Merge branch 'master' into 'develop'

Master同步至dev分支

See merge request dcuc-tjdsj/auth-back!66

README.md

@@ -7,4 +7,17 @@
 ### 2.2.0
   - 数据授权
 ### 2.2.1
-  - 整合数据域、GAW版本  
+  - 整合数据域、GAW版本  
+### 2.3.0
+  - 授权主体-人员管理 
+  - 授权主体-机构管理 3.主客体授权属性管理
+  - 去除老的审计埋点
+  - 日志管理-异常鉴权预警管理-鉴权预警方案
+  - 日志管理-异常鉴权预警管理-鉴权预警信息
+  - 日志管理-鉴权风险监测
+  - 日志管理-权限日志管理-授权管理日志
+  - 日志管理-权限日志管理-鉴权服务日志
+  - 日志管理-权限日志管理-鉴权风险日志
+  - 日志管理-鉴权行为分析
+  - 日志记录（功能授权、数据授权、服务授权、工作流服务授权）
+  - 预警风险方案算法实现

pom.xml

@@ -5,7 +5,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.dragoninfo</groupId>
     <artifactId>dcuc-auth-back</artifactId>
-    <version>2.2.1-tjdsj-SNAPSHOT</version>
+    <version>2.3.0-tjdsj-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -43,7 +43,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-user-api</artifactId>
-            <version>2.1.0-tjdsj-SNAPSHOT</version>
+            <version>2.0.4-tjdsj-SNAPSHOT</version>
         </dependency>
         <!--监控配置-->
         <dependency>
@@ -113,7 +113,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-auth-api</artifactId>
-            <version>2.2.2-tjdsj-SNAPSHOT</version>
+            <version>2.3.0-tjdsj-SNAPSHOT</version>
         </dependency>
         <!--redis缓存-->
         <dependency>
@@ -130,13 +130,13 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-app-api</artifactId>
-            <version>2.1.3-tjdsj-SNAPSHOT</version>
+            <version>2.2.0-tjdsj-SNAPSHOT</version>
         </dependency>
 
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-org-api</artifactId>
-            <version>2.0.1-tjdsj-SNAPSHOT</version>
+            <version>2.0.2-tjdsj-SNAPSHOT</version>
         </dependency>
 
         <dependency>
@@ -148,7 +148,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-duceap-api</artifactId>
-            <version>2.1.0-SNAPSHOT</version>
+            <version>2.1.1-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/controller/AuthServiceController.java

@@ -31,6 +31,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
+import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
@@ -139,6 +140,12 @@ public class AuthServiceController {
         if (applyInfo == null || BooleanEnum.TRUE.value.equals(applyInfo.getApplyStatus())) {
             return ApiResult.setFailMessage(String.format("app: %s is not enabled", appCode));
         }
+
+        if (StringUtils.isEmpty(idcard)) {
+            DecodedJWT decode = JWT.decode(userToken);
+            idcard = decode.getClaim("idCard").asString();
+        }
+
         Object o = serviceAuthFlowFacade.serviceAuthentication(idcard, appCode, userToken, appToken);
         return ApiResult.setSuccessResult(o);
     }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/controller/DataAuthApiController.java

@@ -36,8 +36,11 @@ public class DataAuthApiController {
     @PostMapping(value = "data-auth/data-items/check")
     public ResponseDTO checkDataItems(@RequestBody DataItemsCheckDto checkDto,
                                       @RequestHeader(value = Constants.DCUC_USER_TOKEN, required = false) String headerUserToken,
-                                      @RequestHeader(value = Constants.IDCARD, required =  false) String headerIdcard) {
+                                      @RequestHeader(value = Constants.IDCARD, required =  false) String headerIdcard,
+                                      @RequestHeader(value = Constants.DCUC_APP_TOKEN, required = false) String dcucAppToken,
+                                      @RequestHeader(value = Constants.APP_CODE, required =  false) String appCode) {
         String currentIdcard = null;
+        String currentAppCode = null;
         if (StrUtil.isBlank(headerUserToken)) {
             currentIdcard = headerIdcard;
         }else{
@@ -47,8 +50,17 @@ public class DataAuthApiController {
         if (StringUtils.isBlank(currentIdcard)){
             return  ResponseDTO.fail("当前登录人身份证号不允许为空", (Object) null);
         }
+
+        if (StrUtil.isNotBlank(appCode)) {
+            currentAppCode=appCode;
+        }else{
+            DecodedJWT decode = JWT.decode(dcucAppToken);
+            currentAppCode = decode.getClaim("appCode").asString();
+        }
+
         checkDto.setCurrentIdcard(currentIdcard);
         checkDto.setIdcard(currentIdcard);
+        checkDto.setCurrentAppCode(currentAppCode);
         return apiDataAuthFacade.dataItemsCheck(checkDto);
     }
 }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v3/controller/AuthV3ApiController.java

@@ -133,6 +133,7 @@ public class AuthV3ApiController {
         RoleApiDto roleApiDto = new RoleApiDto();
         roleApiDto.setAppCode(managerRes.getAppCode());
         roleApiDto.setUserId(userInfo.getId());
+        roleApiDto.setIdcard(managerRes.getIdcard());
         List<Map<String, Object>> list = roleFacade.getMenus(roleApiDto);
 
         //去重

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/AppController.java

@@ -14,6 +14,7 @@ import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AppVo;
 import com.dragoninfo.dcuc.duceap.facade.IDuceapUploadFacade;
+import com.dragoninfo.dcuc.org.entity.OrgInfo;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
 import com.dragoninfo.dcuc.org.vo.OrgTreeNode;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
@@ -122,8 +123,18 @@ public class AppController {
             if (!ResponseStatus.SUCCESS_CODE.equals(responseStatus.getStatusCode())) {
                 return Result.fail(ResultEnum.SERVICE_FAIL.getValue(), responseStatus.getMessage());
             }
-            applyInfoDTO.setOrgName(orgInfoFacade.detail(applyInfoDTO.getOrgId()).getFullName());
-
+            String orgId = applyInfoDTO.getOrgId();
+            if(StringUtils.isNotBlank(orgId)) {
+                applyInfoDTO.setOrgName(orgInfoFacade.detail(orgId).getFullName());
+            }
+            String orgCode = appVo.getOrgCode();
+            if(StringUtils.isNotBlank(orgCode)) {
+                OrgInfo orgInfo = orgInfoFacade.getOrgInfoByCode(orgCode);
+                if(null != orgInfo) {
+                    applyInfoDTO.setOrgName(orgInfo.getFullName());
+                    applyInfoDTO.setOrgId(orgInfo.getId());
+                }
+            }
             applyInfoFacade.saveAppIy(applyInfoDTO);
         } catch (Exception e) {
             log.error("save app", e);
@@ -164,7 +175,10 @@ public class AppController {
         //查询应用信息
         ApplyInfo applyInfo = applyInfoFacade.applyDetail(id);
         //存入机构信息信息
-        applyInfo.setOrgName(orgInfoFacade.detail(applyInfo.getOrgId()).getFullName());
+        String orgId = applyInfo.getOrgId();
+        if(StringUtils.isNotBlank(orgId)) {
+            applyInfo.setOrgName(orgInfoFacade.detail(orgId).getFullName());
+        }
         AppVo appVo = new AppVo();
         BeanUtil.copyProperties(applyInfo, appVo);
         appVo.setFile(uploadFacade.queryByBusiId(id, ""));

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/vo/AppVo.java

@@ -36,6 +36,9 @@ public class AppVo {
     @ApiModelProperty(value = "所属单位id")
     private String orgId;
 
+    @ApiModelProperty(value = "所属单位代码")
+    private String orgCode;
+
     @ApiModelProperty(value = "所属单位名称")
     private String orgName;
 
@@ -51,7 +54,7 @@ public class AppVo {
     @ApiModelProperty(value = "应用状态 0:启用 1:禁用")
     private String applyStatus;
 
-    @ApiModelProperty(value = "应用系统事权单位代码")
+    @ApiModelProperty(value = "应用系统管理单位代码")
     private String managerOrgCode;
 
     @ApiModelProperty(value = "管理单位id")

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/AppFunInfoController.java

@@ -13,6 +13,7 @@ import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AppVo;
 import com.dragoninfo.duceap.core.response.Result;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
+import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
 import com.dragonsoft.duceap.commons.util.tree.SimpleTreeNodeItemResolver;
 import com.dragonsoft.duceap.commons.util.tree.TreeNodeUtils;
@@ -63,7 +64,7 @@ public class AppFunInfoController {
     @ApiImplicitParam(name = "appId", value = "应用id")
     @GetMapping(value = "/menuTreeList")
     public Result<List<Map<String, Object>>> getMenuTreeList(@RequestParam(value = "appId") String appId) {
-        List<TreeInfoVO> funList = iAppFunInfoFacade.getAllTreeList(appId);
+        List<TreeInfoVO> funList = iAppFunInfoFacade.getAllTreeList(appId, null);
         List<Map<String, Object>> maps = TreeNodeUtils.generateTree(funList, new SimpleTreeNodeItemResolver("code", "pid"));
         for (Map<String, Object> map : maps) {
             List children = (List) map.get("children");
@@ -100,7 +101,7 @@ public class AppFunInfoController {
     @GetMapping(value = "/menu/{appId}")
     public Result<List<Map<String, Object>>> getMenu(@PathVariable("appId") String appId) {
         //获取该应用的所有节点
-        List<TreeInfoVO> appAllTreeList = iAppFunInfoFacade.getAllTreeList(appId);
+        List<TreeInfoVO> appAllTreeList = iAppFunInfoFacade.getAllTreeList(appId, BooleanEnum.TRUE.value);
         for (TreeInfoVO treeInfoVO : appAllTreeList) {
             getPreterMission(treeInfoVO);
         }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/DataAuthController.java

@@ -217,6 +217,7 @@ public class DataAuthController {
             subDataDTO.setDataId(dataId.substring(index+1));
             subDataDTO.setClassifyCode(dataId.substring(0,index));
             subDataDTO.setDataCode(dataId.substring(lastIndex+1));
+            subDataDTO.setInnerId(vo.getInnerId());
             dataDTOList.add(subDataDTO);
         }
         subDataAuthDTO.setDataAuthList(dataDTOList);

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/RoleRptController.java

@@ -71,6 +71,10 @@ public class RoleRptController {
         if (StringUtils.isNotEmpty(appId)) {
             ApplyInfo applyInfo = applyInfoFacade.applyDetail(appId);
             String appOrgId = applyInfo.getOrgId();
+            //机构下的分配情况,经过权限中心导入的应用机构id不是不填项
+            if(StringUtils.isBlank(appOrgId)) {
+                return Result.success(page.getTotalElements(),page.getContent());
+            }
             searchable.addSearchFilter("appOrgId", SearchOperator.eq, appOrgId);
             page = roleAuthInfoFacade.getRptList(searchable.toSearchDTO());
             for (TreeInfoVO treeInfoVO : page.getContent()) {
@@ -96,10 +100,14 @@ public class RoleRptController {
     @Permission(value = "role_auth")
     @GetMapping(value = "/getRoleQuotasInfo/{appId}")
     public Result<AppRoleCalculateVo> getRoleTjInfo(@PathVariable("appId") String appId) {
+        AppRoleCalculateVo vo = new AppRoleCalculateVo();
         ApplyInfo applyInfo = applyInfoFacade.applyDetail(appId);
         String orgId = applyInfo.getOrgId();
+        //主客体授权版本，应用所属机构id可为空
+        if(StringUtils.isBlank(orgId)) {
+            return Result.success(vo);
+        }
         Map<String, Object> resultMap = roleAuthInfoFacade.getRoleTjInfo(appId, orgId);
-        AppRoleCalculateVo vo = new AppRoleCalculateVo();
         Object roleNumsObj = resultMap.get("ROLENUMS");
         Object initNumsObj = resultMap.get("INITNUMS");
         Integer roleNums = roleNumsObj == null ? 0 : (Integer) roleNumsObj;

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/DataAuthAcceptVo.java

@@ -28,5 +28,8 @@ public class DataAuthAcceptVo {
     @ApiModelProperty(value = "数据对应的分级分类标签code")
     private String classifyCode;
 
+    @ApiModelProperty(value = "内部使用唯一标识id")
+    private String innerId;
+
 
 }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/download/DownloadController.java

@@ -16,6 +16,7 @@ import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
+import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.system.ApplicationHome;
@@ -91,8 +92,8 @@ public class DownloadController {
             "externalPersonnel 外部人员， manager 管理员， govUser 政府人员， serviceResource 服务资源，appFun 功能资源， apply  应用资源，" +
             "org 机构， user 人员 dataLevel 数据分级  dataSec 数据安全级别",
             required = true)
-    @GetMapping(value = "/downTemplate")
-    public HttpServletResponse downTemplate(@RequestParam("type") String type,  HttpServletResponse response) {
+    @GetMapping(value = "/downTemplate", produces = "application/octet-stream")
+    public void downTemplate(@RequestParam("type") String type,  HttpServletResponse response) {
         ApplicationHome home = new ApplicationHome(getClass());
         File sysfile = home.getSource();
         String jarPath = sysfile.getPath();//classes路径
@@ -126,18 +127,15 @@ public class DownloadController {
             //授权主客体管理_应用资源模板
             response = down(response,  DATA_SEC_TEMPLATE_RLPATH);
         }
-        return response;
     }
 
     private HttpServletResponse down(HttpServletResponse response, String path) {
+        InputStream fis = null;
+        OutputStream out = null;
         try {
             // 以流的形式下载文件。
             Resource resource = new ClassPathResource(path);
-            resource.getInputStream();
-            InputStream fis = resource.getInputStream();
-            byte[] buffer = new byte[fis.available()];
-            fis.read(buffer);
-            fis.close();
+            fis = resource.getInputStream();
             // 清空response
             response.reset();
             // 设置response的Header
@@ -169,13 +167,13 @@ public class DownloadController {
             }
             response.addHeader("Content-Disposition", "attachment;filename=" + URLEncoder.encode(fileName, "UTF-8"));
             response.addHeader("Content-Length", "" + resource.contentLength());
-            OutputStream outputStream = new BufferedOutputStream(response.getOutputStream());
+            out = new BufferedOutputStream(response.getOutputStream());
             response.setContentType("application/octet-stream");
-            outputStream.write(buffer);
-            outputStream.flush();
-            outputStream.close();
+            IOUtils.copy(fis,out);
         } catch (IOException ex) {
             ex.printStackTrace();
+        } finally {
+            IOUtils.closeQuietly(fis, out);
         }
         return response;
     }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/sub/AuthUserInfoController.java

@@ -1,7 +1,6 @@
 package com.dragoninfo.dcuc.authweb.restcontroller.sub;
 
 import com.dragoninfo.dcuc.auth.sub.dto.AuthUserDTO;
-import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.facade.IAuthUserInfoFacade;
 import com.dragoninfo.duceap.core.response.Result;
 import com.dragonsoft.duceap.core.search.Searchable;
@@ -23,7 +22,7 @@ public class AuthUserInfoController {
     private IAuthUserInfoFacade userInfoFacade;
 
     @RequestMapping("/page")
-    @ApiImplicitParam(name = "searchable",value = "查询条件")
+    @ApiImplicitParam(name = "searchable", value = "查询条件")
     @ApiOperation(value = "分页查询用户信息")
     public Page<AuthUserDTO> page(Searchable searchable) {
         return userInfoFacade.page(searchable.toSearchDTO());
@@ -32,7 +31,7 @@ public class AuthUserInfoController {
     @ApiOperation(value = "用户信息详情")
     @ApiImplicitParam(name = "id", value = "id")
     @GetMapping(value = "/detail/{id}")
-    public AuthUserDTO detail(@PathVariable(value = "id") String id){
+    public AuthUserDTO detail(@PathVariable(value = "id") String id) {
         AuthUserDTO authUserInfo = userInfoFacade.get(id);
         return authUserInfo;
     }
@@ -40,7 +39,7 @@ public class AuthUserInfoController {
     @ApiOperation(value = "用户信息删除")
     @ApiImplicitParam(name = "id", value = "id")
     @DeleteMapping(value = "/delete/{id}")
-    public Result delete(@PathVariable(value = "id") String id){
+    public Result delete(@PathVariable(value = "id") String id) {
         userInfoFacade.delete(id);
         return Result.success();
     }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/user/manager/utils/ImpExcelUtils.java

@@ -1,8 +1,6 @@
 package com.dragoninfo.dcuc.authweb.restcontroller.user.manager.utils;
 
 
-import com.dragoninfo.dcuc.auth.sub.entity.AuthOrgInfo;
-import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.auth.enumresources.YesNotEnum;
 import com.dragoninfo.dcuc.authweb.util.UserUtils;
 import com.dragoninfo.dcuc.user.entity.GovUserInfo;
@@ -130,7 +128,7 @@ public class ImpExcelUtils {
                 if (!r.getCell(cellNum++).getStringCellValue().equals("民族（表码）")) {
                     throw new NumberFormatException("缺少''民族（表码）''列！");
                 }
-                if(UserTypeEnum.EXTERNAL.getValue().equals(userType)){
+                if (UserTypeEnum.EXTERNAL.getValue().equals(userType)) {
                     if (!r.getCell(cellNum++).getStringCellValue().equals("QQ号")) {
                         throw new NumberFormatException("缺少''QQ号''列！");
                     }
@@ -240,10 +238,10 @@ public class ImpExcelUtils {
                     throw new NumberFormatException("第" + (r.getRowNum() + 1) + "行\'\'编号\'\'格式为\'\'FJ\'\'加6位数字，如\'\'FJ000001\'\'！");
                 }*/
             }
-            if(r.getCell(1)!=null){
+            if (r.getCell(1) != null) {
                 r.getCell(1).setCellType(Cell.CELL_TYPE_STRING);
                 info.setPoliceNumber(r.getCell(1).getStringCellValue());
-            }else{
+            } else {
                 info.setPoliceNumber("");
             }
             if (r.getCell(2) == null || StringUtils.isBlank(r.getCell(2).getStringCellValue())) {