feature: 应用变更通知添加新标准通知地址

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/AuthRedisConstant.java

@@ -19,11 +19,6 @@ public class AuthRedisConstant {
      */
     public static final String REDIS_USER_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "USER:";
 
-    /**
-     * 标准规范用户令牌命令空间
-     */
-    public static final String REDIS_STANDARD_USER_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "STANDARD_USER:";
-
     /**
      * BIM token命名空间
      */

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustAppAuthBusiness.java

@@ -114,7 +114,7 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
                 .userToken(userTokenId)
                 .terminalIp(IpUtils.getIp())
                 .build();
-        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoService.apiAppAuth(authVo);
+        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoService.apiAppAuth(authVo, true);
 
         // 过滤冻结的权限
         appList = filterFrozenAuth(appList, userVo);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/StaffAssignAuthInfoFacade.java

@@ -65,7 +65,7 @@ public class StaffAssignAuthInfoFacade implements IStaffAssignAuthInfoFacade {
     @Override
     public List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo) {
 
-        return staffAssignAuthInfoService.apiAppAuth(apiAppAuthVo);
+        return staffAssignAuthInfoService.apiAppAuth(apiAppAuthVo, true);
     }
 
     @Override

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/IStaffAssignAuthInfoService.java

@@ -144,7 +144,7 @@ public interface IStaffAssignAuthInfoService  {
      * @param apiAppAuthVo 鉴权Vo
      * @return 应用列表
      */
-    List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo);
+    List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo, boolean needSendLog);
 
     /**
      * 应用下的角色授权列表

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/StaffAssignAuthInfoService.java

@@ -706,7 +706,7 @@ public class StaffAssignAuthInfoService implements IStaffAssignAuthInfoService {
     }
 
     @Override
-    public List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo) {
+    public List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo, boolean needSendLog) {
         // 人员的角色授权
         List<AppDataSensitiveLevelDTO> roleAuthResult = staffAssignAuthInfoBPO.getAppLitByUserId(apiAppAuthVo.getUserInfo().getId());
         List<AppDataSensitiveLevelDTO> list = new ArrayList<>(roleAuthResult);
@@ -718,7 +718,9 @@ public class StaffAssignAuthInfoService implements IStaffAssignAuthInfoService {
         String[] orgAuthCode = collect.stream().map(AppDataSensitiveLevelDTO::getCode).toArray(String[]::new);
         logger.info("人员角色授权结果:{}, 机构授权结果:{}", roleAuthCode, orgAuthCode);
 
-        logInfoFillService.sendAppAuthenticationLog(apiAppAuthVo, list, AuthResultEnum.SUC);
+        if (needSendLog) {
+            logInfoFillService.sendAppAuthenticationLog(apiAppAuthVo, list, AuthResultEnum.SUC);
+        }
         return list;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/INotifyBusiness.java

@@ -31,4 +31,12 @@ public interface INotifyBusiness {
      * @param userTokenList 用户令牌
      */
     void sendNotify(String notifyUrl, List<String> userTokenList);
+
+    /**
+     * 发送361新标准权限变更通知
+     * @param notifyAppUrl
+     * @param idcards
+     * @param userTokens
+     */
+    void sendZeroTrustAppAuthChangeNotify(String notifyAppUrl, List<String> idcards, List<String> userTokens);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/NotifyBusinessImpl.java

@@ -1,7 +1,11 @@
 package com.dragoninfo.dcuc.auth.business.impl;
 
+import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.json.JSONUtil;
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
+import com.dragoninfo.dcuc.auth.auth.service.IStaffAssignAuthInfoService;
+import com.dragoninfo.dcuc.auth.auth.vo.ApiAppAuthVo;
 import com.dragoninfo.dcuc.auth.auth.vo.AuthNoticeReqVO;
 import com.dragoninfo.dcuc.auth.auth.vo.AuthNoticeRespVO;
 import com.dragoninfo.dcuc.auth.auth.vo.bim.BimAppPermissionUpdateContentRespVO;
@@ -10,6 +14,9 @@ import com.dragoninfo.dcuc.auth.auth.vo.bim.BimAppPermissionUpdateRespVo;
 import com.dragoninfo.dcuc.auth.business.IBimBusiness;
 import com.dragoninfo.dcuc.auth.business.INotifyBusiness;
 import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragonsoft.duceap.commons.util.UUIDUtils;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
 import com.dragonsoft.duceap.commons.util.json.JsonUtils;
@@ -25,6 +32,7 @@ import org.springframework.retry.annotation.Retryable;
 import org.springframework.stereotype.Service;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * @author huangzqa
@@ -40,6 +48,12 @@ public class NotifyBusinessImpl implements INotifyBusiness {
     @Autowired
     private IBimBusiness bimBusiness;
 
+    @Autowired
+    private IStaffAssignAuthInfoService staffAssignAuthInfoService;
+
+    @Autowired
+    private IAuthUserInfoService userInfoService;
+
 
     @Retryable(value = RemoteAccessException.class,
             maxAttempts = 5,
@@ -149,6 +163,40 @@ public class NotifyBusinessImpl implements INotifyBusiness {
         }
     }
 
+    @Override
+    public void sendZeroTrustAppAuthChangeNotify(String notifyAppUrl, List<String> idcards, List<String> userTokens) {
+        // 查询现在的应用级权限
+        try {
+            for (int i = 0; i < idcards.size(); i++) {
+                String idcard = idcards.get(i);
+                String userTokenId = userTokens.get(i);
+                if (StringUtils.isBlank(userTokenId)) {
+                    log.info("用户令牌不存在,无需通知。idcard:{}", idcard);
+                    continue;
+                }
+                AuthUserInfo userInfo = userInfoService.findByIdcard(idcard);
+                if (null == userInfo) {
+                    log.info("查询不到人员。idcard:{}", idcard);
+                    continue;
+                }
+                AuthUserVo userVo = new AuthUserVo();
+                userVo.setIdcard(userInfo.getId());
+                userVo.setIdcard(idcard);
+                ApiAppAuthVo appAuthVo = ApiAppAuthVo.builder()
+                        .userInfo(userVo)
+                        .build();
+                List<AppDataSensitiveLevelDTO> list = staffAssignAuthInfoService.apiAppAuth(appAuthVo, false);
+                String appCodes = list.stream()
+                        .map(AppDataSensitiveLevelDTO::getCode)
+                        .collect(Collectors.joining(StrUtil.COMMA));
+                log.info("通知人员:{}, 通知内容:{}", idcard, appCodes);
+            }
+        }catch (Exception e) {
+            log.error("新标准变更通知失败.", e);
+        }
+
+    }
+
 
     @Recover
     public void recover(RemoteAccessException e) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApiCommonBusiness.java

@@ -8,9 +8,8 @@ import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
-import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
 import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
@@ -110,7 +109,7 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
         String secretKey = applyInfo.getSecretKey();
 
-        String nonceValue = stringRedisTemplate.opsForValue().get(AuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce);
+        String nonceValue = stringRedisTemplate.opsForValue().get(ZerotrustAuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce);
         boolean exitsNonce = StrUtil.isNotBlank(nonceValue);
 
         if (exitsNonce) {
@@ -133,7 +132,7 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
         log.info("signEquals:{}", signEquals);
 
         if (signEquals) {
-            stringRedisTemplate.opsForValue().set(AuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce, "1", 30, TimeUnit.MINUTES);
+            stringRedisTemplate.opsForValue().set(ZerotrustAuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce, "1", 30, TimeUnit.MINUTES);
             return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
         }
         return ZeroTrustMessageRespVO.requestErrorMessage("验签不一致");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApprovalBusinessImpl.java

@@ -18,7 +18,7 @@ import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.approval.ApprovalCallBackReqVO
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragoninfo.dcuc.auth.sub.enumresource.OperateTypeEnum;
 import com.dragoninfo.dcuc.common.enums.UserExtInfoEnum;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
@@ -186,7 +186,7 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         String dateTimeStr = DateUtils.getTimeStr(date, DateConst.DB_STORE_DATE);
 
         // 当日的
-        String key = AuthRedisConstant.APPROVAL_TASK_ID_PREFIX + dateTimeStr;
+        String key = ZerotrustAuthRedisConstant.APPROVAL_TASK_ID_PREFIX + dateTimeStr;
         Boolean hasKey = stringRedisTemplate.hasKey(key);
         Long taskIdNo;
         // 有Key直接加1

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/RedisCacheBusinessImpl.java

@@ -4,7 +4,7 @@ import cn.hutool.core.util.StrUtil;
 import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.auth.auth.dto.AppAuthResultDto;
 import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
 import com.dragoninfo.dcuc.auth.token.enums.TokenTypeEnum;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
@@ -30,7 +30,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
     /**
      * 人员openId和userTokenId关联key类型
      */
-    private static final String USER_OPEN_ID_TOKEN_ID_KEY_TYPE = "OPEN_TOKEN_ID";
+    private static final String IDCARD_TOKEN_ID_KEY_TYPE = "IDCARD_TOKEN_ID";
     /**
      * 人员opId和appId关联key类型
      */
@@ -51,9 +51,9 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         String tokenIdKey = getKeyPrefix(userToken.getUserTokenId(), TokenTypeEnum.USER.getValue());
         stringRedisTemplate.opsForValue().set(tokenIdKey, JSON.toJSONString(userToken), redisExpire, TimeUnit.SECONDS);
 
-        // 缓存openId-tokenId到缓存中
+        // 缓存idcard-tokenId到缓存中
         String pid = userToken.getPid();
-        String openIdTokenKey = getKeyPrefix(pid, USER_OPEN_ID_TOKEN_ID_KEY_TYPE);
+        String openIdTokenKey = getKeyPrefix(pid, IDCARD_TOKEN_ID_KEY_TYPE);
         stringRedisTemplate
                 .opsForValue()
                 .set(openIdTokenKey, userToken.getUserTokenId(), redisExpire, TimeUnit.SECONDS);
@@ -83,7 +83,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         String id = tokenInfo.getUserTokenId();
         String pId = tokenInfo.getPid();
         String tokenIdKey = getKeyPrefix(id, TokenTypeEnum.USER.getValue());
-        String openIdTokenIdKey = getKeyPrefix(pId, USER_OPEN_ID_TOKEN_ID_KEY_TYPE);
+        String openIdTokenIdKey = getKeyPrefix(pId, IDCARD_TOKEN_ID_KEY_TYPE);
         String openIdAppIdKey = getKeyPrefix(pId, USER_OPEN_ID_APP_ID_KEY_TYPE);
         String[] keys = {tokenIdKey, openIdTokenIdKey, openIdAppIdKey};
         stringRedisTemplate.delete(Arrays.asList(keys));
@@ -157,7 +157,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
             return Collections.emptyList();
         }
 
-        List<String> tokenKeys = pIds.stream().map(item -> getKeyPrefix(item, USER_OPEN_ID_TOKEN_ID_KEY_TYPE))
+        List<String> tokenKeys = pIds.stream().map(item -> getKeyPrefix(item, IDCARD_TOKEN_ID_KEY_TYPE))
                 .collect(Collectors.toList());
 
         List<String> userTokenList = stringRedisTemplate.opsForValue().multiGet(tokenKeys);
@@ -176,7 +176,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         }
         ArrayList<String> openIdList = new ArrayList<>(openIds);
         List<String> keys = openIdList.stream()
-                .map(e -> getKeyPrefix(e, USER_OPEN_ID_TOKEN_ID_KEY_TYPE))
+                .map(e -> getKeyPrefix(e, IDCARD_TOKEN_ID_KEY_TYPE))
                 .collect(Collectors.toList());
         List<String> userTokenIds = stringRedisTemplate.opsForValue().multiGet(keys);
         if (CollectionUtils.isEmpty(userTokenIds)) {
@@ -242,15 +242,15 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
 
     private String getKeyPrefix(String id, String type) {
         if (type.equals(TokenTypeEnum.APP.getValue())) {
-            return AuthRedisConstant.REDIS_APP_TOKEN_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.REDIS_APP_TOKEN_NAMESPACE + id;
         } else if (type.equals(TokenTypeEnum.USER.getValue())) {
-            return AuthRedisConstant.REDIS_USER_TOKEN_NAMESPACE + id;
-        } else if (type.equals(USER_OPEN_ID_TOKEN_ID_KEY_TYPE)) {
-            return AuthRedisConstant.REDIS_OPEN_ID_TOKEN_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.REDIS_USER_TOKEN_NAMESPACE + id;
+        } else if (type.equals(IDCARD_TOKEN_ID_KEY_TYPE)) {
+            return ZerotrustAuthRedisConstant.REDIS_IDCARD_TOKEN_NAMESPACE + id;
         } else if (type.equals(USER_OPEN_ID_APP_ID_KEY_TYPE)) {
-            return AuthRedisConstant.REDIS_OPEN_AUTH_APP_ID_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.REDIS_OPEN_AUTH_APP_ID_NAMESPACE + id;
         } else if (type.equals(USER_AUTHENTICATION_LOCK_KEY_TYPE)) {
-            return AuthRedisConstant.USER_AUTH_LOCK_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.USER_AUTH_LOCK_NAMESPACE + id;
         } else {
             throw new ApplicationException("不支持的类型");
         }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/RiskOrderBusinessImpl.java

@@ -7,7 +7,7 @@ import com.dragoninfo.dcuc.auth.api.enums.securitypolicy.AuthTypeEnum;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IRiskOrderBusiness;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
@@ -92,7 +92,7 @@ public class RiskOrderBusinessImpl implements IRiskOrderBusiness {
     protected Set<String> getCurrentFrozenAuth(String pid, AuthTypeEnum authTypeEnum) {
         String nameSpace = "";
         if (authTypeEnum.equals(AuthTypeEnum.APP)) {
-            nameSpace = AuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE;
+            nameSpace = ZerotrustAuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE;
         } else {
             throw new IllegalArgumentException();
         }
@@ -116,7 +116,7 @@ public class RiskOrderBusinessImpl implements IRiskOrderBusiness {
      * @param effectiveTime 失效时间
      */
     protected void setAppAuthFrozen(String pid, String resourceId, Integer effectiveTime) {
-        String namespace = AuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE + pid;
+        String namespace = ZerotrustAuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE + pid;
         stringRedisTemplate.opsForValue().set(namespace, resourceId, effectiveTime, TimeUnit.SECONDS);
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/DcucAuthZerotrustConfig.java

@@ -5,6 +5,8 @@ import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
+
 /**
  * @author fuzq
  * @date 2019/3/13
@@ -49,4 +51,9 @@ public class DcucAuthZerotrustConfig {
      */
     private Boolean checkCallerSign = true;
 
+    /**
+     * 应用权限变更通知地址
+     */
+    private List<String> notifyAppUrlList;
+
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/AuthRedisConstant.java → dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/ZerotrustAuthRedisConstant.java

@@ -4,9 +4,9 @@ package com.dragoninfo.dcuc.auth.constance;
  * @author huangzqa
  * @date 2021/4/6
  **/
-public class AuthRedisConstant {
+public class ZerotrustAuthRedisConstant {
 
-    private AuthRedisConstant() {
+    private ZerotrustAuthRedisConstant() {
 
     }
 
@@ -18,7 +18,7 @@ public class AuthRedisConstant {
     /**
      * 人员id-用户令牌id 缓存命名空间
      */
-    public static final String REDIS_OPEN_ID_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "OPEN_ID:";
+    public static final String REDIS_IDCARD_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "IDCARD:";
 
     /**
      * 人员id-应用鉴权结果：应用ids 缓存命名空间

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/msg/PermissionUpdateProducer.java

@@ -2,7 +2,10 @@ package com.dragoninfo.dcuc.auth.msg;
 
 import com.dragoninfo.dcuc.auth.AuthRedisConstant;
 import com.dragoninfo.dcuc.auth.business.INotifyBusiness;
-import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
+import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -31,7 +34,7 @@ public class PermissionUpdateProducer {
     private RedisTemplate<String, Object> redisTemplate;
 
     @Autowired
-    private DcucAuthConfig authConfig;
+    private DcucAuthZerotrustConfig zerotrustConfig;
 
 
     /**
@@ -112,23 +115,44 @@ public class PermissionUpdateProducer {
             notifyBusiness.sendAppPermissionUpdateNotify(stringUserTokenList);
 
             // 获取标准规范用户令牌
-            List<String> userTokenIds = idcardList.subList(page[0], page[1]).stream()
+            List<String> idcards = idcardList.subList(page[0], page[1]);
+            List<String> userTokenKeys = idcardList.subList(page[0], page[1]).stream()
                     // 加上认证下发的用户令牌前缀
-                    .map(item -> AuthRedisConstant.REDIS_STANDARD_USER_TOKEN_NAMESPACE + item)
+                    .map(item -> ZerotrustAuthRedisConstant.REDIS_IDCARD_TOKEN_NAMESPACE + item)
+                    .collect(Collectors.toList());
+            List<Object> tokenList = redisTemplate.opsForValue().multiGet(userTokenKeys);
+            List<String> userTokens = Optional.ofNullable(tokenList)
+                    .orElse(Collections.emptyList())
+                    .stream()
+                    .map(e -> Optional.ofNullable(e).map(Object::toString).orElse(""))
                     .collect(Collectors.toList());
 
             // 标注规范用户权限变更通知
-            List<String> notifyAppUrlList = Optional.ofNullable(authConfig.getNotifyAppUrlList())
-                    .orElse(Collections.emptyList());
-            for (String notifyAppUrl : notifyAppUrlList) {
-                notifyBusiness.sendNotify(notifyAppUrl, userTokenIds);
-            }
+            zeroTrustNotify(idcards, userTokens);
 
             logger.info("Send message end , limit({},{})", page[0], page[1]);
 
         });
     }
 
+    private void zeroTrustNotify(List<String> idcards, List<String> userTokens) {
+        logger.info("==========新标准变更通知开始=============");
+        List<String> notifyAppUrlList = zerotrustConfig.getNotifyAppUrlList();
+        if (CollectionUtils.isEmpty(notifyAppUrlList)) {
+            logger.info("未配置新标准通知地址");
+            return;
+        }
+        for (String notifyAppUrl : notifyAppUrlList) {
+            logger.info("新标准应用级变更通知地址:{}", notifyAppUrl);
+            if (StringUtils.isBlank(notifyAppUrl)) {
+                continue;
+            }
+            notifyBusiness.sendZeroTrustAppAuthChangeNotify(notifyAppUrl, idcards, userTokens);
+        }
+        logger.info("==========新标准变更通知结束=============");
+
+    }
+
     /**
      * 发送通知消息，是否通知两个网关处理
      *

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -10,6 +10,7 @@ dcuc:
       user-token-query-url:
       app-token-query-url:
       user-info-query-url:
+      notify-app-url-list:
       approval:
         base-url:
         call-back-url: