GAB 对接 V1.1 241106

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/authticate/ServiceAuthReqVO.java

@@ -28,5 +28,8 @@ public class ServiceAuthReqVO {
     private String taskId;
     @ApiModelProperty(value = "任务名称")
     private String taskName;
+    
+    @ApiModelProperty(value = "业务应用服务名称")
+    private String businessAppName;
 
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/dto/v2/AuthenticationLogDtoV2.java

@@ -17,6 +17,8 @@ public class AuthenticationLogDtoV2 extends AuthenticationLogDto{
 	private String taskName;//任务名称
 	private String authCode;//鉴权结果
 	private String authResponse;//返回内容
+	private String appName; // 发起请求的应用
+	private String businessAppName; // 业务发起的应用服务名称
 	public String getTerminalType() {
 		return terminalType;
 	}
@@ -53,6 +55,18 @@ public class AuthenticationLogDtoV2 extends AuthenticationLogDto{
 	public void setAuthCode(String authCode) {
 		this.authCode = authCode;
 	}
+	public String getAppName() {
+		return appName;
+	}
+	public void setAppName(String appName) {
+		this.appName = appName;
+	}
+	public String getBusinessAppName() {
+		return businessAppName;
+	}
+	public void setBusinessAppName(String businessAppName) {
+		this.businessAppName = businessAppName;
+	}
 	
 	
 	

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/listener/AuthenticationLogListener.java

@@ -73,6 +73,8 @@ public class AuthenticationLogListener {
 
             detectLogService.checkExceptionTime(authenticationLogDtoV2);
 
+            
+            pushService.pushAuthenticationLog(authenticationLogDto);
             pushService.pushAuthenticationLog(authenticationLogDtoV2);
         } catch (Exception e) {
             logger.error("receiveMessage error.", e);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/LogSendService.java

@@ -12,6 +12,7 @@ import com.dragonsoft.duceap.base.utils.UserContextUtils;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.duceap.core.entity.response.ResponseResult;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import com.dragonsoft.mq.client.model.vo.MessageInfoReqVo;
 import com.dragonsoft.mq.client.model.vo.MessageInfoVo;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -81,6 +82,7 @@ public class LogSendService {
      * 推送鉴权日志 V2
      */
     public void sendAuthenticationLogV2(AuthenticationLogDtoV2 log) {
+    	log.setTerminalType("1");
         String title = "推送鉴权日志";
         String content = "推送鉴权日志";
         SecurityUser securityUser = UserContextUtils.getCurrentUser();
@@ -121,5 +123,23 @@ public class LogSendService {
         return messageInfoVo;
     }
 
+    private String getTerminaType() {
+    	if(RequestUtils.getRequest() == null) {
+    		return "1";
+    	}
+    	String requestHeader = RequestUtils.getRequest().getHeader("User-Agent");
 
-}
+    	String[] deviceArray = new String[]{"android","mac os","windows phone"};
+        if(requestHeader == null)
+            return "1";
+        requestHeader = requestHeader.toLowerCase();
+        for(int i=0;i<deviceArray.length;i++){
+            if(requestHeader.indexOf(deviceArray[i])>0){
+                return "2";
+            }
+        }
+    	return "1";
+    }
+    
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/QmAuditPushService.java

@@ -17,6 +17,7 @@ import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthBusLog;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLog;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLogV2;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLogV3;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationRiskLog;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.TokenOperationLog;
 import com.fasterxml.jackson.core.JsonProcessingException;
@@ -127,13 +128,41 @@ public class QmAuditPushService {
      *
      * @param authenticationLogDto
      */
-    public void pushAuthenticationLog(AuthenticationLogDtoV2 authenticationLogDto) {
+    public void pushAuthenticationLog(AuthenticationLogDto authenticationLogDto) {
         Boolean qmEnabled = config.getQmEnabled();
         if (null == qmEnabled || !qmEnabled) {
             return;
         }
         executor.execute(() -> pushAuthenticationLogToAudit(authenticationLogDto));
     }
+    
+    /**
+     * 推送鉴权日志
+     *
+     * @param authenticationLogDto
+     */
+    private void pushAuthenticationLogToAudit(AuthenticationLogDto authenticationLogDto) {
+        String sysId = config.getSysId();
+        String logType = AuditConstance.AUDIT_LOG_TYPE_JQ;
+        List<AuthenticationBusLog> busLogs = getAuthenticationBusLog(authenticationLogDto);
+        if (CollectionUtils.isNotEmpty(busLogs)) {
+            log.info("=========推送审计鉴权日志=======");
+            logSendComponent.sendAuthenticationBusLog(sysId, logType, busLogs);
+        }
+    }
+
+    /**
+     * 推送鉴权日志V2
+     *
+     * @param authenticationLogDto
+     */
+    public void pushAuthenticationLog(AuthenticationLogDtoV2 authenticationLogDto) {
+        Boolean qmEnabled = config.getQmEnabled();
+        if (null == qmEnabled || !qmEnabled) {
+            return;
+        }
+        executor.execute(() -> pushAuthenticationLogToAuditV2(authenticationLogDto));
+    }
 
     /**
      * 推送风险日志
@@ -255,7 +284,7 @@ public class QmAuditPushService {
     }
 
 
-    private void pushAuthenticationLogToAudit(AuthenticationLogDtoV2 authenticationLogDto) {
+    private void pushAuthenticationLogToAuditV2(AuthenticationLogDtoV2 authenticationLogDto) {
         String sysId = config.getSysId();
         String logType = AuditConstance.AUDIT_LOG_TYPE_JQ;
         List<AuthenticationBusLogV2> busLogs = constructAuthenticationBusLogsV2(authenticationLogDto);
@@ -264,7 +293,7 @@ public class QmAuditPushService {
         	try {
 				String writeValueAsString = mapper.writeValueAsString(busLogs);
 				JSONArray jsonArray = JSONObject.parseArray(writeValueAsString);
-				log.info("=========推送审计鉴权日志=======");
+				log.info("=========推送审计鉴权日志V2=======");
 	            logSendComponent.sendAuthenticationBusLogV2(sysId, logType, jsonArray);
 			} catch (JsonProcessingException e) {
 				e.printStackTrace();
@@ -272,6 +301,26 @@ public class QmAuditPushService {
         	
            
         }
+        
+        if(AuthenticationTypeEnum.FWJJQ.getValue().equals(authenticationLogDto.getAuthenticationType())) {
+        	
+        	//审计中心日志对接
+        	List<AuthenticationBusLogV3> busLogsV3 = constructAuthenticationBusLogsV3(authenticationLogDto);
+        	if (CollectionUtils.isNotEmpty(busLogsV3)) {
+        		ObjectMapper mapper = new ObjectMapper();
+        		try {
+        			String writeValueAsString = mapper.writeValueAsString(busLogsV3);
+        			JSONArray jsonArray = JSONObject.parseArray(writeValueAsString);
+        			log.info("=========推送审计中心鉴权日志V3=======");
+        			logSendComponent.sendAuthenticationBusLogV3(sysId, "101", jsonArray);
+        		} catch (JsonProcessingException e) {
+        			e.printStackTrace();
+        		}
+        		
+        		
+        	}
+        }
+        
     }
 
     private List<AuthenticationBusLog> getAuthenticationBusLog(AuthenticationLogDto authenticationLogDto) {
@@ -347,6 +396,40 @@ public class QmAuditPushService {
         list.add(busLog);
         return list;
     }
+    
+    
+    /**
+     * 对接审计中心
+     * @param dto
+     * @return
+     */
+    private List<AuthenticationBusLogV3> constructAuthenticationBusLogsV3(AuthenticationLogDtoV2 dto) {
+        List<AuthenticationBusLogV3> list = new ArrayList<>();
+        if (StringUtils.isBlank(dto.getAuthenticationType())) {
+            return list;
+        }
+        AuthenticationBusLogV3 busLog = new AuthenticationBusLogV3();
+        
+        Map<String,Object> baseStandardInfo = new HashMap<>();
+        baseStandardInfo.put("appName", dto.getAppName());
+        baseStandardInfo.put("operatorCertNo", dto.getUserIdcard());
+        baseStandardInfo.put("operatorName", dto.getUserName());
+        baseStandardInfo.put("operatorOrgCode", dto.getUserOrgCode());
+        baseStandardInfo.put("operatorOrgName", dto.getUserOrgName());
+        baseStandardInfo.put("terminalId", dto.getTerminalId());
+        baseStandardInfo.put("terminalIp", dto.getTerminalIp());
+        baseStandardInfo.put("terminalType", dto.getTerminalType());
+        busLog.setBaseStandardInfo(baseStandardInfo);
+        busLog.setTaskId(dto.getTaskId());
+        busLog.setTaskName(dto.getTaskName());
+        busLog.setBusinessAppName(dto.getBusinessAppName());
+        busLog.setAuthTime(DateUtil.format(dto.getCreateTime(), "yyyy-MM-dd HH:mm:ss"));
+        busLog.setAuthType("04"); //服务级
+        busLog.setAuthCode(dto.getAuthCode());
+        busLog.setAuthResponse(dto.getAuthResponse());
+        list.add(busLog);
+        return list;
+    }
 
     private void getAuthenticationContent(String authType, AuthenticationBusLog busLog, List<AuthenticationContentDto> content) {
         String codes = "";

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/ServiceAuthLogHandler.java

@@ -14,9 +14,11 @@ import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.service.LogSendService;
 import com.dragoninfo.dcuc.auth.auth.entity.ServiceAuthResult;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenDetailRespVo;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
 import com.dragonsoft.duceap.commons.util.ip.IpUtils;
@@ -56,7 +58,10 @@ public class ServiceAuthLogHandler {
 
     @Autowired
     private IAuthUserInfoService authUserInfoService;
+    @Autowired
+    private IAuthTokenBusiness authTokenBusiness;
 
+    
     public void sendAuthLog(AuthResultEnum state, String appId, String serviceCode, String realIp) {
         logger.info("ServiceAuthLogHandler sendAuthLog client ip :{}", realIp);
         ApplyInfo app = applyInfoFacade.applyDetail(appId);
@@ -134,6 +139,10 @@ public class ServiceAuthLogHandler {
     public void sendAuthenticationLogV2(AuthResultEnum state, String idcard, String appCode, String userToken, 
     		String appToken, List<ServiceAuthResult> results, String ip, ServiceAuthReqVO serviceAuthReqVO, String message) {
         logger.info("ServiceAuthLogHandler sendAuthenticationLog client ip :{}", ip);
+        
+        String appTokenId = serviceAuthReqVO.getAppTokenId();
+        
+        
 
         AuthUserInfo userInfo = authUserInfoService.findByIdcard(idcard);
         ApplyInfo app = applyInfoFacade.getAppByCode(appCode);
@@ -176,6 +185,16 @@ public class ServiceAuthLogHandler {
             authenticationLogDtoV2.setTaskName(serviceAuthReqVO.getTaskName());
         }
         
+        if(appTokenId != null) {
+        	AppTokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, true);
+        	
+        	if(tokenInfo!=null && tokenInfo.getApplyInfo()!=null) {
+        		authenticationLogDtoV2.setAppName(tokenInfo.getApplyInfo().getApplyName());
+        	}
+        }
+        if(serviceAuthReqVO.getBusinessAppName()!=null) {
+        	authenticationLogDtoV2.setBusinessAppName(serviceAuthReqVO.getBusinessAppName());
+        }
         authenticationLogDtoV2.setAuthResponse(message);
         authenticationLogDtoV2.setAuthenticationType(AuthenticationTypeEnum.FWJJQ.getCode());
         authenticationLogDtoV2.setAuthCode(state.getCode());

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -72,4 +72,5 @@ dcuc:
 app:
   auditlog:
     qmtj:
-      host-address: https://10.11.0.168:8843
+      host-address: https://10.11.0.168:8843
+      shen-ji-log-report-url: https://10.11.0.168:8843/auditcenter/services/sjzx_logupload