HwTokenCheckRespContentVO hwTokenCheckRespContentVO : content) {
+            String usercheckResult = hwTokenCheckRespContentVO.getUsercheckResult();
+            String appcheckResult = hwTokenCheckRespContentVO.getAppcheckResult();
+
+            if (!usercheckResult.equals(validValue)) {
+                return false;
+            }
+
+            if (!appcheckResult.equals(validValue)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * 校验用户令牌
+     *
+     * @param userToken 用户令牌
+     * @return 是否有效
+     */
+    public boolean checkUserToken(String userToken) {
+
+        HwTokenCheckReqVO hwTokenCheckReqVO = new HwTokenCheckReqVO();
+
+        HwTokenCheckReqContentVO hwTokenCheckReqContentVO = new HwTokenCheckReqContentVO();
+        hwTokenCheckReqContentVO.setAppToken("");
+        hwTokenCheckReqContentVO.setUserToken(userToken);
+        hwTokenCheckReqContentVO.setMessageId(DateUtils.getDateFormat(DateConst.DB_STORE_DATE));
+        hwTokenCheckReqContentVO.setEsn(dcucAuthWebConfig.getHwIdentityEsn());
+
+        hwTokenCheckReqVO.setContent(Collections.singletonList(hwTokenCheckReqContentVO));
+
+        HwTokenCheckRespVO hwTokenCheckRespVO = sendRequest(hwTokenCheckReqVO);
+
+        List<HwTokenCheckRespContentVO> content = hwTokenCheckRespVO.getContent();
+
+        String validValue = HwTokenResultEnum.VALID.getValue();
+        for (HwTokenCheckRespContentVO hwTokenCheckRespContentVO : content) {
+            String usercheckResult = hwTokenCheckRespContentVO.getUsercheckResult();
+
+            if (!usercheckResult.equals(validValue)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * 发送请求
+     *
+     * @param hwTokenCheckReqVO 请求
+     * @return 返回值
+     */
+    private HwTokenCheckRespVO sendRequest(HwTokenCheckReqVO hwTokenCheckReqVO) {
+        String reqJson = JsonUtils.toJSONString(hwTokenCheckReqVO);
+
+        log.info("Token check req :{}", reqJson);
+
+        String url = dcucAuthWebConfig.getHwIdentityUrl() + "/tacs/tokencheck";
+
+        log.info("Token check req url:{}", reqJson);
+        String postResp = HttpRequest.post(url)
+                .body(reqJson)
+                .header("Message-Type", "tokencheck")
+                .execute()
+                .body();
+        log.info("Token check resp :{}", postResp);
+
+        return JsonUtils.parseObject(postResp, HwTokenCheckRespVO.class);
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/common/MtAuthService.java → src/main/java/com/dragoninfo/dcuc/authweb/business/MtAuthBusiness.java

@@ -1,14 +1,18 @@
-package com.dragoninfo.dcuc.authweb.common;
+package com.dragoninfo.dcuc.authweb.business;
 
+import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.user.admin.facade.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 /**
- * Created by Administrator on 2019/3/21.
+ * 管理范围
+ *
+ * @author Administrator
+ * @date 2019/3/21
  */
 @Component
-public class MtAuthService {
+public class MtAuthBusiness {
 
     @Autowired
     private IOrgMtAuthFacade orgMtAuthFacade;
@@ -22,12 +26,11 @@ public class MtAuthService {
     private IMgeMtAuthFacade mgeMtAuthFacade;
 
     /**
-     *
      * 获取用户各类型管理范围
      *
-     * @param userId
-     * @param type
-     * @return
+     * @param userId 用户ID
+     * @param type   类型
+     * @return 管理范围
      */
     public String getMtAuth(String userId, String type) {
         if (SysConstants.MT_ORG.equals(type)) {

src/main/java/com/dragoninfo/dcuc/authweb/common/SysConstants.java

@@ -1,33 +1,38 @@
 package com.dragoninfo.dcuc.authweb.common;
 
 
-import java.math.BigDecimal;
-import java.util.Date;
-
 /**
- * Created by Administrator on 2018/11/1.
+ * @author Administrator
+ * @date 2018/11/1
  */
 public class SysConstants {
 
-    /** 机构管理范围 **/
-    public final static String MT_ORG = "ORG";
-    /** 用户管理范围 **/
-    public final static String MT_USER = "USER";
-    /** 授权管理范围 **/
-    public final static String MT_APP = "APP";
-    /** 管理员管理范围 **/
-    public final static String MT_MGE = "MGE";
-    /** 临时管理范围 **/
-    public final static String MT_TEMP = "TEMP";
-
-    //列表导出的最大数量
-    public final static int EXPORT_NUMBER_MAX = 1000;
-
-    public static final String JMGZ = "******";
-    public static final BigDecimal JMGZ_BIGDECIMAL = new BigDecimal(-999);
-    public static final Date JMGZ_DATE = new Date(0);
-
-
-
+    /**
+     * 机构管理范围
+     **/
+    public static final String MT_ORG = "ORG";
+    /**
+     * 用户管理范围
+     **/
+    public static final String MT_USER = "USER";
+    /**
+     * 授权管理范围
+     **/
+    public static final String MT_APP = "APP";
+    /**
+     * 管理员管理范围
+     **/
+    public static final String MT_MGE = "MGE";
+    /**
+     * 临时管理范围
+     **/
+    public static final String MT_TEMP = "TEMP";
+    /**
+     * 列表导出的最大数量
+     */
+    public static final int EXPORT_NUMBER_MAX = 1000;
+
+    private SysConstants() {
+    }
 
 }

src/main/java/com/dragoninfo/dcuc/authweb/config/DcucAuthWebConfig.java

@@ -1,11 +1,13 @@
 package com.dragoninfo.dcuc.authweb.config;
 
+import com.dragoninfo.dcuc.authweb.enums.CheckTypeEnum;
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 /**
- * Created by Administrator on 2019/3/13.
+ * @author Administrator
+ * @date 2019/3/13
  */
 @ConfigurationProperties(prefix = "dcuc.authweb")
 @Data
@@ -23,7 +25,17 @@ public class DcucAuthWebConfig {
     private boolean authAccess;
 
     /**
-     * 是否启用接口必传参数检查
+     * 华为认证地址
      */
-    private boolean enableApiCheck;
+    private String hwIdentityUrl;
+
+    /**
+     * 注册在华为认证,权限的唯一标识，与注册接口保持一致，不能为其他值
+     */
+    private String hwIdentityEsn;
+
+    /**
+     * 凭据鉴权类型
+     */
+    private CheckTypeEnum checkTypeEnum = CheckTypeEnum.TOKEN;
 }

src/main/java/com/dragoninfo/dcuc/authweb/config/WebMvcConfig.java

@@ -48,7 +48,8 @@ public class WebMvcConfig implements WebMvcConfigurer {
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(getAuthBeforeResInterceptor())
                 .addPathPatterns("/api/auth-service/**")
-                .addPathPatterns("/api/app-service/**");
+                .addPathPatterns("/api/app-service/**")
+                .excludePathPatterns("/api/auth-service/v1/apps/authentication");
 
     }
 

src/main/java/com/dragoninfo/dcuc/authweb/enums/CheckTypeEnum.java

@@ -0,0 +1,40 @@
+package com.dragoninfo.dcuc.authweb.enums;
+
+import com.dragonsoft.duceap.base.enums.ICodeEnum;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/6
+ **/
+public enum CheckTypeEnum implements ICodeEnum {
+    /**
+     * 基本凭据
+     */
+    BASE("base", "基本凭据"),
+
+    /**
+     * 令牌凭据
+     */
+    TOKEN("token", "令牌凭据");
+
+
+    private String value;
+
+    private String label;
+
+    CheckTypeEnum(String value, String label) {
+        this.value = value;
+        this.label = label;
+    }
+
+
+    @Override
+    public String getValue() {
+        return this.value;
+    }
+
+    @Override
+    public String getLabel() {
+        return this.label;
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/enums/HwTokenResultEnum.java

@@ -0,0 +1,35 @@
+package com.dragoninfo.dcuc.authweb.enums;
+
+import com.dragonsoft.duceap.base.enums.ICodeEnum;
+
+/**
+ * @author huangzqa
+ * @date 2021/3/30
+ **/
+public enum HwTokenResultEnum implements ICodeEnum {
+
+    /**
+     * 有效
+     */
+    VALID("valid", "有效");
+
+    private String value;
+
+    private String label;
+
+
+    HwTokenResultEnum(String value, String label) {
+        this.value = value;
+        this.label = label;
+    }
+
+    @Override
+    public String getValue() {
+        return this.value;
+    }
+
+    @Override
+    public String getLabel() {
+        return this.label;
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/interceptor/AuthBeforeResInterceptor.java

@@ -2,7 +2,9 @@ package com.dragoninfo.dcuc.authweb.interceptor;
 
 import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.authweb.business.HwIdentityBusiness;
 import com.dragoninfo.dcuc.authweb.config.DcucAuthWebConfig;
+import com.dragoninfo.dcuc.authweb.enums.CheckTypeEnum;
 import com.dragoninfo.dcuc.authweb.exception.EvidenceException;
 import com.dragoninfo.dcuc.common.Constants;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
@@ -28,9 +30,13 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
 
     @Autowired
     private IUserInfoFacade userInfoFacade;
+
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
 
+    @Autowired
+    private HwIdentityBusiness hwIdentityBusiness;
+
     @Autowired
     private DcucAuthWebConfig dcucAuthWebConfig;
 
@@ -44,47 +50,53 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
      */
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+
+        CheckTypeEnum checkTypeEnum = dcucAuthWebConfig.getCheckTypeEnum();
+
         log.info("AuthBeforeResInterceptor自定义拦截器");
 
-        String idcard = getIdcard(request);
-        String appCode = getAppCode(request);
+        if (checkTypeEnum.equals(CheckTypeEnum.BASE)) {
+            String idcard = getIdcard(request);
+            String appCode = getAppCode(request);
 
-        log.info("Request header idcard:{},appCode:{}", idcard, appCode);
+            log.info("Request header idcard:{},appCode:{}", idcard, appCode);
 
-        String userToken = getUserToken(request);
-        String appToken = getAppToken(request);
+            if (StrUtil.isNotBlank(idcard) && StrUtil.isNotBlank(appCode)) {
+                if (StrUtil.isBlank(idcard) || StrUtil.isBlank(appCode)) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
+                }
+
+                UserInfo userInfo = userInfoFacade.userDetail("idcard", idcard);
+                if (userInfo == null) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：idcard无权限，或身份证错误");
+                }
+                //校验应用
+                String appId = applyInfoFacade.codeConvertToId(appCode);
+                if (StrUtil.isBlank(appId)) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：appCode无权限，或appCode错误");
+                }
+
+                request.setAttribute("idcard", idcard);
+                request.setAttribute("appCode", appCode);
 
-        if (StrUtil.isNotBlank(idcard) && StrUtil.isNotBlank(appCode)) {
-            if (StrUtil.isBlank(idcard) || StrUtil.isBlank(appCode)) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
-            }
-            // 判断是否开启检查
-            if (!dcucAuthWebConfig.isEnableApiCheck()) {
                 return true;
             }
 
-            UserInfo userInfo = userInfoFacade.userDetail("idcard", idcard);
-            if (userInfo == null) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：idcard无权限，或身份证错误");
-            }
-            //校验应用
-            String appId = applyInfoFacade.codeConvertToId(appCode);
-            if (StrUtil.isBlank(appId)) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：appCode无权限，或appCode错误");
-            }
+        } else if (checkTypeEnum.equals(CheckTypeEnum.TOKEN)) {
 
-            return true;
-        } else if (StrUtil.isNotBlank(userToken) && StrUtil.isNotBlank(appToken)) {
-            //token校验
-            log.info("Request header userToken:{},appToken:{}", userToken, appToken);
+            String userToken = getUserToken(request);
+            String appToken = getAppToken(request);
+            if (StrUtil.isNotBlank(userToken) && StrUtil.isNotBlank(appToken)) {
+                log.info("Request header userToken:{},appToken:{}", userToken, appToken);
 
-            if (StrUtil.isBlank(appToken) || StrUtil.isBlank(userToken)) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
-            }
-            //todo 校验token 未完善
+                if (StrUtil.isBlank(appToken) || StrUtil.isBlank(userToken)) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
+                }
 
-            return true;
+                return hwIdentityBusiness.checkToken(userToken, appToken);
+            }
         }
+
         throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "请传入凭据");
     }
 
@@ -110,8 +122,13 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
         String userToken = request.getHeader(Constants.DCUC_USER_TOKEN);
         if (StrUtil.isBlank(userToken)) {
             // 获取数据总线用户令牌
-            request.getHeader(Constants.BUS_SRE_TOKEN);
+            userToken = request.getHeader(Constants.BUS_SRE_TOKEN);
+        }
+
+        if (StrUtil.isBlank(userToken)) {
+            userToken = request.getHeader(Constants.USER_TOKEN);
         }
+
         return userToken;
     }
 
@@ -122,6 +139,11 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
             // 获取数据总线应用令牌
             appToken = request.getHeader(Constants.BUS_SRA_TOKEN);
         }
+
+        if (StrUtil.isBlank(appToken)) {
+            appToken = request.getHeader(Constants.APP_TOKEN);
+        }
+
         return appToken;
     }
 }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/controller/AuthServiceController.java

@@ -1,18 +1,24 @@
 package com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.controller;
 
+import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.ServiceAuthResultDTO;
 import com.dragoninfo.dcuc.auth.auth.facade.IServiceAuthFacade;
 import com.dragoninfo.dcuc.auth.auth.facade.IServiceAuthResultFacade;
+import com.dragoninfo.dcuc.auth.auth.facade.IStaffAssignAuthInfoFacade;
+import com.dragoninfo.dcuc.authweb.business.HwIdentityBusiness;
+import com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.vo.AppAuthRespVO;
 import com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.vo.ServiceAuthResultVo;
 import com.dragoninfo.dcuc.authweb.util.VersionUtils;
+import com.dragoninfo.dcuc.common.Constants;
 import com.dragoninfo.dcuc.common.entity.ApiResult;
 import com.dragoninfo.dcuc.common.entity.ApiSearchReq;
 import com.dragoninfo.dcuc.common.utils.SearchableUtil;
-import com.dragoninfo.dcuc.user.user.enumresources.YesNotEnum;
+import com.dragoninfo.dcuc.user.user.entity.UserInfo;
+import com.dragoninfo.dcuc.user.user.facade.IUserFacade;
 import com.dragonsoft.duceap.base.enums.BooleanEnum;
-import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.core.search.Searchable;
 import com.dragonsoft.duceap.core.search.enums.SearchOperator;
 import io.swagger.annotations.Api;
@@ -29,10 +35,11 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 /**
- * @Author yica
- * @Date 2021/2/24 19:11
+ * @author yica huangzqa
+ * @date 2021/2/24 19:11
  **/
 @RestController
 @Api(tags = {"权限管理对外开放接口"})
@@ -44,9 +51,42 @@ public class AuthServiceController {
 
     @Autowired
     private IServiceAuthResultFacade serviceAuthResultFacade;
+
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
 
+    @Autowired
+    private IStaffAssignAuthInfoFacade staffAssignAuthInfoFacade;
+
+    @Autowired
+    private IUserFacade userFacade;
+
+    @Autowired
+    private HwIdentityBusiness hwIdentityBusiness;
+
+    @PostMapping(value = "apps/authentication")
+    @ApiOperation(value = "应用级鉴权")
+    @ApiImplicitParams({@ApiImplicitParam(name = "appsAuthenticationReq", value = "应用级鉴权VO")})
+    public ApiResult appsAuthentication(@RequestHeader(Constants.DCUC_USER_TOKEN) String userToken) {
+
+        boolean checkUserToken = hwIdentityBusiness.checkUserToken(userToken);
+
+        if (!checkUserToken) {
+            return ApiResult.setFailMessage("用户令牌无效");
+        }
+        // todo 获取用户身份证号
+        String idcard = userToken;
+        UserInfo userInfo = userFacade.detailBySfzh(idcard);
+        if (userInfo == null) {
+            return ApiResult.setFailMessage("用户不存在");
+        }
+        String userId = userInfo.getId();
+        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoFacade.getAppLitByUserId(userId);
+        List<AppAuthRespVO> respVOList = appList.stream().map(AppAuthRespVO::parseDto)
+                .collect(Collectors.toList());
+        return ApiResult.setSuccessResult(respVOList);
+    }
+
     /**
      * 服务级鉴权
      *
@@ -58,7 +98,7 @@ public class AuthServiceController {
     @ApiImplicitParams({@ApiImplicitParam(name = "ServiceAuthenticationReq", value = "服务鉴权vo")})
     public ApiResult authentication(HttpServletRequest request) {
         String appCode = request.getHeader("appCode");
-        if (StringUtils.isEmpty(appCode)){
+        if (StrUtil.isBlank(appCode)) {
             return ApiResult.setFailMessage("appCode is not null");
         }
         ApplyInfo applyInfo = applyInfoFacade.getAppByCode(appCode);
@@ -84,8 +124,8 @@ public class AuthServiceController {
             String message = e.getMessage();
             return ApiResult.setFailMessage(message);
         }
-        Page<ServiceAuthResultDTO> serviceAuthResultDTOS = serviceAuthResultFacade.serviceAuthResultPage(searchable.toSearchDTO());
-        List<ServiceAuthResultDTO> content = serviceAuthResultDTOS.getContent();
+        Page<ServiceAuthResultDTO> serviceAuthResultDtoList = serviceAuthResultFacade.serviceAuthResultPage(searchable.toSearchDTO());
+        List<ServiceAuthResultDTO> content = serviceAuthResultDtoList.getContent();
         List<ServiceAuthResultVo> voList = new ArrayList<>(content.size());
 
         content.forEach(item -> {
@@ -95,7 +135,7 @@ public class AuthServiceController {
             vo.setPrivilegedTime(item.getCreateTime());
             voList.add(vo);
         });
-        return ApiResult.setSuccessPage(serviceAuthResultDTOS.getTotalElements(), voList);
+        return ApiResult.setSuccessPage(serviceAuthResultDtoList.getTotalElements(), voList);
     }
 
     @ApiOperation(value = "服务授权撤销")

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/vo/AppAuthRespVO.java

@@ -0,0 +1,43 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.vo;
+
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * 应用数据
+ *
+ * @author huangzqa
+ * @date 2020/7/9
+ */
+@ApiModel(value = "应用级鉴权返回")
+@Data
+public class AppAuthRespVO {
+
+    /**
+     * 应用代码
+     */
+    @ApiModelProperty(value = "应用代码")
+    private String appCode;
+
+    /**
+     * 应用 URL
+     */
+    @ApiModelProperty(value = "应用URL")
+    private String appUrl;
+
+    /**
+     * 解析
+     *
+     * @param appDataSensitiveLevelDTO DTO
+     * @return VO
+     */
+    public static AppAuthRespVO parseDto(AppDataSensitiveLevelDTO appDataSensitiveLevelDTO) {
+        AppAuthRespVO appAuthRespVO = new AppAuthRespVO();
+        appAuthRespVO.setAppCode(appDataSensitiveLevelDTO.getCode());
+        appAuthRespVO.setAppUrl(appDataSensitiveLevelDTO.getUrl());
+        return appAuthRespVO;
+    }
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/AppController.java

@@ -10,7 +10,7 @@ import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IManufacturerInfoFacade;
 import com.dragoninfo.dcuc.auth.auth.vo.ApplicationInfoVO;
 import com.dragoninfo.dcuc.auth.power.facade.IApplicationInfoFacade;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AppVo;
 import com.dragoninfo.dcuc.duceap.facade.IDuceapUploadFacade;
@@ -55,7 +55,7 @@ public class AppController {
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
     @Autowired
     private IUserInfoFacade userInfoFacade;
     @Autowired
@@ -204,7 +204,7 @@ public class AppController {
         List<Map<String, Object>> result = new ArrayList<>();
         SecurityUser user = (SecurityUser) ContextUtils.getUserInfo();
         //用户范围
-        String userMt = mtAuthService.getMtAuth(user.getId(), SysConstants.MT_USER);
+        String userMt = mtAuthBusiness.getMtAuth(user.getId(), SysConstants.MT_USER);
         if (StringUtils.isEmpty(userMt)) {
             return Result.success(result);
         }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/ManufacturerInfoController.java

@@ -5,7 +5,7 @@ import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.entity.ManufacturerInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IManufacturerInfoFacade;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.ManufacturerVo;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
@@ -45,7 +45,7 @@ public class ManufacturerInfoController extends BaseController<ManufacturerInfo,
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
 
     @Autowired
     private IOrgInfoFacade orgInfoFacade;
@@ -146,7 +146,7 @@ public class ManufacturerInfoController extends BaseController<ManufacturerInfo,
         List<ManufacturerInfo> manufacturerInfoList = new ArrayList<>();
         BaseSecurityUser user = ContextUtils.getUserInfo();
         //用户范围
-        String userMt = mtAuthService.getMtAuth(user.getId(), SysConstants.MT_USER);
+        String userMt = mtAuthBusiness.getMtAuth(user.getId(), SysConstants.MT_USER);
         //所有应用
         List<ApplyInfo> applyInfoList = applyInfoFacade.getAllList();
         //范围内加过的厂商

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/RoleAuthInfoController.java

@@ -11,7 +11,7 @@ import com.dragoninfo.dcuc.auth.auth.facade.IRoleInfoFacade;
 import com.dragoninfo.dcuc.auth.auth.facade.IStaffAssignAuthInfoFacade;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleAuthParamVo;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleInfoVO;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.RoleAuthUserVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.StaffAssignAuthInfoVo;
@@ -64,7 +64,7 @@ public class RoleAuthInfoController {
     @Autowired
     private IStaffAssignAuthInfoFacade staffAssignAuthInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
     @Autowired
     private ICodeListResourceFacade iCodeListResourceFacade;
 
@@ -170,7 +170,7 @@ public class RoleAuthInfoController {
         searchable.addSearchFilter("name",SearchOperator.ne,iUserInfoFacade.getRootUser());
         Page<UserInfo> page = iUserInfoFacade.userList(searchDTO);
         if (!iUserInfoFacade.getRootUser().equals(curUser.getName())) {
-            String mtIds = mtAuthService.getMtAuth(curUser.getId(), SysConstants.MT_APP);
+            String mtIds = mtAuthBusiness.getMtAuth(curUser.getId(), SysConstants.MT_APP);
             if (StringUtils.isEmpty(mtIds)) {
                 return Result.success(0L,null);
             }
@@ -199,7 +199,7 @@ public class RoleAuthInfoController {
 //        searchable.addSearchFilter("jobType",SearchOperator.notIn,jobType);
         Page<UserInfo> page = iUserInfoFacade.userList(searchable.toSearchDTO());
         if (!iUserInfoFacade.getRootUser().equals(curUser.getName())) {
-            String mtIds = mtAuthService.getMtAuth(curUser.getId(), SysConstants.MT_APP);
+            String mtIds = mtAuthBusiness.getMtAuth(curUser.getId(), SysConstants.MT_APP);
             if (StringUtils.isEmpty(mtIds)) {
                 return Result.success(0L,null);
             }
@@ -259,7 +259,7 @@ public class RoleAuthInfoController {
         appId = (String) appIdCondition.getValue();
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
         if (!iUserInfoFacade.getRootUser().equals(curUser.getName())) {
-            String mtIds = mtAuthService.getMtAuth(curUser.getId(), SysConstants.MT_APP);
+            String mtIds = mtAuthBusiness.getMtAuth(curUser.getId(), SysConstants.MT_APP);
             if (StringUtils.isEmpty(mtIds)) {
                 return Result.success(0L,null);
             }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/org/OrgInfoController.java

@@ -2,19 +2,17 @@ package com.dragoninfo.dcuc.authweb.restcontroller.org;
 
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.org.vo.MergersVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.org.vo.OrgRangeVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.org.vo.OrgVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.org.vo.SortVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.statisics.vo.OrgTreeNodeVo;
-
 import com.dragoninfo.dcuc.authweb.util.UserUtils;
 import com.dragoninfo.dcuc.authweb.util.VersionUtils;
 import com.dragoninfo.dcuc.org.entity.OrgInfo;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
-
 import com.dragoninfo.dcuc.org.vo.OrgTreeNode;
 import com.dragoninfo.dcuc.user.admin.entity.OrgMtAuth;
 import com.dragoninfo.dcuc.user.admin.facade.*;
@@ -74,7 +72,7 @@ public class OrgInfoController {
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
     @Autowired
     private IMgeMtAuthFacade iMgeMtAuthFacade;
 
@@ -95,7 +93,7 @@ public class OrgInfoController {
         String type = (String) params.get("type");
         //获取管理范围ids
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
-        String mtAuthIds = mtAuthService.getMtAuth(curUser.getId(), type);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(curUser.getId(), type);
         if (StringUtils.isEmpty(id)) {
             //获取机构树根节点列表
             List<Map<String, Object>> result = this.treeRootList(mtAuthIds);
@@ -138,7 +136,7 @@ public class OrgInfoController {
         String userId = orgRangeVo.getUserId();
         //获取管理范围ids
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
-        String mtAuthIds = mtAuthService.getMtAuth(curUser.getId(),mtType);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(curUser.getId(), mtType);
         //当临时表没有数据时候，获取登录人的权限范围
         if (StringUtils.isEmpty(mtAuthIds)&&SysConstants.MT_TEMP.equals(orgRangeVo.getMtType())){
             mtAuthIds=iAppMtAuthFacade.mgeAppRightRangeStr(ContextUtils.getUserInfo().getId());
@@ -631,7 +629,7 @@ public class OrgInfoController {
      * @return
      */
     public List<Map<String, Object>> checkTreeNode(List<Map<String, Object>> treeNodes, String type, String targetUserId) {
-        String mtAuthIds = mtAuthService.getMtAuth(targetUserId, type);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(targetUserId, type);
         for (Map<String, Object> treeNode : treeNodes) {
             String orgId = (String) treeNode.get("id");
             String path = (String) treeNode.get("path");
@@ -719,7 +717,7 @@ public class OrgInfoController {
             @RequestParam(value = "id", required = false) String id) {
         //获取管理范围ids
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
-        String mtAuthIds = mtAuthService.getMtAuth(curUser.getId(), type);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(curUser.getId(), type);
         if (StringUtils.isEmpty(id)) {
             List<Map<String, Object>> result = this.treeRootList(mtAuthIds);
             return Result.success(result);

src/main/java/com/dragoninfo/dcuc/authweb/vo/hwtoken/HwTokenCheckReqContentVO.java

@@ -0,0 +1,32 @@
+package com.dragoninfo.dcuc.authweb.vo.hwtoken;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/3/30
+ **/
+@Data
+public class HwTokenCheckReqContentVO {
+
+    /**
+     * 消息ID，默认规则为日期
+     */
+    private String messageId;
+
+    /**
+     * 用户令牌
+     */
+    private String userToken;
+
+    /**
+     * 应用令牌
+     */
+    private String appToken;
+
+    /**
+     * 可信接入唯一标识，与注册接口保持一致，不能为其他值
+     */
+    private String esn;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/vo/hwtoken/HwTokenCheckReqVO.java

@@ -0,0 +1,16 @@
+package com.dragoninfo.dcuc.authweb.vo.hwtoken;
+
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author huangzqa
+ * @date 2021/3/30
+ **/
+@Data
+public class HwTokenCheckReqVO {
+
+    private List<HwTokenCheckReqContentVO> content;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/vo/hwtoken/HwTokenCheckRespContentVO.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.authweb.vo.hwtoken;
+
+import lombok.Data;
+
+/**
+ * @author huangzqa
+ * @date 2021/3/30
+ **/
+@Data
+public class HwTokenCheckRespContentVO {
+
+    private String messageId;
+
+    /**
+     * 用户令牌是否有效
+     */
+    private String usercheckResult;
+
+    /**
+     * 应用令牌是否有效
+     */
+    private String appcheckResult;
+
+    private String resultDescription;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/vo/hwtoken/HwTokenCheckRespVO.java

@@ -0,0 +1,17 @@
+package com.dragoninfo.dcuc.authweb.vo.hwtoken;
+
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author huangzqa
+ * @date 2021/3/30
+ **/
+@Data
+public class HwTokenCheckRespVO {
+
+
+    private List<HwTokenCheckRespContentVO> content;
+
+}

src/main/resources/application-base.yml

@@ -71,4 +71,6 @@ dcuc:
   authweb:
     app-code: QXXT0000000000000001
     auth-access: true
-    enable-api-check: false
+    hw-identity-url: http://localhost:8080
+    hw-identity-esn: demo
+    check-type-enum: token

src/main/resources/logback.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="rollingFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/dcuc-auth-back.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/dcuc-auth-back.%d{yyyy-MM-dd}.log</fileNamePattern>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <!--<appender name="rollingFileThread" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/duceap2.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/duceap2.%d{yyyy-MM-dd}.log</fileNamePattern>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+            <evaluator>
+                <expression>
+                    <![CDATA[
+                         !event.getThreadName().contains("DefaultQuartzScheduler")
+                     ]]>
+                </expression>
+            </evaluator>
+            <OnMatch>DENY</OnMatch>
+            <OnMismatch>NEUTRAL</OnMismatch>
+        </filter>
+    </appender>-->
+
+    <!-- project default level -->
+    <logger name="java.sql.Connection" level="INFO"/>
+    <logger name="java.sql.Statement" level="INFO"/>
+    <logger name="java.sql.PreparedStatement" level="INFO"/>
+    <logger name="com.dragonsoft" level="DEBUG"/>
+    <logger name="com.dragoninfo" level="DEBUG"/>
+
+
+    <!--log4jdbc -->
+    <logger name="jdbc.sqltiming" level="INFO"/>
+
+    <root level="INFO">
+        <appender-ref ref="console"/>
+        <appender-ref ref="rollingFile"/>
+    </root>
+
+    <!--<logger name="com.dragonsoft.duceap" level="DEBUG"><appender-ref ref="rollingFileThread" /></logger>-->
+</configuration>