feature(启明审计对接): 启明审计对接

启明审计对接

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/dto/AuthorizeHandlerDto.java

@@ -22,6 +22,12 @@ public class AuthorizeHandlerDto {
      */
     private String handlerIdcard;
 
+    /**
+     * 权限处理者机构code
+     * @return
+     */
+    private String handlerOrgCode;
+
     public String getHandlerName() {
         return handlerName;
     }
@@ -45,4 +51,12 @@ public class AuthorizeHandlerDto {
     public void setHandlerIdcard(String handlerIdcard) {
         this.handlerIdcard = handlerIdcard;
     }
+
+    public String getHandlerOrgCode() {
+        return handlerOrgCode;
+    }
+
+    public void setHandlerOrgCode(String handlerOrgCode) {
+        this.handlerOrgCode = handlerOrgCode;
+    }
 }

dcuc-auth-service/pom.xml

@@ -169,13 +169,22 @@
             <artifactId>spring-retry</artifactId>
         </dependency>
 
-        <!--        <dependency>
-                    <groupId>com.dragonsoft</groupId>
-                    <artifactId>audit-log-collection-common</artifactId>
-                    <version>1.0.0-SNAPSHOT</version>
-                </dependency>-->
 
-<!--        <dependency>-->
+        <!--对接审计-->
+        <dependency>
+            <groupId>com.dragonsoft</groupId>
+            <artifactId>auditlog-qm-tj</artifactId>
+            <version>1.0.0-SNAPSHOT</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>joda-time</artifactId>
+                    <groupId>joda-time</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
+
+        <!--        <dependency>-->
 <!--            <groupId>com.dragonsoft</groupId>-->
 <!--            <artifactId>auditlog-qm-tj</artifactId>-->
 <!--            <version>1.0.0-SNAPSHOT</version>-->

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/config/AuditConfig.java

@@ -19,4 +19,5 @@ public class AuditConfig {
     private String authenticationGroupId;
     private String authorizeTopic;
     private String authorizeGroupId;
+    private String sysId;
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/constance/AuditConstance.java

@@ -0,0 +1,45 @@
+package com.dragoninfo.dcuc.auth.audit.constance;
+
+/**
+ * @author mazq
+ * @date 2021/7/28
+ */
+public class AuditConstance {
+
+    /**启明logType定义：授权 */
+    public static String AUDIT_LOG_TYPE_SQ = "007";
+
+    /**启明logType定义：鉴权 */
+    public static String AUDIT_LOG_TYPE_JQ = "008";
+
+    /**启明authType定义：应用鉴权 */
+    public static String AUDIT_AUTH_TYPE_YYJQ = "6";
+
+    /**启明authType定义：功能鉴权 */
+    public static String AUDIT_AUTH_TYPE_GNJQ = "2";
+
+    /**启明authType定义：数据级鉴权 */
+    public static String AUDIT_AUTH_TYPE_SJJQ = "4";
+
+    /**启明authType定义：服务级鉴权 */
+    public static String AUDIT_AUTH_TYPE_FWJQ = "7";
+
+    /**启明authType定义：功能授权 */
+    public static String AUDIT_AUTH_TYPE_GNSQ = "33";
+
+    /**启明authType定义：服务授权 */
+    public static String AUDIT_AUTH_TYPE_FWSQ = "34";
+
+    /**启明authType定义：数据授权 */
+    public static String AUDIT_AUTH_TYPE_SJSQ = "35";
+
+    /**启明authType定义：应用授权 */
+    public static String AUDIT_AUTH_TYPE_YYSQ = "36";
+
+    /**启明operateType定义  授权 */
+    public static String AUDIT_OPERATE_TYPE_SQ = "01";
+
+    /**启明operateType定义：销权 */
+    public static String AUDIT_OPERATE_TYPE_XQ = "02";
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/listener/AuthorizeLogListener.java

@@ -7,6 +7,7 @@ import com.dragoninfo.dcuc.auth.audit.entity.AuthorizeLog;
 import com.dragoninfo.dcuc.auth.audit.entity.AuthorizeObject;
 import com.dragoninfo.dcuc.auth.audit.entity.AuthorizeSubject;
 import com.dragoninfo.dcuc.auth.audit.service.AuthorizeLogService;
+import com.dragoninfo.dcuc.auth.audit.service.QmAuditPushService;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.mq.client.model.entity.MessageInfoDTO;
 import com.google.common.base.Joiner;
@@ -37,6 +38,9 @@ public class AuthorizeLogListener {
     @Autowired
     private AuthorizeLogService authorizeLogService;
 
+    @Autowired
+    private QmAuditPushService pushService;
+
     @ConditionalOnProperty(name = "dcuc.auth.audit-log.kafka", havingValue = "true")
     @KafkaListener(topics = "${dcuc.auth.audit-log.authorize-topic}", groupId = "${dcuc.auth.audit-log.authorize-groupId}", containerFactory = "kafkaListenerContainerFactory")
     public void receiveMessage(ConsumerRecord<String, byte[]> record) {
@@ -57,6 +61,9 @@ public class AuthorizeLogListener {
 
             saveLog(authorizeLogDto);
 
+            pushService.PushAuthorizeLog(authorizeLogDto);
+
+
         } catch (Exception e) {
             logger.error("receiveMessage error.", e);
         }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/QmAuditPushService.java

@@ -0,0 +1,96 @@
+package com.dragoninfo.dcuc.auth.audit.service;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.audit.config.AuditConfig;
+import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeHandlerDto;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeLogDto;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeObjectDto;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeSubjectDto;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
+import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthBusLog;
+import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2021/7/28
+ */
+@Slf4j
+@Service
+public class QmAuditPushService {
+
+    @Autowired
+    private LogSendComponent logSendComponent;
+
+    @Autowired
+    private AuditConfig config;
+
+
+    public void PushAuthorizeLog(AuthorizeLogDto authorizeLogDto) {
+        String sysId = config.getSysId();
+        String logType = AuditConstance.AUDIT_LOG_TYPE_SQ;
+        List<AuthBusLog> busLogs = getAuthBusLog(authorizeLogDto);
+        if(CollectionUtils.isNotEmpty(busLogs)) {
+            logSendComponent.sendAuthBusLog(sysId, logType, busLogs);
+        }
+    }
+
+    private List<AuthBusLog> getAuthBusLog(AuthorizeLogDto authorizeLogDto) {
+        String authorizeType = authorizeLogDto.getAuthorizeType();
+        List<AuthBusLog> list = new ArrayList<>();
+        if(AuthorizeTypeEnum.GNSQ.getValue().equals(authorizeType)) {
+            list = getGnsqBusLog(authorizeLogDto);
+        }
+        return list;
+    }
+
+    private List<AuthBusLog> getGnsqBusLog(AuthorizeLogDto authorizeLogDto) {
+        List<AuthBusLog> list = new ArrayList<>();
+        Date createTime = authorizeLogDto.getCreateTime();
+        String timeStr = "";
+        if(null != createTime) {
+            long time = createTime.getTime();
+            timeStr = String.valueOf(time);
+        }
+        AuthorizeHandlerDto handlerDto = authorizeLogDto.getAuthorizeHandlers().get(0);
+        List<AuthorizeSubjectDto> subjectDtos = authorizeLogDto.getAuthorizeSubjects();
+        List<AuthorizeObjectDto> objectDtos = authorizeLogDto.getAuthorizeObjects();
+
+        for (AuthorizeSubjectDto subjectDto : subjectDtos) {
+            AuthBusLog authBusLog = new AuthBusLog();
+            authBusLog.setAuthType(AuditConstance.AUDIT_AUTH_TYPE_GNSQ);
+            //设置操作者
+            authBusLog.setOperateType(AuditConstance.AUDIT_LOG_TYPE_SQ);
+            String operateUserId = handlerDto.getHandlerId();
+            authBusLog.setOperateUserId(operateUserId);
+            authBusLog.setOperateUserName(handlerDto.getHandlerName());
+            authBusLog.setOperateUserIdcard(handlerDto.getHandlerIdcard());
+            authBusLog.setOperateOrgCode(handlerDto.getHandlerOrgCode());
+            authBusLog.setOperateTime(timeStr);
+            //设置授权对象
+            String userId = subjectDto.getSubjectId();
+            authBusLog.setUserId(userId);
+            authBusLog.setUserName(subjectDto.getSubjectName());
+            String roleNames = objectDtos
+                    .stream()
+                    .map(AuthorizeObjectDto::getObjectName)
+                    .collect(Collectors.joining(StrUtil.COMMA));
+            //设置角色名称
+            authBusLog.setRoleNames(roleNames);
+            list.add(authBusLog);
+            log.debug("getGnsqBusLog roleNames:{}, userId:{},operateUserId:{}", roleNames, userId, operateUserId);
+        }
+        return list;
+    }
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/DataAuthLogHandler.java

@@ -71,6 +71,7 @@ public class DataAuthLogHandler {
         authorizeHandlerDto.setHandlerName(securityUser.getUserName());
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
+        authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
         return authorizeHandlerDto;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/RoleViewAuthLogHandler.java

@@ -146,6 +146,7 @@ public class RoleViewAuthLogHandler {
         authorizeHandlerDto.setHandlerName(securityUser.getUserName());
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
+        authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
         return authorizeHandlerDto;
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/ServiceAuthLogHandler.java

@@ -117,6 +117,7 @@ public class ServiceAuthLogHandler {
         authorizeHandlerDto.setHandlerName(securityUser.getUserName());
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
+        authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
         return authorizeHandlerDto;
     }
 
@@ -159,6 +160,7 @@ public class ServiceAuthLogHandler {
         authorizeHandlerDto.setHandlerName(userInfo.getName());
         authorizeHandlerDto.setHandlerId(userInfo.getId());
         authorizeHandlerDto.setHandlerIdcard(userInfo.getIdcard());
+        authorizeHandlerDto.setHandlerOrgCode(userInfo.getOrgCode());
 
         List<AuthorizeObjectDto> authorizeObjectDtos = serviceCodes.stream().map(e -> {
             ServiceResource serviceResource = serviceResourceFacade.detailByCode(e);
@@ -191,6 +193,7 @@ public class ServiceAuthLogHandler {
         authorizeHandlerDto.setHandlerName(userInfo.getName());
         authorizeHandlerDto.setHandlerId(userInfo.getId());
         authorizeHandlerDto.setHandlerIdcard(userInfo.getIdcard());
+        authorizeHandlerDto.setHandlerOrgCode(userInfo.getOrgCode());
 
         List<AuthorizeObjectDto> authorizeObjectDtos = serviceCodes.stream().map(e -> {
             ServiceResource serviceResource = serviceResourceFacade.detailByCode(e);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/UserViewAuthLogHandler.java

@@ -121,6 +121,7 @@ public class UserViewAuthLogHandler {
         authorizeHandlerDto.setHandlerName(securityUser.getUserName());
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
+        authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
         return authorizeHandlerDto;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/ServiceAuthResultServiceImpl.java

@@ -341,7 +341,7 @@ public class ServiceAuthResultServiceImpl implements IServiceAuthResultService {
             result.setDeleted(BooleanEnum.FALSE.value);
             ServiceResource serviceResource = serviceResourceFacade.detailByCode(dto.getServiceCode());
             result.setServiceId(serviceResource.getId());
-            result.setAuthStatus("1");
+            result.setAuthStatus(AuthStatusEnum.START.getValue());
             this.saveAuthResult(result);
             List<String> addServiceCodes = new ArrayList<>();
             addServiceCodes.add(result.getServiceCode());

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/StaffAssignAuthInfoService.java

@@ -918,8 +918,8 @@ public class StaffAssignAuthInfoService implements IStaffAssignAuthInfoService {
             String roleId = jsonObject.get("id").toString();
             Searchable searchable = Searchable.toSearchable(new SearchDTO());
             searchable.addSearchFilter("app_id", SearchOperator.eq, appId);
-            searchable.addSearchFilter("role_id", SearchOperator.eq, appId);
-            searchable.addSearchFilter("staff_id", SearchOperator.eq, appId);
+            searchable.addSearchFilter("role_id", SearchOperator.eq, roleId);
+            searchable.addSearchFilter("staff_id", SearchOperator.eq, userInfo.getId());
             List<StaffAssignAuthInfo> staffAssignAuthInfos = staffAssignAuthInfoBPO.find(StaffAssignAuthInfo.class, searchable);
             if (CollectionUtils.isNotEmpty(staffAssignAuthInfos)) {
                 continue;

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -33,6 +33,7 @@ dcuc:
       authentication-groupId: auditlog
       authorize-topic: 10000029
       authorize-groupId: auditlog
+      sys-id:
     service-permission-url: http://127.0.0.1/permission/service
     bim-url: https://127.0.0.1:8443/bim-server
     bim-login-id: app1
@@ -43,4 +44,8 @@ dcuc:
       org-info-url: http://10.11.1.237:8860/dcuc/api/user-service/v1/auth-sync/org-sync
     gm-enable: false
     gm-select-enable: false
-    approval-center-url: http://10.254.11.185:8866/approve-gateway
+    approval-center-url: http://10.254.11.185:8866/approve-gateway
+app:
+  audit:
+    qmtj:
+      host-address: https://127.0.0.1:8843