Merge remote-tracking branch 'origin/release/v2.1.1-beta' into feature/v2.0.0-data-auth

pom.xml

@@ -215,6 +215,11 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>com.dragonsoft</groupId>
+            <artifactId>duceap-security-jwt</artifactId>
+        </dependency>
+
     </dependencies>
     <!--指定仓库地址-->
     <repositories>

src/main/java/com/dragoninfo/dcuc/authweb/interceptor/AuthBeforeResInterceptor.java

@@ -76,11 +76,9 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
                     throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：appCode无权限，或appCode错误");
                 }
 
-                request.setAttribute("idcard", idcard);
-                request.setAttribute("appCode", appCode);
-
                 return true;
             }
+            throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "基础凭据校验失败");
 
         } else if (checkTypeEnum.equals(CheckTypeEnum.TOKEN)) {
 
@@ -95,6 +93,9 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
 
                 return bimBusinessFacade.checkToken(userToken, appToken);
             }
+
+            throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "令牌凭据校验失败");
+
         } else if (checkTypeEnum.equals(CheckTypeEnum.NONE)) {
             return true;
         }

src/main/java/com/dragoninfo/dcuc/authweb/interceptor/SecurityAccessTokenResolver.java

@@ -0,0 +1,102 @@
+package com.dragoninfo.dcuc.authweb.interceptor;
+
+import com.dragoninfo.dcuc.auth.auth.facade.IBimBusinessFacade;
+import com.dragoninfo.dcuc.auth.auth.vo.bim.BimUserInfoItemRespVO;
+import com.dragoninfo.dcuc.common.Constants;
+import com.dragoninfo.dcuc.user.user.entity.UserInfo;
+import com.dragoninfo.dcuc.user.user.facade.IUserFacade;
+import com.dragonsoft.duceap.base.api.security.ISecurityAccessTokenResolver;
+import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
+import com.dragonsoft.duceap.base.entity.security.SecurityUser;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import com.dragonsoft.duceap.security.jwt.securityaccess.SecurityAccessTokenProperties;
+import com.dragonsoft.duceap.security.jwt.securityaccess.SecurityAccessUserCacheResolver;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.web.ServerProperties;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/15
+ **/
+@Slf4j
+@Component
+public class SecurityAccessTokenResolver implements ISecurityAccessTokenResolver {
+
+    @Autowired
+    private SecurityAccessTokenProperties secAccessProp;
+
+    @Autowired(required = false)
+    private SecurityAccessUserCacheResolver cacheResolver;
+
+    @Autowired
+    private IBimBusinessFacade bimBusinessFacade;
+
+    @Autowired
+    private IUserFacade userFacade;
+
+    public static final String FILTER_URL = "/api";
+    @Autowired
+    private ServerProperties serverProperties;
+
+    @Override
+    public BaseSecurityUser resolve(HttpServletRequest request) {
+        String contextPath = serverProperties.getServlet().getContextPath();
+        String requestUri = request.getRequestURI();
+        log.debug("Security filter origin uri:{}", requestUri);
+
+        // 去除上下文
+        requestUri = requestUri.substring(contextPath.length());
+
+        log.debug("Security filter not context uri:{}", requestUri);
+
+        if (requestUri.startsWith(FILTER_URL)) {
+            log.debug("URI:{} Not need get user info.", requestUri);
+            return null;
+        }
+
+        String userToken = request.getHeader(secAccessProp.getUserTokenHeaderName());
+        String appToken = request.getHeader(Constants.APP_TOKEN);
+
+        log.info("userToken:{},appToken:{}", userToken, appToken);
+
+        if (cacheResolver != null) {
+            //从缓存中取
+            SecurityUser securityUserCache = (SecurityUser) cacheResolver.getIfPresent(cacheResolver.cacheKey(userToken));
+
+            if (securityUserCache != null) {
+                log.info("Cache securityUserCache:{}", JsonUtils.toJSONString(securityUserCache));
+
+                return securityUserCache;
+            }
+        }
+
+        BimUserInfoItemRespVO userInfoItemRespVO = bimBusinessFacade.getUserInfoByUserToken(userToken);
+        String sfzh = userInfoItemRespVO.getSfzh();
+
+        UserInfo userInfo = userFacade.detailBySfzh(sfzh);
+        log.info("idcard:{}, userInfo :{}", sfzh, JsonUtils.toJSONString(userInfo));
+
+        SecurityUser securityUser = new SecurityUser();
+        securityUser.setId(userInfo.getId());
+        securityUser.setName(userInfo.getName());
+        securityUser.setUserName(userInfo.getIdcard());
+        securityUser.setPoliceNo(userInfo.getPoliceNumber());
+        securityUser.setIdcard(userInfo.getIdcard());
+        securityUser.setSecurityOrg(userInfo.getOrgCode());
+        securityUser.setSecurityOrgName(userInfo.getOrgName());
+
+        //放入缓存
+        if (cacheResolver != null) {
+            cacheResolver.put(cacheResolver.cacheKey(userToken), securityUser);
+        }
+
+        log.info("return idcard:{}, securityUser :{}", sfzh, JsonUtils.toJSONString(securityUser));
+
+        return securityUser;
+    }
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/controller/AuthServiceController.java

@@ -68,7 +68,7 @@ public class AuthServiceController {
     @Autowired
     private IBimBusinessFacade bimBusinessFacade;
 
-    @PostMapping(value = "apps/authentication")
+    @GetMapping(value = "apps/authentication")
     @ApiOperation(value = "应用级鉴权")
     @ApiImplicitParams({@ApiImplicitParam(name = "appsAuthenticationReq", value = "应用级鉴权VO")})
     public ApiResult appsAuthentication(@RequestHeader(Constants.DCUC_USER_TOKEN) String userToken) {
@@ -167,12 +167,12 @@ public class AuthServiceController {
             @ApiImplicitParam(name = "serviceCode", value = "服务编码")
     })
     @DeleteMapping("service/{appCode}/{serviceCode}")
-    public ApiResult delService(@PathVariable String appCode, @PathVariable String serviceCode)  {
+    public ApiResult delService(@PathVariable String appCode, @PathVariable String serviceCode) {
         try {
-            ServiceAuthResultDTO authDto = serviceAuthResultFacade.getDetailByAppAndService(appCode,serviceCode);
+            ServiceAuthResultDTO authDto = serviceAuthResultFacade.getDetailByAppAndService(appCode, serviceCode);
             serviceAuthResultFacade.delServiceAuthResult(authDto.getId());
             return ApiResult.setSuccess();
-        } catch (Exception e){
+        } catch (Exception e) {
             e.printStackTrace();
             return ApiResult.setFailMessage("服务授权撤销失败");
         }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/controller/RestLoginController.java

@@ -1,73 +0,0 @@
-package com.dragoninfo.dcuc.authweb.restcontroller.api.controller;
-
-import com.dragonsoft.duceap.commons.util.string.StringUtils;
-import com.google.common.collect.Lists;
-import org.apache.http.HttpResponse;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.message.BasicNameValuePair;
-import org.apache.http.util.EntityUtils;
-import org.jasig.cas.client.util.XmlUtils;
-import org.jasig.cas.client.validation.Assertion;
-import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.List;
-
-/**
- *
- * @author Administrator
- * @date 2019/3/5
- */
-@Controller
-@RequestMapping(value = "/api/")
-public class RestLoginController {
-    @RequestMapping(value = "login")
-    public void login(@RequestParam(value = "ticket", required = false) String ticket,
-                      HttpServletRequest request,
-                      HttpServletResponse response) {
-        //判断是否是单点登录服务器发出的退出请求
-        if (StringUtils.isNotEmpty(request.getParameter("logoutRequest"))) {
-            String logoutMessage = request.getParameter("logoutRequest");
-            final String key = XmlUtils.getTextForElement(logoutMessage, "SessionIndex");
-            //获取key后，从登录时保存的key与登录状态的映射对中获取登录状态并销毁，并处理退出逻辑
-            return;
-        }
-        //验证票据获取用户信息
-        if (StringUtils.isEmpty(ticket)) {
-            return;
-        }
-        HttpClient httpclient = HttpClientBuilder.create().build();
-        String casTicketValidateUrl = "http://54.179.163.62:8080/dcucserver/serviceValidate";
-        URIBuilder uriBuilder = null;
-        try {
-            uriBuilder = new URIBuilder(casTicketValidateUrl);
-            List<NameValuePair> params = Lists.newArrayList();
-            params.add(new BasicNameValuePair("ticket", ticket));
-            params.add(new BasicNameValuePair("service", "http://172.16.105.196:8888/dcuc/api/login"));
-            uriBuilder.addParameters(params);
-            HttpGet httpGet = new HttpGet(uriBuilder.build());
-            httpGet.addHeader("Content-Type", "application/x-www-form-urlencoded");
-            HttpResponse httpResponse = httpclient.execute(httpGet);
-            String tokenResponse = EntityUtils.toString(httpResponse.getEntity());
-            //解析响应的报文获取用户ID
-            Cas20ServiceTicketValidator cas20ServiceTicketValidator = new Cas20ServiceTicketValidator("");
-            Assertion assertion = cas20ServiceTicketValidator.parseResponse(tokenResponse);
-            String userId = assertion.getPrincipal().getName();
-            //获取userId后再调统一用户的相关接口获取更详细的用户信息，并实现系统的登录逻辑
-            //再以登录状态（如session）为value，以ticket为key，保存一份key与登录状态的映射对，用于单点退出
-
-            //最后重定向到登录后的页面
-            response.sendRedirect(request.getContextPath() + "/index");
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/ResourceListingController.java

@@ -25,7 +25,7 @@ import java.util.stream.Collectors;
 public class ResourceListingController {
 
     @Autowired
-    private IResourceFacade iResourceFacade;
+    private IResourceFacade resourceFacade;
 
     /**
      * 获取应用和服务资源列表
@@ -37,7 +37,7 @@ public class ResourceListingController {
     public Result<List<ResourceRequestResult>> getResourceListing(@RequestBody ResourceRequestParam requestParam) {
         ResourceRequestParamDTO paramDTO = new ResourceRequestParamDTO();
         BeanUtils.copyProperties(requestParam,paramDTO);
-        List<ResourceRequestResultDTO> results = iResourceFacade.getResourceRequestResults(paramDTO);
+        List<ResourceRequestResultDTO> results = resourceFacade.getResourceRequestResults(paramDTO);
         List<ResourceRequestResult> list = results.stream().map(item -> {
             ResourceRequestResult vo = new ResourceRequestResult();
             BeanUtils.copyProperties(item, vo);
@@ -52,8 +52,8 @@ public class ResourceListingController {
      */
     @ApiOperation(value = "资源同步表与应用、服务资源同步")
     @GetMapping(value = "sync")
-    public Result ResourceSync() {
-        iResourceFacade.resourceSync();
+    public Result resourceSync() {
+        resourceFacade.resourceSync();
         return Result.success();
     }
 

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/login/DcucLoginController.java

@@ -1,6 +1,7 @@
 package com.dragoninfo.dcuc.authweb.restcontroller.login;
 
 
+import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.auth.auth.facade.IRoleFacade;
 import com.dragoninfo.dcuc.authweb.config.DcucAuthWebConfig;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
@@ -13,12 +14,14 @@ import com.dragoninfo.dcuc.user.user.facade.IUserInfoFacade;
 import com.dragonsoft.duceap.base.entity.security.SecurityRight;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.web.SecurityProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -52,35 +55,42 @@ public class DcucLoginController {
     }
 
     @GetMapping(value = "/info")
-    public SecurityUser info() {
-        UserInfo userInfo = new UserInfo();
+    public SecurityUser info(@RequestHeader("userToken") String userToken,
+                             @RequestHeader(value = "appToken", required = false) String appToken) {
+        logger.info("UserToken:{},appToken:{}", userToken, appToken);
+
+        UserInfo userInfo;
         try {
             SecurityUser securityUser = (SecurityUser) UserContextUtils.getCurrentUser();
-            if("dids".equals(securityProperties.getType())){
+            if ("dids".equals(securityProperties.getType())) {
                 userInfo = userFacade.detailBySfzh(securityUser.getIdcard());
                 securityUser.setName(userInfo.getName());
                 securityUser.setUserName(userInfo.getName());
-            }
-            if("dcuc".equals(securityProperties.getType())){
+            } else {
                 userInfo = iUserInfoFacade.userDetail(securityUser.getId());
             }
-            securityUser.setId(userInfo.getId());
+            String userId = securityUser.getId();
+            if (StrUtil.isBlank(userId)) {
+                securityUser.setId(userInfo.getId());
+            }
             List<SecurityRight> authmenu = getAuthmenu(securityUser, userInfo);
             securityUser.setSecurityRightList(authmenu);
-            //todo 因为数据库不同  后续不需要下面代码
-            securityUser.setIdcard(userInfo.getIdcard());
-            securityUser.setName(userInfo.getName());
             //ADMIN管理员
             String rootOrgid = userInfo.getOrgId();
             if (iUserInfoFacade.isRootUser(securityUser.getId()) && StringUtils.isEmpty(rootOrgid)) {
                 rootOrgid = iOrgInfoFacade.getRootOrgId();
             }
+
             securityUser.setSecurityOrg(rootOrgid);
+
+            logger.info("securityUser:{}", JsonUtils.toJSONString(securityUser));
+
             return securityUser;
         } catch (Exception var3) {
             logger.error("获取用户信息异常", var3);
             throw new SecurityException("获取用户信息异常", var3);
         }
+
     }
 
 

src/main/resources/application-base.yml

@@ -35,8 +35,12 @@ duceap:
   apollo:
     client:
       host: http://10.201.3.20:8070
+  security-access:
+    jwt:
+      enabled: true
+      user-token-header-name: userToken
   security:
-    type: dcuc
+    #    type: dcuc ## 注解掉不开启认证登录
     dcuc:
       cas-server-url-prefix: http://192.168.10.2:8877/sso
       server-name: 10.11.1.151:8000