Merge branch 'release/v2.2.1' into 'release/v2.1.0-beta'

# Conflicts:
#   src/main/java/com/dragoninfo/dcuc/authweb/exception/RespExceptionHandler.java

README.md

@@ -0,0 +1,10 @@
+# 权限服务
+## 更新日志
+### 2.1.0
+  - 新增服务授权
+### 2.1.1
+  - 对接华为认证
+### 2.2.0
+  - 数据授权
+### 2.2.1
+  - 整合数据域、GAW版本  

pom.xml

@@ -5,16 +5,17 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.dragoninfo</groupId>
     <artifactId>dcuc-auth-back</artifactId>
-    <version>2.1.0-SNAPSHOT</version>
+    <version>2.2.1-tjdsj-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <!--revisions需写死，用于标识打包的版本号，不可删除-->
-        <revision>2.1.0-SNAPSHOT</revision>
+        <revision>2.2.1-tjdsj-SNAPSHOT</revision>
         <duceap.version>2.1.0-SNAPSHOT</duceap.version>
         <lombok.version>1.18.2</lombok.version>
+        <jwt.version>3.10.3</jwt.version>
     </properties>
 
     <dependencyManagement>
@@ -38,7 +39,11 @@
             <artifactId>spring-boot-configuration-processor</artifactId>
             <optional>true</optional>
         </dependency>
-
+        <dependency>
+            <groupId>com.dragoninfo</groupId>
+            <artifactId>dcuc-user-api</artifactId>
+            <version>2.0.1-tjdsj-SNAPSHOT</version>
+        </dependency>
         <!--监控配置-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -107,7 +112,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-auth-api</artifactId>
-            <version>2.1.0-SNAPSHOT</version>
+            <version>2.2.1-tjdsj-SNAPSHOT</version>
         </dependency>
         <!--redis缓存-->
         <dependency>
@@ -125,19 +130,19 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-app-api</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
+            <version>2.0.0-tjdsj-SNAPSHOT</version>
         </dependency>
 
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-user-api</artifactId>
-            <version>2.0.1-SNAPSHOT</version>
+            <version>2.0.1-tjdsj-SNAPSHOT</version>
         </dependency>
 
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-org-api</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
+            <version>2.0.0-tjdsj-SNAPSHOT</version>
         </dependency>
 
         <dependency>
@@ -156,11 +161,24 @@
             <artifactId>spring-boot-starter-validation</artifactId>
             <version>2.4.2</version>
         </dependency>
+
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>${jwt.version}</version>
+        </dependency>
+
         <!--配置 dcuc 结束-->
         <dependency>
             <groupId>net.unicon.cas</groupId>
             <artifactId>cas-client-autoconfig-support</artifactId>
             <version>2.1.0-GA</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>joda-time</artifactId>
+                    <groupId>joda-time</groupId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- https://mvnrepository.com/artifact/log4j/log4j -->
@@ -171,12 +189,6 @@
             <version>2.7.5</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpmime</artifactId>
-            <version>4.5.3</version>
-        </dependency>
-
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
@@ -201,6 +213,18 @@
             <artifactId>duceap-security-dids</artifactId>
         </dependency>
 
+        <!--测试-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.dragonsoft</groupId>
+            <artifactId>duceap-security-jwt</artifactId>
+        </dependency>
+
     </dependencies>
     <!--指定仓库地址-->
     <repositories>
@@ -253,7 +277,44 @@
             <uniqueVersion>false</uniqueVersion>
         </snapshotRepository>
     </distributionManagement>
+
+    <packaging>${project.packaging}</packaging>
     <profiles>
+        <!--war打包配置-->
+        <!--使用方式 mvn clean package -Pwar-->
+        <profile>
+            <id>war</id>
+            <properties>
+                <project.packaging>war</project.packaging>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>com.dragonsoft</groupId>
+                    <artifactId>duceap-boot-starter-web</artifactId>
+                    <!-- 移除嵌入式tomcat插件 -->
+                    <exclusions>
+                        <exclusion>
+                            <groupId>org.springframework.boot</groupId>
+                            <artifactId>spring-boot-starter-tomcat</artifactId>
+                        </exclusion>
+                    </exclusions>
+                </dependency>
+            </dependencies>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-war-plugin</artifactId>
+                        <version>2.1.1</version>
+                        <configuration>
+                            <failOnMissingWebXml>false</failOnMissingWebXml>
+                            <!--排除licenseignore包，用来禁用许可开关，防止生产环境通过关闭开关，绕过许可-->
+                            <packagingExcludes>WEB-INF/lib/duceap-support-licenseignore*.jar</packagingExcludes>
+                        </configuration>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
         <profile>
             <id>jar</id>
             <activation>
@@ -277,7 +338,7 @@
                                 <configuration>
                                     <!--排除licenseignore包，用来禁用许可开关，防止生产环境通过关闭开关，绕过许可-->
                                     <excludeArtifactIds>duceap-support-licenseignore</excludeArtifactIds>
-                                    <!--<excludeScope>provided</excludeScope>-->
+                                    <excludeScope>provided</excludeScope>
                                     <outputDirectory>${project.build.directory}/lib</outputDirectory>
                                     <!--取消依赖包的时间戳-->
                                     <useBaseVersion>true</useBaseVersion>

src/main/assembly/conf/logback.xml

@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-	<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
-		<encoder>
-			<pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-		</encoder>
-	</appender>
-
-	<appender name="rollingFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
-		<file>logs/dcuc-authweb.log</file>
-		<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-			<fileNamePattern>logs/dcuc-authweb.%d{yyyy-MM-dd}.log</fileNamePattern>
-		</rollingPolicy>
-		<encoder>
-			<pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-		</encoder>
-	</appender>
-
-	<!--<appender name="rollingFileThread" class="ch.qos.logback.core.rolling.RollingFileAppender">
-		<file>logs/duceap2.log</file>
-		<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-			<fileNamePattern>logs/duceap2.%d{yyyy-MM-dd}.log</fileNamePattern>
-		</rollingPolicy>
-		<encoder>
-			<pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-		</encoder>
-		<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
-			<evaluator>
-				<expression>
-					<![CDATA[
-						 !event.getThreadName().contains("DefaultQuartzScheduler")
-         			]]>
-				</expression>
-			</evaluator>
-			<OnMatch>DENY</OnMatch>
-			<OnMismatch>NEUTRAL</OnMismatch>
-		</filter>
-	</appender>-->
-
-	<!-- project default level -->
-	<logger name="java.sql.Connection" level="INFO" />
-	<logger name="java.sql.Statement" level="INFO" />
-	<logger name="java.sql.PreparedStatement" level="INFO" />
-	<logger name="com.dragonsoft" level="DEBUG" />
-	<logger name="com.dragoninfo" level="DEBUG" />
-
-
-	<!--log4jdbc -->
-	<logger name="jdbc.sqltiming" level="INFO"/>
-
-	<root level="INFO">
-		<appender-ref ref="console" />
-		<appender-ref ref="rollingFile" />
-	</root>
-
-	<!--<logger name="com.dragonsoft.duceap" level="DEBUG"><appender-ref ref="rollingFileThread" /></logger>-->
-</configuration>

src/main/java/com/dragoninfo/dcuc/authweb/ConsumerTomcatApplication.java

@@ -0,0 +1,22 @@
+package com.dragoninfo.dcuc.authweb;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/4
+ **/
+@SpringBootApplication(scanBasePackages = {"com.dragonsoft", "com.dragoninfo"})
+public class ConsumerTomcatApplication extends SpringBootServletInitializer {
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
+        return builder.sources(ConsumerTomcatApplication.class);
+    }
+
+    public static void main(String[] args) {
+        SpringApplication.run(ConsumerTomcatApplication.class, args);
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/common/MtAuthService.java → src/main/java/com/dragoninfo/dcuc/authweb/business/MtAuthBusiness.java

@@ -1,14 +1,18 @@
-package com.dragoninfo.dcuc.authweb.common;
+package com.dragoninfo.dcuc.authweb.business;
 
+import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.user.admin.facade.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 /**
- * Created by Administrator on 2019/3/21.
+ * 管理范围
+ *
+ * @author Administrator
+ * @date 2019/3/21
  */
 @Component
-public class MtAuthService {
+public class MtAuthBusiness {
 
     @Autowired
     private IOrgMtAuthFacade orgMtAuthFacade;
@@ -22,12 +26,11 @@ public class MtAuthService {
     private IMgeMtAuthFacade mgeMtAuthFacade;
 
     /**
-     *
      * 获取用户各类型管理范围
      *
-     * @param userId
-     * @param type
-     * @return
+     * @param userId 用户ID
+     * @param type   类型
+     * @return 管理范围
      */
     public String getMtAuth(String userId, String type) {
         if (SysConstants.MT_ORG.equals(type)) {

src/main/java/com/dragoninfo/dcuc/authweb/common/SysConstants.java

@@ -1,33 +1,38 @@
 package com.dragoninfo.dcuc.authweb.common;
 
 
-import java.math.BigDecimal;
-import java.util.Date;
-
 /**
- * Created by Administrator on 2018/11/1.
+ * @author Administrator
+ * @date 2018/11/1
  */
 public class SysConstants {
 
-    /** 机构管理范围 **/
-    public final static String MT_ORG = "ORG";
-    /** 用户管理范围 **/
-    public final static String MT_USER = "USER";
-    /** 授权管理范围 **/
-    public final static String MT_APP = "APP";
-    /** 管理员管理范围 **/
-    public final static String MT_MGE = "MGE";
-    /** 临时管理范围 **/
-    public final static String MT_TEMP = "TEMP";
-
-    //列表导出的最大数量
-    public final static int EXPORT_NUMBER_MAX = 1000;
-
-    public static final String JMGZ = "******";
-    public static final BigDecimal JMGZ_BIGDECIMAL = new BigDecimal(-999);
-    public static final Date JMGZ_DATE = new Date(0);
-
-
-
+    /**
+     * 机构管理范围
+     **/
+    public static final String MT_ORG = "ORG";
+    /**
+     * 用户管理范围
+     **/
+    public static final String MT_USER = "USER";
+    /**
+     * 授权管理范围
+     **/
+    public static final String MT_APP = "APP";
+    /**
+     * 管理员管理范围
+     **/
+    public static final String MT_MGE = "MGE";
+    /**
+     * 临时管理范围
+     **/
+    public static final String MT_TEMP = "TEMP";
+    /**
+     * 列表导出的最大数量
+     */
+    public static final int EXPORT_NUMBER_MAX = 1000;
+
+    private SysConstants() {
+    }
 
 }

src/main/java/com/dragoninfo/dcuc/authweb/config/DcucAuthWebConfig.java

@@ -1,11 +1,13 @@
 package com.dragoninfo.dcuc.authweb.config;
 
+import com.dragoninfo.dcuc.authweb.enums.CheckTypeEnum;
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 /**
- * Created by Administrator on 2019/3/13.
+ * @author Administrator
+ * @date 2019/3/13
  */
 @ConfigurationProperties(prefix = "dcuc.authweb")
 @Data
@@ -23,7 +25,8 @@ public class DcucAuthWebConfig {
     private boolean authAccess;
 
     /**
-     * 是否启用接口必传参数检查
+     * 凭据鉴权类型
      */
-    private boolean enableApiCheck;
+    private CheckTypeEnum checkTypeEnum = CheckTypeEnum.TOKEN;
+
 }

src/main/java/com/dragoninfo/dcuc/authweb/config/WebMvcConfig.java

@@ -48,7 +48,8 @@ public class WebMvcConfig implements WebMvcConfigurer {
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(getAuthBeforeResInterceptor())
                 .addPathPatterns("/api/auth-service/**")
-                .addPathPatterns("/api/app-service/**");
+                .addPathPatterns("/api/app-service/**")
+                .excludePathPatterns("/api/auth-service/v1/apps/authentication");
 
     }
 

src/main/java/com/dragoninfo/dcuc/authweb/enums/CheckTypeEnum.java

@@ -0,0 +1,45 @@
+package com.dragoninfo.dcuc.authweb.enums;
+
+import com.dragonsoft.duceap.base.enums.ICodeEnum;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/6
+ **/
+public enum CheckTypeEnum implements ICodeEnum {
+    /**
+     * 无凭据
+     */
+    NONE("none", "无凭据"),
+
+    /**
+     * 基本凭据
+     */
+    BASE("base", "基本凭据"),
+
+    /**
+     * 令牌凭据
+     */
+    TOKEN("token", "令牌凭据");
+
+
+    private String value;
+
+    private String label;
+
+    CheckTypeEnum(String value, String label) {
+        this.value = value;
+        this.label = label;
+    }
+
+
+    @Override
+    public String getValue() {
+        return this.value;
+    }
+
+    @Override
+    public String getLabel() {
+        return this.label;
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/interceptor/AuthBeforeResInterceptor.java

@@ -2,7 +2,9 @@ package com.dragoninfo.dcuc.authweb.interceptor;
 
 import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.auth.auth.facade.IBimBusinessFacade;
 import com.dragoninfo.dcuc.authweb.config.DcucAuthWebConfig;
+import com.dragoninfo.dcuc.authweb.enums.CheckTypeEnum;
 import com.dragoninfo.dcuc.authweb.exception.EvidenceException;
 import com.dragoninfo.dcuc.common.Constants;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
@@ -28,9 +30,13 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
 
     @Autowired
     private IUserInfoFacade userInfoFacade;
+
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
 
+    @Autowired
+    private IBimBusinessFacade bimBusinessFacade;
+
     @Autowired
     private DcucAuthWebConfig dcucAuthWebConfig;
 
@@ -44,47 +50,56 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
      */
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+
+        CheckTypeEnum checkTypeEnum = dcucAuthWebConfig.getCheckTypeEnum();
+
         log.info("AuthBeforeResInterceptor自定义拦截器");
 
-        String idcard = getIdcard(request);
-        String appCode = getAppCode(request);
+        if (checkTypeEnum.equals(CheckTypeEnum.BASE)) {
+            String idcard = getIdcard(request);
+            String appCode = getAppCode(request);
 
-        log.info("Request header idcard:{},appCode:{}", idcard, appCode);
+            log.info("Request header idcard:{},appCode:{}", idcard, appCode);
 
-        String userToken = getUserToken(request);
-        String appToken = getAppToken(request);
+            if (StrUtil.isNotBlank(idcard) && StrUtil.isNotBlank(appCode)) {
+                if (StrUtil.isBlank(idcard) || StrUtil.isBlank(appCode)) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
+                }
+
+                UserInfo userInfo = userInfoFacade.userDetail("idcard", idcard);
+                if (userInfo == null) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：idcard无权限，或身份证错误");
+                }
+                //校验应用
+                String appId = applyInfoFacade.codeConvertToId(appCode);
+                if (StrUtil.isBlank(appId)) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：appCode无权限，或appCode错误");
+                }
 
-        if (StrUtil.isNotBlank(idcard) && StrUtil.isNotBlank(appCode)) {
-            if (StrUtil.isBlank(idcard) || StrUtil.isBlank(appCode)) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
-            }
-            // 判断是否开启检查
-            if (!dcucAuthWebConfig.isEnableApiCheck()) {
                 return true;
             }
+            throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "基础凭据校验失败");
 
-            UserInfo userInfo = userInfoFacade.userDetail("idcard", idcard);
-            if (userInfo == null) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：idcard无权限，或身份证错误");
-            }
-            //校验应用
-            String appId = applyInfoFacade.codeConvertToId(appCode);
-            if (StrUtil.isBlank(appId)) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数：appCode无权限，或appCode错误");
-            }
+        } else if (checkTypeEnum.equals(CheckTypeEnum.TOKEN)) {
 
-            return true;
-        } else if (StrUtil.isNotBlank(userToken) && StrUtil.isNotBlank(appToken)) {
-            //token校验
-            log.info("Request header userToken:{},appToken:{}", userToken, appToken);
+            String userToken = getUserToken(request);
+            String appToken = getAppToken(request);
+            if (StrUtil.isNotBlank(userToken) && StrUtil.isNotBlank(appToken)) {
+                log.info("Request header userToken:{},appToken:{}", userToken, appToken);
+
+                if (StrUtil.isBlank(appToken) || StrUtil.isBlank(userToken)) {
+                    throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
+                }
 
-            if (StrUtil.isBlank(appToken) || StrUtil.isBlank(userToken)) {
-                throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "header参数不能为空");
+                return bimBusinessFacade.checkToken(userToken, appToken);
             }
-            //todo 校验token 未完善
 
+            throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "令牌凭据校验失败");
+
+        } else if (checkTypeEnum.equals(CheckTypeEnum.NONE)) {
             return true;
         }
+
         throw new EvidenceException(HttpStatus.MULTIPLE_CHOICES.value(), "请传入凭据");
     }
 
@@ -110,8 +125,13 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
         String userToken = request.getHeader(Constants.DCUC_USER_TOKEN);
         if (StrUtil.isBlank(userToken)) {
             // 获取数据总线用户令牌
-            request.getHeader(Constants.BUS_SRE_TOKEN);
+            userToken = request.getHeader(Constants.BUS_SRE_TOKEN);
+        }
+
+        if (StrUtil.isBlank(userToken)) {
+            userToken = request.getHeader(Constants.USER_TOKEN);
         }
+
         return userToken;
     }
 
@@ -122,6 +142,11 @@ public class AuthBeforeResInterceptor implements HandlerInterceptor {
             // 获取数据总线应用令牌
             appToken = request.getHeader(Constants.BUS_SRA_TOKEN);
         }
+
+        if (StrUtil.isBlank(appToken)) {
+            appToken = request.getHeader(Constants.APP_TOKEN);
+        }
+
         return appToken;
     }
 }

src/main/java/com/dragoninfo/dcuc/authweb/interceptor/SecurityAccessTokenResolver.java

@@ -0,0 +1,113 @@
+package com.dragoninfo.dcuc.authweb.interceptor;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.auth.facade.IBimBusinessFacade;
+import com.dragoninfo.dcuc.auth.auth.vo.bim.BimUserInfoItemRespVO;
+import com.dragoninfo.dcuc.common.Constants;
+import com.dragoninfo.dcuc.user.user.entity.UserInfo;
+import com.dragoninfo.dcuc.user.user.facade.IUserFacade;
+import com.dragonsoft.duceap.base.api.security.ISecurityAccessTokenResolver;
+import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
+import com.dragonsoft.duceap.base.entity.security.SecurityUser;
+import com.dragonsoft.duceap.commons.util.UrlMatcher;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import com.dragonsoft.duceap.security.jwt.securityaccess.SecurityAccessTokenProperties;
+import com.dragonsoft.duceap.security.jwt.securityaccess.SecurityAccessUserCacheResolver;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.web.ServerProperties;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/15
+ **/
+@Slf4j
+@Component
+public class SecurityAccessTokenResolver implements ISecurityAccessTokenResolver {
+
+    @Autowired
+    private SecurityAccessTokenProperties secAccessProp;
+
+    @Autowired(required = false)
+    private SecurityAccessUserCacheResolver cacheResolver;
+
+    @Autowired
+    private IBimBusinessFacade bimBusinessFacade;
+
+    @Autowired
+    private IUserFacade userFacade;
+
+    @Autowired
+    private ServerProperties serverProperties;
+
+    public static final String FILTER_URL = "/js/*|/img/*|/css/*|/api/*|/*.png|/rest/*|/webSocket/*|" +
+            "/oauthLogin/*|/authorizationPage.html|/importAuthorizationFile.html|/license/LicenseManagerServlet|" +
+            "/authorizationFile/";
+
+    @Override
+    public BaseSecurityUser resolve(HttpServletRequest request) {
+        String contextPath = serverProperties.getServlet().getContextPath();
+        String requestUri = request.getRequestURI();
+        log.debug("Security filter origin uri:{}", requestUri);
+
+        // 去除上下文
+        requestUri = requestUri.substring(contextPath.length());
+
+        log.debug("Security filter not context uri:{}", requestUri);
+
+        String[] splitUrls = FILTER_URL.split("/|");
+
+        if (UrlMatcher.matches(requestUri, splitUrls)) {
+            log.debug("URI:{} Not need get user info.", requestUri);
+            return null;
+        }
+
+        String userToken = request.getHeader(secAccessProp.getUserTokenHeaderName());
+        String appToken = request.getHeader(Constants.APP_TOKEN);
+
+        log.info("userToken:{},appToken:{}", userToken, appToken);
+
+        if (cacheResolver != null) {
+            //从缓存中取
+            SecurityUser securityUserCache = (SecurityUser) cacheResolver.getIfPresent(cacheResolver.cacheKey(userToken));
+
+            if (securityUserCache != null) {
+                log.info("Cache securityUserCache:{}", JsonUtils.toJSONString(securityUserCache));
+
+                return securityUserCache;
+            }
+        }
+
+        if (StrUtil.isBlank(userToken)) {
+            return null;
+        }
+
+        BimUserInfoItemRespVO userInfoItemRespVO = bimBusinessFacade.getUserInfoByUserToken(userToken);
+        String sfzh = userInfoItemRespVO.getSfzh();
+
+        UserInfo userInfo = userFacade.detailBySfzh(sfzh);
+        log.info("idcard:{}, userInfo :{}", sfzh, JsonUtils.toJSONString(userInfo));
+
+        SecurityUser securityUser = new SecurityUser();
+        securityUser.setId(userInfo.getId());
+        securityUser.setName(userInfo.getName());
+        securityUser.setUserName(userInfo.getIdcard());
+        securityUser.setPoliceNo(userInfo.getPoliceNumber());
+        securityUser.setIdcard(userInfo.getIdcard());
+        securityUser.setSecurityOrg(userInfo.getOrgCode());
+        securityUser.setSecurityOrgName(userInfo.getOrgName());
+
+        //放入缓存
+        if (cacheResolver != null) {
+            cacheResolver.put(cacheResolver.cacheKey(userToken), securityUser);
+        }
+
+        log.info("return idcard:{}, securityUser :{}", sfzh, JsonUtils.toJSONString(securityUser));
+
+        return securityUser;
+    }
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/controller/AuthServiceController.java

@@ -1,23 +1,34 @@
 package com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.controller;
 
+import cn.hutool.core.util.StrUtil;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.DecodedJWT;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.ServiceAuthResultDTO;
+import com.dragoninfo.dcuc.auth.auth.facade.IBimBusinessFacade;
+import com.dragoninfo.dcuc.auth.auth.facade.IBimBusinessFacade;
 import com.dragoninfo.dcuc.auth.auth.facade.IServiceAuthFlowFacade;
 import com.dragoninfo.dcuc.auth.auth.facade.IServiceAuthResultFacade;
+import com.dragoninfo.dcuc.auth.auth.facade.IStaffAssignAuthInfoFacade;
+import com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.vo.AppAuthRespVO;
 import com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.vo.ServiceAuthResultVo;
 import com.dragoninfo.dcuc.authweb.util.VersionUtils;
+import com.dragoninfo.dcuc.common.Constants;
 import com.dragoninfo.dcuc.common.entity.ApiResult;
 import com.dragoninfo.dcuc.common.entity.ApiSearchReq;
 import com.dragoninfo.dcuc.common.utils.SearchableUtil;
+import com.dragoninfo.dcuc.user.user.entity.UserInfo;
+import com.dragoninfo.dcuc.user.user.facade.IUserFacade;
 import com.dragonsoft.duceap.base.enums.BooleanEnum;
-import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.core.search.Searchable;
 import com.dragonsoft.duceap.core.search.enums.SearchOperator;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
@@ -28,11 +39,13 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 /**
- * @Author yica
- * @Date 2021/2/24 19:11
+ * @author yica huangzqa
+ * @date 2021/2/24 19:11
  **/
+@Slf4j
 @RestController
 @Api(tags = {"权限管理对外开放接口"})
 @RequestMapping(value = "/api/auth-service/" + VersionUtils.VERSION_UID_V1 + "/")
@@ -43,9 +56,62 @@ public class AuthServiceController {
 
     @Autowired
     private IServiceAuthResultFacade serviceAuthResultFacade;
+
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
 
+    @Autowired
+    private IStaffAssignAuthInfoFacade staffAssignAuthInfoFacade;
+
+    @Autowired
+    private IUserFacade userFacade;
+
+    @Autowired
+    private IBimBusinessFacade bimBusinessFacade;
+
+    @GetMapping(value = "apps/authentication")
+    @ApiOperation(value = "应用级鉴权")
+    @ApiImplicitParams({@ApiImplicitParam(name = "appsAuthenticationReq", value = "应用级鉴权VO")})
+    public ApiResult appsAuthentication(@RequestHeader(Constants.DCUC_USER_TOKEN) String userToken) {
+
+        if (StrUtil.isBlank(userToken)) {
+            return ApiResult.setFailMessage("请传入用户令牌");
+        }
+
+        boolean checkUserToken = bimBusinessFacade.checkUserToken(userToken);
+
+        if (!checkUserToken) {
+            return ApiResult.setFailMessage("用户令牌无效");
+        }
+
+        DecodedJWT decode = JWT.decode(userToken);
+        String idcard = decode.getClaim("idCard").asString();
+        int exp = decode.getClaim("exp").asInt();
+        int current = (int) (System.currentTimeMillis() / 1000);
+
+        int expAt = exp - current;
+
+        log.info("UserToken:{} , idcard:{}, expAt:{}", userToken, idcard, expAt);
+
+        if (expAt < 0) {
+            return ApiResult.setFailMessage("令牌已失效");
+        }
+
+        UserInfo userInfo = userFacade.detailBySfzh(idcard);
+        if (userInfo == null) {
+            return ApiResult.setFailMessage("用户不存在");
+        }
+
+        bimBusinessFacade.cacheUserToken(idcard, userToken, expAt);
+
+        String userId = userInfo.getId();
+        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoFacade.getAppLitByUserId(userId);
+
+        List<AppAuthRespVO> respVOList = appList.stream().map(AppAuthRespVO::parseDto)
+                .collect(Collectors.toList());
+        return ApiResult.setSuccessResult(respVOList);
+    }
+
     /**
      * 服务级鉴权
      *
@@ -57,7 +123,7 @@ public class AuthServiceController {
     @ApiImplicitParams({@ApiImplicitParam(name = "ServiceAuthenticationReq", value = "服务鉴权vo")})
     public ApiResult authentication(HttpServletRequest request) {
         String appCode = request.getHeader("appCode");
-        if (StringUtils.isEmpty(appCode)) {
+        if (StrUtil.isBlank(appCode)) {
             return ApiResult.setFailMessage("appCode is not null");
         }
         ApplyInfo applyInfo = applyInfoFacade.getAppByCode(appCode);
@@ -84,8 +150,8 @@ public class AuthServiceController {
             String message = e.getMessage();
             return ApiResult.setFailMessage(message);
         }
-        Page<ServiceAuthResultDTO> serviceAuthResultDTOS = serviceAuthResultFacade.serviceAuthResultPage(searchable.toSearchDTO());
-        List<ServiceAuthResultDTO> content = serviceAuthResultDTOS.getContent();
+        Page<ServiceAuthResultDTO> serviceAuthResultDtoList = serviceAuthResultFacade.serviceAuthResultPage(searchable.toSearchDTO());
+        List<ServiceAuthResultDTO> content = serviceAuthResultDtoList.getContent();
         List<ServiceAuthResultVo> voList = new ArrayList<>(content.size());
 
         content.forEach(item -> {
@@ -95,7 +161,7 @@ public class AuthServiceController {
             vo.setPrivilegedTime(item.getCreateTime());
             voList.add(vo);
         });
-        return ApiResult.setSuccessPage(serviceAuthResultDTOS.getTotalElements(), voList);
+        return ApiResult.setSuccessPage(serviceAuthResultDtoList.getTotalElements(), voList);
     }
 
     @ApiOperation(value = "服务授权撤销")
@@ -153,6 +219,7 @@ public class AuthServiceController {
         content.forEach(item -> {
             ServiceAuthResultVo vo = new ServiceAuthResultVo();
             BeanUtils.copyProperties(item, vo);
+            vo.setServiceStatus(item.getAuthStatus());
             vo.setPrivilegedTime(item.getAuthTime());
             voList.add(vo);
         });

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/authservice/v1/vo/AppAuthRespVO.java

@@ -0,0 +1,43 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.api.authservice.v1.vo;
+
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * 应用数据
+ *
+ * @author huangzqa
+ * @date 2020/7/9
+ */
+@ApiModel(value = "应用级鉴权返回")
+@Data
+public class AppAuthRespVO {
+
+    /**
+     * 应用代码
+     */
+    @ApiModelProperty(value = "应用代码")
+    private String appCode;
+
+    /**
+     * 应用 URL
+     */
+    @ApiModelProperty(value = "应用URL")
+    private String appUrl;
+
+    /**
+     * 解析
+     *
+     * @param appDataSensitiveLevelDTO DTO
+     * @return VO
+     */
+    public static AppAuthRespVO parseDto(AppDataSensitiveLevelDTO appDataSensitiveLevelDTO) {
+        AppAuthRespVO appAuthRespVO = new AppAuthRespVO();
+        appAuthRespVO.setAppCode(appDataSensitiveLevelDTO.getCode());
+        appAuthRespVO.setAppUrl(appDataSensitiveLevelDTO.getUrl());
+        return appAuthRespVO;
+    }
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/api/controller/DataAuthApiController.java

@@ -0,0 +1,62 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.api.controller;
+
+import cn.hutool.core.util.StrUtil;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.dragoninfo.dcuc.auth.auth.api.IApiDataAuthFacade;
+import com.dragoninfo.dcuc.auth.auth.dto.DataItemsCheckDto;
+import com.dragoninfo.dcuc.auth.auth.dto.DataItemsDto;
+import com.dragoninfo.dcuc.auth.auth.facade.IBimBusinessFacade;
+import com.dragoninfo.dcuc.authweb.util.VersionUtils;
+import com.dragoninfo.dcuc.common.Constants;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+/**
+ * 代码千万行,注释第一行,编码不规范,同事两行泪
+ *
+ * @author huang(jy)
+ * @version 1.0
+ * @date 2021/5/7 9:09
+ */
+@Api(tags = {"数据鉴权"})
+@RestController
+@RequestMapping(value = "/api/auth-service/" + VersionUtils.VERSION_UID_V1 + "/")
+public class DataAuthApiController {
+
+    @Autowired
+    private IApiDataAuthFacade apiDataAuthFacade;
+
+    @Autowired
+    private IBimBusinessFacade bimBusinessFacade;
+
+
+    @ApiOperation(value = "查询是否拥有数据项权限接口")
+    @ApiImplicitParams({@ApiImplicitParam(name = "DataItemsCheckDto", value = "数据资源对象")})
+    @PostMapping(value = "data-auth/data-items/check")
+    public ResponseDTO checkDataItems(@RequestBody DataItemsCheckDto checkDto,
+                                      @RequestHeader(value = Constants.DCUC_USER_TOKEN, required = false) String headerUserToken,
+                                      @RequestHeader(value = Constants.IDCARD, required =  false) String headerIdcard) {
+        String currentIdcard = null;
+        if (StrUtil.isBlank(headerUserToken)) {
+            currentIdcard = headerIdcard;
+        }else{
+            DecodedJWT decode = JWT.decode(headerUserToken);
+            currentIdcard = decode.getClaim("idCard").asString();
+        }
+        if (StringUtils.isBlank(currentIdcard)){
+            return  ResponseDTO.fail("当前登录人身份证号不允许为空", (Object) null);
+        }
+        checkDto.setCurrentIdcard(currentIdcard);
+        checkDto.setIdcard(currentIdcard);
+        return apiDataAuthFacade.dataItemsCheck(checkDto);
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/AppController.java

@@ -10,7 +10,7 @@ import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IManufacturerInfoFacade;
 import com.dragoninfo.dcuc.auth.auth.vo.ApplicationInfoVO;
 import com.dragoninfo.dcuc.auth.power.facade.IApplicationInfoFacade;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AppVo;
 import com.dragoninfo.dcuc.duceap.facade.IDuceapUploadFacade;
@@ -56,7 +56,7 @@ public class AppController {
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
     @Autowired
     private IUserInfoFacade userInfoFacade;
     @Autowired
@@ -209,7 +209,7 @@ public class AppController {
         List<Map<String, Object>> result = new ArrayList<>();
         SecurityUser user = (SecurityUser) ContextUtils.getUserInfo();
         //用户范围
-        String userMt = mtAuthService.getMtAuth(user.getId(), SysConstants.MT_USER);
+        String userMt = mtAuthBusiness.getMtAuth(user.getId(), SysConstants.MT_USER);
         if (StringUtils.isEmpty(userMt)) {
             return Result.success(result);
         }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/DataResourceController.java

@@ -0,0 +1,82 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.app;
+
+import com.dragoninfo.dcuc.app.facade.IDataResourceFacade;
+import com.dragoninfo.dcuc.app.vo.DataClassifyVo;
+import com.dragoninfo.dcuc.app.vo.DataFieldClassifyVo;
+import com.dragoninfo.dcuc.app.vo.DataLevelVo;
+import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AuthDataClassifyVo;
+import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AuthDataFieldClassifyVo;
+import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.AuthDataLevelVo;
+import com.dragoninfo.duceap.core.response.Result;
+import com.google.common.collect.Lists;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+/**
+ * @Author: qiuyu
+ * @Date: 2021/4/15 17:29
+ * @Description:
+ */
+@Api(tags = {"数据资源分级分类表码管理"})
+@RestController
+@RequestMapping(value = "dataresourcesrv/v1")
+public class DataResourceController {
+
+    @Autowired
+    private IDataResourceFacade dataResourceFacade;
+
+    @ApiOperation(value = "数据分级表码列表")
+    @GetMapping(value = "datalevels")
+    public Result<List<AuthDataLevelVo>> getDataLevelList() {
+        List<AuthDataLevelVo> result = Lists.newArrayList();
+        for (DataLevelVo dataLevelVo : dataResourceFacade.getDataLevelList()) {
+            AuthDataLevelVo authDataLevelVo = new AuthDataLevelVo();
+            BeanUtils.copyProperties(dataLevelVo, authDataLevelVo);
+            result.add(authDataLevelVo);
+        }
+        return Result.success(result);
+    }
+
+    @ApiOperation(value = "安全等级表码列表")
+    @GetMapping(value = "securitylevels")
+    Result<List<AuthDataLevelVo>> getSecurityLevelList() {
+        List<AuthDataLevelVo> result = Lists.newArrayList();
+        for (DataLevelVo dataLevelVo : dataResourceFacade.getSecurityLevelList()) {
+            AuthDataLevelVo authDataLevelVo = new AuthDataLevelVo();
+            BeanUtils.copyProperties(dataLevelVo, authDataLevelVo);
+            result.add(authDataLevelVo);
+        }
+        return Result.success(result);
+    }
+
+    @ApiOperation(value = "数据资源分类表码列表")
+    @GetMapping(value = "dataclassifys")
+    Result<List<AuthDataClassifyVo>> getDataClassifyList() {
+        List<AuthDataClassifyVo> result = Lists.newArrayList();
+        for (DataClassifyVo dataClassifyVo : dataResourceFacade.getDataClassifyList()) {
+            AuthDataClassifyVo authDataClassifyVo = new AuthDataClassifyVo();
+            BeanUtils.copyProperties(dataClassifyVo, authDataClassifyVo);
+            result.add(authDataClassifyVo);
+        }
+        return Result.success(result);
+    }
+
+    @ApiOperation(value = "字段分类表码列表")
+    @GetMapping(value = "fieldclassifys")
+    Result<List<AuthDataFieldClassifyVo>> getFieldClassifyList() {
+        List<AuthDataFieldClassifyVo> result = Lists.newArrayList();
+        for (DataFieldClassifyVo dataFieldClassifyVo : dataResourceFacade.getFieldClassifyList()) {
+            AuthDataFieldClassifyVo authDataClassifyVo = new AuthDataFieldClassifyVo();
+            BeanUtils.copyProperties(dataFieldClassifyVo, authDataClassifyVo);
+            result.add(authDataClassifyVo);
+        }
+        return Result.success(result);
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/ManufacturerInfoController.java

@@ -5,7 +5,7 @@ import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.entity.ManufacturerInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IManufacturerInfoFacade;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.app.vo.ManufacturerVo;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
@@ -46,7 +46,7 @@ public class ManufacturerInfoController extends BaseController<ManufacturerInfo,
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
 
     @Autowired
     private IOrgInfoFacade orgInfoFacade;
@@ -149,7 +149,7 @@ public class ManufacturerInfoController extends BaseController<ManufacturerInfo,
         List<ManufacturerInfo> manufacturerInfoList = new ArrayList<>();
         BaseSecurityUser user = ContextUtils.getUserInfo();
         //用户范围
-        String userMt = mtAuthService.getMtAuth(user.getId(), SysConstants.MT_USER);
+        String userMt = mtAuthBusiness.getMtAuth(user.getId(), SysConstants.MT_USER);
         //所有应用
         List<ApplyInfo> applyInfoList = applyInfoFacade.getAllList();
         //范围内加过的厂商

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/ResourceListingController.java

@@ -25,7 +25,7 @@ import java.util.stream.Collectors;
 public class ResourceListingController {
 
     @Autowired
-    private IResourceFacade iResourceFacade;
+    private IResourceFacade resourceFacade;
 
     /**
      * 获取应用和服务资源列表
@@ -37,7 +37,7 @@ public class ResourceListingController {
     public Result<List<ResourceRequestResult>> getResourceListing(@RequestBody ResourceRequestParam requestParam) {
         ResourceRequestParamDTO paramDTO = new ResourceRequestParamDTO();
         BeanUtils.copyProperties(requestParam,paramDTO);
-        List<ResourceRequestResultDTO> results = iResourceFacade.getResourceRequestResults(paramDTO);
+        List<ResourceRequestResultDTO> results = resourceFacade.getResourceRequestResults(paramDTO);
         List<ResourceRequestResult> list = results.stream().map(item -> {
             ResourceRequestResult vo = new ResourceRequestResult();
             BeanUtils.copyProperties(item, vo);
@@ -53,7 +53,7 @@ public class ResourceListingController {
     @ApiOperation(value = "资源同步表与应用、服务资源同步")
     @GetMapping(value = "sync")
     public Result resourceSync() {
-        iResourceFacade.resourceSync();
+        resourceFacade.resourceSync();
         return Result.success();
     }
 

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/vo/AuthDataClassifyVo.java

@@ -0,0 +1,40 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.app.vo;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+/**
+ * @Author: qiuyu
+ * @Date: 2021/4/15 14:17
+ * @Description:
+ */
+@Data
+@ApiModel(value = "字段分类")
+public class AuthDataClassifyVo {
+
+    @ApiModelProperty(value = "一级代码")
+    private String firstLevelCode;
+
+    @ApiModelProperty(value = "一级名称")
+    private String firstLevelName;
+
+    @ApiModelProperty(value = "二级代码")
+    private String secondLevelCode;
+
+    @ApiModelProperty(value = "二级名称")
+    private String secondLevelName;
+
+    @ApiModelProperty(value = "标签分类代码")
+    private String labelClassifyCode;
+
+    @ApiModelProperty(value = "标签分类名称")
+    private String labelClassifyName;
+
+    @ApiModelProperty(value = "标签代码")
+    private String labelCode;
+
+    @ApiModelProperty(value = "标签名称")
+    private String labelName;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/vo/AuthDataFieldClassifyVo.java

@@ -0,0 +1,27 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.app.vo;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * @Author: qiuyu
+ * @Date: 2021/4/15 14:17
+ * @Description:
+ */
+@Data
+@ApiModel(value = "字段分类")
+public class AuthDataFieldClassifyVo {
+    @ApiModelProperty(value = "一级等级代码")
+    private String firstLevelCode;
+
+    @ApiModelProperty(value = "一级等级名称")
+    private String firstLevelName;
+
+    @ApiModelProperty(value = "二级等级代码")
+    private String secondLevelCode;
+
+    @ApiModelProperty(value = "二级等级名称")
+    private String secondLevelName;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/app/vo/AuthDataLevelVo.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.app.vo;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+/**
+ * @Author: qiuyu
+ * @Date: 2021/4/15 14:17
+ * @Description:
+ */
+@Data
+@ApiModel(value = "等级分类")
+public class AuthDataLevelVo {
+
+    @ApiModelProperty(value = "等级代码")
+    private String levelCode;
+
+    @ApiModelProperty(value = "等级名称")
+    private String levelName;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/DataAuthController.java

@@ -0,0 +1,226 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.TypeReference;
+import com.dragoninfo.dcuc.app.facade.IDataResourceFacade;
+import com.dragoninfo.dcuc.app.vo.DataResourceClassifyVo;
+import com.dragoninfo.dcuc.auth.auth.dto.data.*;
+import com.dragoninfo.dcuc.auth.auth.enumresources.SubDataAuthTypeEnum;
+import com.dragoninfo.dcuc.auth.auth.facade.IDataAuthFacade;
+import com.dragoninfo.dcuc.auth.auth.vo.BusResultVO;
+import com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data.*;
+import com.dragoninfo.dcuc.authweb.util.VersionUtils;
+import com.dragoninfo.dcuc.user.label.ILabelFacade;
+import com.dragoninfo.dcuc.user.label.dto.LabelSearchDto;
+import com.dragoninfo.dcuc.user.label.vo.LabelTreeVO;
+import com.dragoninfo.duceap.core.response.Result;
+import com.dragonsoft.duceap.base.entity.search.SearchDTO;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections.CollectionUtils;
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2021/4/6
+ */
+@Slf4j
+@Api(tags ="数据授权API")
+@RestController
+@RequestMapping("authsvr/"+ VersionUtils.VERSION_UID +"/dataauth")
+public class DataAuthController {
+
+    public static final String idJoin = "|";
+
+    @Autowired
+    IDataAuthFacade dataAuthFacade;
+
+    @Autowired
+    ILabelFacade labelFacade;
+
+    @Autowired
+    IDataResourceFacade dataResourceFacade;
+
+
+
+    @ApiOperation(value = "获取属性列表,树形结构：警种1-业务域N")
+    @ApiImplicitParam(name = "name", value = "查询条件")
+    @RequestMapping(value = "businessTreeList", produces = "application/json;charset=UTF-8", method = RequestMethod.POST)
+    public Result<List<LabelTreeVO>> businessTreeList(@RequestBody LabelSearchDto labelSearchDto){
+        List<LabelTreeVO> labelTreeList = labelFacade.labelTreeList(labelSearchDto);
+        return Result.success(labelTreeList);
+    }
+
+
+    @ApiOperation(value = "获取所有数据资源,返回树结构")
+    @ApiImplicitParam(name = "attrType",value = "数据属性类型 TABLE：表 COLUMN：列")
+    @GetMapping(value = "allDataTree", produces = "application/json;charset=UTF-8")
+    public Result<List<DataResourceClassifyVo>> getAllDataResource(@RequestParam("attrType") String attrType){
+        log.info("allDataTree >> attrType:{}", attrType);
+        List<DataResourceClassifyVo> dataResourceTree = dataResourceFacade.getAllDataResourceTree(attrType);
+        return Result.success(dataResourceTree);
+    }
+
+    @ApiOperation(value = "获取数据资源,返回树结构")
+    @ApiImplicitParam(name = "typeCode",value = "typeCode类型（数据分级：DATA_CLASSIFY；数据资源分类：DATA_RESOURCE_CLASSIFY；数据安全级别：DATA_SECURITY_LEVEL；字段分类：COLUMN_CLASSIFY）")
+    @GetMapping(value = "getDataResourceTree")
+    public Result<DataResourceClassifyVo> getDataResource(@RequestParam("typeCode") String typeCode){
+        log.info("dataTree >> typeCode:{}", typeCode);
+        DataResourceClassifyVo dataResourceTree = dataResourceFacade.getDataResourceTree(typeCode);
+        return Result.success(dataResourceTree);
+    }
+
+    @ApiOperation(value = "人员数据授权接口")
+    @PostMapping(value = "userDataAuth", produces = "application/json;charset=UTF-8")
+    public Result<Boolean> userDataAuth(@RequestBody UserDataAuthAcceptVo vo){
+        List<DataAuthAcceptVo> authVoList = vo.getAuthVoList();
+        log.info("userDataAuth >> userDataAuthAcceptVo:{}",JSON.toJSONString(vo));
+        SubDataAuthDTO subDataAuthDTO = convertToSubAuthDTO(vo.getIdcard(), SubDataAuthTypeEnum.SUB_DATA_AUTH_USER.getValue(), vo.getAuthType(), authVoList);
+        dataAuthFacade.subDataAuthAdd(subDataAuthDTO);
+        return Result.success(true);
+    }
+
+
+    @ApiOperation(value = "机构数据授权接口")
+    @PostMapping(value = "orgDataAuth", produces = "application/json;charset=UTF-8")
+    public Result<Boolean> orgDataAuth(@RequestBody OrgDataAuthAcceptVo vo){
+        List<DataAuthAcceptVo> authVoList = vo.getAuthVoList();
+        log.info("orgDataAuth>>orgDataAuthAcceptVo:{}",JSON.toJSONString(vo));
+        SubDataAuthDTO subDataAuthDTO = convertToSubAuthDTO(vo.getOrgCode(), SubDataAuthTypeEnum.SUB_DATA_AUTH_ORG.getValue(), vo.getAuthType(), authVoList);
+        dataAuthFacade.subDataAuthAdd(subDataAuthDTO);
+        return Result.success(true);
+    }
+
+
+    @ApiOperation(value = "业务域标签数据授权接口")
+    @PostMapping(value = "labelDataAuth", produces = "application/json;charset=UTF-8")
+    public Result<Boolean> labelDataAuth(@RequestBody LabelDataAuthAcceptVo vo){
+        List<DataAuthAcceptVo> authVoList = vo.getAuthVoList();
+        log.info("labelDataAuth >> labelDataAuthAcceptVo:{}",JSON.toJSONString(vo));
+        SubDataAuthDTO subDataAuthDTO = convertToSubAuthDTO(vo.getBusinessCode(), SubDataAuthTypeEnum.SUB_DATA_AUTH_BUSINESS.getValue(), vo.getAuthType(), authVoList);
+        dataAuthFacade.subDataAuthAdd(subDataAuthDTO);
+        return Result.success(true);
+    }
+
+    @ApiOperation(value = "查询多个主体相关数据权限")
+    @PostMapping(value = "subListDataAuth", produces = "application/json;charset=UTF-8")
+    public Result subDataAuthList(@RequestBody List<SubDataAuthQueryVo> queryVoList) {
+        List<SubDataAuthQueryDTO> dtos = new ArrayList<>();
+        for (SubDataAuthQueryVo vo : queryVoList) {
+            SubDataAuthQueryDTO dto = new SubDataAuthQueryDTO();
+            BeanUtils.copyProperties(vo,dto);
+        }
+        List<DataClassifyDTO> classifyDTOS = dataAuthFacade.subDataAuthList(dtos);
+        List<DataClassifyVo> vos = convertToVos(classifyDTOS);
+        return Result.success(vos);
+    }
+
+    @ApiOperation(value = "查询单个主体数据权限")
+    @PostMapping(value = "getSubDataAuth" , produces = "application/json;charset=UTF-8")
+    public Result<List<DataClassifyVo>> getSubDataAuth(@RequestBody SubDataAuthQueryVo queryVo){
+        log.info("getSubDataAuth >> vo:{}",JSON.toJSONString(queryVo));
+        SubDataAuthQueryDTO queryDTO = new SubDataAuthQueryDTO();
+        BeanUtils.copyProperties(queryVo,queryDTO);
+        List<DataClassifyDTO> dtos = dataAuthFacade.getSubDataAuth(queryDTO);
+        List<DataClassifyVo> vos = convertToVos(dtos);
+        return Result.success(vos);
+    }
+
+
+    @ApiOperation(value = "人员视角数据权限查询-根据人员id查询")
+    @ApiImplicitParams(value = {
+            @ApiImplicitParam(name = "userId",value = "人员id"),
+            @ApiImplicitParam(name = "authType",value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    })
+    @GetMapping(value = "dataAuthInfoByUserId" , produces = "application/json;charset=UTF-8")
+    public Result<List<DataClassifyVo>> userDataAuthInfoById(@RequestParam("userId") String userId,
+                                   @RequestParam(value = "authType", required = false) String authType){
+        log.info("dataAuthInfoByUserId >> userId:{},authType:{}", userId, authType);
+        List<DataClassifyDTO> dtos = dataAuthFacade.userDataAuthInfoByUserId(userId, authType);
+        List<DataClassifyVo> vos = convertToVos(dtos);
+        return Result.success(vos);
+    }
+
+    @ApiOperation(value = "人员视角数据权限查询-根据人员身份证号查询")
+    @ApiImplicitParams(value = {
+            @ApiImplicitParam(name = "idcard",value = "身份证号"),
+            @ApiImplicitParam(name = "authType",value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    })
+    @GetMapping(value = "dataAuthInfoByIdcard" , produces = "application/json;charset=UTF-8")
+    public Result<List<DataClassifyVo>> userDataAuthInfoByIdcard(@RequestParam("idcard") String idcard,
+                                   @RequestParam(value = "authType",required = false) String authType){
+        List<DataClassifyDTO> dtos = dataAuthFacade.userDataAuthInfoByIdcard(idcard, authType);
+        List<DataClassifyVo> vos = convertToVos(dtos);
+        return Result.success(vos);
+    }
+
+    @ApiOperation(value = "人员视角-有权限的数据资源查询(树结构)-根据身份证号查询")
+    @ApiImplicitParams(value = {
+            @ApiImplicitParam(name = "idcard",value = "身份证号"),
+            @ApiImplicitParam(name = "authType",value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    })
+    @GetMapping(value = "userDataTreeByIdcard" , produces = "application/json;charset=UTF-8")
+    public Result<List<DataResourceClassifyVo>> userDataAuthTreeByIdcard(@RequestParam("idcard") String idcard, @RequestParam(value = "authType",required = false) String authType){
+        List<DataResourceDTO> dtos = dataAuthFacade.userDataTreeByIdcard(idcard, authType);
+        //树节点dto转vo多层次拷贝,使用JSONString序列化
+        //字段key值要能对应上
+        String dtoStr = JSON.toJSONString(dtos);
+        List<DataResourceClassifyVo> vos = JSON.parseObject(dtoStr, new TypeReference<List<DataResourceClassifyVo>>() {{
+        }});
+        return Result.success(vos);
+    }
+
+    @ApiOperation(value = "分级分类清单数据")
+    @PostMapping(value = "dataDetailList")
+    public Result dataDetailList(SearchDTO searchDTO){
+        BusResultVO busResultVO = dataAuthFacade.dataDetailList(searchDTO);
+        return Result.success((long) busResultVO.getResultData().getTotalCount(),busResultVO.getResultData().getDataList());
+    }
+
+    private List<DataClassifyVo> convertToVos(List<DataClassifyDTO> classifyDTOS) {
+        return classifyDTOS.stream().map(item -> {
+            DataClassifyVo vo = new DataClassifyVo();
+            BeanUtils.copyProperties(item, vo,"tickedDatas");
+            List<SubDataDTO> tickedDatas = item.getTickedDatas();
+            List<SubDataVo> dataVoList = tickedDatas.stream()
+                    .map(dto->{
+                        //拼接dataId给前端使用,保证dataId是唯一值
+                        dto.setDataId(dto.getClassifyCode()+ idJoin + dto.getDataId());
+                        SubDataVo subDataVo = new SubDataVo();
+                        BeanUtils.copyProperties(dto,subDataVo);
+                        return subDataVo;
+                    }).collect(Collectors.toList());
+            vo.setTickedDatas(dataVoList);
+            return vo;
+        }).collect(Collectors.toList());
+    }
+
+    private SubDataAuthDTO convertToSubAuthDTO(String subId, String subType, String authType,List<DataAuthAcceptVo> authVoList) {
+        SubDataAuthDTO subDataAuthDTO = new SubDataAuthDTO(subId,subType,authType);
+        List<SubDataDTO> dataDTOList = new ArrayList<>();
+        for (DataAuthAcceptVo vo : authVoList) {
+            SubDataDTO subDataDTO = new SubDataDTO();
+            subDataDTO.setDataType(vo.getDataType());
+            String dataId = vo.getDataId();
+            //除去分级分类标签的code
+            int index = dataId.indexOf(idJoin);
+            //从dataId截取拼接各种参数
+            int lastIndex = dataId.lastIndexOf(idJoin);
+            subDataDTO.setDataId(dataId.substring(index+1));
+            subDataDTO.setClassifyCode(dataId.substring(0,index));
+            subDataDTO.setDataCode(dataId.substring(lastIndex+1));
+            dataDTOList.add(subDataDTO);
+        }
+        subDataAuthDTO.setDataAuthList(dataDTOList);
+        return subDataAuthDTO;
+    }
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/RoleAuthInfoController.java

@@ -11,7 +11,7 @@ import com.dragoninfo.dcuc.auth.auth.facade.IRoleInfoFacade;
 import com.dragoninfo.dcuc.auth.auth.facade.IStaffAssignAuthInfoFacade;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleAuthParamVo;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleInfoVO;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.RoleAuthUserVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.StaffAssignAuthInfoVo;
@@ -64,7 +64,7 @@ public class RoleAuthInfoController {
     @Autowired
     private IStaffAssignAuthInfoFacade staffAssignAuthInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
     @Autowired
     private ICodeListResourceFacade iCodeListResourceFacade;
 
@@ -170,7 +170,7 @@ public class RoleAuthInfoController {
         searchable.addSearchFilter("name",SearchOperator.ne,iUserInfoFacade.getRootUser());
         Page<UserInfo> page = iUserInfoFacade.userList(searchDTO);
         if (!iUserInfoFacade.getRootUser().equals(curUser.getName())) {
-            String mtIds = mtAuthService.getMtAuth(curUser.getId(), SysConstants.MT_APP);
+            String mtIds = mtAuthBusiness.getMtAuth(curUser.getId(), SysConstants.MT_APP);
             if (StringUtils.isEmpty(mtIds)) {
                 return Result.success(0L,null);
             }
@@ -199,7 +199,7 @@ public class RoleAuthInfoController {
 //        searchable.addSearchFilter("jobType",SearchOperator.notIn,jobType);
         Page<UserInfo> page = iUserInfoFacade.userList(searchable.toSearchDTO());
         if (!iUserInfoFacade.getRootUser().equals(curUser.getName())) {
-            String mtIds = mtAuthService.getMtAuth(curUser.getId(), SysConstants.MT_APP);
+            String mtIds = mtAuthBusiness.getMtAuth(curUser.getId(), SysConstants.MT_APP);
             if (StringUtils.isEmpty(mtIds)) {
                 return Result.success(0L,null);
             }
@@ -259,7 +259,7 @@ public class RoleAuthInfoController {
         appId = (String) appIdCondition.getValue();
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
         if (!iUserInfoFacade.getRootUser().equals(curUser.getName())) {
-            String mtIds = mtAuthService.getMtAuth(curUser.getId(), SysConstants.MT_APP);
+            String mtIds = mtAuthBusiness.getMtAuth(curUser.getId(), SysConstants.MT_APP);
             if (StringUtils.isEmpty(mtIds)) {
                 return Result.success(0L,null);
             }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/RoleInfoController.java

@@ -16,6 +16,7 @@ import com.dragoninfo.dcuc.user.user.enumresources.YesNotEnum;
 import com.dragoninfo.duceap.core.response.Result;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
+import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.core.context.ContextUtils;
 import com.dragonsoft.duceap.core.search.Searchable;
@@ -285,6 +286,7 @@ public class RoleInfoController {
             searchable.removeSearchFilter("roleLevel_eq");
             searchable.addSearchFilter("role_level", SearchOperator.eq, roleLevel_eq.getValue());
         }
+        searchable.addSearchFilter("is_not_limit_count", SearchOperator.eq, BooleanEnum.FALSE.value);
         Page<RoleInfoVO> page = iRoleInfoFacade.getQuotoRoles(searchable.toSearchDTO());
         return Result.success(page.getTotalElements(), page.getContent());
     }

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/DataAuthAcceptVo.java

@@ -0,0 +1,32 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2021/4/8
+ */
+@ApiModel(value = "同一类别数据授权对象")
+@Data
+public class DataAuthAcceptVo {
+
+    @ApiModelProperty(value = "数据资源唯一标识")
+    private String dataId;
+
+    @ApiModelProperty(value = "数据资源类型,对应类型码值" +
+            "DATA_SECURITY_LEVEL：数据安全级别；" +
+            "LEVEL_1_COLUMN_CLASSIFY：字段一级分类；" +
+            "LEVEL_2_COLUMN_CLASSIFY：字段二级分类；" +
+            "DATA_CLASSIFY：数据分级", dataType = "string")
+    private String dataType;
+
+    @ApiModelProperty(value = "数据资源code")
+    private String dataCode;
+
+    @ApiModelProperty(value = "数据对应的分级分类标签code")
+    private String classifyCode;
+
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/DataClassifyVo.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2021/4/15
+ */
+@Data
+@ApiModel(value = "拥有的数据权限Vo")
+public class DataClassifyVo {
+    @ApiModelProperty(value = "id,分级分类唯一标识")
+    private String id;
+    @ApiModelProperty(value = "分级分类名称")
+    private String label;
+    @ApiModelProperty(value = "分级分类code值")
+    private String code;
+    @ApiModelProperty(value = "数据属性类型 TABLE：表 COLUMN：列")
+    private String attrType;
+    @ApiModelProperty(value = "分级分类下被勾选的叶子节点对象集合")
+    private List<SubDataVo> tickedDatas;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/DataDetailConditionVo.java

@@ -0,0 +1,27 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2021/4/19
+ */
+@ApiModel(value = "查询条件")
+@Data
+@NoArgsConstructor
+public class DataDetailConditionVo {
+
+    @ApiModelProperty(value = "目录名称，模糊查询")
+    private String resourceName;
+
+    @ApiModelProperty(value = "规范数据项集名称和数据对象中文名称模糊查询")
+    private String keyword;
+
+    @ApiModelProperty(value = "表级数据类别，精确查询，多个条件间关系为AND")
+    private List<ResourceTypeQueryVo> resourceTypes;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/DataDetailQueryVo.java

@@ -0,0 +1,27 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author mazq
+ * @date 2021/4/19
+ */
+@ApiModel(value = "数据清单查询Vo")
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class DataDetailQueryVo {
+
+    @ApiModelProperty(value = "页码")
+    private Integer page;
+
+    @ApiModelProperty(value = "页面数量")
+    private Integer pageSize;
+
+    @ApiModelProperty(value = "查询条件")
+    private DataDetailConditionVo condition;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/DataResourceTreeVo.java

@@ -0,0 +1,37 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2021/4/13
+ */
+@Data
+@ApiModel(value = "数据资源树对象")
+public class DataResourceTreeVo {
+
+    @ApiModelProperty(value = "节点id")
+    private String id;
+    @ApiModelProperty(value = "数据资源code")
+    private String code;
+    @ApiModelProperty(value = "节点名称")
+    private String label;
+    @ApiModelProperty(value = "节点详细说明")
+    private String desc;
+    @ApiModelProperty(value = "数据资源类型" +
+            "数据安全级别：DATA_SECURITY_LEVEL " +
+            "字段一级分类：LEVEL_1_COLUMN_CLASSIFY" +
+            "字段二级分类：LEVEL_2_COLUMN_CLASSIFY" +
+            "数据分级：DATA_CLASSIFY")
+    private String dataType;
+    @ApiModelProperty(value = "子节点集合")
+    private List<DataResourceTreeVo> child;
+    @ApiModelProperty(value = "是否是树节点 true：是树节点,child不为空。false：非树节点,child为空。")
+    private Boolean treeNode;
+    @ApiModelProperty(value = "父节点id")
+    private String pId;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/LabelDataAuthAcceptVo.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2021/4/8
+ */
+@ApiModel("业务域数据授权接收对象")
+@Data
+public class LabelDataAuthAcceptVo {
+
+    @ApiModelProperty(value = "业务域表码code值")
+    private String businessCode;
+
+    @ApiModelProperty(value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    private String authType;
+
+    @ApiModelProperty(value = "需要授权的数据对象",dataType = "object[]")
+    private List<DataAuthAcceptVo> authVoList;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/OrgDataAuthAcceptVo.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2021/4/8
+ */
+@ApiModel(value = "机构数据授权接收对象")
+@Data
+public class OrgDataAuthAcceptVo {
+
+    @ApiModelProperty(value = "机构code")
+    private String orgCode;
+
+    @ApiModelProperty(value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    private String authType;
+
+    @ApiModelProperty(value = "需要授权的数据对象",dataType = "object[]")
+    private List<DataAuthAcceptVo> authVoList;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/ResourceTypeQueryVo.java

@@ -0,0 +1,25 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author mazq
+ * @date 2021/4/19
+ */
+@ApiModel(value = "查询条件")
+@Data
+@NoArgsConstructor
+public class ResourceTypeQueryVo {
+
+    @ApiModelProperty(value = "数据资源类型code值")
+    private String typeCode;
+
+    @ApiModelProperty(value = "数据资源code值")
+    private String codeValue;
+
+
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/SubDataAuthQueryVo.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2021/4/13
+ */
+@Data
+@ApiModel("主体数据权限查询参数封装对象")
+public class SubDataAuthQueryVo {
+
+    @ApiModelProperty(value = "主体id: 人员|机构id/业务域code")
+    private String subId;
+
+    @ApiModelProperty(value = "主体类型：机构:ORG|人员:USER|业务域:BUSINESS")
+    private String subType;
+
+    @ApiModelProperty(value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    private String authType;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/SubDataVo.java

@@ -0,0 +1,27 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2021/4/16
+ */
+@ApiModel(value = "主体授权的数据资源")
+@Data
+public class SubDataVo {
+
+    @ApiModelProperty(value = "数据资源唯一标识")
+    private String dataId;
+
+    @ApiModelProperty(value = "数据类型")
+    private String dataType;
+
+    @ApiModelProperty(value = "数据资源code集合")
+    private String dataCode;
+
+    @ApiModelProperty(value = "数据对应的分级分类标签code")
+    private String classifyCode;
+
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/auth/vo/data/UserDataAuthAcceptVo.java

@@ -0,0 +1,25 @@
+package com.dragoninfo.dcuc.authweb.restcontroller.auth.vo.data;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2021/4/8
+ */
+@ApiModel(value = "人员数据授权接对象")
+@Data
+public class UserDataAuthAcceptVo {
+
+    @ApiModelProperty(value = "人员idcard")
+    private String idcard;
+
+    @ApiModelProperty(value = "数据属性授权类型 TABLE：表授权 COLUMN：列授权")
+    private String authType;
+
+    @ApiModelProperty(value = "需要授权的数据对象",dataType = "object[]")
+    private List<DataAuthAcceptVo> authVoList;
+}

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/login/DcucLoginController.java

@@ -1,6 +1,7 @@
 package com.dragoninfo.dcuc.authweb.restcontroller.login;
 
 
+import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.auth.auth.facade.IRoleFacade;
 import com.dragoninfo.dcuc.authweb.config.DcucAuthWebConfig;
 import com.dragoninfo.dcuc.org.facade.IOrgInfoFacade;
@@ -13,12 +14,14 @@ import com.dragoninfo.dcuc.user.user.facade.IUserInfoFacade;
 import com.dragonsoft.duceap.base.entity.security.SecurityRight;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.web.SecurityProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -52,35 +55,42 @@ public class DcucLoginController {
     }
 
     @GetMapping(value = "/info")
-    public SecurityUser info() {
-        UserInfo userInfo = new UserInfo();
+    public SecurityUser info(@RequestHeader(value = "userToken", required = false) String userToken,
+                             @RequestHeader(value = "appToken", required = false) String appToken) {
+        logger.info("UserToken:{},appToken:{}", userToken, appToken);
+
+        UserInfo userInfo;
         try {
             SecurityUser securityUser = (SecurityUser) UserContextUtils.getCurrentUser();
-            if("dids".equals(securityProperties.getType())){
+            if ("dids".equals(securityProperties.getType())) {
                 userInfo = userFacade.detailBySfzh(securityUser.getIdcard());
                 securityUser.setName(userInfo.getName());
                 securityUser.setUserName(userInfo.getName());
-            }
-            if("dcuc".equals(securityProperties.getType())){
+            } else {
                 userInfo = iUserInfoFacade.userDetail(securityUser.getId());
             }
-            securityUser.setId(userInfo.getId());
+            String userId = securityUser.getId();
+            if (StrUtil.isBlank(userId)) {
+                securityUser.setId(userInfo.getId());
+            }
             List<SecurityRight> authmenu = getAuthmenu(securityUser, userInfo);
             securityUser.setSecurityRightList(authmenu);
-            //todo 因为数据库不同  后续不需要下面代码
-            securityUser.setIdcard(userInfo.getIdcard());
-            securityUser.setName(userInfo.getName());
             //ADMIN管理员
             String rootOrgid = userInfo.getOrgId();
             if (iUserInfoFacade.isRootUser(securityUser.getId()) && StringUtils.isEmpty(rootOrgid)) {
                 rootOrgid = iOrgInfoFacade.getRootOrgId();
             }
+
             securityUser.setSecurityOrg(rootOrgid);
+
+            logger.info("securityUser:{}", JsonUtils.toJSONString(securityUser));
+
             return securityUser;
         } catch (Exception var3) {
             logger.error("获取用户信息异常", var3);
             throw new SecurityException("获取用户信息异常", var3);
         }
+
     }
 
 

src/main/java/com/dragoninfo/dcuc/authweb/restcontroller/org/OrgInfoController.java

@@ -2,7 +2,7 @@ package com.dragoninfo.dcuc.authweb.restcontroller.org;
 
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
-import com.dragoninfo.dcuc.authweb.common.MtAuthService;
+import com.dragoninfo.dcuc.authweb.business.MtAuthBusiness;
 import com.dragoninfo.dcuc.authweb.common.SysConstants;
 import com.dragoninfo.dcuc.authweb.restcontroller.org.vo.MergersVo;
 import com.dragoninfo.dcuc.authweb.restcontroller.org.vo.OrgRangeVo;
@@ -72,7 +72,7 @@ public class OrgInfoController {
     @Autowired
     private IApplyInfoFacade applyInfoFacade;
     @Autowired
-    private MtAuthService mtAuthService;
+    private MtAuthBusiness mtAuthBusiness;
     @Autowired
     private IMgeMtAuthFacade iMgeMtAuthFacade;
 
@@ -94,7 +94,7 @@ public class OrgInfoController {
         String type = (String) params.get("type");
         //获取管理范围ids
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
-        String mtAuthIds = mtAuthService.getMtAuth(curUser.getId(), type);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(curUser.getId(), type);
         if (StringUtils.isEmpty(id)) {
             //获取机构树根节点列表
             List<Map<String, Object>> result = this.treeRootList(mtAuthIds);
@@ -139,7 +139,7 @@ public class OrgInfoController {
         String userId = orgRangeVo.getUserId();
         //获取管理范围ids
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
-        String mtAuthIds = mtAuthService.getMtAuth(curUser.getId(), mtType);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(curUser.getId(), mtType);
         //当临时表没有数据时候，获取登录人的权限范围
         if (StringUtils.isEmpty(mtAuthIds) && SysConstants.MT_TEMP.equals(orgRangeVo.getMtType())) {
             mtAuthIds = iAppMtAuthFacade.mgeAppRightRangeStr(ContextUtils.getUserInfo().getId());
@@ -650,7 +650,7 @@ public class OrgInfoController {
      * @return
      */
     public List<Map<String, Object>> checkTreeNode(List<Map<String, Object>> treeNodes, String type, String targetUserId) {
-        String mtAuthIds = mtAuthService.getMtAuth(targetUserId, type);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(targetUserId, type);
         for (Map<String, Object> treeNode : treeNodes) {
             String orgId = (String) treeNode.get("id");
             String path = (String) treeNode.get("path");
@@ -739,7 +739,7 @@ public class OrgInfoController {
             @RequestParam(value = "id", required = false) String id) {
         //获取管理范围ids
         SecurityUser curUser = (SecurityUser) ContextUtils.getUserInfo();
-        String mtAuthIds = mtAuthService.getMtAuth(curUser.getId(), type);
+        String mtAuthIds = mtAuthBusiness.getMtAuth(curUser.getId(), type);
         if (StringUtils.isEmpty(id)) {
             List<Map<String, Object>> result = this.treeRootList(mtAuthIds);
             return Result.success(result);

src/main/resources/application-base.yml

@@ -35,14 +35,18 @@ duceap:
   apollo:
     client:
       host: http://10.201.3.20:8070
+  security-access:
+    jwt:
+      enabled: true
+      user-token-header-name: userToken
   security:
-    type: dcuc
+    #    type: dcuc ## 注解掉不开启认证登录
     dcuc:
-      cas-server-url-prefix: http://10.11.1.142:8877/dcucserver
-      server-name: 10.11.0.240:8871
+      cas-server-url-prefix: http://192.168.10.2:8877/sso
+      server-name: 10.11.1.151:8000
       ignore-pattern: '/js/*|/img/*|/css/*|/api/*|/*.png|/rest/*|/webSocket/*|/oauthLogin/*|/authorizationPage.html|/importAuthorizationFile.html|/license/LicenseManagerServlet|/authorizationFile/'
       app-code: QXXT0000000000000001
-      api-url: http://127.0.0.1:8861/dcucauth
+      api-url: http://192.168.10.2:8860/dcuc
     dids2:
       appCode: YHZX0000000000000001
       SSOLoginUrl: http://192.168.6.128:9995/didsserver/login
@@ -71,4 +75,4 @@ dcuc:
   authweb:
     app-code: QXXT0000000000000001
     auth-access: true
-    enable-api-check: false
+    check-type-enum: token

src/main/resources/logback.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="rollingFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/dcuc-auth-back.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/dcuc-auth-back.%d{yyyy-MM-dd}.log</fileNamePattern>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <!--<appender name="rollingFileThread" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/duceap2.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/duceap2.%d{yyyy-MM-dd}.log</fileNamePattern>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%date{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+        <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+            <evaluator>
+                <expression>
+                    <![CDATA[
+                         !event.getThreadName().contains("DefaultQuartzScheduler")
+                     ]]>
+                </expression>
+            </evaluator>
+            <OnMatch>DENY</OnMatch>
+            <OnMismatch>NEUTRAL</OnMismatch>
+        </filter>
+    </appender>-->
+
+    <!-- project default level -->
+    <logger name="java.sql.Connection" level="INFO"/>
+    <logger name="java.sql.Statement" level="INFO"/>
+    <logger name="java.sql.PreparedStatement" level="INFO"/>
+    <logger name="com.dragonsoft" level="DEBUG"/>
+    <logger name="com.dragoninfo" level="DEBUG"/>
+
+
+    <!--log4jdbc -->
+    <logger name="jdbc.sqltiming" level="INFO"/>
+
+    <root level="INFO">
+        <appender-ref ref="console"/>
+        <appender-ref ref="rollingFile"/>
+    </root>
+
+    <!--<logger name="com.dragonsoft.duceap" level="DEBUG"><appender-ref ref="rollingFileThread" /></logger>-->
+</configuration>

src/test/java/GenerateToken.java

@@ -0,0 +1,34 @@
+import cn.hutool.core.date.DateTime;
+import cn.hutool.core.date.DateUtil;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTCreator;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.dragonsoft.duceap.commons.util.date.DateUtils;
+import org.junit.Test;
+
+import java.util.Date;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/8
+ **/
+public class GenerateToken {
+
+    @Test
+    public void getUserToken() {
+        DateTime date = DateUtil.date();
+
+        DateTime dateTime = DateUtil.offsetDay(date, 1);
+
+        Algorithm algorithm = Algorithm.HMAC256("secret");
+        JWTCreator.Builder builder = JWT.create().withExpiresAt(dateTime).withIssuedAt(date);
+
+        builder.withClaim("idCard", "379004198203211208");
+
+        String sign = builder.sign(algorithm);
+
+        System.out.println(sign);
+
+    }
+
+}