feature(风险日志报送开发): 风险日志报送开发

风险日志报送开发

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/dto/AuthenticationLogDto.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.auth.audit.dto;
 
-import com.alibaba.fastjson.JSON;
+import lombok.Data;
 
 import java.util.Date;
 import java.util.List;
@@ -10,8 +10,8 @@ import java.util.List;
  * @Date: 2021/5/17 13:30
  * @Description:
  */
+@Data
 public class AuthenticationLogDto {
-
     private String userName;
     private String userIdcard;
     private String requesterName;
@@ -23,92 +23,9 @@ public class AuthenticationLogDto {
     private String state;
     private List<AuthenticationContentDto> content;
     private String errContent;
-
-    public String getUserName() {
-        return userName;
-    }
-
-    public void setUserName(String userName) {
-        this.userName = userName;
-    }
-
-    public String getUserIdcard() {
-        return userIdcard;
-    }
-
-    public void setUserIdcard(String userIdcard) {
-        this.userIdcard = userIdcard;
-    }
-
-    public String getRequesterName() {
-        return requesterName;
-    }
-
-    public void setRequesterName(String requesterName) {
-        this.requesterName = requesterName;
-    }
-
-    public String getRequesterId() {
-        return requesterId;
-    }
-
-    public void setRequesterId(String requesterId) {
-        this.requesterId = requesterId;
-    }
-
-    public Date getCreateTime() {
-        return createTime;
-    }
-
-    public void setCreateTime(Date createTime) {
-        this.createTime = createTime;
-    }
-
-    public String getTerminalId() {
-        return terminalId;
-    }
-
-    public void setTerminalId(String terminalId) {
-        this.terminalId = terminalId;
-    }
-
-    public String getTokens() {
-        return tokens;
-    }
-
-    public void setTokens(String tokens) {
-        this.tokens = tokens;
-    }
-
-    public String getAuthenticationType() {
-        return authenticationType;
-    }
-
-    public void setAuthenticationType(String authenticationType) {
-        this.authenticationType = authenticationType;
-    }
-
-    public String getState() {
-        return state;
-    }
-
-    public void setState(String state) {
-        this.state = state;
-    }
-
-    public List<AuthenticationContentDto> getContent() {
-        return content;
-    }
-
-    public void setContent(List<AuthenticationContentDto> content) {
-        this.content = content;
-    }
-
-    public LogErrContentDto getErrContent() {
-        return JSON.parseObject(this.errContent, LogErrContentDto.class);
-    }
-
-    public void setErrContent(String errContent) {
-        this.errContent = errContent;
-    }
+    private String authTaskId;
+    private String userOrgCode;
+    private String userOrgName;
+    private String userToken;
+    private String appToken;
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/dto/RiskPushLogDto.java

@@ -0,0 +1,57 @@
+package com.dragoninfo.dcuc.auth.audit.dto;
+
+import lombok.Data;
+
+import java.util.Date;
+
+/**
+ * @author mazq
+ * @date 2021/8/6
+ */
+@Data
+public class RiskPushLogDto {
+    /**
+     * 主键
+     */
+    private String logIds;
+
+    /**
+     * 风险产生方
+     */
+    private String creater;
+
+    /**
+     * 风险产生方标识
+     */
+    private String createrId;
+
+    /**
+     * 风险发生时间
+     */
+    private Date createTime;
+
+    /**
+     * 风险类型
+     */
+    private String riskType;
+
+    /**
+     * 鉴权请求方名称
+     */
+    private String requesterName;
+
+    /**
+     * 鉴权请求方标识
+     */
+    private String requesterId;
+
+    /**
+     * 风险内容
+     */
+    private String riskContent;
+
+    /**
+     * 风险用户终端ip
+     */
+    private String terminalIPs;
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/enums/AuthenticationTypeEnum.java

@@ -8,7 +8,9 @@ import com.dragonsoft.duceap.base.enums.ICodeEnum;
  * @Description:
  */
 public enum AuthenticationTypeEnum implements ICodeEnum {
-
+    /**
+     * 鉴权类型枚举类
+     */
     FWJJQ("FWJJQ","服务级鉴权"),
     GNJJQ("GNJJQ","功能级鉴权"),
     YYJJQ("YYJJQ","应用级鉴权"),
@@ -32,4 +34,15 @@ public enum AuthenticationTypeEnum implements ICodeEnum {
     public String getLabel() {
         return this.label;
     }
+
+    public static AuthenticationTypeEnum getByAuthenticationType(String authenticationType) {
+        for (AuthenticationTypeEnum value : AuthenticationTypeEnum.values()) {
+            if(value.getValue().equals(authenticationType)) {
+                return value;
+            }
+        }
+        return null;
+    }
+
+
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/audit/enums/RiskProgrammeTypeEnum.java

@@ -4,7 +4,6 @@ import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.auth.audit.dto.riskrule.ConditionsIncompleteRule;
 import com.dragoninfo.dcuc.auth.audit.dto.riskrule.NamelistFrequentRule;
 import com.dragoninfo.dcuc.auth.audit.dto.riskrule.ShorttimeFrequentRule;
-import com.dragoninfo.dcuc.auth.audit.dto.riskrule.UltraViresContinuedRule;
 import com.dragonsoft.duceap.base.enums.ICodeEnum;
 import com.dragonsoft.duceap.base.exception.ApplicationException;
 import org.slf4j.Logger;
@@ -17,7 +16,7 @@ import org.slf4j.LoggerFactory;
  */
 public enum RiskProgrammeTypeEnum implements ICodeEnum {
 
-
+    /** 鉴权风险枚举类*/
     DSJPFJQFX("DSJPFJQFX", "短时间频繁鉴权风险", ShorttimeFrequentRule.class),
     DSJPFHBMDMZFX("DSJPFHBMDMZFX", "短时间频繁红/白名单命中风险", NamelistFrequentRule.class),
     JQBYTJBWZFX("JQBYTJBWZFX", "鉴权必要条件不完整风险", ConditionsIncompleteRule.class),
@@ -36,6 +35,15 @@ public enum RiskProgrammeTypeEnum implements ICodeEnum {
         this.clazz = clazz;
     }
 
+    public static RiskProgrammeTypeEnum getByType(String riskType) {
+        for (RiskProgrammeTypeEnum value : values()) {
+            if(value.getValue().equals(riskType)) {
+                return value;
+            }
+        }
+        return null;
+    }
+
     @Override
     public String getValue() {
         return this.value;

dcuc-auth-service/pom.xml

@@ -71,7 +71,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-user-api</artifactId>
-            <version>2.0.4-tjdsj-SNAPSHOT</version>
+            <version>2.0.5-tjdsj-SNAPSHOT</version>
         </dependency>
 
         <dependency>

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/constance/AuditConstance.java

@@ -16,7 +16,7 @@ public class AuditConstance {
     public static final String SYS_USER_IDCARD = "000000000000000000";
 
     /** 系统自动授权时 操作者身份证号 */
-    public static final String SYS_ORG_NAME = "权限中心";
+    public static final String SYS_ORG_NAME = "权限管理系统";
 
     /**启明logType定义：授权 */
     public static String AUDIT_LOG_TYPE_SQ = "007";
@@ -24,6 +24,9 @@ public class AuditConstance {
     /**启明logType定义：鉴权 */
     public static String AUDIT_LOG_TYPE_JQ = "008";
 
+    /**启明logType定义：权限中心报送风险日志 */
+    public static String AUDIT_LOG_TYPE_FXBS = "011";
+
     /**启明authType定义：应用鉴权 */
     public static String AUDIT_AUTH_TYPE_YYJQ = "6";
 
@@ -54,4 +57,16 @@ public class AuditConstance {
     /**启明operateType定义：销权 */
     public static String AUDIT_OPERATE_TYPE_XQ = "02";
 
+    /**启明风险类型归类：频繁鉴权 */
+    public static String AUDIT_RISK_MAIN_TYPE_PFJQ = "01";
+
+    /**启明风险类型归类：鉴权失败 */
+    public static String AUDIT_RISK_MAIN_TYPE_JQSB = "02";
+
+    /**启明风险类型归类：越权访问 */
+    public static String AUDIT_RISK_MAIN_TYPE_YQFW = "03";
+
+    /**启明风险类型归类：异常鉴权 */
+    public static String AUDIT_RISK_MAIN_TYPE_YCJQ = "04";
+
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/listener/AuthenticationLogListener.java

@@ -7,6 +7,7 @@ import com.dragoninfo.dcuc.auth.audit.entity.AuthenticationContent;
 import com.dragoninfo.dcuc.auth.audit.entity.AuthenticationLog;
 import com.dragoninfo.dcuc.auth.audit.service.AuthenticationLogService;
 import com.dragoninfo.dcuc.auth.audit.service.DetectLogService;
+import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.mq.client.model.entity.MessageInfoDTO;
 import com.google.common.base.Joiner;
@@ -40,6 +41,9 @@ public class AuthenticationLogListener {
     @Autowired
     private DetectLogService detectLogService;
 
+    @Autowired
+    private QmAuditPushService pushService;
+
     @ConditionalOnProperty(name = "dcuc.auth.audit-log.kafka", havingValue = "true")
     @KafkaListener(topics = "${dcuc.auth.audit-log.authentication-topic}", groupId = "${dcuc.auth.audit-log.authentication-groupId}", containerFactory = "kafkaListenerContainerFactory")
     public void receiveMessage(ConsumerRecord<String, byte[]> record) {
@@ -64,6 +68,7 @@ public class AuthenticationLogListener {
 
             detectLogService.checkExceptionTime(authenticationLogDto);
 
+            pushService.pushAuthenticationLog(authenticationLogDto);
         } catch (Exception e) {
             logger.error("receiveMessage error.", e);
         }
@@ -86,12 +91,16 @@ public class AuthenticationLogListener {
         authenticationLog.setErrContent(JSON.toJSONString(authenticationLogDto.getErrContent()));
         //保存日志表
         AuthenticationLog authenticationLogSaved = authenticationLogService.save(authenticationLog);
+        Long id = authenticationLogSaved.getId();
 
         //保存日志content
         List<AuthenticationContent> authenticationContents = authenticationLogDto.getContent().stream()
-                .map(e->AuthenticationContent.case2AuthenticationContent(authenticationLogSaved.getId(),e))
+                .map(e->AuthenticationContent.case2AuthenticationContent(id,e))
                 .collect(Collectors.toList());
         authenticationLogService.saveContents(authenticationContents);
+
+        authenticationLogDto.setAuthTaskId(id.toString());
+
     }
 
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/DetectLogService.java

@@ -4,20 +4,26 @@ import cn.hutool.core.date.DateUtil;
 import com.alibaba.fastjson.JSON;
 import com.dragoninfo.dcuc.auth.audit.dto.AuthenticationLogDto;
 import com.dragoninfo.dcuc.auth.audit.dto.LogErrContentDto;
+
+import com.dragoninfo.dcuc.auth.audit.dto.RiskPushLogDto;
 import com.dragoninfo.dcuc.auth.audit.dto.riskrule.NamelistFrequentRule;
 import com.dragoninfo.dcuc.auth.audit.dto.warningrule.ExceptionTimeRule;
 import com.dragoninfo.dcuc.auth.audit.entity.*;
-import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationNecessaryParamEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.RiskProgrammeTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.WarningProgrammeTypeEnum;
+import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
+
 import com.google.common.base.Joiner;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.List;
@@ -47,6 +53,9 @@ public class DetectLogService {
     @Autowired
     private WarningLogService warningLogService;
 
+    @Autowired
+    private QmAuditPushService pushService;
+
 
     /**
      * 短时间频繁访问红白名单统计
@@ -74,14 +83,14 @@ public class DetectLogService {
         List<AuthenticationLog> logs = authenticationLogService.findAllByTime(lastDate, curDate);
         logger.info("短时间频繁鉴权风险统计，配置{}，统计时间区间[{},{}],数量:{}",JSON.toJSONString(riskProgramme),lastDate,curDate,logs.size());
         NamelistFrequentRule namelistFrequentRule = JSON.parseObject(riskProgramme.getRuleContent(), NamelistFrequentRule.class);
-
-        logs.stream().collect(Collectors.groupingBy(AuthenticationLog::getRequesterId, Collectors.toList()))
-                .entrySet()
-                .stream()
-                .peek(entity -> {
-                    if (entity.getValue().size() >= namelistFrequentRule.getFrequency()) {
-                        logger.info("短时间频繁鉴权风险统计，风险{},数量{}",entity.getKey(),entity.getValue().size());
-                        AuthenticationLog authenticationLog = entity.getValue().get(0);
+        List<RiskPushLogDto> pushLogs = new ArrayList<>();
+        //风险计算
+        // 统计鉴权人鉴权次数，不管是什么类型的鉴权，只要超过一定次数则是风险
+        logs.stream().collect(Collectors.groupingBy(AuthenticationLog::getUserIdcard, Collectors.toList()))
+                .forEach((key, value) -> {
+                    if (value.size() >= namelistFrequentRule.getFrequency()) {
+                        logger.info("短时间频繁鉴权风险统计，风险{},数量{}", key, value.size());
+                        AuthenticationLog authenticationLog = value.get(0);
                         //记录风险日志
                         RiskLog riskLog = new RiskLog();
                         riskLog.setCreater(authenticationLog.getUserName());
@@ -95,18 +104,30 @@ public class DetectLogService {
                                 .replaceAll("#主体#", authenticationLog.getUserName())
                                 .replaceAll("#鉴权规则周期#", "" + namelistFrequentRule.getInterval())
                                 .replaceAll("#鉴权规则次数#", "" + namelistFrequentRule.getFrequency())
-                                .replaceAll("#鉴权次数#", "" + entity.getValue().size()));
+                                .replaceAll("#鉴权次数#", "" + value.size()));
 
                         riskLog.setHandleOpinion(riskProgramme.getHandleOpinion().replaceAll("#主体#", authenticationLog.getUserName())
                                 .replaceAll("#鉴权规则周期#", "" + namelistFrequentRule.getInterval())
                                 .replaceAll("#鉴权规则次数#", "" + namelistFrequentRule.getFrequency())
-                                .replaceAll("#鉴权次数#", "" + entity.getValue().size()));
+                                .replaceAll("#鉴权次数#", "" + value.size()));
                         riskLogService.save(riskLog);
 
                         //增加风险记录数
                         riskProgrammeService.incNumber(riskProgramme.getId());
+
+                        //推送风险日志到审计
+                        String ips = value.stream().map(AuthenticationLog::getTerminalId).collect(Collectors.joining(","));
+                        String logIds = value.stream().map(e -> e.getId().toString()).collect(Collectors.joining(","));
+                        RiskPushLogDto riskLogDto = new RiskPushLogDto();
+                        BeanUtils.copyProperties(riskLog, riskLogDto);
+                        riskLogDto.setTerminalIPs(ips);
+                        riskLogDto.setLogIds(logIds);
+                        pushLogs.add(riskLogDto);
                     }
-                }).collect(Collectors.toList());
+                });
+        if(pushLogs.size() > 0) {
+            pushService.pushRiskLog(pushLogs);
+        }
     }
 
     /**
@@ -122,7 +143,7 @@ public class DetectLogService {
             return;
         }
 
-        LogErrContentDto logErrContentDto = authenticationLogDto.getErrContent();
+        LogErrContentDto logErrContentDto = JSON.parseObject(authenticationLogDto.getErrContent(), LogErrContentDto.class);
         if (logErrContentDto == null) {
             return;
         }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/DataAuthLogHandler.java

@@ -178,7 +178,7 @@ public class DataAuthLogHandler {
         logSendService.sendAuthorizeLog(saveAuthorizeLogDto);
     }
 
-    public void sendAuthenticationLog(AuthResultEnum state, DataItemsCheckDto dataItemsCheckDto) {
+    public void sendAuthenticationLog(AuthResultEnum state, DataItemsCheckDto dataItemsCheckDto, String ip, String appToken, String userToken) {
         UserInfo userInfo = userInfoFacade.userDetailByIdCard(dataItemsCheckDto.getIdcard());
         ApplyInfo app = applyInfoFacade.getAppByCode(dataItemsCheckDto.getCurrentAppCode());
 
@@ -200,10 +200,11 @@ public class DataAuthLogHandler {
         authenticationLogDto.setRequesterId(dataItemsCheckDto.getCurrentAppCode());
         authenticationLogDto.setRequesterName(app.getApplyName());
 
-// fixme 暂无
-//        authenticationLogDto.setTerminalId();
-//        authenticationLogDto.setTokens(Joiner.on("、").join(userToken, appToken));
-//        authenticationLogDto.setErrContent();
+        authenticationLogDto.setTerminalId(ip.replaceAll("\\.",""));
+        authenticationLogDto.setUserToken(userToken);
+        authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
+        authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+        authenticationLogDto.setAppToken(appToken);
 
         logSendService.sendAuthenticationLog(authenticationLogDto);
     }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/FunAuthLogHandler.java

@@ -11,6 +11,8 @@ import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleAppFunVO;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
 import com.dragoninfo.dcuc.user.user.facade.IUserInfoFacade;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import lombok.extern.slf4j.Slf4j;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -42,7 +44,9 @@ public class FunAuthLogHandler {
     /**
      * 发送功能鉴权日志
      */
-    public void sendAuthenticationLog(AuthResultEnum state, RoleApiDto dto, List<RoleAppFunVO> funsByroleIds) {
+    public void sendAuthenticationLog(AuthResultEnum state, RoleApiDto dto, List<RoleAppFunVO> funsByroleIds, String ip, String userToken, String appToken) {
+        logger.info("FunAuthLogHandler sendAuthenticationLog client ip :{}", ip);
+
         UserInfo userInfo = userInfoFacade.userDetailByIdCard(dto.getIdcard());
         ApplyInfo app = applyInfoFacade.getAppByCode(dto.getAppCode());
 
@@ -62,12 +66,12 @@ public class FunAuthLogHandler {
         authenticationLogDto.setAuthenticationType(AuthenticationTypeEnum.GNJJQ.getValue());
         authenticationLogDto.setState(state.getValue());
         authenticationLogDto.setContent(contentDtos);
-
-// fixme 暂无
-//        authenticationLogDto.setTerminalId();
-//        authenticationLogDto.setTokens(Joiner.on("、").join(userToken, appToken));
-//        authenticationLogDto.setErrContent();
-
+        authenticationLogDto.setTerminalId(ip.replaceAll("\\.",""));
+        authenticationLogDto.setUserToken(userToken);
+        authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
+        authenticationLogDto.setUserOrgName(userInfo.getOrgName());
+        authenticationLogDto.setAppToken(appToken);
         logSendService.sendAuthenticationLog(authenticationLogDto);
+
     }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/LogInfoFillService.java

@@ -73,10 +73,13 @@ public class LogInfoFillService {
      * @param suc
      * @param dto
      * @param funsByroleIds
+     * @param ip
+     * @param userToken
+     * @param appToken
      */
     @Async
-    public void sendFunAuthenticationLog(AuthResultEnum suc, RoleApiDto dto, List<RoleAppFunVO> funsByroleIds) {
-        funAuthLogHandler.sendAuthenticationLog(suc,dto,funsByroleIds);
+    public void sendFunAuthenticationLog(AuthResultEnum suc, RoleApiDto dto, List<RoleAppFunVO> funsByroleIds, String ip, String userToken, String appToken) {
+        funAuthLogHandler.sendAuthenticationLog(suc,dto,funsByroleIds, ip, userToken, appToken);
     }
 
     /**
@@ -95,8 +98,8 @@ public class LogInfoFillService {
      * 发送服务鉴权日志
      */
     @Async
-    public void sendServiceAuthenticationLog(AuthResultEnum state,String idcard, String appCode, String userToken, String appToken, List<ServiceAuthResult> results){
-        serviceAuthLogHandler.sendAuthenticationLog(state,idcard,appCode,userToken,appToken,results);
+    public void sendServiceAuthenticationLog(AuthResultEnum state, String idcard, String appCode, String userToken, String appToken, List<ServiceAuthResult> results, String ip){
+        serviceAuthLogHandler.sendAuthenticationLog(state,idcard,appCode,userToken,appToken,results, ip);
     }
 
     /**
@@ -176,12 +179,15 @@ public class LogInfoFillService {
 
     /**
      * 发送数据鉴权日志
-     *  @param state
+     * @param state
      * @param dataItemsCheckDto
+     * @param ip
+     * @param appToken
+     * @param userToken
      */
     @Async
-    public void sendDataAuthenticationLog(AuthResultEnum state, DataItemsCheckDto dataItemsCheckDto) {
-        dataAuthLogHandler.sendAuthenticationLog(state, dataItemsCheckDto);
+    public void sendDataAuthenticationLog(AuthResultEnum state, DataItemsCheckDto dataItemsCheckDto, String ip, String appToken, String userToken) {
+        dataAuthLogHandler.sendAuthenticationLog(state, dataItemsCheckDto, ip, appToken, userToken);
     }
 
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/QmAuditPushService.java

@@ -3,13 +3,14 @@ package com.dragoninfo.dcuc.auth.audit.service.log;
 import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.auth.audit.config.AuditConfig;
 import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeHandlerDto;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeLogDto;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeObjectDto;
-import com.dragoninfo.dcuc.auth.audit.dto.AuthorizeSubjectDto;
+import com.dragoninfo.dcuc.auth.audit.dto.*;
+import com.dragoninfo.dcuc.auth.audit.enums.AuthenticationTypeEnum;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthorizeTypeEnum;
+import com.dragoninfo.dcuc.auth.audit.enums.RiskProgrammeTypeEnum;
 import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
 import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthBusLog;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLog;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationRiskLog;
 import com.google.common.util.concurrent.ThreadFactoryBuilder;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
@@ -49,16 +50,19 @@ public class QmAuditPushService {
     @Autowired
     private AuditConfig config;
 
-
+    /**
+     * 推送授权日志
+     * @param authorizeLogDto
+     */
     public void pushAuthorizeLog(AuthorizeLogDto authorizeLogDto) {
         Boolean qmEnabled = config.getQmEnabled();
         if(null == qmEnabled || !qmEnabled) {
             return;
         }
-        executor.submit(()-> pushLogMessage(authorizeLogDto));
+        executor.submit(()-> pushLogToAudit(authorizeLogDto));
     }
 
-    private void pushLogMessage(AuthorizeLogDto authorizeLogDto) {
+    private void pushLogToAudit(AuthorizeLogDto authorizeLogDto) {
         String sysId = config.getSysId();
         String logType = AuditConstance.AUDIT_LOG_TYPE_SQ;
         List<AuthBusLog> busLogs = getAuthBusLog(authorizeLogDto);
@@ -74,13 +78,13 @@ public class QmAuditPushService {
         if(null == typeEnum) {
             return new ArrayList<>();
         }
-        Map<String, String> map = getOperateAndAuth(typeEnum);
+        Map<String, String> map = getSQOperateAndAuthType(typeEnum);
         String authType = map.get(AUTH_TYPE_KEY);
         String operateType = map.get(OPERATE_TYPE_KEY);
         return constructBusLogs(authorizeLogDto, authType ,operateType);
     }
 
-    private Map<String, String> getOperateAndAuth(AuthorizeTypeEnum typeEnum) {
+    private Map<String, String> getSQOperateAndAuthType(AuthorizeTypeEnum typeEnum) {
         Map<String, String> map = new HashMap<>();
         switch (typeEnum) {
             case GNSQ:
@@ -118,7 +122,7 @@ public class QmAuditPushService {
         if(StringUtils.isAnyBlank(authType, operateType)) {
             return list;
         }
-        String timeStr = getTimeStr(authorizeLogDto);
+        String timeStr = getTimeStr(authorizeLogDto.getCreateTime());
         AuthorizeHandlerDto handlerDto = authorizeLogDto.getAuthorizeHandlers().get(0);
         List<AuthorizeSubjectDto> subjectDtos = authorizeLogDto.getAuthorizeSubjects();
         List<AuthorizeObjectDto> objectDtos = authorizeLogDto.getAuthorizeObjects();
@@ -127,8 +131,7 @@ public class QmAuditPushService {
             authBusLog.setAuthType(authType);
             //设置操作者
             authBusLog.setOperateType(operateType);
-            String operateUserId = handlerDto.getHandlerId();
-            authBusLog.setOperateUserId(operateUserId);
+            authBusLog.setOperateUserId(handlerDto.getHandlerId());
             authBusLog.setOperateUserName(handlerDto.getHandlerName());
             authBusLog.setOperateUserIdcard(handlerDto.getHandlerIdcard());
             authBusLog.setOperateOrgCode(handlerDto.getHandlerOrgCode());
@@ -151,14 +154,173 @@ public class QmAuditPushService {
         return list;
     }
 
-    private String getTimeStr(AuthorizeLogDto authorizeLogDto) {
-        Date createTime = authorizeLogDto.getCreateTime();
+    private String getTimeStr(Date createTime) {
         String timeStr = "";
         if(null != createTime) {
             long time = createTime.getTime();
             timeStr = String.valueOf(time);
+            timeStr = timeStr.substring(0, timeStr.length() - 3);
         }
         return timeStr;
     }
 
+    /**
+     * 推送鉴权日志
+     * @param authenticationLogDto
+     */
+    public void pushAuthenticationLog(AuthenticationLogDto authenticationLogDto) {
+        Boolean qmEnabled = config.getQmEnabled();
+        if(null == qmEnabled || !qmEnabled) {
+            return;
+        }
+        executor.submit(()-> pushAuthenticationLogToAudit(authenticationLogDto));
+    }
+
+    private void pushAuthenticationLogToAudit(AuthenticationLogDto authenticationLogDto) {
+        String sysId = config.getSysId();
+        String logType = AuditConstance.AUDIT_LOG_TYPE_JQ;
+        List<AuthenticationBusLog> busLogs = getAuthenticationBusLog(authenticationLogDto);
+        if(CollectionUtils.isNotEmpty(busLogs)) {
+            log.debug("QmAuditPushService pushAuthenticationLogMessage START");
+            logSendComponent.sendAuthenticationBusLog(sysId, logType, busLogs);
+        }
+    }
+
+    private List<AuthenticationBusLog> getAuthenticationBusLog(AuthenticationLogDto authenticationLogDto) {
+        String authenticationType = authenticationLogDto.getAuthenticationType();
+        AuthenticationTypeEnum typeEnum = AuthenticationTypeEnum.getByAuthenticationType(authenticationType);
+        if(null == typeEnum) {
+            return new ArrayList<>();
+        }
+        String authType = getJQAuthType(typeEnum);
+        return constructAuthenticationBusLogs(authenticationLogDto, authType);
+    }
+
+    private List<AuthenticationBusLog> constructAuthenticationBusLogs(AuthenticationLogDto dto, String authType) {
+        List<AuthenticationBusLog> list = new ArrayList<>();
+        if(StringUtils.isBlank(authType)) {
+            return list;
+        }
+        AuthenticationBusLog busLog = new AuthenticationBusLog();
+        String timeStr = getTimeStr(dto.getCreateTime());
+        busLog.setOperateTime(timeStr);
+        busLog.setAuthType(authType);
+        busLog.setAuthIp(dto.getTerminalId());
+        busLog.setAuthIdcard(dto.getUserIdcard());
+        busLog.setAuthResult(dto.getState());
+        busLog.setAuthTaskId(dto.getAuthTaskId());
+        busLog.setAuthusername(dto.getUserName());
+        busLog.setOrgcode(dto.getUserOrgCode());
+        busLog.setOrgcodename(dto.getUserOrgName());
+        busLog.setUserToken(dto.getUserToken());
+        List<AuthenticationContentDto> content = dto.getContent();
+        getAuthenticationContent(authType, busLog, content);
+        list.add(busLog);
+        return list;
+    }
+
+    private void getAuthenticationContent(String authType, AuthenticationBusLog busLog, List<AuthenticationContentDto> content) {
+        String codes = "";
+        if (AuditConstance.AUDIT_AUTH_TYPE_GNJQ.equals(authType)) {
+            codes = content
+                    .stream()
+                    .map(AuthenticationContentDto::getContentId)
+                    .collect(Collectors.joining(","));
+            busLog.setAuthFunctionCode(codes);
+        } else if (AuditConstance.AUDIT_AUTH_TYPE_FWJQ.equals(authType)) {
+            codes = content
+                    .stream()
+                    .map(AuthenticationContentDto::getContentId)
+                    .collect(Collectors.joining(","));
+            busLog.setAuthServiceCode(codes);
+        } else if (AuditConstance.AUDIT_AUTH_TYPE_SJJQ.equals(authType)) {
+            codes = content
+                    .stream()
+                    .map(AuthenticationContentDto::getContentName)
+                    .collect(Collectors.joining(","));
+            busLog.setFieldSetCode(codes);
+        } else if (AuditConstance.AUDIT_AUTH_TYPE_YYJQ.equals(authType)) {
+            codes = content
+                    .stream()
+                    .map(AuthenticationContentDto::getContentId)
+                    .collect(Collectors.joining(","));
+            busLog.setAuthAppCode(codes);
+        }
+    }
+
+    private String getJQAuthType(AuthenticationTypeEnum typeEnum) {
+        String authType = "";
+        switch (typeEnum) {
+            case FWJJQ:
+                authType = AuditConstance.AUDIT_AUTH_TYPE_FWJQ;
+                break;
+            case GNJJQ:
+                authType = AuditConstance.AUDIT_AUTH_TYPE_GNJQ;
+                break;
+            case YYJJQ:
+                authType = AuditConstance.AUDIT_AUTH_TYPE_YYJQ;
+                break;
+            case SJJJQ:
+                authType = AuditConstance.AUDIT_AUTH_TYPE_SJJQ;
+                break;
+            default:
+                break;
+        }
+        return authType;
+    }
+
+    /**
+     * 推送风险日志
+     * @param risksDtos
+     */
+    public void pushRiskLog(List<RiskPushLogDto> risksDtos) {
+        Boolean qmEnabled = config.getQmEnabled();
+        if(null == qmEnabled || !qmEnabled) {
+            return;
+        }
+        executor.submit(()-> pushRiskLogToAudit(risksDtos));
+    }
+
+    private void pushRiskLogToAudit(List<RiskPushLogDto> risksDtos) {
+        if(CollectionUtils.isEmpty(risksDtos)) {
+            return;
+        }
+        List<AuthenticationRiskLog> pushLogs = new ArrayList<>();
+        for (RiskPushLogDto risksDto : risksDtos) {
+            RiskProgrammeTypeEnum riskTypeEnum = RiskProgrammeTypeEnum.getByType(risksDto.getRiskType());
+            if(null == riskTypeEnum) {
+                continue;
+            }
+            String mainType = getMainType(riskTypeEnum);
+            if(null == mainType) {
+                continue;
+            }
+            AuthenticationRiskLog riskPushLog = new AuthenticationRiskLog();
+            String timeStr = getTimeStr(risksDto.getCreateTime());
+            riskPushLog.setTime(timeStr);
+            riskPushLog.setContent(risksDto.getRiskContent());
+            riskPushLog.setTaskId(risksDto.getTerminalIPs());
+            riskPushLog.setMainType(mainType);
+            riskPushLog.setType(riskTypeEnum.getLabel());
+            pushLogs.add(riskPushLog);
+        }
+        if(pushLogs.size() >0) {
+            String sysId = config.getSysId();
+            String logType = AuditConstance.AUDIT_LOG_TYPE_FXBS;
+            logSendComponent.sendAuthenticationRiskLog(sysId, logType, pushLogs);
+        }
+    }
+
+    private String getMainType(RiskProgrammeTypeEnum riskType) {
+        switch (riskType) {
+            case DSJPFJQFX:
+            case DSJPFHBMDMZFX:
+                return AuditConstance.AUDIT_RISK_MAIN_TYPE_PFJQ;
+            case JQBYTJBWZFX:
+                return AuditConstance.AUDIT_RISK_MAIN_TYPE_JQSB;
+            default:
+                break;
+        }
+        return null;
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/ServiceAuthLogHandler.java

@@ -86,7 +86,9 @@ public class ServiceAuthLogHandler {
     /**
      * 发送服务鉴权日志
      */
-    public void sendAuthenticationLog(AuthResultEnum state, String idcard, String appCode, String userToken, String appToken, List<ServiceAuthResult> results) {
+    public void sendAuthenticationLog(AuthResultEnum state, String idcard, String appCode, String userToken, String appToken, List<ServiceAuthResult> results, String ip) {
+        logger.info("ServiceAuthLogHandler sendAuthenticationLog client ip :{}", ip);
+
         UserInfo userInfo = userInfoFacade.userDetailByIdCard(idcard);
         ApplyInfo app = applyInfoFacade.getAppByCode(appCode);
 
@@ -103,13 +105,15 @@ public class ServiceAuthLogHandler {
         authenticationLogDto.setRequesterName(app.getApplyName());
         authenticationLogDto.setRequesterId(appCode);
         authenticationLogDto.setCreateTime(new Date());
-//        authenticationLogDto.setTerminalId(); fixme 暂无
         authenticationLogDto.setTokens(Joiner.on("、").skipNulls().join(userToken, appToken));
         authenticationLogDto.setAuthenticationType(AuthenticationTypeEnum.FWJJQ.getValue());
         authenticationLogDto.setState(state.getValue());
         authenticationLogDto.setContent(contentDtos);
-
-//        authenticationLogDto.setErrContent(); fixme 暂无
+        authenticationLogDto.setTerminalId(ip.replaceAll("\\.",""));
+        authenticationLogDto.setUserToken(userToken);
+        authenticationLogDto.setAppToken(appToken);
+        authenticationLogDto.setUserOrgCode(userInfo.getOrgCode());
+        authenticationLogDto.setUserOrgName(userInfo.getOrgName());
 
         logSendService.sendAuthenticationLog(authenticationLogDto);
     }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/DataAuthServiceImpl.java

@@ -18,6 +18,7 @@ import com.dragoninfo.dcuc.auth.auth.vo.BusResultVO;
 import com.dragoninfo.dcuc.auth.auth.vo.ResourceCatalogItemVO;
 import com.dragoninfo.dcuc.auth.auth.vo.ResourceCatalogVO;
 import com.dragoninfo.dcuc.auth.util.RequestIpUtil;
+import com.dragoninfo.dcuc.common.Constants;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
 import com.dragoninfo.dcuc.user.user.facade.IUserFacade;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
@@ -27,10 +28,12 @@ import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
 import com.dragonsoft.duceap.commons.util.MapUtils;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
 import com.dragonsoft.duceap.core.context.ContextUtils;
 import com.dragonsoft.duceap.core.search.Searchable;
 import com.dragonsoft.duceap.core.search.enums.SearchOperator;
 import com.dragonsoft.duceap.core.search.filter.Condition;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.BeanUtils;
@@ -39,6 +42,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StopWatch;
 
+import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.*;
 import java.util.stream.Collectors;
@@ -355,7 +359,11 @@ public class DataAuthServiceImpl implements IDataAuthService {
             }
         }
 
-        logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.SUC,dataItemsCheckDto);
+        HttpServletRequest request = RequestUtils.getRequest();
+        String ip = IpUtils.getIp();
+        String appToken = request.getHeader(Constants.APP_TOKEN);
+        String userToken = request.getHeader(Constants.USER_TOKEN);
+        logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.SUC, dataItemsCheckDto, ip, appToken, userToken);
 
         return ResponseDTO.newInstance(dataItemsCheckDto.getDataItemsDtoList());
     }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/RoleService.java

@@ -5,6 +5,7 @@ import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.audit.enums.AuthResultEnum;
 import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.bpo.RoleBPO;
+import com.dragoninfo.dcuc.auth.auth.constance.CommonCons;
 import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
 import com.dragoninfo.dcuc.auth.auth.entity.AppFunAuthResult;
@@ -15,6 +16,7 @@ import com.dragoninfo.dcuc.auth.auth.enumresources.AuthStatusEnum;
 import com.dragoninfo.dcuc.auth.auth.service.*;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleAppFunVO;
 import com.dragoninfo.dcuc.auth.util.AesEncoder;
+import com.dragoninfo.dcuc.common.Constants;
 import com.dragoninfo.dcuc.user.user.entity.UserInfo;
 import com.dragoninfo.dcuc.user.user.facade.IUserFacade;
 import com.dragoninfo.duceap.core.service.impl.BaseService;
@@ -22,16 +24,20 @@ import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.base.exception.ApplicationException;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.core.persistent.factory.PersistentFactory;
 import com.dragonsoft.duceap.core.search.Searchable;
 import com.dragonsoft.duceap.core.search.enums.SearchOperator;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.context.request.RequestContextHolder;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -537,18 +543,26 @@ public class RoleService extends BaseService<RoleInfo, String> implements IRoleS
         }
         logger.info("资源列表耗时：{} s", (System.currentTimeMillis() - startTime) / 1000);
 
-        logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.SUC, dto, funsByroleIds);
+        //有用户的才是功能鉴权
+        if(StringUtils.isNotBlank(dto.getIdcard())) {
+            HttpServletRequest request = RequestUtils.getRequest();
+            String ip = IpUtils.getRealIpAdrress(request);
+            String userToken = request.getHeader(Constants.USER_TOKEN);
+            String appToken  = request.getHeader(Constants.APP_TOKEN);
 
-        List<AppFunAuthResult> appFunAuthResults = getSelfAuthByAppCodeAndUserId(appCode, dto.getUserId());
+            logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.SUC, dto, funsByroleIds, ip, userToken ,appToken);
 
-        List<String> funIds = appFunAuthResults
-                .stream()
-                .map(AppFunAuthResult::getFunId)
-                .collect(Collectors.toList());
-        if(CollectionUtils.isNotEmpty(funIds)) {
-            List<AppFunInfoDTO> funInfos = appFunInfoService.getByIds(funIds);
-            results.addAll(funInfos);
-            logger.info("自助授权查询耗时:{}", (System.currentTimeMillis() - startTime) / 1000);
+            List<AppFunAuthResult> appFunAuthResults = getSelfAuthByAppCodeAndUserId(appCode, dto.getUserId());
+
+            List<String> funIds = appFunAuthResults
+                    .stream()
+                    .map(AppFunAuthResult::getFunId)
+                    .collect(Collectors.toList());
+            if (CollectionUtils.isNotEmpty(funIds)) {
+                List<AppFunInfoDTO> funInfos = appFunInfoService.getByIds(funIds);
+                results.addAll(funInfos);
+                logger.info("自助授权查询耗时:{}", (System.currentTimeMillis() - startTime) / 1000);
+            }
         }
 
         //去除同一个app下重复code的功能菜单

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/ServiceAuthResultServiceImpl.java

@@ -27,10 +27,12 @@ import com.dragoninfo.dcuc.duceap.enums.AuthApplyTypeEnum;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.ip.IpUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.duceap.core.entity.page.PageRequest;
 import com.dragonsoft.duceap.core.search.Searchable;
 import com.dragonsoft.duceap.core.search.enums.SearchOperator;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -42,6 +44,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -307,7 +310,9 @@ public class ServiceAuthResultServiceImpl implements IServiceAuthResultService {
         //   permissionUpdateService.setAuthtionResultToRedis(appCode, list);
 
         //fixme 因为返回所有列表，所以不会有失败的情况
-        logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.SUC, idcard, appCode, userToken, appToken, results);
+        HttpServletRequest request = RequestUtils.getRequest();
+        String ip = IpUtils.getRealIpAdrress(request);
+        logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.SUC, idcard, appCode, userToken, appToken, results, ip);
 
         return list;
 //        } else {