feature: 鉴权接口改为361标准

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/auth/api/IZeroTrustAuthFacade.java

@@ -0,0 +1,51 @@
+package com.dragoninfo.dcuc.auth.auth.api;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+@FeignClient(name = "dcuc-auth", path = "/dcuc/auth/zeroTrustAuth")
+public interface IZeroTrustAuthFacade {
+
+    /**
+     * 应用级鉴权
+     *
+     * @param appAuthReqVO 应用级鉴权请求
+     * @return 应用级权限
+     */
+    @PostMapping("appAuth")
+    ZeroTrustDataRespVO<String> appAuth(@RequestBody AppAuthReqVO appAuthReqVO);
+
+    /**
+     * 功能级鉴权
+     *
+     * @param functionAuthReqVO 功能级鉴权求
+     * @return 功能级鉴权
+     */
+    @PostMapping("functionAuth")
+    ZeroTrustDataRespVO<String> functionAuth(@RequestBody FunctionAuthReqVO functionAuthReqVO);
+
+    /**
+     * 服务级鉴权
+     *
+     * @param serviceAuthReqVO 服务级鉴权请求
+     * @return 服务级鉴权
+     */
+    @PostMapping("serviceAuth")
+    ZeroTrustDataRespVO<String> serviceAuth(@RequestBody ServiceAuthReqVO serviceAuthReqVO);
+
+    /**
+     * 数据级鉴权
+     *
+     * @param dataAuthReqVO 数据级鉴权
+     * @return 数据级鉴权
+     */
+    @PostMapping("dataAuth")
+    ZeroTrustDataRespVO<DataAuthRespVO> dataAuth(@RequestBody DataAuthReqVO dataAuthReqVO);
+
+}

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/token/facade/IAuthTokenFacade.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.auth.token.facade;
 
-import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
 import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
@@ -36,17 +36,6 @@ public interface IAuthTokenFacade {
     @GetMapping("getByAppTokenId")
     TokenDetailRespVo getByAppTokenId(@RequestParam("appTokenId") String appTokenId, @RequestParam("needUserInfo") Boolean needUserInfo, @RequestParam("needAppInfo") Boolean needAppInfo);
 
-
-    /**
-     * 缓存用户令牌
-     *
-     * @param idcard
-     * @param userTokeId
-     * @param expiredTime
-     */
-    @GetMapping("cacheStandardUserToken")
-    void cacheStandardUserToken(@RequestParam("idcard") String idcard, @RequestParam("userTokeId") String userTokeId, @RequestParam("expiredTime") Integer expiredTime);
-
     /**
      * 接收令牌
      *
@@ -54,5 +43,5 @@ public interface IAuthTokenFacade {
      * @return
      */
     @PostMapping("tokenReceive")
-    MessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/DataRespVO.java

@@ -1,51 +0,0 @@
-package com.dragoninfo.dcuc.auth.api.vo;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import lombok.Data;
-
-/**
- * <p>
- *
- * </p>
- *
- * @author huangzqa
- * @date 2023/2/15
- */
-@Data
-public class DataRespVO<T> {
-
-    private String message;
-
-    /**
-     * 状态码
-     */
-    @JsonProperty("status_code")
-    private String statusCode;
-
-    /**
-     * 详细信息
-     */
-    private DataItemRespVO<T> data;
-
-    /**
-     * 设置业务枚举
-     *
-     * @param businessRespEnum 业务枚举
-     */
-    public static <T> DataRespVO<T> resultEnumMessage(BusinessRespEnum businessRespEnum) {
-        DataRespVO<T> dataRespVO = new DataRespVO<>();
-        dataRespVO.setStatusCode(businessRespEnum.getValue());
-        return dataRespVO;
-    }
-
-
-    public static <T> DataRespVO<T> success(T result) {
-        DataRespVO<T> dataRespVO = new DataRespVO<>();
-        dataRespVO.setStatusCode(BusinessRespEnum.SUCCESS.getValue());
-        DataItemRespVO<T> dataItemRespVO = new DataItemRespVO<>();
-        dataItemRespVO.setResult(result);
-        dataRespVO.setData(dataItemRespVO);
-        dataRespVO.setMessage("操作成功");
-        return dataRespVO;
-    }
-}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/AppAuthReqVO.java

@@ -0,0 +1,24 @@
+
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ * 应用级鉴权请求
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class AppAuthReqVO {
+    /**
+     * 用户令牌标识
+     */
+    @ApiModelProperty(value = "用户令牌标识")
+    private String userTokenId;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/DataAuthReqVO.java

@@ -0,0 +1,38 @@
+
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ * 数据鉴权请求
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class DataAuthReqVO {
+
+    /**
+     * 应用令牌标识
+     */
+    @ApiModelProperty(value = "应用令牌标识")
+    private String appTokenId;
+
+    /**
+     * 任务编码
+     */
+    @ApiModelProperty(value = "任务编码")
+    private String taskId;
+
+    /**
+     * 资源标识符
+     */
+    @ApiModelProperty(value = "资源标识符")
+    private String resourceId;
+
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/DataAuthRespVO.java

@@ -0,0 +1,33 @@
+
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import lombok.Data;
+
+/**
+ * <p>
+ * 数据鉴权返回值
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class DataAuthRespVO {
+
+    /**
+     * 资源标识符
+     */
+    private String resourceId;
+
+    /**
+     * 数据项标识符，英文,号分隔
+     */
+    private String itemIdentifier;
+
+    public static DataAuthRespVO empty() {
+        DataAuthRespVO dataAuthRespVO = new DataAuthRespVO();
+        dataAuthRespVO.setResourceId("");
+        dataAuthRespVO.setItemIdentifier("");
+        return dataAuthRespVO;
+    }
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/FunctionAuthReqVO.java

@@ -0,0 +1,32 @@
+
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ * 功能鉴权请求
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class FunctionAuthReqVO {
+
+    /**
+     * 应用令牌标识
+     */
+    @ApiModelProperty(value = "应用令牌标识")
+    private String appTokenId;
+
+    /**
+     * 任务编码
+     */
+    @ApiModelProperty(value = "任务编码")
+    private String taskId;
+
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ServiceAuthReqVO.java

@@ -0,0 +1,31 @@
+
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ * 服务鉴权请求
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class ServiceAuthReqVO {
+
+    /**
+     * 应用令牌标识
+     */
+    @ApiModelProperty(value = "应用令牌标识")
+    private String appTokenId;
+
+    /**
+     * 任务编码
+     */
+    @ApiModelProperty(value = "任务编码")
+    private String taskId;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/UserOrgAuthReqVO.java

@@ -0,0 +1,33 @@
+
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import lombok.Data;
+
+/**
+ * <p>
+ * 用户结构数据鉴权请求
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class UserOrgAuthReqVO {
+
+    /**
+     * 应用令牌标识
+     */
+    private String appTokenId;
+
+    /**
+     * 身份证号
+     */
+    private String idcard;
+
+    /**
+     * 机构编号
+     */
+    private String orgCode;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustBusinessRespEnum.java

@@ -0,0 +1,82 @@
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import com.dragonsoft.duceap.base.enums.ICodeEnum;
+
+/**
+ * <p>
+ * 业务通用响应码
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+public enum ZeroTrustBusinessRespEnum implements ICodeEnum {
+    /**
+     * 操作成功
+     */
+    SUCCESS("0000", "操作成功"),
+
+    /**
+     * 操作失败
+     */
+    OPERATE_FAIL("0001", "操作失败"),
+
+    /**
+     * 令牌失效
+     */
+    TOKEN_FAIL("0002", "令牌失效"),
+
+    /**
+     * 权限冻结
+     */
+    PERMISSION_FREEZE("0003", "权限冻结"),
+
+    /**
+     * 用户令牌解密失败
+     */
+    USER_TOKEN_DECODE_FAIL("1000", "用户令牌解密失败"),
+
+    /**
+     * 用户令牌不存在
+     */
+    USER_TOKEN_NOT_EXITS("1001", "用户令牌不存在"),
+
+    /**
+     * 应用令牌解密失败
+     */
+    APP_TOKEN_DECODE_FAIL("1002", "应用令牌解密失败"),
+    /**
+     * 应用令牌不存在
+     */
+    APP_TOKEN_NOT_EXITS("1003", "应用令牌不存在"),
+
+    /**
+     * 用户令牌不需要续期
+     */
+    USER_TOKEN_NO_RENEWAL("1004", "用户令牌不需要续期"),
+
+    /**
+     * 应用令牌不需要续期
+     */
+    APP_TOKEN_NO_RENEWAL("1005", "应用令牌不需要续期");
+
+    private final String value;
+
+    private final String label;
+
+
+    ZeroTrustBusinessRespEnum(String value, String label) {
+        this.value = value;
+        this.label = label;
+    }
+
+    @Override
+    public String getValue() {
+        return this.value;
+    }
+
+    @Override
+    public String getLabel() {
+        return this.label;
+    }
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustDataRespVO.java

@@ -0,0 +1,62 @@
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import com.dragoninfo.dcuc.auth.api.vo.DataItemRespVO;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/2/15
+ */
+@Data
+public class ZeroTrustDataRespVO<T> {
+
+    private String message;
+
+    /**
+     * 状态码
+     */
+    @JsonProperty("status_code")
+    private String statusCode;
+
+    /**
+     * 详细信息
+     */
+    private DataItemRespVO<T> data;
+
+    /**
+     * 设置业务枚举
+     *
+     * @param businessRespEnum 业务枚举
+     */
+    public static <T> ZeroTrustDataRespVO<T> resultEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum) {
+        ZeroTrustDataRespVO<T> dataRespVO = new ZeroTrustDataRespVO<>();
+        dataRespVO.setStatusCode(businessRespEnum.getValue());
+        return dataRespVO;
+    }
+
+
+    public static <T> ZeroTrustDataRespVO<T> success(T result) {
+        ZeroTrustDataRespVO<T> dataRespVO = new ZeroTrustDataRespVO<>();
+        dataRespVO.setStatusCode(ZeroTrustBusinessRespEnum.SUCCESS.getValue());
+        DataItemRespVO<T> dataItemRespVO = new DataItemRespVO<>();
+        dataItemRespVO.setResult(result);
+        dataRespVO.setData(dataItemRespVO);
+        dataRespVO.setMessage("操作成功");
+        return dataRespVO;
+    }
+
+    public static <T> ZeroTrustDataRespVO<T> resultEnumMessage(ZeroTrustBusinessRespEnum respEnum, T result) {
+        ZeroTrustDataRespVO<T> dataRespVO = new ZeroTrustDataRespVO<>();
+        dataRespVO.setStatusCode(respEnum.getValue());
+        dataRespVO.setMessage(respEnum.getLabel());
+        DataItemRespVO<T> dataItemRespVO = new DataItemRespVO<>();
+        dataRespVO.setData(dataItemRespVO);
+        dataItemRespVO.setResult(result);
+        return dataRespVO;
+    }
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTustMessageRespVO.java

@@ -0,0 +1,99 @@
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
+
+import com.dragoninfo.dcuc.auth.api.vo.BusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Data;
+
+/**
+ * <p>
+ * 用户令牌校验返回
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+@Data
+public class ZeroTustMessageRespVO {
+
+    /**
+     * “0000” 表示令牌有效；
+     * 其他值表示无效或接口调用出错
+     */
+    @JsonProperty("status_code")
+    private String statusCode;
+
+    /**
+     * 状态码对应的详细描述
+     */
+    private String message;
+
+    /**
+     * 设置业务枚举
+     *
+     * @param businessRespEnum 业务枚举
+     */
+    public void setBusinessRespEnum(ZeroTrustBusinessRespEnum businessRespEnum) {
+        setStatusCode(businessRespEnum.getValue());
+        setMessage(businessRespEnum.getLabel());
+    }
+
+
+    /**
+     * 设置业务枚举
+     *
+     * @param businessRespEnum 业务枚举
+     */
+    public static ZeroTustMessageRespVO messageEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum) {
+        ZeroTustMessageRespVO messageRespVO = new ZeroTustMessageRespVO();
+        messageRespVO.setBusinessRespEnum(businessRespEnum);
+        return messageRespVO;
+    }
+
+    /**
+     * 设置请求参数异常
+     *
+     * @param businessRespEnum 枚举
+     * @param message          异常信息
+     */
+    public static ZeroTustMessageRespVO messageEnumMessage(ZeroTrustBusinessRespEnum businessRespEnum, String message) {
+        ZeroTustMessageRespVO messageRespVO = new ZeroTustMessageRespVO();
+        messageRespVO.setStatusCode(businessRespEnum.getValue());
+        messageRespVO.setMessage(message);
+        return messageRespVO;
+    }
+
+    /**
+     * 是否成功
+     *
+     * @return 是否成功
+     */
+    @JsonIgnore
+    public boolean isRespSuccess() {
+        return this.statusCode.equalsIgnoreCase(BusinessRespEnum.SUCCESS.getValue());
+    }
+
+    /**
+     * 是否失败
+     *
+     * @return 是否失败
+     */
+    @JsonIgnore
+    public boolean isRespFail() {
+        return !isRespSuccess();
+    }
+
+    /**
+     * 转发Result返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ResultRespVO<T> toResultRespVO() {
+        ResultRespVO<T> objectResultRespVO = new ResultRespVO<>();
+        objectResultRespVO.setStatusCode(statusCode);
+        objectResultRespVO.setMessage(message);
+        return objectResultRespVO;
+    }
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/dto/AppAuthResultDto.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.auth.auth.dto;
+
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * 应用鉴权结果dto
+ *
+ * @author mazq
+ * @date 2023/3/8
+ */
+@Data
+public class AppAuthResultDto {
+
+    /**
+     * 人员id
+     */
+    private String openId;
+
+    /**
+     * 应用id集合
+     */
+    private List<String> appIds;
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/enums/TokenActionEnum.java

@@ -0,0 +1,49 @@
+package com.dragoninfo.dcuc.auth.token.enums;
+
+import com.dragonsoft.duceap.base.enums.ICodeEnum;
+
+/**
+ * <p>
+ * 令牌动作
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/8/1
+ */
+public enum TokenActionEnum implements ICodeEnum {
+    /**
+     * 上线
+     */
+    ONLINE("online", "上线"),
+
+    /**
+     * 下线
+     */
+    OFFLINE("offline", "下线"),
+
+    /**
+     * 续期
+     */
+    RENEW("renew", "续期"),
+
+    ;
+    private final String value;
+
+    private final String label;
+
+
+    TokenActionEnum(String value, String label) {
+        this.value = value;
+        this.label = label;
+    }
+
+    @Override
+    public String getValue() {
+        return this.value;
+    }
+
+    @Override
+    public String getLabel() {
+        return this.label;
+    }
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/enums/TokenTypeEnum.java

@@ -0,0 +1,37 @@
+package com.dragoninfo.dcuc.auth.token.enums;
+
+import com.dragonsoft.duceap.base.enums.ICodeEnum;
+
+/**
+ * @author huangzqa
+ */
+
+public enum TokenTypeEnum implements ICodeEnum {
+    /**
+     * 用户令牌
+     */
+    USER("user", "用户令牌"),
+    /**
+     * 应用令牌
+     */
+    APP("app", "应用令牌");
+
+    private final String value;
+
+    private final String label;
+
+    TokenTypeEnum(String value, String label) {
+        this.value = value;
+        this.label = label;
+    }
+
+    @Override
+    public String getValue() {
+        return value;
+    }
+
+    @Override
+    public String getLabel() {
+        return label;
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/LogSendService.java

@@ -63,7 +63,7 @@ public class LogSendService {
     public void sendAuthenticationLog(AuthenticationLogDto log) {
         String title = "推送鉴权日志";
         String content = "推送鉴权日志";
-        SecurityUser securityUser = (SecurityUser) UserContextUtils.getCurrentUser();
+        SecurityUser securityUser = UserContextUtils.getCurrentUser();
         MessageInfoVo messages = getMessageVo(securityUser, title, content, auditConfig.getAuthenticationTopic());
         messages.setContent(JSON.toJSONString(log));
         List<MessageInfoVo> msg = new ArrayList<>();

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/DataAuthLogHandler.java

@@ -199,23 +199,25 @@ public class DataAuthLogHandler {
         }).collect(Collectors.toList());
 
         AuthenticationLogDto authenticationLogDto = new AuthenticationLogDto();
-        authenticationLogDto.setUserId(userInfo.getId());
-        authenticationLogDto.setUserName(userInfo.getName());
+
         authenticationLogDto.setUserIdcard(dataItemsCheckDto.getIdcard());
         authenticationLogDto.setCreateTime(new Date());
         authenticationLogDto.setAuthenticationType(AuthenticationTypeEnum.SJJJQ.getValue());
         authenticationLogDto.setState(state.getValue());
         authenticationLogDto.setContent(contentDtos);
-
         authenticationLogDto.setRequesterId(dataItemsCheckDto.getCurrentAppCode());
         authenticationLogDto.setRequesterName(app.getApplyName());
-
         authenticationLogDto.setTerminalId(ip);
         authenticationLogDto.setUserToken(userToken);
-        authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
-        authenticationLogDto.setUserOrgName(userInfo.getOrgName());
         authenticationLogDto.setAppToken(appToken);
 
+        if (null != userInfo) {
+            authenticationLogDto.setUserId(userInfo.getId());
+            authenticationLogDto.setUserName(userInfo.getName());
+            authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
+            authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+        }
+
         logSendService.sendAuthenticationLog(authenticationLogDto);
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/FunAuthLogHandler.java

@@ -56,8 +56,6 @@ public class FunAuthLogHandler {
         }).collect(Collectors.toList());
 
         AuthenticationLogDto authenticationLogDto = new AuthenticationLogDto();
-        authenticationLogDto.setUserId(userInfo.getId());
-        authenticationLogDto.setUserName(userInfo.getName());
         authenticationLogDto.setUserIdcard(dto.getIdcard());
         authenticationLogDto.setRequesterName(app.getApplyName());
         authenticationLogDto.setRequesterId(dto.getAppCode());
@@ -67,8 +65,13 @@ public class FunAuthLogHandler {
         authenticationLogDto.setContent(contentDtos);
         authenticationLogDto.setTerminalId(ip);
         authenticationLogDto.setUserToken(userToken);
-        authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
-        authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+        if (userInfo != null) {
+            authenticationLogDto.setUserId(userInfo.getId());
+            authenticationLogDto.setUserName(userInfo.getName());
+            authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
+            authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+        }
+
         authenticationLogDto.setAppToken(appToken);
         logSendService.sendAuthenticationLog(authenticationLogDto);
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/ServiceAuthLogHandler.java

@@ -101,8 +101,6 @@ public class ServiceAuthLogHandler {
         }).collect(Collectors.toList());
 
         AuthenticationLogDto authenticationLogDto = new AuthenticationLogDto();
-        authenticationLogDto.setUserId(userInfo.getId());
-        authenticationLogDto.setUserName(userInfo.getName());
         authenticationLogDto.setUserIdcard(idcard);
         authenticationLogDto.setRequesterName(app.getApplyName());
         authenticationLogDto.setRequesterId(appCode);
@@ -114,8 +112,13 @@ public class ServiceAuthLogHandler {
         authenticationLogDto.setTerminalId(ip);
         authenticationLogDto.setUserToken(userToken);
         authenticationLogDto.setAppToken(appToken);
-        authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
-        authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+
+        if (userInfo != null) {
+            authenticationLogDto.setUserId(userInfo.getId());
+            authenticationLogDto.setUserName(userInfo.getName());
+            authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
+            authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+        }
 
         logSendService.sendAuthenticationLog(authenticationLogDto);
     }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/IZeroTrustAppAuthBusiness.java

@@ -0,0 +1,19 @@
+package com.dragoninfo.dcuc.auth.auth.business;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+public interface IZeroTrustAppAuthBusiness {
+
+    /**
+     * 应用级鉴权
+     *
+     * @param appAuthReqVO 应用级鉴权请求
+     * @return 应用级权限
+     */
+    ZeroTrustDataRespVO<String> appAuth(AppAuthReqVO appAuthReqVO);
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/IZeroTrustDataAuthBusiness.java

@@ -0,0 +1,18 @@
+package com.dragoninfo.dcuc.auth.auth.business;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+public interface IZeroTrustDataAuthBusiness {
+
+    /**
+     * 数据级鉴权
+     *
+     * @param dataAuthReqVO 数据级鉴权
+     * @return 数据级鉴权
+     */
+    ZeroTrustDataRespVO<DataAuthRespVO> dataAuth(DataAuthReqVO dataAuthReqVO);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/IZeroTrustFunAuthBusiness.java

@@ -0,0 +1,19 @@
+package com.dragoninfo.dcuc.auth.auth.business;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+public interface IZeroTrustFunAuthBusiness {
+
+    /**
+     * 功能级鉴权
+     *
+     * @param functionAuthReqVO 功能级鉴权求
+     * @return 功能级鉴权
+     */
+    ZeroTrustDataRespVO<String> functionAuth(FunctionAuthReqVO functionAuthReqVO);
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/IZeroTrustServiceAuthBusiness.java

@@ -0,0 +1,18 @@
+package com.dragoninfo.dcuc.auth.auth.business;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+public interface IZeroTrustServiceAuthBusiness {
+
+    /**
+     * 服务级鉴权
+     *
+     * @param serviceAuthReqVO 服务级鉴权请求
+     * @return 服务级鉴权
+     */
+    ZeroTrustDataRespVO<String> serviceAuth(ServiceAuthReqVO serviceAuthReqVO);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/ZeroTrustAppAuthBusiness.java

@@ -0,0 +1,103 @@
+package com.dragoninfo.dcuc.auth.auth.business.impl;
+
+import cn.hutool.core.bean.BeanUtil;
+import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSON;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.AppAuthReqVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustAppAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.dto.AppDataSensitiveLevelDTO;
+import com.dragoninfo.dcuc.auth.auth.service.IStaffAssignAuthInfoService;
+import com.dragoninfo.dcuc.auth.auth.vo.ApiAppAuthVo;
+import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+@Slf4j
+@Service
+public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
+
+    private IAuthTokenBusiness authTokenBusiness;
+
+    private IAuthUserInfoService authUserInfoService;
+
+    private IStaffAssignAuthInfoService staffAssignAuthInfoService;
+
+    private LogInfoFillService logInfoFillService;
+
+    @Autowired
+    public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
+        this.logInfoFillService = logInfoFillService;
+    }
+
+    @Autowired
+    public void setStaffAssignAuthInfoService(IStaffAssignAuthInfoService staffAssignAuthInfoService) {
+        this.staffAssignAuthInfoService = staffAssignAuthInfoService;
+    }
+
+    @Autowired
+    public void setAuthUserInfoService(IAuthUserInfoService authUserInfoService) {
+        this.authUserInfoService = authUserInfoService;
+    }
+
+    @Autowired
+    public void setAuthTokenBusiness(IAuthTokenBusiness authTokenBusiness) {
+        this.authTokenBusiness = authTokenBusiness;
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<String> appAuth(AppAuthReqVO appAuthReqVO) {
+        String userTokenId = appAuthReqVO.getUserTokenId();
+        UserTokenInfoRespVO userToken = authTokenBusiness.getUserTokenInfo(userTokenId);
+        String pId = userToken.getPid();
+        log.info("传入的用户令牌为:{}, 应用鉴权查寻到的令牌结果:{}, pid:{}", userTokenId, JSON.toJSONString(userToken), pId);
+
+        // todo 校验签名
+        AuthUserInfo userInfo = authUserInfoService.findByIdcard(pId);
+        if (userInfo == null) {
+            log.error("查询不到用户信息");
+            ApiAppAuthVo appAuthVo = ApiAppAuthVo.builder()
+                    .terminalIp(IpUtils.getRealIpAdrress(RequestUtils.getRequest()))
+                    .userToken(userTokenId)
+                    .build();
+            // 发送鉴权失败日志
+            logInfoFillService.sendAppAuthenticationLog(appAuthVo, Collections.emptyList(), AuthResultEnum.FAIL);
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        }
+
+        AuthUserVo userVo = new AuthUserVo();
+        BeanUtil.copyProperties(userInfo, userVo);
+        ApiAppAuthVo authVo = ApiAppAuthVo.builder()
+                .userInfo(userVo)
+                .userToken(userTokenId)
+                .terminalIp(IpUtils.getIp())
+                .build();
+        List<AppDataSensitiveLevelDTO> appList = staffAssignAuthInfoService.apiAppAuth(authVo);
+        String appAuth = appList.stream()
+                .map(AppDataSensitiveLevelDTO::getCode)
+                .filter(StringUtils::isNotBlank)
+                .distinct()
+                .collect(Collectors.joining(StrUtil.COMMA));
+
+        return ZeroTrustDataRespVO.success(appAuth);
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/ZeroTrustDataAuthBusiness.java

@@ -0,0 +1,118 @@
+package com.dragoninfo.dcuc.auth.auth.business.impl;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.DataAuthReqVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.DataAuthRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
+import com.dragoninfo.dcuc.auth.auth.business.IDataAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustDataAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.dto.DataItemsCheckDto;
+import com.dragoninfo.dcuc.auth.auth.dto.DataItemsDto;
+import com.dragoninfo.dcuc.auth.auth.dto.data.DataAuthV2ReqDTO;
+import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+@Slf4j
+@Service
+public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
+
+    private IAuthTokenBusiness authTokenBusiness;
+
+    private LogInfoFillService logInfoFillService;
+
+    private IDataAuthBusiness dataAuthBusiness;
+
+    @Autowired
+    public void setDataAuthBusiness(IDataAuthBusiness dataAuthBusiness) {
+        this.dataAuthBusiness = dataAuthBusiness;
+    }
+
+    @Autowired
+    public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
+        this.logInfoFillService = logInfoFillService;
+    }
+
+    @Autowired
+    public void setAuthTokenBusiness(IAuthTokenBusiness authTokenBusiness) {
+        this.authTokenBusiness = authTokenBusiness;
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<DataAuthRespVO> dataAuth(DataAuthReqVO dataAuthReqVO) {
+        String appTokenId = dataAuthReqVO.getAppTokenId();
+        TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
+        if (null == tokenInfo) {
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+
+        DataItemsCheckDto dto = new DataItemsCheckDto();
+        dto.setCurrentAppCode(tokenInfo.getAppToken().getAppId());
+        dto.setCurrentIdcard(tokenInfo.getUserToken().getPid());
+        dto.setIdcard(tokenInfo.getUserToken().getPid());
+        dto.setDataItemsDtoList(Collections.emptyList());
+
+        AuthUserVo userInfo = tokenInfo.getUserInfo();
+        if (null == userInfo) {
+            log.error("查询不到用户信息");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.FAIL, dto, IpUtils.getIp(), appTokenId, tokenInfo.getUserToken().getUserTokenId());
+
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+
+        DataAuthV2ReqDTO v2ReqDTO = new DataAuthV2ReqDTO();
+        v2ReqDTO.setIdcard(userInfo.getIdcard());
+        v2ReqDTO.setResourceId(dataAuthReqVO.getResourceId());
+        v2ReqDTO.setAppToken(appTokenId);
+        v2ReqDTO.setUserToken(tokenInfo.getUserToken().getUserTokenId());
+        v2ReqDTO.setRequestAppCode(tokenInfo.getAppToken().getAppId());
+
+        ResponseDTO<Set<String>> responseDTO = dataAuthBusiness.dataAuth(v2ReqDTO);
+        if (ResponseUtil.isFail(responseDTO)) {
+            log.error("数据鉴权失败:{}", responseDTO.getMessage());
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        }
+
+        Set<String> stringSet = ResponseUtil.getResult(responseDTO);
+        String collect = String.join(StrUtil.COMMA,
+                Optional.ofNullable(stringSet).orElse(Collections.emptySet()));
+        DataAuthRespVO respVO = new DataAuthRespVO();
+        respVO.setResourceId(dataAuthReqVO.getResourceId());
+        respVO.setItemIdentifier(collect);
+
+        List<DataItemsDto> itemsDtos = stringSet.stream().map(e -> {
+            DataItemsDto dataItemsDto = new DataItemsDto();
+            dataItemsDto.setResourceCode(dataAuthReqVO.getResourceId());
+            dataItemsDto.setDataItemCode(e);
+            return dataItemsDto;
+        }).collect(Collectors.toList());
+        dto.setDataItemsDtoList(itemsDtos);
+
+        // 发送成功日志
+        logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.SUC, dto, IpUtils.getIp(), appTokenId, tokenInfo.getUserToken().getUserTokenId());
+
+        return ZeroTrustDataRespVO.success(respVO);
+
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/ZeroTrustFunAuthBusiness.java

@@ -0,0 +1,111 @@
+package com.dragoninfo.dcuc.auth.auth.business.impl;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.FunctionAuthReqVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
+import com.dragoninfo.dcuc.auth.auth.business.IDataAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustFunAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
+import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
+import com.dragoninfo.dcuc.auth.auth.service.IRoleService;
+import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.enums.BooleanEnum;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+@Slf4j
+@Service
+public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
+
+    private IAuthTokenBusiness authTokenBusiness;
+
+    private IRoleService roleService;
+
+    private LogInfoFillService logInfoFillService;
+
+    @Autowired
+    public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
+        this.logInfoFillService = logInfoFillService;
+    }
+
+    @Autowired
+    public void setRoleService(IRoleService roleService) {
+        this.roleService = roleService;
+    }
+
+    @Autowired
+    public void setAuthTokenBusiness(IAuthTokenBusiness authTokenBusiness) {
+        this.authTokenBusiness = authTokenBusiness;
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<String> functionAuth(FunctionAuthReqVO functionAuthReqVO) {
+        String appTokenId = functionAuthReqVO.getAppTokenId();
+        TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, true);
+        if (null == tokenInfo) {
+            log.error("令牌查询结果为空");
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+
+        String appCode = tokenInfo.getAppToken().getAppId();
+        RoleApiDto roleApiDto = new RoleApiDto();
+        roleApiDto.setAppCode(appCode);
+        AuthUserVo userInfo = tokenInfo.getUserInfo();
+        if (userInfo == null) {
+            log.error("查询不到用户信息");
+            // 发送鉴权失败日志
+            logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.FAIL, roleApiDto, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId);
+
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+
+
+        roleApiDto.setUserId(userInfo.getId());
+        roleApiDto.setIdcard(userInfo.getIdcard());
+
+        ApplyInfoVo applyInfo = tokenInfo.getApplyInfo();
+        if (null == applyInfo || applyInfo.getApplyStatus().equals(BooleanEnum.FALSE.getValue())) {
+            log.error("应用不存在或已停用");
+            // 发送鉴权失败日志
+            logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.FAIL, roleApiDto, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId);
+
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        }
+
+        ResponseDTO<List<AppFunInfoDTO>> menus = roleService.getMenus(roleApiDto);
+        List<AppFunInfoDTO> authFunInfos = ResponseUtil.getResult(menus);
+        String collect = authFunInfos.stream().map(AppFunInfoDTO::getCode)
+                .filter(StringUtils::isNotBlank)
+                .distinct()
+                .collect(Collectors.joining(StrUtil.COMMA));
+        log.info("应用编码:{}, 人员id:{}, 应用鉴权结果:{}", appCode, userInfo.getId(), collect);
+
+        return ZeroTrustDataRespVO.success(collect);
+
+    }
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/ZeroTrustServiceAuthBusiness.java

@@ -0,0 +1,103 @@
+package com.dragoninfo.dcuc.auth.auth.business.impl;
+
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ServiceAuthReqVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
+import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
+import com.dragoninfo.dcuc.auth.auth.business.IDataAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustServiceAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.service.IRoleService;
+import com.dragoninfo.dcuc.auth.auth.service.IServiceAuthResultService;
+import com.dragoninfo.dcuc.auth.auth.service.IStaffAssignAuthInfoService;
+import com.dragoninfo.dcuc.auth.auth.vo.ServiceAuthenticationResVO;
+import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
+import com.dragonsoft.duceap.base.enums.BooleanEnum;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+@Slf4j
+@Service
+public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusiness {
+
+    private IAuthTokenBusiness authTokenBusiness;
+
+    private LogInfoFillService logInfoFillService;
+
+    private IServiceAuthResultService serviceAuthResultService;
+
+    @Autowired
+    public void setServiceAuthResultService(IServiceAuthResultService serviceAuthResultService) {
+        this.serviceAuthResultService = serviceAuthResultService;
+    }
+
+    @Autowired
+    public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
+        this.logInfoFillService = logInfoFillService;
+    }
+
+    @Autowired
+    public void setAuthTokenBusiness(IAuthTokenBusiness authTokenBusiness) {
+        this.authTokenBusiness = authTokenBusiness;
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<String> serviceAuth(ServiceAuthReqVO serviceAuthReqVO) {
+        String appTokenId = serviceAuthReqVO.getAppTokenId();
+        TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
+        if (null == tokenInfo) {
+            log.error("令牌查询结果为空");
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+
+        AuthUserVo userInfo = tokenInfo.getUserInfo();
+        if (userInfo == null) {
+            log.error("查询不到用户信息");
+
+            //发送鉴权失败日志
+            logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.FAIL, null, tokenInfo.getAppToken().getAppId(),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()));
+
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+
+        ApplyInfoVo appInfo = tokenInfo.getApplyInfo();
+        if (null == appInfo || appInfo.getApplyStatus().equals(BooleanEnum.FALSE.getValue())) {
+            log.error("应用不存在或已停用");
+
+            //发送鉴权失败日志
+            logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.FAIL, userInfo.getIdcard(), tokenInfo.getAppToken().getAppId(),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()));
+
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        }
+        String appCode = tokenInfo.getAppToken().getAppId();
+        String userTokenId = tokenInfo.getUserToken().getUserTokenId();
+
+        List<ServiceAuthenticationResVO> resVos = serviceAuthResultService.serviceAuthentication(userInfo.getIdcard(), appCode, userTokenId, appTokenId);
+        String serviceAuth = resVos.stream()
+                .map(ServiceAuthenticationResVO::getServiceCode)
+                .filter(StringUtils::isNotBlank).distinct()
+                .collect(Collectors.joining(StrUtil.COMMA));
+        return ZeroTrustDataRespVO.success(serviceAuth);
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/api/ZeroTrustAuthFacade.java

@@ -0,0 +1,68 @@
+package com.dragoninfo.dcuc.auth.auth.facade.api;
+
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.*;
+import com.dragoninfo.dcuc.auth.auth.api.IZeroTrustAuthFacade;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustAppAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustDataAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustFunAuthBusiness;
+import com.dragoninfo.dcuc.auth.auth.business.IZeroTrustServiceAuthBusiness;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author mazq
+ * @date 2023/7/10
+ */
+@RestController
+@RequestMapping(value = "/dcuc/auth/zeroTrustAuth")
+public class ZeroTrustAuthFacade implements IZeroTrustAuthFacade {
+
+    private IZeroTrustAppAuthBusiness zeroTrustAuthBusiness;
+
+    private IZeroTrustServiceAuthBusiness zeroTrustServiceAuthBusiness;
+
+    private IZeroTrustDataAuthBusiness zeroTrustDataAuthBusiness;
+
+    private IZeroTrustFunAuthBusiness zeroTrustFunAuthBusiness;
+
+    @Autowired
+    public void setZeroTrustServiceAuthBusiness(IZeroTrustServiceAuthBusiness zeroTrustServiceAuthBusiness) {
+        this.zeroTrustServiceAuthBusiness = zeroTrustServiceAuthBusiness;
+    }
+
+    @Autowired
+    public void setZeroTrustDataAuthBusiness(IZeroTrustDataAuthBusiness zeroTrustDataAuthBusiness) {
+        this.zeroTrustDataAuthBusiness = zeroTrustDataAuthBusiness;
+    }
+
+    @Autowired
+    public void setZeroTrustFunAuthBusiness(IZeroTrustFunAuthBusiness zeroTrustFunAuthBusiness) {
+        this.zeroTrustFunAuthBusiness = zeroTrustFunAuthBusiness;
+    }
+
+    @Autowired
+    public void setZeroTrustAuthBusiness(IZeroTrustAppAuthBusiness zeroTrustAuthBusiness) {
+        this.zeroTrustAuthBusiness = zeroTrustAuthBusiness;
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<String> appAuth(AppAuthReqVO appAuthReqVO) {
+        return zeroTrustAuthBusiness.appAuth(appAuthReqVO);
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<String> functionAuth(FunctionAuthReqVO functionAuthReqVO) {
+        return zeroTrustFunAuthBusiness.functionAuth(functionAuthReqVO);
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<String> serviceAuth(ServiceAuthReqVO serviceAuthReqVO) {
+        return zeroTrustServiceAuthBusiness.serviceAuth(serviceAuthReqVO);
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<DataAuthRespVO> dataAuth(DataAuthReqVO dataAuthReqVO) {
+        return zeroTrustDataAuthBusiness.dataAuth(dataAuthReqVO);
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/IRoleService.java

@@ -1,5 +1,6 @@
 package com.dragoninfo.dcuc.auth.auth.service;
 
+import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
 import com.dragoninfo.dcuc.auth.auth.entity.RoleInfo;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
@@ -65,7 +66,7 @@ public interface IRoleService {
      * @param dto
      * @return
      */
-    ResponseDTO getMenus(RoleApiDto dto);
+    ResponseDTO<List<AppFunInfoDTO>> getMenus(RoleApiDto dto);
 
     /**
      * 根据身份证ID找到这个赋予的应用

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/RoleService.java

@@ -518,7 +518,7 @@ public class RoleService implements IRoleService {
      * @return
      */
     @Override
-    public ResponseDTO getMenus(RoleApiDto dto) {
+    public ResponseDTO<List<AppFunInfoDTO>> getMenus(RoleApiDto dto) {
 
         String appCode = dto.getAppCode();
         String appId = applyInfoFacade.codeConvertToId(appCode);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/ServiceAuthResultServiceImpl.java

@@ -342,7 +342,6 @@ public class ServiceAuthResultServiceImpl implements IServiceAuthResultService {
             list.add(serviceAuthenticationResVO);
         }
 
-        //fixme 因为返回所有列表，所以不会有失败的情况
         String ip = IpUtils.getRealIpAdrress(RequestUtils.getRequest());
         logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.SUC, idcard, appCode, userToken, appToken, results, ip);
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/IAuthTokenBusiness.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.auth.business;
 
-import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
@@ -38,20 +38,11 @@ public interface IAuthTokenBusiness {
      */
     TokenDetailRespVo getByAppTokenId(String appTokenId, boolean needUserInfo, boolean needAppInfo);
 
-    /**
-     * 缓存用户令牌
-     *
-     * @param idcard
-     * @param userTokenId
-     * @param expiredTime
-     */
-    void cacheStandardUserToken(String idcard, String userTokenId, Integer expiredTime);
-
     /**
      * 接收令牌
      *
      * @param receiveVO
      * @return
      */
-    MessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/ICacheBusiness.java

@@ -0,0 +1,83 @@
+package com.dragoninfo.dcuc.auth.business;
+
+import com.dragoninfo.dcuc.auth.auth.dto.AppAuthResultDto;
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 令牌缓存业务
+ *
+ * @author mazq
+ * @date 2023/3/8
+ */
+public interface ICacheBusiness {
+
+    /**
+     * 用户令牌处理
+     *
+     * @param tokenInfo
+     * @param action
+     */
+    void appTokenActionHandle(AppTokenInfoRespVO tokenInfo, String action);
+
+    /**
+     * 应用令牌处理
+     *
+     * @param tokenInfo
+     * @param action
+     */
+    void userTokenActionHandle(UserTokenInfoRespVO tokenInfo, String action);
+
+    /**
+     * 获取用户令牌
+     *
+     * @param userTokenId
+     * @return
+     */
+    UserTokenInfoRespVO getUserToken(String userTokenId);
+
+    /**
+     * 获取应用令牌
+     *
+     * @param appTokenId
+     * @return
+     */
+    AppTokenInfoRespVO getAppToken(String appTokenId);
+
+    /**
+     * 缓存用户令牌的应用鉴权结果
+     *
+     * @param appIds
+     * @param zeroTrustUserTokenInfoRespVO
+     */
+    void cacheAppAuthResult(List<String> appIds, UserTokenInfoRespVO zeroTrustUserTokenInfoRespVO);
+
+    /**
+     * 获取最新的应用鉴权结果
+     *
+     * @param pIds
+     * @return
+     */
+    List<AppAuthResultDto> getAppAuthResult(Collection<String> pIds);
+
+    /**
+     * 获取人员对应的用户令牌id
+     * 该缓存结果只在应用鉴权后出现,获取该缓存为权限变更通知使用
+     *
+     * @param pIds
+     * @return
+     */
+    List<String> getUserTokenIds(List<String> pIds);
+
+    /**
+     * 根据openId获取
+     *
+     * @param openIds
+     * @return key:openId value:userTokenId
+     */
+    Map<String, String> getUserTokenIdByOpenId(Collection<String> openIds);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/AuthTokenBusinessImpl.java

@@ -3,19 +3,21 @@ package com.dragoninfo.dcuc.auth.business.impl;
 import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
-import com.dragoninfo.dcuc.auth.AuthRedisConstant;
-import com.dragoninfo.dcuc.auth.api.vo.BusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.ResultRespPageVo;
 import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
 import com.dragoninfo.dcuc.auth.audit.dto.TokenOperationDto;
 import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
 import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
 import com.dragoninfo.dcuc.auth.token.vo.*;
 import com.dragonsoft.auditlog.collection.qmtj.enums.TokenTypeEnum;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
@@ -32,10 +34,7 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
 
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
 
 /**
@@ -56,18 +55,23 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     private IAuthUserInfoService userInfoService;
 
-    private StringRedisTemplate stringRedisTemplate;
-
     private QmAuditPushService qmAuditPushService;
 
+    private ICacheBusiness cacheBusiness;
+
     @Autowired
-    public void setDcucAuthConfig(DcucAuthConfig dcucAuthConfig) {
-        this.dcucAuthConfig = dcucAuthConfig;
+    public void setCacheBusiness(ICacheBusiness cacheBusiness) {
+        this.cacheBusiness = cacheBusiness;
     }
 
     @Autowired
-    public void setStringRedisTemplate(StringRedisTemplate stringRedisTemplate) {
-        this.stringRedisTemplate = stringRedisTemplate;
+    public void setQmAuditPushService(QmAuditPushService qmAuditPushService) {
+        this.qmAuditPushService = qmAuditPushService;
+    }
+
+    @Autowired
+    public void setDcucAuthConfig(DcucAuthConfig dcucAuthConfig) {
+        this.dcucAuthConfig = dcucAuthConfig;
     }
 
     @Autowired
@@ -87,6 +91,11 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     @Override
     public UserTokenInfoRespVO getUserTokenInfo(String userTokenId) {
+        UserTokenInfoRespVO userToken = cacheBusiness.getUserToken(userTokenId);
+        if (null != userToken) {
+            return userToken;
+        }
+
         // 查询用户令牌
         String tokenQueryUrl = dcucAuthConfig.getUserTokenQueryUrl();
         Map<String, String> param = new HashMap<>();
@@ -94,12 +103,19 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
         log.info("getUserTokenInfo url:{}, tokenId:{}", tokenQueryUrl, userTokenId);
 
-        return getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<UserTokenInfoRespVO>>() {
+        UserTokenInfoRespVO tokenInfo = getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<UserTokenInfoRespVO>>() {
         }, param);
+        // 添加缓存
+        cacheBusiness.userTokenActionHandle(tokenInfo, TokenActionEnum.ONLINE.getValue());
+        return tokenInfo;
     }
 
     @Override
     public AppTokenInfoRespVO getAppTokenInfo(String appTokenId) {
+        AppTokenInfoRespVO appToken = cacheBusiness.getAppToken(appTokenId);
+        if (null != appToken) {
+            return appToken;
+        }
         // 获取应用令牌
         String tokenQueryUrl = dcucAuthConfig.getAppTokenQueryUrl();
         Map<String, String> param = new HashMap<>();
@@ -107,8 +123,11 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
         log.info("getAppTokenInfo url:{}, tokenId:{}", tokenQueryUrl, appTokenId);
 
-        return getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<AppTokenInfoRespVO>>() {
+        AppTokenInfoRespVO tokenInfo = getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<AppTokenInfoRespVO>>() {
         }, param);
+        // 添加缓存
+        cacheBusiness.appTokenActionHandle(tokenInfo, TokenActionEnum.ONLINE.getValue());
+        return tokenInfo;
     }
 
     @Override
@@ -138,15 +157,10 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
     }
 
     @Override
-    public void cacheStandardUserToken(String idcard, String userTokenId, Integer expiredTime) {
-        stringRedisTemplate.opsForValue().set(AuthRedisConstant.REDIS_STANDARD_USER_TOKEN_NAMESPACE + idcard, userTokenId, expiredTime, TimeUnit.SECONDS);
-    }
-
-    @Override
-    public MessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
+    public ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
         // 暂时发送令牌接收日志即可
         String type = receiveVO.getType();
-        UserTokenInfoRespVO userTokenInfo ;
+        UserTokenInfoRespVO userTokenInfo;
         if (TokenTypeEnum.USER.getValue().equals(type)) {
             userTokenInfo = getUserTokenInfo(receiveVO.getToken());
         } else {
@@ -154,7 +168,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
             userTokenInfo = appTokenInfo.getUserToken();
         }
         if (null == userTokenInfo) {
-            return MessageRespVO.messageEnumMessage(BusinessRespEnum.TOKEN_FAIL);
+            return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
         TokenOperationDto dto = TokenOperationDto.builder()
                 .action(receiveVO.getAction())
@@ -163,7 +177,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
                 .tokenType(receiveVO.getType())
                 .build();
         qmAuditPushService.pushTokenReceiveLog(dto);
-        return MessageRespVO.messageEnumMessage(BusinessRespEnum.SUCCESS);
+        return ZeroTustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
     }
 
     private AuthUserVo getAuthUserVo(String pid) {

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/RedisCacheBusinessImpl.java

@@ -0,0 +1,237 @@
+package com.dragoninfo.dcuc.auth.business.impl;
+
+import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSON;
+import com.dragoninfo.dcuc.auth.auth.dto.AppAuthResultDto;
+import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
+import com.dragoninfo.dcuc.auth.constance.AuthRedisConstant;
+import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
+import com.dragoninfo.dcuc.auth.token.enums.TokenTypeEnum;
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+import com.dragonsoft.duceap.base.exception.ApplicationException;
+import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+import java.util.*;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
+
+/**
+ * @author mazq
+ * @date 2023/3/8
+ */
+@Service
+public class RedisCacheBusinessImpl implements ICacheBusiness {
+    /**
+     * 人员openId和userTokenId关联key类型
+     */
+    private static final String USER_OPEN_ID_TOKEN_ID_KEY_TYPE = "OPEN_TOKEN_ID";
+    /**
+     * 人员opId和appId关联key类型
+     */
+    private static final String USER_OPEN_ID_APP_ID_KEY_TYPE = "OPEN_APP_ID";
+
+    @Resource
+    private StringRedisTemplate stringRedisTemplate;
+
+    private void cacheUserToken(UserTokenInfoRespVO userToken) {
+        // 缓存人员令牌
+        long tokenExpireTime = userToken.getExpireAt().getTime();
+        long redisExpire = (tokenExpireTime - System.currentTimeMillis()) / 1000;
+        String tokenIdKey = getKeyPrefix(userToken.getUserTokenId(), TokenTypeEnum.USER.getValue());
+        stringRedisTemplate.opsForValue().set(tokenIdKey, JSON.toJSONString(userToken), redisExpire, TimeUnit.SECONDS);
+
+        // 缓存openId-tokenId到缓存中
+        String pid = userToken.getPid();
+        String openIdTokenKey = getKeyPrefix(pid, USER_OPEN_ID_TOKEN_ID_KEY_TYPE);
+        stringRedisTemplate
+                .opsForValue()
+                .set(openIdTokenKey, userToken.getUserTokenId(), redisExpire, TimeUnit.SECONDS);
+    }
+
+    private void cacheAppToken(AppTokenInfoRespVO appToken) {
+        long tokenExpireTime = appToken.getExpireAt().getTime();
+        long redisExpire = (tokenExpireTime - System.currentTimeMillis()) / 1000;
+        String key = getKeyPrefix(appToken.getAppTokenId(), TokenTypeEnum.APP.getValue());
+        stringRedisTemplate.opsForValue().set(key, JSON.toJSONString(appToken), redisExpire, TimeUnit.SECONDS);
+    }
+
+    private void renewUserToken(UserTokenInfoRespVO userTokenInfo) {
+        cacheUserToken(userTokenInfo);
+        // 如果存在其他相关信息刷新缓存
+        String pId = userTokenInfo.getPid();
+        String openIdAppIdKey = getKeyPrefix(pId, USER_OPEN_ID_APP_ID_KEY_TYPE);
+        long tokenExpireTime = userTokenInfo.getExpireAt().getTime();
+        long redisExpire = (tokenExpireTime - System.currentTimeMillis()) / 1000;
+        // 刷新应用鉴权结果, 不存在应用鉴权结果也没事
+        stringRedisTemplate.expire(openIdAppIdKey, redisExpire, TimeUnit.SECONDS);
+    }
+
+    private void deleteUserToken(UserTokenInfoRespVO tokenInfo) {
+        // 删除令牌
+        // 删除相关缓存信息
+        String id = tokenInfo.getUserTokenId();
+        String pId = tokenInfo.getPid();
+        String tokenIdKey = getKeyPrefix(id, TokenTypeEnum.USER.getValue());
+        String openIdTokenIdKey = getKeyPrefix(pId, USER_OPEN_ID_TOKEN_ID_KEY_TYPE);
+        String openIdAppIdKey = getKeyPrefix(pId, USER_OPEN_ID_APP_ID_KEY_TYPE);
+        String[] keys = {tokenIdKey, openIdTokenIdKey, openIdAppIdKey};
+        stringRedisTemplate.delete(Arrays.asList(keys));
+    }
+
+    @Override
+    public UserTokenInfoRespVO getUserToken(String userTokenId) {
+        String key = getKeyPrefix(userTokenId, TokenTypeEnum.USER.getValue());
+        return getTokenInfo(key, UserTokenInfoRespVO.class);
+    }
+
+    @Override
+    public AppTokenInfoRespVO getAppToken(String appTokenId) {
+        String key = getKeyPrefix(appTokenId, TokenTypeEnum.APP.getValue());
+        return getTokenInfo(key, AppTokenInfoRespVO.class);
+    }
+
+    private void renewAppToken(AppTokenInfoRespVO tokenInfo) {
+        cacheAppToken(tokenInfo);
+    }
+
+    private void deleteAppToken(AppTokenInfoRespVO tokenInfo) {
+        stringRedisTemplate.delete(tokenInfo.getAppTokenId());
+    }
+
+    @Override
+    public void cacheAppAuthResult(List<String> appIds, UserTokenInfoRespVO zeroTrustUserTokenInfoRespVO) {
+        if (CollectionUtils.isEmpty(appIds)) {
+            return;
+        }
+        String pId = zeroTrustUserTokenInfoRespVO.getPid();
+
+        // 应用鉴权成功后保存 openId-appIds到缓存中
+        long expireTime = (zeroTrustUserTokenInfoRespVO.getExpireAt().getTime() - System.currentTimeMillis()) / 1000;
+        String openIdAppIdsKey = getKeyPrefix(pId, USER_OPEN_ID_APP_ID_KEY_TYPE);
+        String collect = appIds.stream().sorted(String::compareTo).collect(Collectors.joining(StrUtil.COMMA));
+        // 拼接用户id
+        collect = String.join(StrUtil.UNDERLINE, pId, collect);
+        stringRedisTemplate
+                .opsForValue()
+                .set(openIdAppIdsKey, collect, expireTime, TimeUnit.SECONDS);
+    }
+
+    @Override
+    public List<AppAuthResultDto> getAppAuthResult(Collection<String> pIds) {
+        if (CollectionUtils.isEmpty(pIds)) {
+            return Collections.emptyList();
+        }
+        List<String> userAuthKeys = pIds.stream()
+                .map(item -> getKeyPrefix(item, USER_OPEN_ID_APP_ID_KEY_TYPE))
+                .collect(Collectors.toList());
+        List<String> appAuthObjs = stringRedisTemplate.opsForValue().multiGet(userAuthKeys);
+        return Optional.ofNullable(appAuthObjs)
+                .orElse(Collections.emptyList())
+                .stream()
+                .filter(Objects::nonNull)
+                .map(e -> {
+                    String[] split = e.split(StrUtil.UNDERLINE);
+                    AppAuthResultDto dto = new AppAuthResultDto();
+                    dto.setOpenId(split[0]);
+                    List<String> list = Arrays.asList(split[1].split(StrUtil.COMMA));
+                    dto.setAppIds(list);
+                    return dto;
+                })
+                .collect(Collectors.toList());
+    }
+
+    @Override
+    public List<String> getUserTokenIds(List<String> pIds) {
+        if (CollectionUtils.isEmpty(pIds)) {
+            return Collections.emptyList();
+        }
+
+        List<String> tokenKeys = pIds.stream().map(item -> getKeyPrefix(item, USER_OPEN_ID_TOKEN_ID_KEY_TYPE))
+                .collect(Collectors.toList());
+
+        List<String> userTokenList = stringRedisTemplate.opsForValue().multiGet(tokenKeys);
+
+        // 过滤出 null 的情况
+        return Optional.ofNullable(userTokenList).orElse(Collections.emptyList())
+                .stream()
+                .filter(Objects::nonNull)
+                .collect(Collectors.toList());
+    }
+
+    @Override
+    public Map<String, String> getUserTokenIdByOpenId(Collection<String> openIds) {
+        if (CollectionUtils.isEmpty(openIds)) {
+            return Collections.emptyMap();
+        }
+        ArrayList<String> openIdList = new ArrayList<>(openIds);
+        List<String> keys = openIdList.stream()
+                .map(e -> getKeyPrefix(e, USER_OPEN_ID_TOKEN_ID_KEY_TYPE))
+                .collect(Collectors.toList());
+        List<String> userTokenIds = stringRedisTemplate.opsForValue().multiGet(keys);
+        if (CollectionUtils.isEmpty(userTokenIds)) {
+            return Collections.emptyMap();
+        }
+        Map<String, String> map = new HashMap<>();
+        for (int i = 0; i < keys.size(); i++) {
+            map.put(openIdList.get(i), userTokenIds.get(i));
+        }
+        return map;
+    }
+
+    @Override
+    public void appTokenActionHandle(AppTokenInfoRespVO tokenInfo, String action) {
+        if (null == tokenInfo) {
+            return;
+        }
+        if (TokenActionEnum.OFFLINE.getValue().equals(action)) {
+            deleteAppToken(tokenInfo);
+        } else if (TokenActionEnum.ONLINE.getValue().equals(action)) {
+            cacheAppToken(tokenInfo);
+        } else if (TokenActionEnum.RENEW.getValue().equals(action)) {
+            renewAppToken(tokenInfo);
+        }
+    }
+
+    @Override
+    public void userTokenActionHandle(UserTokenInfoRespVO tokenInfo, String action) {
+        if (null == tokenInfo) {
+            return;
+        }
+        if (TokenActionEnum.OFFLINE.getValue().equals(action)) {
+            deleteUserToken(tokenInfo);
+        } else if (TokenActionEnum.ONLINE.getValue().equals(action)) {
+            cacheUserToken(tokenInfo);
+        } else if (TokenActionEnum.RENEW.getValue().equals(action)) {
+            renewUserToken(tokenInfo);
+        }
+    }
+
+
+    private <T> T getTokenInfo(String tokenId, Class<T> clazz) {
+        String tokenStr = stringRedisTemplate.opsForValue().get(tokenId);
+        if (StringUtils.isBlank(tokenStr)) {
+            return null;
+        }
+        return JSON.parseObject(tokenStr, clazz);
+    }
+
+
+    private String getKeyPrefix(String id, String tokenType) {
+        if (tokenType.equals(TokenTypeEnum.APP.getValue())) {
+            return AuthRedisConstant.REDIS_APP_TOKEN_NAMESPACE + id;
+        } else if (tokenType.equals(TokenTypeEnum.USER.getValue())) {
+            return AuthRedisConstant.REDIS_USER_TOKEN_NAMESPACE + id;
+        } else if (tokenType.equals(USER_OPEN_ID_TOKEN_ID_KEY_TYPE)) {
+            return AuthRedisConstant.REDIS_OPEN_ID_TOKEN_NAMESPACE + id;
+        } else if (tokenType.equals(USER_OPEN_ID_APP_ID_KEY_TYPE)) {
+            return AuthRedisConstant.REDIS_OPEN_AUTH_APP_ID_NAMESPACE + id;
+        } else {
+            throw new ApplicationException("不支持的类型");
+        }
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/AuthRedisConstant.java

@@ -0,0 +1,38 @@
+package com.dragoninfo.dcuc.auth.constance;
+
+/**
+ * @author huangzqa
+ * @date 2021/4/6
+ **/
+public class AuthRedisConstant {
+
+    private AuthRedisConstant() {
+
+    }
+
+    /**
+     * 权限命名空间
+     */
+    public static final String REDIS_AUTH_NAMESPACE = "DCUC-AUTH:";
+
+    /**
+     * 人员id-用户令牌id 缓存命名空间
+     */
+    public static final String REDIS_OPEN_ID_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "OPEN_ID:";
+
+    /**
+     * 人员id-应用鉴权结果：应用ids 缓存命名空间
+     */
+    public static final String REDIS_OPEN_AUTH_APP_ID_NAMESPACE = REDIS_AUTH_NAMESPACE + "USER_AUTH_APP_ID:";
+
+    /**
+     * 用户令牌命名空间
+     */
+    public static final String REDIS_USER_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "USER_TOKEN:";
+
+    /**
+     * 应用令牌命名空间
+     */
+    public static final String REDIS_APP_TOKEN_NAMESPACE = REDIS_AUTH_NAMESPACE + "APP_TOKEN:";
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/token/facade/AuthTokenFacade.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.auth.token.facade;
 
-import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTustMessageRespVO;
 import com.dragoninfo.dcuc.auth.business.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
@@ -35,12 +35,7 @@ public class AuthTokenFacade implements IAuthTokenFacade {
     }
 
     @Override
-    public void cacheStandardUserToken(String idcard, String userTokeId, Integer expiredTime) {
-        tokenBusiness.cacheStandardUserToken(idcard, userTokeId, expiredTime);
-    }
-
-    @Override
-    public MessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
+    public ZeroTustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
         return tokenBusiness.tokenReceive(receiveVO);
     }
 }