Merge remote-tracking branch 'origin/release/v1.2.0' into fix-修改authapi-chenbh

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/dto/zerotrust/notify/AppAuthNotifyDto.java

@@ -0,0 +1,22 @@
+package com.dragoninfo.dcuc.auth.auth.dto.zerotrust.notify;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author mazq
+ * @date 2023/7/13
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class AppAuthNotifyDto {
+
+    private String userTokenId;
+
+    private String content;
+
+}

dcuc-auth-service/src/main/assembly/conf/application.yml

@@ -9,3 +9,14 @@ apollo:
     namespaces: application,dragonsoft.dcuc
   cluster: default
   meta: http://192.168.6.123:8080
+logging:
+  level:
+    org.apache.kafka.clients.NetworkClient: error
+  config: classpath:logback-dragon.xml
+dcuc:
+  auth:
+    zerotrust:
+      syslog:
+        host: 127.0.0.1
+        port: 514
+        facility: LOCAL0

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/AuthRedisConstant.java

@@ -19,11 +19,6 @@ public class AuthRedisConstant {
      */
     public static final String REDIS_USER_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "USER:";
 
-    /**
-     * 标准规范用户令牌命令空间
-     */
-    public static final String REDIS_STANDARD_USER_TOKEN_NAMESPACE = REDIS_TOKEN_NAMESPACE + "STANDARD_USER:";
-
     /**
      * BIM token命名空间
      */

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/async/listener/RzySyslogSendRiskInfoEventListener.java

@@ -13,7 +13,6 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.ApplicationListener;
 import org.springframework.stereotype.Component;
 
@@ -29,7 +28,6 @@ import java.util.List;
  */
 @Slf4j
 @Component
-@ConditionalOnProperty(name = "dcuc.auth.zerotrust.security-policy.type", havingValue = "rzy")
 public class RzySyslogSendRiskInfoEventListener implements ApplicationListener<SendRiskInfoEvent> {
 
     protected final Logger sysLogLogger = LoggerFactory.getLogger(Constant.AUTH_SYS_LOG_NAME);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/async/listener/SyslogSecurityPolicyLogListener.java

@@ -6,7 +6,6 @@ import com.dragoninfo.dcuc.auth.constance.Constant;
 import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.ApplicationListener;
 import org.springframework.stereotype.Component;
 
@@ -18,7 +17,6 @@ import org.springframework.stereotype.Component;
  * @author huangzqa
  * @date 2023/6/30
  */
-@ConditionalOnProperty(name = "dcuc.auth.zerotrust.security-policy.type", havingValue = "rzy")
 @Component
 public class SyslogSecurityPolicyLogListener implements ApplicationListener<SecurityPolicyLogEvent> {
     protected final Logger sysLogLogger = LoggerFactory.getLogger(Constant.AUTH_SYS_LOG_NAME);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustAppAuthBusiness.java

@@ -114,7 +114,7 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
                 .userToken(userTokenId)
                 .terminalIp(IpUtils.getIp())
                 .build();
-        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoService.apiAppAuth(authVo);
+        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoService.apiAppAuth(authVo, true);
 
         // 过滤冻结的权限
         appList = filterFrozenAuth(appList, userVo);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/StaffAssignAuthInfoFacade.java

@@ -65,7 +65,7 @@ public class StaffAssignAuthInfoFacade implements IStaffAssignAuthInfoFacade {
     @Override
     public List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo) {
 
-        return staffAssignAuthInfoService.apiAppAuth(apiAppAuthVo);
+        return staffAssignAuthInfoService.apiAppAuth(apiAppAuthVo, true);
     }
 
     @Override

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/IStaffAssignAuthInfoService.java

@@ -144,7 +144,7 @@ public interface IStaffAssignAuthInfoService  {
      * @param apiAppAuthVo 鉴权Vo
      * @return 应用列表
      */
-    List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo);
+    List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo, boolean needSendLog);
 
     /**
      * 应用下的角色授权列表

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/StaffAssignAuthInfoService.java

@@ -706,7 +706,7 @@ public class StaffAssignAuthInfoService implements IStaffAssignAuthInfoService {
     }
 
     @Override
-    public List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo) {
+    public List<AppDataSensitiveLevelDTO> apiAppAuth(ApiAppAuthVo apiAppAuthVo, boolean needSendLog) {
         // 人员的角色授权
         List<AppDataSensitiveLevelDTO> roleAuthResult = staffAssignAuthInfoBPO.getAppLitByUserId(apiAppAuthVo.getUserInfo().getId());
         List<AppDataSensitiveLevelDTO> list = new ArrayList<>(roleAuthResult);
@@ -718,7 +718,9 @@ public class StaffAssignAuthInfoService implements IStaffAssignAuthInfoService {
         String[] orgAuthCode = collect.stream().map(AppDataSensitiveLevelDTO::getCode).toArray(String[]::new);
         logger.info("人员角色授权结果:{}, 机构授权结果:{}", roleAuthCode, orgAuthCode);
 
-        logInfoFillService.sendAppAuthenticationLog(apiAppAuthVo, list, AuthResultEnum.SUC);
+        if (needSendLog) {
+            logInfoFillService.sendAppAuthenticationLog(apiAppAuthVo, list, AuthResultEnum.SUC);
+        }
         return list;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/INotifyBusiness.java

@@ -31,4 +31,12 @@ public interface INotifyBusiness {
      * @param userTokenList 用户令牌
      */
     void sendNotify(String notifyUrl, List<String> userTokenList);
+
+    /**
+     * 发送361新标准权限变更通知
+     * @param notifyAppUrl
+     * @param idcards
+     * @param userTokens
+     */
+    void sendZeroTrustAppAuthChangeNotify(String notifyAppUrl, List<String> idcards, List<String> userTokens);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/NotifyBusinessImpl.java

@@ -1,7 +1,12 @@
 package com.dragoninfo.dcuc.auth.business.impl;
 
+import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.json.JSONUtil;
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.notify.AppAuthNotifyDto;
+import com.dragoninfo.dcuc.auth.auth.service.IStaffAssignAuthInfoService;
+import com.dragoninfo.dcuc.auth.auth.vo.ApiAppAuthVo;
 import com.dragoninfo.dcuc.auth.auth.vo.AuthNoticeReqVO;
 import com.dragoninfo.dcuc.auth.auth.vo.AuthNoticeRespVO;
 import com.dragoninfo.dcuc.auth.auth.vo.bim.BimAppPermissionUpdateContentRespVO;
@@ -10,6 +15,9 @@ import com.dragoninfo.dcuc.auth.auth.vo.bim.BimAppPermissionUpdateRespVo;
 import com.dragoninfo.dcuc.auth.business.IBimBusiness;
 import com.dragoninfo.dcuc.auth.business.INotifyBusiness;
 import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragonsoft.duceap.commons.util.UUIDUtils;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
 import com.dragonsoft.duceap.commons.util.json.JsonUtils;
@@ -24,7 +32,9 @@ import org.springframework.retry.annotation.Recover;
 import org.springframework.retry.annotation.Retryable;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * @author huangzqa
@@ -40,6 +50,12 @@ public class NotifyBusinessImpl implements INotifyBusiness {
     @Autowired
     private IBimBusiness bimBusiness;
 
+    @Autowired
+    private IStaffAssignAuthInfoService staffAssignAuthInfoService;
+
+    @Autowired
+    private IAuthUserInfoService userInfoService;
+
 
     @Retryable(value = RemoteAccessException.class,
             maxAttempts = 5,
@@ -149,6 +165,56 @@ public class NotifyBusinessImpl implements INotifyBusiness {
         }
     }
 
+    @Override
+    public void sendZeroTrustAppAuthChangeNotify(String notifyAppUrl, List<String> idcards, List<String> userTokens) {
+        // 查询现在的应用级权限
+        List<AppAuthNotifyDto> notifyList = new ArrayList<>();
+        try {
+            for (int i = 0; i < idcards.size(); i++) {
+                String idcard = idcards.get(i);
+                String userTokenId = userTokens.get(i);
+                if (StringUtils.isBlank(userTokenId)) {
+                    log.info("用户令牌不存在,无需通知。idcard:{}", idcard);
+                    continue;
+                }
+                AuthUserInfo userInfo = userInfoService.findByIdcard(idcard);
+                if (null == userInfo) {
+                    log.info("查询不到人员。idcard:{}", idcard);
+                    continue;
+                }
+                AuthUserVo userVo = new AuthUserVo();
+                userVo.setId(userInfo.getId());
+                userVo.setIdcard(idcard);
+                userVo.setOrgId(userInfo.getOrgId());
+                userVo.setOrgCode(userInfo.getOrgCode());
+                ApiAppAuthVo appAuthVo = ApiAppAuthVo.builder()
+                        .userInfo(userVo)
+                        .build();
+                List<AppDataSensitiveLevelDTO> list = staffAssignAuthInfoService.apiAppAuth(appAuthVo, false);
+                String appCodes = list.stream()
+                        .map(AppDataSensitiveLevelDTO::getCode)
+                        .collect(Collectors.joining(StrUtil.COMMA));
+                log.info("通知人员身份证号:{}, 通知内容:{}", idcard, appCodes);
+                AppAuthNotifyDto dto = AppAuthNotifyDto.builder()
+                        .userTokenId(userTokenId)
+                        .content(appCodes)
+                        .build();
+                notifyList.add(dto);
+            }
+            if (CollectionUtils.isNotEmpty(notifyList)) {
+                String postResp = HttpRequest.post(notifyAppUrl)
+                        .header("Message-Type", "tokencheck")
+                        .header("Content-Type", "application/json")
+                        .body(JsonUtils.toJSONString(notifyList))
+                        .execute()
+                        .body();
+                log.info("sendNotify post response:{}", postResp);
+            }
+        }catch (Exception e) {
+            log.error("新标准变更通知失败.", e);
+        }
+    }
+
 
     @Recover
     public void recover(RemoteAccessException e) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApiCommonBusiness.java

@@ -8,9 +8,8 @@ import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
-import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
 import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
@@ -110,7 +109,7 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
         String secretKey = applyInfo.getSecretKey();
 
-        String nonceValue = stringRedisTemplate.opsForValue().get(AuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce);
+        String nonceValue = stringRedisTemplate.opsForValue().get(ZerotrustAuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce);
         boolean exitsNonce = StrUtil.isNotBlank(nonceValue);
 
         if (exitsNonce) {
@@ -133,7 +132,7 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
         log.info("signEquals:{}", signEquals);
 
         if (signEquals) {
-            stringRedisTemplate.opsForValue().set(AuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce, "1", 30, TimeUnit.MINUTES);
+            stringRedisTemplate.opsForValue().set(ZerotrustAuthRedisConstant.REDIS_TOKEN_NONCE_NAMESPACE + callerNounce, "1", 30, TimeUnit.MINUTES);
             return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
         }
         return ZeroTrustMessageRespVO.requestErrorMessage("验签不一致");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApprovalBusinessImpl.java

@@ -18,7 +18,7 @@ import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.approval.ApprovalCallBackReqVO
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragoninfo.dcuc.auth.sub.enumresource.OperateTypeEnum;
 import com.dragoninfo.dcuc.common.enums.UserExtInfoEnum;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
@@ -187,7 +187,7 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         String dateTimeStr = DateUtils.getTimeStr(date, DateConst.DB_STORE_DATE);
 
         // 当日的
-        String key = AuthRedisConstant.APPROVAL_TASK_ID_PREFIX + dateTimeStr;
+        String key = ZerotrustAuthRedisConstant.APPROVAL_TASK_ID_PREFIX + dateTimeStr;
         Boolean hasKey = stringRedisTemplate.hasKey(key);
         Long taskIdNo;
         // 有Key直接加1

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/RedisCacheBusinessImpl.java

@@ -4,7 +4,7 @@ import cn.hutool.core.util.StrUtil;
 import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.auth.auth.dto.AppAuthResultDto;
 import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
 import com.dragoninfo.dcuc.auth.token.enums.TokenTypeEnum;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
@@ -30,7 +30,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
     /**
      * 人员openId和userTokenId关联key类型
      */
-    private static final String USER_OPEN_ID_TOKEN_ID_KEY_TYPE = "OPEN_TOKEN_ID";
+    private static final String IDCARD_TOKEN_ID_KEY_TYPE = "IDCARD_TOKEN_ID";
     /**
      * 人员opId和appId关联key类型
      */
@@ -51,9 +51,9 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         String tokenIdKey = getKeyPrefix(userToken.getUserTokenId(), TokenTypeEnum.USER.getValue());
         stringRedisTemplate.opsForValue().set(tokenIdKey, JSON.toJSONString(userToken), redisExpire, TimeUnit.SECONDS);
 
-        // 缓存openId-tokenId到缓存中
+        // 缓存idcard-tokenId到缓存中
         String pid = userToken.getPid();
-        String openIdTokenKey = getKeyPrefix(pid, USER_OPEN_ID_TOKEN_ID_KEY_TYPE);
+        String openIdTokenKey = getKeyPrefix(pid, IDCARD_TOKEN_ID_KEY_TYPE);
         stringRedisTemplate
                 .opsForValue()
                 .set(openIdTokenKey, userToken.getUserTokenId(), redisExpire, TimeUnit.SECONDS);
@@ -83,7 +83,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         String id = tokenInfo.getUserTokenId();
         String pId = tokenInfo.getPid();
         String tokenIdKey = getKeyPrefix(id, TokenTypeEnum.USER.getValue());
-        String openIdTokenIdKey = getKeyPrefix(pId, USER_OPEN_ID_TOKEN_ID_KEY_TYPE);
+        String openIdTokenIdKey = getKeyPrefix(pId, IDCARD_TOKEN_ID_KEY_TYPE);
         String openIdAppIdKey = getKeyPrefix(pId, USER_OPEN_ID_APP_ID_KEY_TYPE);
         String[] keys = {tokenIdKey, openIdTokenIdKey, openIdAppIdKey};
         stringRedisTemplate.delete(Arrays.asList(keys));
@@ -157,7 +157,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
             return Collections.emptyList();
         }
 
-        List<String> tokenKeys = pIds.stream().map(item -> getKeyPrefix(item, USER_OPEN_ID_TOKEN_ID_KEY_TYPE))
+        List<String> tokenKeys = pIds.stream().map(item -> getKeyPrefix(item, IDCARD_TOKEN_ID_KEY_TYPE))
                 .collect(Collectors.toList());
 
         List<String> userTokenList = stringRedisTemplate.opsForValue().multiGet(tokenKeys);
@@ -176,7 +176,7 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
         }
         ArrayList<String> openIdList = new ArrayList<>(openIds);
         List<String> keys = openIdList.stream()
-                .map(e -> getKeyPrefix(e, USER_OPEN_ID_TOKEN_ID_KEY_TYPE))
+                .map(e -> getKeyPrefix(e, IDCARD_TOKEN_ID_KEY_TYPE))
                 .collect(Collectors.toList());
         List<String> userTokenIds = stringRedisTemplate.opsForValue().multiGet(keys);
         if (CollectionUtils.isEmpty(userTokenIds)) {
@@ -242,15 +242,15 @@ public class RedisCacheBusinessImpl implements ICacheBusiness {
 
     private String getKeyPrefix(String id, String type) {
         if (type.equals(TokenTypeEnum.APP.getValue())) {
-            return AuthRedisConstant.REDIS_APP_TOKEN_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.REDIS_APP_TOKEN_NAMESPACE + id;
         } else if (type.equals(TokenTypeEnum.USER.getValue())) {
-            return AuthRedisConstant.REDIS_USER_TOKEN_NAMESPACE + id;
-        } else if (type.equals(USER_OPEN_ID_TOKEN_ID_KEY_TYPE)) {
-            return AuthRedisConstant.REDIS_OPEN_ID_TOKEN_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.REDIS_USER_TOKEN_NAMESPACE + id;
+        } else if (type.equals(IDCARD_TOKEN_ID_KEY_TYPE)) {
+            return ZerotrustAuthRedisConstant.REDIS_IDCARD_TOKEN_NAMESPACE + id;
         } else if (type.equals(USER_OPEN_ID_APP_ID_KEY_TYPE)) {
-            return AuthRedisConstant.REDIS_OPEN_AUTH_APP_ID_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.REDIS_OPEN_AUTH_APP_ID_NAMESPACE + id;
         } else if (type.equals(USER_AUTHENTICATION_LOCK_KEY_TYPE)) {
-            return AuthRedisConstant.USER_AUTH_LOCK_NAMESPACE + id;
+            return ZerotrustAuthRedisConstant.USER_AUTH_LOCK_NAMESPACE + id;
         } else {
             throw new ApplicationException("不支持的类型");
         }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/RiskOrderBusinessImpl.java

@@ -7,7 +7,7 @@ import com.dragoninfo.dcuc.auth.api.enums.securitypolicy.AuthTypeEnum;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IRiskOrderBusiness;
-import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
@@ -92,7 +92,7 @@ public class RiskOrderBusinessImpl implements IRiskOrderBusiness {
     protected Set<String> getCurrentFrozenAuth(String pid, AuthTypeEnum authTypeEnum) {
         String nameSpace = "";
         if (authTypeEnum.equals(AuthTypeEnum.APP)) {
-            nameSpace = AuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE;
+            nameSpace = ZerotrustAuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE;
         } else {
             throw new IllegalArgumentException();
         }
@@ -116,7 +116,7 @@ public class RiskOrderBusinessImpl implements IRiskOrderBusiness {
      * @param effectiveTime 失效时间
      */
     protected void setAppAuthFrozen(String pid, String resourceId, Integer effectiveTime) {
-        String namespace = AuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE + pid;
+        String namespace = ZerotrustAuthRedisConstant.REDIS_RISK_ORDER_APP_NAMESPACE + pid;
         stringRedisTemplate.opsForValue().set(namespace, resourceId, effectiveTime, TimeUnit.SECONDS);
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/DcucAuthZerotrustConfig.java

@@ -5,6 +5,8 @@ import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
+
 /**
  * @author fuzq
  * @date 2019/3/13
@@ -49,4 +51,9 @@ public class DcucAuthZerotrustConfig {
      */
     private Boolean checkCallerSign = true;
 
+    /**
+     * 应用权限变更通知地址
+     */
+    private List<String> notifyAppUrlList;
+
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/AuthRedisConstant.java → dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/ZerotrustAuthRedisConstant.java

@@ -4,9 +4,9 @@ package com.dragoninfo.dcuc.auth.constance;
  * @author huangzqa
  * @date 2021/4/6
  **/
-public class AuthRedisConstant {
+public class ZerotrustAuthRedisConstant {
 
-    private AuthRedisConstant() {
+    private ZerotrustAuthRedisConstant() {
 
     }
 
@@ -18,7 +18,7 @@ public class AuthRedisConstant {
     /**
      * 人员id-用户令牌id 缓存命名空间
      */
-    public static final String REDIS_OPEN_ID_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "OPEN_ID:";
+    public static final String REDIS_IDCARD_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "IDCARD:";
 
     /**
      * 人员id-应用鉴权结果：应用ids 缓存命名空间

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/msg/PermissionUpdateProducer.java

@@ -2,11 +2,15 @@ package com.dragoninfo.dcuc.auth.msg;
 
 import com.dragoninfo.dcuc.auth.AuthRedisConstant;
 import com.dragoninfo.dcuc.auth.business.INotifyBusiness;
-import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
+import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
+import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.Resource;
@@ -30,8 +34,11 @@ public class PermissionUpdateProducer {
     @Resource(name = "redisTemplate")
     private RedisTemplate<String, Object> redisTemplate;
 
+    @Resource
+    private StringRedisTemplate stringRedisTemplate;
+
     @Autowired
-    private DcucAuthConfig authConfig;
+    private DcucAuthZerotrustConfig zerotrustConfig;
 
 
     /**
@@ -112,23 +119,45 @@ public class PermissionUpdateProducer {
             notifyBusiness.sendAppPermissionUpdateNotify(stringUserTokenList);
 
             // 获取标准规范用户令牌
-            List<String> userTokenIds = idcardList.subList(page[0], page[1]).stream()
+            List<String> idcards = idcardList.subList(page[0], page[1]);
+            List<String> userTokenKeys = idcardList.subList(page[0], page[1]).stream()
                     // 加上认证下发的用户令牌前缀
-                    .map(item -> AuthRedisConstant.REDIS_STANDARD_USER_TOKEN_NAMESPACE + item)
+                    .map(item -> ZerotrustAuthRedisConstant.REDIS_IDCARD_TOKEN_NAMESPACE + item)
+                    .collect(Collectors.toList());
+            // 因为存入的时候使用的是StringRedisTemplate取值也要用对应的对象,key序列化问题导致
+            List<String> tokenList = stringRedisTemplate.opsForValue().multiGet(userTokenKeys);
+            List<String> userTokens = Optional.ofNullable(tokenList)
+                    .orElse(Collections.emptyList())
+                    .stream()
+                    .map(e -> Optional.ofNullable(e).orElse(""))
                     .collect(Collectors.toList());
 
             // 标注规范用户权限变更通知
-            List<String> notifyAppUrlList = Optional.ofNullable(authConfig.getNotifyAppUrlList())
-                    .orElse(Collections.emptyList());
-            for (String notifyAppUrl : notifyAppUrlList) {
-                notifyBusiness.sendNotify(notifyAppUrl, userTokenIds);
-            }
+            zeroTrustNotify(idcards, userTokens);
 
             logger.info("Send message end , limit({},{})", page[0], page[1]);
 
         });
     }
 
+    private void zeroTrustNotify(List<String> idcards, List<String> userTokens) {
+        logger.info("==========新标准变更通知开始=============");
+        List<String> notifyAppUrlList = zerotrustConfig.getNotifyAppUrlList();
+        if (CollectionUtils.isEmpty(notifyAppUrlList)) {
+            logger.info("未配置新标准通知地址");
+            return;
+        }
+        for (String notifyAppUrl : notifyAppUrlList) {
+            logger.info("新标准应用级变更通知地址:{}", notifyAppUrl);
+            if (StringUtils.isBlank(notifyAppUrl)) {
+                continue;
+            }
+            notifyBusiness.sendZeroTrustAppAuthChangeNotify(notifyAppUrl, idcards, userTokens);
+        }
+        logger.info("==========新标准变更通知结束=============");
+
+    }
+
     /**
      * 发送通知消息，是否通知两个网关处理
      *

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -5,11 +5,10 @@ dcuc:
         host: 127.0.0.1
         port: 514
         facility: LOCAL0
-      security-policy:
-        type: rzy
       user-token-query-url:
       app-token-query-url:
       user-info-query-url:
+      notify-app-url-list:
       approval:
         base-url: http://10.11.0.168:8866/approve-gateway/approve-core/
         call-back-url: http://10.11.0.240:8861/dcucauth/api/auth-service/v1/approval/call-back

dcuc-auth-service/src/main/resources/application-base.yml

@@ -72,6 +72,3 @@ duceap:
     enabled: true
     # 执行flyway路径
     locations: classpath:/config/mysql
-logging:
-  level:
-    com.dragoninfo.dcuc.auth.mapper: debug

dcuc-auth-service/src/main/resources/application.yml

@@ -14,3 +14,14 @@ apollo:
 duceap:
   license:
     enabled: false
+logging:
+  level:
+    org.apache.kafka.clients.NetworkClient: error
+  config: classpath:logback-dragon.xml
+dcuc:
+  auth:
+    zerotrust:
+      syslog:
+        host: 127.0.0.1
+        port: 514
+        facility: LOCAL0

dcuc-auth-service/src/main/resources/config/mysql/V4_3_0030__AddRoleCategory.sql

@@ -1,4 +1,4 @@
-alter table t_auth_role_info
+alter table T_ROLE_INFO
     add role_category varchar(10) default 'LOCAL' null comment '角色类型 ALL全局 LOCAL本地';
 
 CREATE TABLE T_AUTH_ROLE_OPERATE_CONTENT

dcuc-auth-service/src/main/resources/config/mysql/V4_3_0031__UpdateEnvment.sql

@@ -39,21 +39,4 @@ UPDATE t_audit_warning_programme
 SET rule_content   = '{"limitIp":""}',
     rule_explain   = '用户鉴权的IP处于被限制的ip段内',
     content_format = '#主体#鉴权时，使用IP是：#ip#，处于被限制的ip段内。'
-WHERE type = 'YHYCIPJQYJ';
-
-INSERT INTO `t_md_sys_code_dic`(`code_id`, `datasource_id`, `name`, `entity_name`, `code_field`, `name_field`,
-                                `py_field`, `wb_field`, `order_field`, `segment_rule`, `view_sql`, `load_type`,
-                                `parent_code_field`)
-VALUES ('DM_ACTIVE_STATUS', NULL, '起停用状态', 'DM_ACTIVE_STATUS', 'CODE', 'VALUE', NULL, NULL, NULL, NULL, NULL,
-        '1', NULL);
-
-CREATE TABLE `DM_ACTIVE_STATUS`
-(
-    `CODE`  varchar(10) NOT NULL,
-    `VALUE` varchar(20) NOT NULL,
-    PRIMARY KEY (`CODE`)
-);
-INSERT INTO DM_ACTIVE_STATUS(CODE, VALUE)
-VALUES ('0', '停用');
-INSERT INTO DM_ACTIVE_STATUS(CODE, VALUE)
-VALUES ('1', '启用');
+WHERE type = 'YHYCIPJQYJ';

dcuc-auth-service/src/main/resources/logback.xml → dcuc-auth-service/src/main/resources/logback-dragon.xml

@@ -30,22 +30,24 @@
     </appender>
 
     <!-- project default level -->
-    <logger name="java.sql.Connection" level="${logback.level:-INFO}"/>
-    <logger name="java.sql.Statement" level="${logback.level:-INFO}"/>
+    <logger name="java.sql.Connection" level="INFO"/>
+    <logger name="java.sql.Statement" level="INFO"/>
     <logger name="java.sql.PreparedStatement" level="INFO" />
 
-    <logger name="com.dragoninfo" level="${logback.level:-DEBUG}" />
-    <logger name="com.dragonsoft.kafka" level="${logback.level:-WARN}"/>
-    <logger name="org.apache.kafka" level="${logback.level:-WARN}"/>
+    <logger name="com.dragoninfo" level="INFO" />
+    <logger name="com.dragonsoft.kafka" level="WARN"/>
+    <logger name="org.apache.kafka" level="WARN"/>
+
     <!-- 打印sql参数 -->
-    <logger name="org.hibernate.type.descriptor.sql.BasicBinder"  level="${logback.hibernate.level:-INFO}" />
+    <logger name="org.hibernate.type.descriptor.sql.BasicBinder"  level="INFO" />
 
     <!--log4jdbc -->
-    <logger name="jdbc.sqltiming" level="${logback.level:-INFO}"/>
+    <logger name="jdbc.sqltiming" level="INFO"/>
 
-    <root level="${logback.level:-INFO}">
+    <root level="INFO">
         <appender-ref ref="console"/>
         <appender-ref ref="rollingFile"/>
+        <appender-ref ref="dcucSyslog"/>
     </root>
 
     <!--<logger name="com.dragonsoft.duceap" level="DEBUG"><appender-ref ref="rollingFileThread" /></logger>-->