feature(授权日志推送启明): 授权日志推送启明

授权日志推送启明

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/dto/AuthorizeHandlerDto.java

@@ -28,6 +28,12 @@ public class AuthorizeHandlerDto {
      */
     private String handlerOrgCode;
 
+    /**
+     * 权限处理者机构code
+     * @return
+     */
+    private String handlerOrgName;
+
     public String getHandlerName() {
         return handlerName;
     }
@@ -59,4 +65,12 @@ public class AuthorizeHandlerDto {
     public void setHandlerOrgCode(String handlerOrgCode) {
         this.handlerOrgCode = handlerOrgCode;
     }
+
+    public String getHandlerOrgName() {
+        return handlerOrgName;
+    }
+
+    public void setHandlerOrgName(String handlerOrgName) {
+        this.handlerOrgName = handlerOrgName;
+    }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/enums/AuthorizeTypeEnum.java

@@ -8,7 +8,10 @@ import com.dragonsoft.duceap.base.enums.ICodeEnum;
  * @Description:
  */
 public enum AuthorizeTypeEnum implements ICodeEnum {
-
+    /**
+     * 日志管理
+     * 权限受理和注销类型
+     */
     YYSQ("YYSQ","应用授权"),
     GNSQ("GNSQ","功能授权"),
     FWSQ("FWSQ","服务授权"),
@@ -27,6 +30,15 @@ public enum AuthorizeTypeEnum implements ICodeEnum {
         this.label = label;
     }
 
+    public static AuthorizeTypeEnum getByAuthorizeType(String authorizeType) {
+        for (AuthorizeTypeEnum value : AuthorizeTypeEnum.values()) {
+            if(value.getValue().equals(authorizeType)) {
+                return value;
+            }
+        }
+        return null;
+    }
+
     @Override
     public String getValue() {
         return this.value;

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/config/AuditConfig.java

@@ -20,4 +20,5 @@ public class AuditConfig {
     private String authorizeTopic;
     private String authorizeGroupId;
     private String sysId;
+    private Boolean qmEnabled;
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/constance/AuditConstance.java

@@ -6,6 +6,18 @@ package com.dragoninfo.dcuc.auth.audit.constance;
  */
 public class AuditConstance {
 
+    /** 系统自动授权时 操作者名称 */
+    public static final String SYS_USER_NAME = "系统自动授权";
+
+    /** 系统自动授权时 操作者ID */
+    public static final String SYS_USER_ID = "000000000000000000";
+
+    /** 系统自动授权时 操作者身份证号 */
+    public static final String SYS_USER_IDCARD = "000000000000000000";
+
+    /** 系统自动授权时 操作者身份证号 */
+    public static final String SYS_ORG_NAME = "权限中心";
+
     /**启明logType定义：授权 */
     public static String AUDIT_LOG_TYPE_SQ = "007";
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/listener/AuthorizeLogListener.java

@@ -7,7 +7,7 @@ import com.dragoninfo.dcuc.auth.audit.entity.AuthorizeLog;
 import com.dragoninfo.dcuc.auth.audit.entity.AuthorizeObject;
 import com.dragoninfo.dcuc.auth.audit.entity.AuthorizeSubject;
 import com.dragoninfo.dcuc.auth.audit.service.AuthorizeLogService;
-import com.dragoninfo.dcuc.auth.audit.service.QmAuditPushService;
+import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.mq.client.model.entity.MessageInfoDTO;
 import com.google.common.base.Joiner;
@@ -61,7 +61,7 @@ public class AuthorizeLogListener {
 
             saveLog(authorizeLogDto);
 
-            pushService.PushAuthorizeLog(authorizeLogDto);
+            pushService.pushAuthorizeLog(authorizeLogDto);
 
 
         } catch (Exception e) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/QmAuditPushService.java

@@ -1,96 +0,0 @@
-package com.dragoninfo.dcuc.auth.audit.service;
-
-import cn.hutool.core.util.StrUtil;
-import com.dragoninfo.dcuc.auth.audit.config.AuditConfig;
-import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeHandlerDto;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeLogDto;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeObjectDto;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeSubjectDto;
-import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
-import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
-import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
-import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthBusLog;
-import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.stream.Collectors;
-
-/**
- * @author mazq
- * @date 2021/7/28
- */
-@Slf4j
-@Service
-public class QmAuditPushService {
-
-    @Autowired
-    private LogSendComponent logSendComponent;
-
-    @Autowired
-    private AuditConfig config;
-
-
-    public void PushAuthorizeLog(AuthorizeLogDto authorizeLogDto) {
-        String sysId = config.getSysId();
-        String logType = AuditConstance.AUDIT_LOG_TYPE_SQ;
-        List<AuthBusLog> busLogs = getAuthBusLog(authorizeLogDto);
-        if(CollectionUtils.isNotEmpty(busLogs)) {
-            logSendComponent.sendAuthBusLog(sysId, logType, busLogs);
-        }
-    }
-
-    private List<AuthBusLog> getAuthBusLog(AuthorizeLogDto authorizeLogDto) {
-        String authorizeType = authorizeLogDto.getAuthorizeType();
-        List<AuthBusLog> list = new ArrayList<>();
-        if(AuthorizeTypeEnum.GNSQ.getValue().equals(authorizeType)) {
-            list = getGnsqBusLog(authorizeLogDto);
-        }
-        return list;
-    }
-
-    private List<AuthBusLog> getGnsqBusLog(AuthorizeLogDto authorizeLogDto) {
-        List<AuthBusLog> list = new ArrayList<>();
-        Date createTime = authorizeLogDto.getCreateTime();
-        String timeStr = "";
-        if(null != createTime) {
-            long time = createTime.getTime();
-            timeStr = String.valueOf(time);
-        }
-        AuthorizeHandlerDto handlerDto = authorizeLogDto.getAuthorizeHandlers().get(0);
-        List<AuthorizeSubjectDto> subjectDtos = authorizeLogDto.getAuthorizeSubjects();
-        List<AuthorizeObjectDto> objectDtos = authorizeLogDto.getAuthorizeObjects();
-
-        for (AuthorizeSubjectDto subjectDto : subjectDtos) {
-            AuthBusLog authBusLog = new AuthBusLog();
-            authBusLog.setAuthType(AuditConstance.AUDIT_AUTH_TYPE_GNSQ);
-            //设置操作者
-            authBusLog.setOperateType(AuditConstance.AUDIT_LOG_TYPE_SQ);
-            String operateUserId = handlerDto.getHandlerId();
-            authBusLog.setOperateUserId(operateUserId);
-            authBusLog.setOperateUserName(handlerDto.getHandlerName());
-            authBusLog.setOperateUserIdcard(handlerDto.getHandlerIdcard());
-            authBusLog.setOperateOrgCode(handlerDto.getHandlerOrgCode());
-            authBusLog.setOperateTime(timeStr);
-            //设置授权对象
-            String userId = subjectDto.getSubjectId();
-            authBusLog.setUserId(userId);
-            authBusLog.setUserName(subjectDto.getSubjectName());
-            String roleNames = objectDtos
-                    .stream()
-                    .map(AuthorizeObjectDto::getObjectName)
-                    .collect(Collectors.joining(StrUtil.COMMA));
-            //设置角色名称
-            authBusLog.setRoleNames(roleNames);
-            list.add(authBusLog);
-            log.debug("getGnsqBusLog roleNames:{}, userId:{},operateUserId:{}", roleNames, userId, operateUserId);
-        }
-        return list;
-    }
-
-}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/DataAuthLogHandler.java

@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IDataResourceFacade;
+import com.dragoninfo.dcuc.app.vo.DataLevelVo;
 import com.dragoninfo.dcuc.auth.audit.dto.*;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
@@ -104,7 +105,7 @@ public class DataAuthLogHandler {
         List<AuthorizeObjectDto> authorizeObjectDtos = addList.stream().map(e -> {
             AuthorizeObjectDto authorizeObjectDto = new AuthorizeObjectDto();
             authorizeObjectDto.setObjectName(Optional.ofNullable(
-                    dataResourceFacade.getDetailByIdAndClaType(e.getInnerId(), e.getClassifyCode())).map(ele -> ele.getLevelName()).orElse(""));
+                    dataResourceFacade.getDetailByIdAndClaType(e.getInnerId(), e.getClassifyCode())).map(DataLevelVo::getLevelName).orElse(""));
             authorizeObjectDto.setObjectId(e.getDataId());
             return authorizeObjectDto;
         }).collect(Collectors.toList());

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/QmAuditPushService.java

@@ -0,0 +1,160 @@
+package com.dragoninfo.dcuc.auth.audit.service.log;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.audit.config.AuditConfig;
+import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeHandlerDto;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeLogDto;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeObjectDto;
+import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeSubjectDto;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
+import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthBusLog;
+import com.google.common.util.concurrent.ThreadFactoryBuilder;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.*;
+import java.util.concurrent.*;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2021/7/28
+ */
+@Slf4j
+@Service
+public class QmAuditPushService {
+
+    private static final String AUTH_TYPE_KEY = "AUTH_TYPE_KEY";
+
+    private static final String OPERATE_TYPE_KEY = "OPERATE_TYPE_KEY";
+
+    ThreadFactory threadFactory = new ThreadFactoryBuilder().setNameFormat("qm-push-service-pool-").build();
+
+    ThreadPoolExecutor executor = new ThreadPoolExecutor(
+            20,
+            50,
+            5*60,
+            TimeUnit.SECONDS,
+            new LinkedBlockingQueue<>(2000),
+            threadFactory);
+
+    @Autowired
+    private LogSendComponent logSendComponent;
+
+    @Autowired
+    private AuditConfig config;
+
+
+    public void pushAuthorizeLog(AuthorizeLogDto authorizeLogDto) {
+        Boolean qmEnabled = config.getQmEnabled();
+        if(null == qmEnabled || !qmEnabled) {
+            return;
+        }
+        executor.submit(()-> pushLogMessage(authorizeLogDto));
+    }
+
+    private void pushLogMessage(AuthorizeLogDto authorizeLogDto) {
+        String sysId = config.getSysId();
+        String logType = AuditConstance.AUDIT_LOG_TYPE_SQ;
+        List<AuthBusLog> busLogs = getAuthBusLog(authorizeLogDto);
+        if(CollectionUtils.isNotEmpty(busLogs)) {
+            logSendComponent.sendAuthBusLog(sysId, logType, busLogs);
+        }
+    }
+
+    private List<AuthBusLog> getAuthBusLog(AuthorizeLogDto authorizeLogDto) {
+        String authorizeType = authorizeLogDto.getAuthorizeType();
+        AuthorizeTypeEnum typeEnum = AuthorizeTypeEnum.getByAuthorizeType(authorizeType);
+        if(null == typeEnum) {
+            return new ArrayList<>();
+        }
+        Map<String, String> map = getOperateAndAuth(typeEnum);
+        String authType = map.get(AUTH_TYPE_KEY);
+        String operateType = map.get(OPERATE_TYPE_KEY);
+        return constructBusLogs(authorizeLogDto, authType ,operateType);
+    }
+
+    private Map<String, String> getOperateAndAuth(AuthorizeTypeEnum typeEnum) {
+        Map<String, String> map = new HashMap<>();
+        switch (typeEnum) {
+            case GNSQ:
+                map.put(AUTH_TYPE_KEY, AuditConstance.AUDIT_AUTH_TYPE_GNSQ);
+                map.put(OPERATE_TYPE_KEY, AuditConstance.AUDIT_OPERATE_TYPE_SQ);
+                break;
+            case FWSQ:
+                map.put(AUTH_TYPE_KEY, AuditConstance.AUDIT_AUTH_TYPE_FWSQ);
+                map.put(OPERATE_TYPE_KEY, AuditConstance.AUDIT_OPERATE_TYPE_SQ);
+                break;
+            case SJSQ:
+                map.put(AUTH_TYPE_KEY, AuditConstance.AUDIT_AUTH_TYPE_SJSQ);
+                map.put(OPERATE_TYPE_KEY, AuditConstance.AUDIT_OPERATE_TYPE_SQ);
+                break;
+            case GNXQ:
+                map.put(AUTH_TYPE_KEY, AuditConstance.AUDIT_AUTH_TYPE_GNSQ);
+                map.put(OPERATE_TYPE_KEY, AuditConstance.AUDIT_OPERATE_TYPE_XQ);
+                break;
+            case FWXQ:
+                map.put(AUTH_TYPE_KEY, AuditConstance.AUDIT_AUTH_TYPE_FWSQ);
+                map.put(OPERATE_TYPE_KEY, AuditConstance.AUDIT_OPERATE_TYPE_XQ);
+                break;
+            case SJXQ:
+                map.put(AUTH_TYPE_KEY, AuditConstance.AUDIT_AUTH_TYPE_SJSQ);
+                map.put(OPERATE_TYPE_KEY, AuditConstance.AUDIT_OPERATE_TYPE_XQ);
+                break;
+            default:
+                break;
+        }
+        return map;
+    }
+
+    private List<AuthBusLog> constructBusLogs(AuthorizeLogDto authorizeLogDto, String authType, String operateType) {
+        List<AuthBusLog> list = new ArrayList<>();
+        if(StringUtils.isAnyBlank(authType, operateType)) {
+            return list;
+        }
+        String timeStr = getTimeStr(authorizeLogDto);
+        AuthorizeHandlerDto handlerDto = authorizeLogDto.getAuthorizeHandlers().get(0);
+        List<AuthorizeSubjectDto> subjectDtos = authorizeLogDto.getAuthorizeSubjects();
+        List<AuthorizeObjectDto> objectDtos = authorizeLogDto.getAuthorizeObjects();
+        for (AuthorizeSubjectDto subjectDto : subjectDtos) {
+            AuthBusLog authBusLog = new AuthBusLog();
+            authBusLog.setAuthType(authType);
+            //设置操作者
+            authBusLog.setOperateType(operateType);
+            String operateUserId = handlerDto.getHandlerId();
+            authBusLog.setOperateUserId(operateUserId);
+            authBusLog.setOperateUserName(handlerDto.getHandlerName());
+            authBusLog.setOperateUserIdcard(handlerDto.getHandlerIdcard());
+            authBusLog.setOperateOrgCode(handlerDto.getHandlerOrgCode());
+            authBusLog.setOperateTime(timeStr);
+            //设置授权对象
+            authBusLog.setUserId(subjectDto.getSubjectId());
+            authBusLog.setUserName(subjectDto.getSubjectName());
+            String roleNames = objectDtos
+                    .stream()
+                    .map(AuthorizeObjectDto::getObjectName)
+                    .collect(Collectors.joining(StrUtil.COMMA));
+            //设置角色名称
+            authBusLog.setRoleNames(roleNames);
+            authBusLog.setApproveResult(authorizeLogDto.getState());
+            list.add(authBusLog);
+        }
+        return list;
+    }
+
+    private String getTimeStr(AuthorizeLogDto authorizeLogDto) {
+        Date createTime = authorizeLogDto.getCreateTime();
+        String timeStr = "";
+        if(null != createTime) {
+            long time = createTime.getTime();
+            timeStr = String.valueOf(time);
+        }
+        return timeStr;
+    }
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/RoleViewAuthLogHandler.java

@@ -147,6 +147,7 @@ public class RoleViewAuthLogHandler {
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
         authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
+        authorizeHandlerDto.setHandlerOrgName(securityUser.getSecurityOrgName());
         return authorizeHandlerDto;
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/ServiceAuthLogHandler.java

@@ -5,12 +5,14 @@ import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.entity.ServiceResource;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.app.facade.IServiceResourceFacade;
+import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
 import com.dragoninfo.dcuc.auth.audit.dto.*;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.service.LogSendService;
 import com.dragoninfo.dcuc.auth.auth.entity.ServiceAuthResult;
+import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
 import com.dragoninfo.dcuc.user.user.facade.IUserInfoFacade;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
@@ -36,6 +38,9 @@ public class ServiceAuthLogHandler {
 
     private Logger logger = LoggerFactory.getLogger(ServiceAuthLogHandler.class);
 
+    @Autowired
+    private DcucAuthConfig authConfig;
+
     @Autowired
     private LogSendService logSendService;
 
@@ -118,6 +123,7 @@ public class ServiceAuthLogHandler {
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
         authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
+        authorizeHandlerDto.setHandlerOrgName(securityUser.getSecurityOrgName());
         return authorizeHandlerDto;
     }
 
@@ -155,12 +161,12 @@ public class ServiceAuthLogHandler {
     }
 
     public void sendAuthLogByFlow(AuthResultEnum state, String idcard, String appId, List<String> serviceCodes) {
-        UserInfo userInfo = userInfoFacade.userDetailByIdCard(idcard);
         AuthorizeHandlerDto authorizeHandlerDto = new AuthorizeHandlerDto();
-        authorizeHandlerDto.setHandlerName(userInfo.getName());
-        authorizeHandlerDto.setHandlerId(userInfo.getId());
-        authorizeHandlerDto.setHandlerIdcard(userInfo.getIdcard());
-        authorizeHandlerDto.setHandlerOrgCode(userInfo.getOrgCode());
+        authorizeHandlerDto.setHandlerName(AuditConstance.SYS_USER_NAME);
+        authorizeHandlerDto.setHandlerId(AuditConstance.SYS_USER_ID);
+        authorizeHandlerDto.setHandlerIdcard(AuditConstance.SYS_USER_IDCARD);
+        authorizeHandlerDto.setHandlerOrgCode(authConfig.getAppCode());
+        authorizeHandlerDto.setHandlerOrgName(AuditConstance.SYS_ORG_NAME);
 
         List<AuthorizeObjectDto> authorizeObjectDtos = serviceCodes.stream().map(e -> {
             ServiceResource serviceResource = serviceResourceFacade.detailByCode(e);
@@ -188,12 +194,12 @@ public class ServiceAuthLogHandler {
     }
 
     public void sendDelAuthLogByFlow(AuthResultEnum state, String idcard, String appId, List<String> serviceCodes) {
-        UserInfo userInfo = userInfoFacade.userDetailByIdCard(idcard);
         AuthorizeHandlerDto authorizeHandlerDto = new AuthorizeHandlerDto();
-        authorizeHandlerDto.setHandlerName(userInfo.getName());
-        authorizeHandlerDto.setHandlerId(userInfo.getId());
-        authorizeHandlerDto.setHandlerIdcard(userInfo.getIdcard());
-        authorizeHandlerDto.setHandlerOrgCode(userInfo.getOrgCode());
+        authorizeHandlerDto.setHandlerName(AuditConstance.SYS_USER_NAME);
+        authorizeHandlerDto.setHandlerId(AuditConstance.SYS_USER_ID);
+        authorizeHandlerDto.setHandlerIdcard(AuditConstance.SYS_USER_IDCARD);
+        authorizeHandlerDto.setHandlerOrgCode(authConfig.getAppCode());
+        authorizeHandlerDto.setHandlerOrgName(AuditConstance.SYS_ORG_NAME);
 
         List<AuthorizeObjectDto> authorizeObjectDtos = serviceCodes.stream().map(e -> {
             ServiceResource serviceResource = serviceResourceFacade.detailByCode(e);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/UserViewAuthLogHandler.java

@@ -122,6 +122,7 @@ public class UserViewAuthLogHandler {
         authorizeHandlerDto.setHandlerId(securityUser.getId());
         authorizeHandlerDto.setHandlerIdcard(securityUser.getIdcard());
         authorizeHandlerDto.setHandlerOrgCode(securityUser.getSecurityOrg());
+        authorizeHandlerDto.setHandlerOrgName(securityUser.getSecurityOrgName());
         return authorizeHandlerDto;
     }
 

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -34,6 +34,7 @@ dcuc:
       authorize-topic: 10000029
       authorize-groupId: auditlog
       sys-id:
+      qm-enabled: false
     service-permission-url: http://127.0.0.1/permission/service
     bim-url: https://127.0.0.1:8443/bim-server
     bim-login-id: app1