Merge remote-tracking branch 'origin/release/v1.2.0' into release/v1.2.0

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/IApprovalFacade.java

@@ -1,7 +1,9 @@
 package com.dragoninfo.dcuc.auth.auth.facade;
 
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.auth.dto.ApprovalDto;
 import com.dragoninfo.dcuc.auth.auth.entity.FuncApproval;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.approval.ApprovalCallBackReqVO;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
@@ -48,4 +50,13 @@ public interface IApprovalFacade {
 
     @PostMapping(value = "applyResult")
     ResponseDTO applyResult(@RequestBody ApprovalDto approvalDto);
+
+    /**
+     * 审批回调
+     *
+     * @param approvalCallBackReqVO 审批回调请求
+     * @return 状态
+     */
+    @PostMapping("callBack")
+    ZeroTrustMessageRespVO callBack(@RequestBody ApprovalCallBackReqVO approvalCallBackReqVO);
 }

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/token/facade/IAuthTokenFacade.java

@@ -8,6 +8,8 @@ import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2023/2/22
@@ -18,11 +20,11 @@ public interface IAuthTokenFacade {
     /**
      * 接收令牌
      *
-     * @param receiveVO
+     * @param tokenReceiveReqVoList
      * @return
      */
     @PostMapping("tokenReceive")
-    ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTrustMessageRespVO tokenReceive(@RequestBody List<TokenReceiveVO> tokenReceiveReqVoList);
 
     /**
      * 令牌在线查询

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustDataRespVO.java

@@ -2,6 +2,7 @@ package com.dragoninfo.dcuc.auth.api.vo.zerotrust;
 
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.DataItemRespVO;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
 
@@ -60,4 +61,28 @@ public class ZeroTrustDataRespVO<T> {
         dataItemRespVO.setResult(result);
         return dataRespVO;
     }
+
+
+    /**
+     * 是否成功
+     *
+     * @return 是否成功
+     */
+    @JsonIgnore
+    public boolean isRespSuccess() {
+        return this.statusCode.equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue());
+    }
+
+    /**
+     * 转换为ZeroTrustDataRespVO返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ZeroTrustDataRespVO<T> toDataRespVO() {
+        ZeroTrustDataRespVO<T> objectZeroTrustResultRespVO = new ZeroTrustDataRespVO<>();
+        objectZeroTrustResultRespVO.setStatusCode(statusCode);
+        objectZeroTrustResultRespVO.setMessage(message);
+        return objectZeroTrustResultRespVO;
+    }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/ZeroTrustMessageRespVO.java

@@ -106,4 +106,18 @@ public class ZeroTrustMessageRespVO {
         objectResultRespVO.setMessage(message);
         return objectResultRespVO;
     }
+
+
+    /**
+     * 转换为ZeroTrustDataRespVO返回
+     *
+     * @param <T> 泛型
+     * @return Result返回
+     */
+    public <T> ZeroTrustDataRespVO<T> toDataRespVO() {
+        ZeroTrustDataRespVO<T> objectZeroTrustResultRespVO = new ZeroTrustDataRespVO<>();
+        objectZeroTrustResultRespVO.setStatusCode(statusCode);
+        objectZeroTrustResultRespVO.setMessage(message);
+        return objectZeroTrustResultRespVO;
+    }
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/entity/zerotrust/RoleOperateContent.java

@@ -96,11 +96,11 @@ public class RoleOperateContent extends BaseUpdateEntity implements IdEntity<Str
     @Column(name = "LIMIT_COUNT")
     private String limitCount;
 
-    /**
+/*    *//**
      * 角色类型 LOCAL:本地角色 ALL:全局角色 默认本地角色
-     */
+     *//*
     @Column(name = "ROLE_TUPE")
-    private String roleType = "LOCAL";
+    private String roleType = "LOCAL";*/
 
     /**
      * 业务回调唯一标识

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/vo/zerotrust/approval/ApprovalCallBackReqVO.java

@@ -7,27 +7,22 @@ import lombok.Data;
 import javax.validation.constraints.NotBlank;
 
 /**
- * 安盟审批回调地址
+ * 审批回调地址
  *
  * @author huangzqa
  * @date 2023/7/4
  */
-@ApiModel("安盟审批回调地址")
+@ApiModel("审批回调")
 @Data
 public class ApprovalCallBackReqVO {
-    /**
-     * 流程实例ID
-     */
-    @NotBlank
-    @ApiModelProperty(value = "流程实例ID")
-    private String processInstId;
 
-    /**
-     * 审批结果状态
-     */
-    @NotBlank
-    @ApiModelProperty(value = "审批结果状态")
-    private String status;
+    private String type;
+    private String processInstId;
+    private String openId;
+    private String userName;
+    private String endFlag;
+    private String description;
+    private String taskId;
 
 
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/vo/zerotrust/rolemanage/RoleSaveVo.java

@@ -51,4 +51,13 @@ public class RoleSaveVo {
     @ApiModelProperty(value = "角色类型 LOCAL:本地角色 ALL:全局角色")
     private String roleType;
 
+    /**
+     * 警种
+     */
+    private String policeCategory;
+
+    /**
+     * 描述
+     */
+    private String detail;
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/AppTokenInfoRespVO.java

@@ -17,9 +17,9 @@ import java.util.Date;
 public class AppTokenInfoRespVO {
 
     /**
-     * 应用标识
+     * 应用令牌ID
      */
-    private String appId;
+    private String appTokenId;
 
     /**
      * 用户令牌创建时间
@@ -34,12 +34,17 @@ public class AppTokenInfoRespVO {
     private Date expireAt;
 
     /**
-     * 应用令牌ID
+     * 应用标识
      */
-    private String appTokenId;
+    private String appId;
 
     /**
      * 用户令牌详细信息
      */
     private UserTokenInfoRespVO userToken;
+
+    /**
+     * 应用令牌签名值
+     */
+    private String sign;
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/UserTokenInfoRespVO.java

@@ -1,7 +1,6 @@
 package com.dragoninfo.dcuc.auth.token.vo;
 
 import com.fasterxml.jackson.annotation.JsonFormat;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
 
 import java.util.Date;
@@ -18,14 +17,26 @@ import java.util.Date;
 public class UserTokenInfoRespVO {
 
     /**
-     * 用户标识
+     * 用户令牌id
      */
-    private String pid;
+    private String userTokenId;
 
     /**
-     * 用户名称
+     * 用户令牌创建时间
      */
-    private String name;
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
+    private Date createTime;
+
+    /**
+     * 用户令牌到期时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
+    private Date expireAt;
+
+    /**
+     * 用户标识
+     */
+    private String pid;
 
     /**
      * 组织机构编码
@@ -33,31 +44,28 @@ public class UserTokenInfoRespVO {
     private String orgCode;
 
     /**
-     * 终端设备标识
+     * 终端 IP 地址
      */
-    @JsonProperty("mId")
-    private String mId;
+    private String ip;
 
     /**
-     * 终端环境类型
+     * 终端设备标识
      */
-    private String env;
+    private String mid;
 
     /**
-     * 用户令牌创建时间
+     * 终端环境类型
      */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
-    private Date createTime;
+    private String env;
 
     /**
-     * 用户令牌到期时间
+     * 用户名称
      */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss", timezone = "GMT+8")
-    private Date expireAt;
+    private String name;
 
     /**
-     * 用户令牌
+     * 令牌内容签名
      */
-    private String userTokenId;
+    private String sign;
 
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/ZeroTrustAppTokenInfoReqVO.java

@@ -0,0 +1,14 @@
+package com.dragoninfo.dcuc.auth.token.vo;
+
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2023/7/14
+ */
+@Data
+public class ZeroTrustAppTokenInfoReqVO {
+
+    private String appTokenId;
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/token/vo/ZeroTrustUserTokenInfoReqVO.java

@@ -0,0 +1,15 @@
+package com.dragoninfo.dcuc.auth.token.vo;
+
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2023/7/14
+ */
+@Data
+public class ZeroTrustUserTokenInfoReqVO {
+    /**
+     * 用户令牌id
+     */
+    String userTokenId;
+}

dcuc-auth-service/pom.xml

@@ -70,7 +70,7 @@
         <dependency>
             <groupId>com.dragoninfo</groupId>
             <artifactId>dcuc-duceap-api</artifactId>
-            <version>2.1.2-SNAPSHOT</version>
+            <version>2.2.0-tjdsj-SNAPSHOT</version>
         </dependency>
         <!--配置 dcuc 结束-->
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/common/SkipSslRestTemplateProvider.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.auth.audit.common;
+
+import com.dragoninfo.dcuc.common.http.SkipSslVerificationHttpRequestFactory;
+import com.dragonsoft.auditlog.collection.qmtj.provider.IRestTemplateProvider;
+import org.springframework.web.client.RestTemplate;
+
+/**
+ * <p>
+ * 忽略https请求客户端
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/6/30
+ */
+public class SkipSslRestTemplateProvider implements IRestTemplateProvider {
+    @Override
+    public RestTemplate getRestTemplate() {
+        SkipSslVerificationHttpRequestFactory skipSslVerificationHttpRequestFactory
+                = new SkipSslVerificationHttpRequestFactory();
+
+        return new RestTemplate(skipSslVerificationHttpRequestFactory);
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/config/AuditRestTemplateConfig.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.auth.audit.config;
+
+import com.dragoninfo.dcuc.auth.audit.common.SkipSslRestTemplateProvider;
+import com.dragonsoft.auditlog.collection.qmtj.provider.IRestTemplateProvider;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * <p>
+ * 用户配置
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2021/8/9
+ */
+@Configuration
+public class AuditRestTemplateConfig {
+
+    @Bean
+    public IRestTemplateProvider restTemplateProvider() {
+        return new SkipSslRestTemplateProvider();
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/audit/service/log/QmAuditPushService.java

@@ -64,33 +64,38 @@ public class QmAuditPushService {
     /**
      * 推送令牌操作日志
      *
-     * @param dto
+     * @param dtos
      */
-    public void pushTokenReceiveLog(TokenOperationDto dto) {
+    public void pushTokenReceiveLog(List<TokenOperationDto> dtos) {
         Boolean qmEnabled = config.getQmEnabled();
         if(null == qmEnabled || !qmEnabled) {
             return;
         }
-        executor.execute(()-> pushTokenLogToAudit(dto));
+        executor.execute(()-> pushTokenLogToAudit(dtos));
     }
 
-    private void pushTokenLogToAudit(TokenOperationDto dto) {
+    private void pushTokenLogToAudit(List<TokenOperationDto> dtos) {
+        if (CollectionUtils.isEmpty(dtos)) {
+            return;
+        }
         String sysId = config.getSysId();
         String logType = AuditConstance.AUDIT_LOG_TYPE_LPCZ;
-        List<TokenOperationLog> operateLogs = getTokenOperateLog(dto);
+        List<TokenOperationLog> operateLogs = getTokenOperateLog(dtos);
         if(CollectionUtils.isNotEmpty(operateLogs)) {
             log.info("=========推送令牌操作日志=======");
             logSendComponent.sendTokenOperateLog(sysId, logType, operateLogs);
         }
     }
 
-    private List<TokenOperationLog> getTokenOperateLog(TokenOperationDto dto) {
-        TokenOperationLog tokenOperationLog = new TokenOperationLog();
-        tokenOperationLog.setAction(dto.getAction());
-        tokenOperationLog.setPid(dto.getPid());
-        tokenOperationLog.setType(dto.getTokenType());
-        tokenOperationLog.setOperateTime(getTimeStr(dto.getOperateTime()));
-        return Collections.singletonList(tokenOperationLog);
+    private List<TokenOperationLog> getTokenOperateLog(List<TokenOperationDto> dtos) {
+        return dtos.stream().map(e-> {
+            TokenOperationLog tokenOperationLog = new TokenOperationLog();
+            tokenOperationLog.setAction(e.getAction());
+            tokenOperationLog.setPid(e.getPid());
+            tokenOperationLog.setType(e.getTokenType());
+            tokenOperationLog.setOperateTime(getTimeStr(e.getOperateTime()));
+            return tokenOperationLog;
+        }).collect(Collectors.toList());
     }
 
     /**

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/async/subscribe/PermissionServiceUpdateMessage.java

@@ -38,8 +38,6 @@ public class PermissionServiceUpdateMessage {
 
     @Autowired
     private DcucAuthConfig dcucAuthConfig;
-    @Autowired
-    private IServiceAuthResultService serviceAuthResultService;
 
     /**
      * 服务变更通知
@@ -57,18 +55,6 @@ public class PermissionServiceUpdateMessage {
         serviceChangeNoticeDto.setContents(dtoList);
         //服务变更通知
         sendMessage(serviceChangeNoticeDto);
-        for (AppServiceCodeDto appServiceCodeDto : dtoList) {
-            List<ServiceAuthResult> results = serviceAuthResultService.serviceAuthResultList(appServiceCodeDto.getAppCode());
-            if (StringUtils.isNotEmpty(appServiceCodeDto.getAppCode())) {
-                /*服务鉴权  */
-                List<ServiceAuthenticationResVO> serviceAuthenticationResVOS = new ArrayList<>();
-                results.forEach(item -> {
-                    ServiceAuthenticationResVO vo = new ServiceAuthenticationResVO();
-                    vo.setServiceCode(item.getServiceCode());
-                    serviceAuthenticationResVOS.add(vo);
-                });
-            }
-        }
     }
 
 
@@ -91,14 +77,14 @@ public class PermissionServiceUpdateMessage {
         //参数
         HttpEntity<ServiceChangeNoticeDto> httpEntity = new HttpEntity<>(dto, headers);
 
-        logger.info("Service permission update request body : {}", JSONUtil.toJsonStr(httpEntity));
+        logger.info("发送服务级权限变更通知, 通知内容 : {}", JSONUtil.toJsonStr(dto));
         try {
             ResponseMessage result = restTemplate.postForObject(dcucAuthConfig.getServicePermissionUrl(),
                     httpEntity, ResponseMessage.class);
-            //todo 是否要处理返回结果,增加重试次数
-            logger.info("Service permission update response: {} ", JsonUtils.toJSONString(result));
+
+            logger.info("服务级权限变更通知,返回结果: {} ", JsonUtils.toJSONString(result));
         } catch (Exception e) {
-            logger.error("PermissionUpdateService.sendMessage()请求失败:", e);
+            logger.error("服务级权限变更通知请求失败", e);
         }
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustAppAuthBusiness.java

@@ -89,12 +89,15 @@ public class ZeroTrustAppAuthBusiness implements IZeroTrustAppAuthBusiness {
     public ZeroTrustDataRespVO<String> appAuth(AppAuthReqVO appAuthReqVO) {
         String userTokenId = appAuthReqVO.getUserTokenId();
         UserTokenInfoRespVO userToken = authTokenBusiness.getUserTokenInfo(userTokenId);
+        if (null == userToken) {
+            log.error("查询不到用户令牌信息");
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
         String pId = userToken.getPid();
         log.info("传入的用户令牌为:{}, 应用鉴权查寻到的令牌结果:{}, pid:{}", userTokenId, JSON.toJSONString(userToken), pId);
         // 构建sysLogVo
         SecurityPolicyAuthenticationLogReqVO logReqVO = getSysLogVo(appAuthReqVO);
 
-        // todo 校验令牌签名
         AuthUserInfo userInfo = authUserInfoService.findByIdcard(pId);
         if (userInfo == null) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustDataAuthBusiness.java

@@ -12,12 +12,14 @@ import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustDataAuthBusine
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsCheckDto;
 import com.dragoninfo.dcuc.auth.auth.dto.DataItemsDto;
 import com.dragoninfo.dcuc.auth.auth.dto.data.DataAuthV2ReqDTO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenDetailRespVo;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.commons.util.ip.IpUtils;
+import com.dragonsoft.duceap.web.utils.RequestUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -42,6 +44,13 @@ public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
 
     private IDataAuthBusiness dataAuthBusiness;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setDataAuthBusiness(IDataAuthBusiness dataAuthBusiness) {
         this.dataAuthBusiness = dataAuthBusiness;
@@ -62,15 +71,27 @@ public class ZeroTrustDataAuthBusiness implements IZeroTrustDataAuthBusiness {
         String appTokenId = dataAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
         if (null == tokenInfo) {
+            log.error("令牌查询结果为空");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
-
         DataItemsCheckDto dto = new DataItemsCheckDto();
         dto.setCurrentAppCode(tokenInfo.getAppToken().getAppId());
         dto.setCurrentIdcard(tokenInfo.getUserToken().getPid());
         dto.setIdcard(tokenInfo.getUserToken().getPid());
         dto.setDataItemsDtoList(Collections.emptyList());
 
+        // 任务信息校验
+        String taskId = dataAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendDataAuthenticationLog(AuthResultEnum.FAIL, dto, IpUtils.getIp(), appTokenId, tokenInfo.getUserToken().getUserTokenId());
+
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         AuthUserVo userInfo = tokenInfo.getUserInfo();
         if (null == userInfo) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustFunAuthBusiness.java

@@ -9,7 +9,10 @@ import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustFunAuthBusiness;
 import com.dragoninfo.dcuc.auth.auth.dto.AppFunInfoDTO;
 import com.dragoninfo.dcuc.auth.auth.dto.RoleApiDto;
+import com.dragoninfo.dcuc.auth.auth.service.IApprovalService;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleService;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
@@ -42,6 +45,13 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
 
     private LogInfoFillService logInfoFillService;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setLogInfoFillService(LogInfoFillService logInfoFillService) {
         this.logInfoFillService = logInfoFillService;
@@ -62,7 +72,7 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
         String appTokenId = functionAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, true);
         if (null == tokenInfo) {
-            log.error("令牌查询结果为空");
+            log.error("查询不到令牌信息");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
 
@@ -70,6 +80,20 @@ public class ZeroTrustFunAuthBusiness implements IZeroTrustFunAuthBusiness {
         RoleApiDto roleApiDto = new RoleApiDto();
         roleApiDto.setAppCode(appCode);
         AuthUserVo userInfo = tokenInfo.getUserInfo();
+
+        // 任务信息校验
+        String taskId = functionAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendFunAuthenticationLog(AuthResultEnum.FAIL, roleApiDto, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId);
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         if (userInfo == null) {
             log.error("查询不到用户信息");
             // 发送鉴权失败日志

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/business/impl/zerotrust/ZeroTrustServiceAuthBusiness.java

@@ -9,6 +9,7 @@ import com.dragoninfo.dcuc.auth.audit.service.log.LogInfoFillService;
 import com.dragoninfo.dcuc.auth.auth.business.zerotrust.IZeroTrustServiceAuthBusiness;
 import com.dragoninfo.dcuc.auth.auth.service.IServiceAuthResultService;
 import com.dragoninfo.dcuc.auth.auth.vo.ServiceAuthenticationResVO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
@@ -39,6 +40,13 @@ public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusine
 
     private IServiceAuthResultService serviceAuthResultService;
 
+    private IApiCommonBusiness apiCommonBusiness;
+
+    @Autowired
+    public void setApiCommonBusiness(IApiCommonBusiness apiCommonBusiness) {
+        this.apiCommonBusiness = apiCommonBusiness;
+    }
+
     @Autowired
     public void setServiceAuthResultService(IServiceAuthResultService serviceAuthResultService) {
         this.serviceAuthResultService = serviceAuthResultService;
@@ -59,10 +67,24 @@ public class ZeroTrustServiceAuthBusiness implements IZeroTrustServiceAuthBusine
         String appTokenId = serviceAuthReqVO.getAppTokenId();
         TokenDetailRespVo tokenInfo = authTokenBusiness.getByAppTokenId(appTokenId, true, false);
         if (null == tokenInfo) {
-            log.error("令牌查询结果为空");
+            log.error("查询不到令牌信息");
             return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
         }
 
+        // 任务信息校验
+        String taskId = serviceAuthReqVO.getTaskId();
+        ZeroTrustDataRespVO<String> checkTaskIdMessage = apiCommonBusiness.taskIdCheck(appTokenId, taskId);
+        if (!checkTaskIdMessage.isRespSuccess()) {
+            log.info("==============任务信息校验失败===========");
+
+            // 发送鉴权失败日志
+            logInfoFillService.sendServiceAuthenticationLog(AuthResultEnum.FAIL, null, tokenInfo.getAppToken().getAppId(),
+                    tokenInfo.getUserToken().getUserTokenId(), appTokenId, Collections.emptyList(),
+                    IpUtils.getRealIpAdrress(RequestUtils.getRequest()));
+
+            return checkTaskIdMessage.toDataRespVO();
+        }
+
         AuthUserVo userInfo = tokenInfo.getUserInfo();
         if (userInfo == null) {
             log.error("查询不到用户信息");

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/ApprovalFacade.java

@@ -1,8 +1,11 @@
 package com.dragoninfo.dcuc.auth.auth.facade;
 
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.auth.dto.ApprovalDto;
 import com.dragoninfo.dcuc.auth.auth.service.IApprovalService;
 import com.dragoninfo.dcuc.auth.auth.entity.FuncApproval;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.approval.ApprovalCallBackReqVO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
@@ -21,6 +24,9 @@ public class ApprovalFacade implements IApprovalFacade {
     @Autowired
     private IApprovalService iApprovalService;
 
+    @Autowired
+    private IApprovalBusiness iApprovalBusiness;
+
     @Override
     public ResponseDTO authApply(String appCode, String roleCode, String userIdCard, String approvalIdCard, String reason) {
         return iApprovalService.authApply(appCode, roleCode, userIdCard, approvalIdCard, reason);
@@ -50,4 +56,9 @@ public class ApprovalFacade implements IApprovalFacade {
     public ResponseDTO applyResult(ApprovalDto approvalDto) {
         return iApprovalService.applyResult(approvalDto);
     }
+
+    @Override
+    public ZeroTrustMessageRespVO callBack(ApprovalCallBackReqVO approvalCallBackReqVO) {
+      return  iApprovalBusiness.approvalCallBack(approvalCallBackReqVO);
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/RoleInfoFacade.java

@@ -82,7 +82,7 @@ public class RoleInfoFacade implements IRoleInfoFacade {
         String roleType = roleInfo.getRoleCategory();
         if (RoleCategoryEnum.ALL.getValue().equals(roleType)) {
             roleInfo.setRoleBusiness(null);
-            roleInfo.setRoleCategory(null);
+            //roleInfo.setRoleCategory(null);
             roleInfo.setRoleLevel(null);
         }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/repo/zerotrust/RoleOperateContentRepository.java

@@ -7,6 +7,8 @@ import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.query.Param;
 import org.springframework.stereotype.Repository;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2021/7/8
@@ -22,4 +24,8 @@ public interface RoleOperateContentRepository extends BaseRepository<RoleOperate
     @Modifying
     @Query(value = "UPDATE T_AUTH_ROLE_OPERATE_CONTENT SET APPROVAL_RESULT = :approvalResult WHERE ID = :id AND DELETED = '0'", nativeQuery = true)
     void updateApprovalResult(@Param("id") String id, @Param("approvalResult") String approvalResult);
+
+
+    @Query("from ElementUserRel  where elementId=:elementId ")
+    RoleOperateContent getUserIdByElementId(@Param("elementId") String elementId);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleOperateApplyServiceImpl.java

@@ -12,6 +12,7 @@ import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.rolemanage.RoleOperateApplyVo;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.rolemanage.RoleSaveVo;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
+import com.dragoninfo.dcuc.auth.sub.enumresource.OperateTypeEnum;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.entity.security.SecurityUser;
@@ -20,12 +21,14 @@ import com.dragonsoft.duceap.commons.util.UUIDUtils;
 import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Example;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.time.LocalDate;
 import java.time.format.DateTimeFormatter;
 import java.util.Collections;
+import java.util.Optional;
 
 /**
  * 角色操作申请业务类
@@ -64,7 +67,7 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
         RoleSaveVo roleSaveVo = roleOperateApplyVo.getRoleSaveVo();
         String operate = roleOperateApplyVo.getOperate();
         SecurityUser currentUser = UserContextUtils.getCurrentUser();
-        RoleManageOpeTypeEnum typeEnum = EnumUtils.enumOf(RoleManageOpeTypeEnum.class, operate);
+        OperateTypeEnum typeEnum = EnumUtils.enumOf(OperateTypeEnum.class, operate);
         String uuid = UUIDUtils.getUUID();
 
         // 先推送送审批
@@ -94,13 +97,20 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
         operateContent.setProcessInstId(processInstId);
         operateContent.setApprovalBusinessId(uuid);
         operateContent.setOperateType(typeEnum.getValue());
+        operateContent.setPoliceCategory(roleSaveVo.getPoliceCategory());
+        operateContent.setRoleBusiness(roleSaveVo.getRoleBusiness());
         repository.save(operateContent);
         return ResponseDTO.success("", (Object) null);
     }
 
     @Override
     public RoleOperateContent getByProcessInstIdId(String processInstId) {
-        return null;
+        RoleOperateContent content = new RoleOperateContent();
+        content.setProcessInstId(processInstId);
+        content.setRoleCategory(null);
+        Example<RoleOperateContent> example = Example.of(content);
+        Optional<RoleOperateContent> result = repository.findOne(example);
+        return result.orElse(null);
     }
 
     @Override

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/NotifyBusinessImpl.java

@@ -183,8 +183,10 @@ public class NotifyBusinessImpl implements INotifyBusiness {
                     continue;
                 }
                 AuthUserVo userVo = new AuthUserVo();
-                userVo.setIdcard(userInfo.getId());
+                userVo.setId(userInfo.getId());
                 userVo.setIdcard(idcard);
+                userVo.setOrgId(userInfo.getOrgId());
+                userVo.setOrgCode(userInfo.getOrgCode());
                 ApiAppAuthVo appAuthVo = ApiAppAuthVo.builder()
                         .userInfo(userVo)
                         .build();
@@ -192,7 +194,7 @@ public class NotifyBusinessImpl implements INotifyBusiness {
                 String appCodes = list.stream()
                         .map(AppDataSensitiveLevelDTO::getCode)
                         .collect(Collectors.joining(StrUtil.COMMA));
-                log.info("通知人员:{}, 通知内容:{}", idcard, appCodes);
+                log.info("通知人员身份证号:{}, 通知内容:{}", idcard, appCodes);
                 AppAuthNotifyDto dto = AppAuthNotifyDto.builder()
                         .userTokenId(userTokenId)
                         .content(appCodes)
@@ -208,11 +210,9 @@ public class NotifyBusinessImpl implements INotifyBusiness {
                         .body();
                 log.info("sendNotify post response:{}", postResp);
             }
-
         }catch (Exception e) {
             log.error("新标准变更通知失败.", e);
         }
-
     }
 
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApiCommonBusiness.java

@@ -5,13 +5,19 @@ import cn.hutool.core.util.StrUtil;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApiCommonBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
 import com.dragoninfo.dcuc.auth.constance.ZerotrustAuthRedisConstant;
+import com.dragoninfo.dcuc.auth.sub.dto.zerotrust.tasktype.TaskInfoDetailResp;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,6 +43,13 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
     private StringRedisTemplate stringRedisTemplate;
 
+    private IApproveRemoteCallBusiness approveRemoteCallBusiness;
+
+    @Autowired
+    public void setApproveRemoteCallBusiness(IApproveRemoteCallBusiness approveRemoteCallBusiness) {
+        this.approveRemoteCallBusiness = approveRemoteCallBusiness;
+    }
+
     @Autowired
     public void setStringRedisTemplate(StringRedisTemplate stringRedisTemplate) {
         this.stringRedisTemplate = stringRedisTemplate;
@@ -59,7 +72,7 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
 
     @Override
     public ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO) {
-        Boolean checkCallerSign = zerotrustConfig.getCheckCallerSign();
+        Boolean checkCallerSign = zerotrustConfig.getCheckTokenSign();
         log.info("checkCallerSign:{} ", checkCallerSign);
         if (!checkCallerSign) {
             return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
@@ -137,4 +150,28 @@ public class ApiCommonBusiness implements IApiCommonBusiness {
         }
         return ZeroTrustMessageRespVO.requestErrorMessage("验签不一致");
     }
+
+    @Override
+    public ZeroTrustDataRespVO<String> taskIdCheck(String appTokenId, String taskId) {
+        if (StrUtil.isBlank(taskId)) {
+            log.info("任务id为空");
+            return ZeroTrustMessageRespVO.requestErrorMessage("任务ID必填").toDataRespVO();
+        }
+
+        Boolean checkAuthApiRealTaskId = zerotrustConfig.getCheckAuthApiRealTaskId();
+        String taskClass = "";
+        log.info("校验任务ID开关：{}", checkAuthApiRealTaskId);
+        if (checkAuthApiRealTaskId) {
+            log.info("开始校验任务ID参数应用令牌:{}, 任务ID:{}", appTokenId, taskId);
+            ResponseDTO<TaskInfoDetailResp> taskInfoDetail = approveRemoteCallBusiness.getTaskInfoDetail(appTokenId, taskId);
+
+            log.info("开始校验任务ID参数应用令牌:{}, 任务ID:{} ,结果:{}", appTokenId, taskId, JsonUtils.toJSONString(taskInfoDetail));
+            if (ResponseUtil.isFail(taskInfoDetail)) {
+                return ZeroTrustMessageRespVO.requestErrorMessage(taskInfoDetail.getMessage()).toDataRespVO();
+            }
+            TaskInfoDetailResp taskInfoDetailResp = ResponseUtil.getResult(taskInfoDetail);
+            taskClass = taskInfoDetailResp.getTaskClassCode();
+        }
+        return ZeroTrustDataRespVO.success(taskClass);
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApprovalBusinessImpl.java

@@ -27,6 +27,7 @@ import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
 import com.dragonsoft.duceap.commons.util.ObjectUtils;
+import com.dragonsoft.duceap.commons.util.UUIDUtils;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
@@ -240,10 +241,10 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
 
     @Override
     public ZeroTrustMessageRespVO approvalCallBack(ApprovalCallBackReqVO approvalCallBackReqVO) {
-        log.info("接收到的安盟审批回调信息:{}", JSONUtil.toJsonStr(approvalCallBackReqVO));
+        log.info("接收到的审批回调信息:{}", JSONUtil.toJsonStr(approvalCallBackReqVO));
 
         String processInstId = approvalCallBackReqVO.getProcessInstId();
-        String status = approvalCallBackReqVO.getStatus();
+        String status = approvalCallBackReqVO.getEndFlag();
         ApprovalResult approvalResult = approvalResultService.getByProcessInstId(processInstId);
         if (ObjectUtils.isEmpty(approvalResult)) {
             log.error("processInstId {} can't find", processInstId);
@@ -318,6 +319,7 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         roleInfo.setRoleCategory(roleOperateContent.getRoleCategory());
         roleInfo.setRoleBusiness(roleOperateContent.getRoleBusiness());
         roleInfo.setIsNotLimitCount(roleOperateContent.getLimitCount());
+        roleInfo.setIsActive("1");
         return roleInfo;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApproveRemoteCallBusinessImpl.java

@@ -1,6 +1,10 @@
 package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
 
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.lang.Assert;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.*;
+import com.dragoninfo.dcuc.auth.business.impl.zerotrust.dto.FlowApplyReqDTO;
+import com.dragoninfo.dcuc.auth.business.impl.zerotrust.dto.FlowDataRespDto;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApproveRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
 import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
@@ -10,26 +14,34 @@ import com.dragoninfo.dcuc.auth.sub.dto.zerotrust.tasktype.TaskInfoDetailResp;
 import com.dragoninfo.dcuc.auth.sub.dto.zerotrust.tasktype.TaskTypeInfoDto;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthSubTaskType;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthSubTaskTypeService;
+import com.dragoninfo.dcuc.auth.util.ValidUtil;
 import com.dragoninfo.dcuc.common.utils.ResponseUtil;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.duceap.commons.util.json.JsonUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.dragonsoft.smtools.loader.SMFactory;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.common.annotations.VisibleForTesting;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.RestTemplate;
 
+import java.util.Collections;
+import java.util.Date;
 import java.util.List;
+import java.util.Locale;
 import java.util.stream.Collectors;
 
 /**
@@ -50,6 +62,10 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
 
     private IAuthSubTaskTypeService taskTypeService;
 
+    private SMFactory smFactory;
+
+    private ObjectMapper dragonObjectMapper;
+
     @Autowired
     public void setApprovalProperties(ApprovalProperties approvalProperties) {
         this.approvalProperties = approvalProperties;
@@ -65,6 +81,17 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
         this.restTemplate = restTemplate;
     }
 
+    @Autowired
+    public void setSmFactory(SMFactory smFactory) {
+        this.smFactory = smFactory;
+    }
+
+    @Qualifier("dragonObjectMapper")
+    @Autowired
+    public void setDragonObjectMapper(ObjectMapper dragonObjectMapper) {
+        this.dragonObjectMapper = dragonObjectMapper;
+    }
+
     @Override
     public ResponseStatus syncTaskClass() {
         // 查询审批接口获取任务类型
@@ -93,17 +120,50 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
         TypeReference<ResponseDTO<TaskInfoDetailResp>> typeReference = new TypeReference<ResponseDTO<TaskInfoDetailResp>>() {
         };
         log.info("获取审批任务详情地址:{}", taskIdCheckUrl);
-        return baseGet("获取审批任务详情", "获取审批任务详情失败", taskIdCheckUrl, typeReference);
+        return baseGet("获取审批任务详情", "获取审批任务详情失败", taskIdCheckUrl, typeReference, taskId);
     }
 
     @Override
     public ResponseDTO<FlowApplyRespDTO> flowApply(FlowApplyReqDto flowApplyReqDto) {
-        return null;
+        FlowApplyReqDTO flowApplyReqDTO = new FlowApplyReqDTO();
+        flowApplyReqDTO.setAppTokenId(flowApplyReqDto.getAppTokenId());
+        flowApplyReqDTO.setProcessDefId(flowApplyReqDto.getProcessDefId());
+        flowApplyReqDTO.setTitle(flowApplyReqDto.getTitle());
+        flowApplyReqDTO.setTaskClass(flowApplyReqDto.getTaskClass());
+        flowApplyReqDTO.setTaskId(flowApplyReqDto.getTaskId());
+        flowApplyReqDTO.setBo(flowApplyReqDto.getBo());
+        flowApplyReqDTO.setCallbackUrl(flowApplyReqDto.getCallbackUrl());
+        flowApplyReqDTO.setBizData(flowApplyReqDto.getBizData());
+
+        String callerSign = generateCallerSign(flowApplyReqDTO);
+
+        flowApplyReqDTO.setCallerSign(callerSign);
+
+        ResponseDTO<FlowApplyRespDTO> responseDTO = beginFlow(flowApplyReqDTO);
+        if (ResponseUtil.isFail(responseDTO)) {
+            return ResponseUtil.dtoFail(responseDTO.getMessage());
+        }
+
+        FlowApplyRespDTO amFlowApplyRespDTO = ResponseUtil.getResult(responseDTO);
+
+        FlowApplyItemRespDTO flowApplyItemRespDTO = new FlowApplyItemRespDTO();
+        flowApplyItemRespDTO.setUid("不需要，先填空");
+
+        FlowApplyRespDTO flowApplyRespDTO = new FlowApplyRespDTO();
+        flowApplyRespDTO.setProcessInstId(amFlowApplyRespDTO.getProcessInstId());
+        flowApplyRespDTO.setReviewer(Collections.singletonList(flowApplyItemRespDTO));
+
+        return ResponseUtil.newInstance(flowApplyRespDTO);
     }
 
     @Override
     public ResponseDTO<FlowSubmitRespDTO> flowSubmit(FlowSubmitReqDTO flowSubmitReqDTO) {
-        return null;
+        String processInstId = flowSubmitReqDTO.getProcessInstId();
+
+        FlowSubmitRespDTO flowSubmitRespDTO = new FlowSubmitRespDTO();
+        flowSubmitRespDTO.setProcessInstId(processInstId);
+
+        return ResponseUtil.newInstance(flowSubmitRespDTO);
     }
 
     @Override
@@ -154,7 +214,7 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
             JsonNode jsonNode = mapper.readTree(body);
             String statusCode = jsonNode.get("statusCode").asText();
             String message = jsonNode.get("message").asText();
-            if (ApprovalResultEnum.SUCCESS.getValue().equals(statusCode)) {
+            if ("200".equals(statusCode)) {
                 respDto = mapper.readValue(body, typeReference);
             } else {
                 return ResponseUtil.dtoFail(message);
@@ -204,4 +264,91 @@ public class ApproveRemoteCallBusinessImpl implements IApproveRemoteCallBusiness
         }
     }
 
+
+    /**
+     * 开启流程
+     *
+     */
+    protected ResponseDTO<FlowApplyRespDTO> beginFlow(FlowApplyReqDTO flowApplyReqDTO) {
+
+        String baseUrl = approvalProperties.getBaseUrl();
+        String url = baseUrl + "/api/v3/apply";
+        ResponseDTO<FlowApplyRespDTO> responseDTO = this.baseReqData(url, flowApplyReqDTO, "开启流程请求",
+                new TypeReference<FlowDataRespDto<FlowApplyRespDTO>>() {
+                });
+        return responseDTO;
+    }
+
+    /**
+     * 生成签名
+     *
+     * @param dto 请求参数
+     * @return 签名
+     */
+    @VisibleForTesting
+    protected String generateCallerSign(FlowApplyReqDTO dto) {
+        String appTokenId = dto.getAppTokenId();
+        String processDefId = dto.getProcessDefId();
+        String title = dto.getTitle();
+        Assert.notBlank(appTokenId);
+        Assert.notBlank(processDefId);
+        Assert.notBlank(title);
+        String origin = appTokenId + "," + processDefId + "," + title+","+dto.getTaskClass()
+                +","+dto.getTaskId()+","+dto.getCallbackUrl();
+        String summary = smFactory.getSM3().summary(origin).toString().toLowerCase(Locale.ROOT);
+        log.info("生成审批请求签名原文:{}", origin);
+        log.info("生成审批请求签名后的值:{}", summary);
+        return summary;
+    }
+
+    /**
+     * 基础操作
+     *
+     * @param url 路径
+     * @param req 请求参数
+     * @return 返回内容
+     */
+    protected <R, S> ResponseDTO<S> baseReqData(String url, R req, String requestName, TypeReference<FlowDataRespDto<S>> typeReference) {
+        // 打印请求参数
+        log.info(requestName + " 请求路径：{} 请求参数:{}", url, JsonUtils.toJSONString(req));
+        String errorTip = requestName + "失败";
+        ResponseStatus responseStatus = ValidUtil.validReqVo(req);
+        if (ResponseUtil.isFail(responseStatus)) {
+            log.error("request vo valid error:{}", responseStatus.getMessage());
+            return ResponseUtil.dtoFail(responseStatus.getMessage());
+        }
+
+        HttpEntity<R> entity = new HttpEntity<>(req);
+        ResponseEntity<String> exchange = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
+
+        if (!exchange.getStatusCode().is2xxSuccessful()) {
+            log.error("{} error. resp: {}", requestName, JsonUtils.toJSONString(exchange));
+            return ResponseUtil.dtoFail(errorTip);
+        }
+        String body = exchange.getBody();
+        if (StringUtils.isBlank(body)) {
+            log.error("{} error. resp: {}", requestName, JsonUtils.toJSONString(exchange));
+            return ResponseUtil.dtoFail(errorTip);
+        }
+
+        log.info("baseReq resp :{}", JsonUtils.toJSONString(exchange));
+
+        FlowDataRespDto<S> respDto;
+
+        try {
+            JsonNode jsonNode = dragonObjectMapper.readTree(body);
+            String statusCode = jsonNode.get("status_code").asText();
+            String message = jsonNode.get("message").asText();
+            if (ApprovalResultEnum.SUCCESS.getValue().equals(statusCode)) {
+                respDto = dragonObjectMapper.readValue(body, typeReference);
+            } else {
+                return ResponseUtil.dtoFail(message);
+            }
+        } catch (JsonProcessingException e) {
+            log.error("parse error.", e);
+            return ResponseUtil.dtoFail("返回值解析失败");
+        }
+
+        return ResponseUtil.newInstance(respDto.getData());
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/AuthTokenBusinessImpl.java

@@ -1,45 +1,36 @@
 package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
 
 import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
-import com.dragoninfo.dcuc.auth.api.vo.MessageRespVO;
-import com.dragoninfo.dcuc.auth.api.vo.ResultRespPageVo;
-import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.audit.dto.TokenOperationDto;
 import com.dragoninfo.dcuc.auth.audit.service.log.QmAuditPushService;
-import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.business.ICacheBusiness;
-import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
-import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
+import com.dragoninfo.dcuc.auth.business.zerotrust.ITokenRemoteCallBusiness;
 import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
 import com.dragoninfo.dcuc.auth.token.enums.TokenActionEnum;
 import com.dragoninfo.dcuc.auth.token.vo.*;
-import com.dragoninfo.duceap.core.response.Result;
 import com.dragonsoft.auditlog.collection.qmtj.enums.TokenTypeEnum;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
 import com.dragonsoft.smtools.loader.SMFactory;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
-import org.springframework.web.client.RestTemplate;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
 
 /**
  * token业务类
@@ -51,10 +42,6 @@ import java.util.*;
 @Service
 public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
-    private RestTemplate restTemplate;
-
-    private DcucAuthZerotrustConfig zerotrustConfig;
-
     private IApplyInfoFacade applyInfoFacade;
 
     private IAuthUserInfoService userInfoService;
@@ -65,7 +52,12 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     private SMFactory smFactory;
 
-    private IAuthTokenBusiness tokenBusiness;
+    private ITokenRemoteCallBusiness tokenRemoteCallBusiness;
+
+    @Autowired
+    public void setTokenRemoteCallBusiness(ITokenRemoteCallBusiness tokenRemoteCallBusiness) {
+        this.tokenRemoteCallBusiness = tokenRemoteCallBusiness;
+    }
 
     @Autowired
     public void setSmFactory(SMFactory smFactory) {
@@ -82,16 +74,6 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         this.qmAuditPushService = qmAuditPushService;
     }
 
-    @Autowired
-    public void setZerotrustConfig(DcucAuthZerotrustConfig zerotrustConfig) {
-        this.zerotrustConfig = zerotrustConfig;
-    }
-
-    @Autowired
-    public void setRestTemplate(RestTemplate restTemplate) {
-        this.restTemplate = restTemplate;
-    }
-
     @Autowired
     public void setApplyInfoFacade(IApplyInfoFacade applyInfoFacade) {
         this.applyInfoFacade = applyInfoFacade;
@@ -104,23 +86,17 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     @Override
     public UserTokenInfoRespVO getUserTokenInfo(String userTokenId) {
+        // 从缓存获取的都是经过令牌签名校验的
         UserTokenInfoRespVO userToken = cacheBusiness.getUserToken(userTokenId);
         if (null != userToken) {
             return userToken;
         }
 
         // 查询用户令牌
-        String tokenQueryUrl = zerotrustConfig.getUserTokenQueryUrl();
-        Map<String, String> param = new HashMap<>();
-        param.put("userTokenId", userTokenId);
-
-        log.info("getUserTokenInfo url:{}, tokenId:{}", tokenQueryUrl, userTokenId);
-
-        UserTokenInfoRespVO tokenInfo = getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<UserTokenInfoRespVO>>() {
-        }, param);
+        UserTokenInfoRespVO userTokenInfo = tokenRemoteCallBusiness.getUserTokenInfo(userTokenId);
         // 添加缓存
-        cacheBusiness.userTokenActionHandle(tokenInfo, TokenActionEnum.ONLINE.getValue());
-        return tokenInfo;
+        cacheBusiness.userTokenActionHandle(userTokenInfo, TokenActionEnum.ONLINE.getValue());
+        return userTokenInfo;
     }
 
     @Override
@@ -129,18 +105,11 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         if (null != appToken) {
             return appToken;
         }
-        // 获取应用令牌
-        String tokenQueryUrl = zerotrustConfig.getAppTokenQueryUrl();
-        Map<String, String> param = new HashMap<>();
-        param.put("appTokenId", appTokenId);
-
-        log.info("getAppTokenInfo url:{}, tokenId:{}", tokenQueryUrl, appTokenId);
-
-        AppTokenInfoRespVO tokenInfo = getTokenInfo(tokenQueryUrl, new ParameterizedTypeReference<ResultRespVO<AppTokenInfoRespVO>>() {
-        }, param);
+        // 查询应用令牌
+        AppTokenInfoRespVO appTokenInfo = tokenRemoteCallBusiness.getAppTokenInfo(appTokenId);
         // 添加缓存
-        cacheBusiness.appTokenActionHandle(tokenInfo, TokenActionEnum.ONLINE.getValue());
-        return tokenInfo;
+        cacheBusiness.appTokenActionHandle(appTokenInfo, TokenActionEnum.ONLINE.getValue());
+        return appTokenInfo;
     }
 
     @Override
@@ -171,17 +140,37 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
 
     @SneakyThrows
     @Override
-    public ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVo) {
+    public ZeroTrustMessageRespVO tokenReceive(List<TokenReceiveVO> tokenReceiveReqVoList) {
+        if (CollectionUtils.isEmpty(tokenReceiveReqVoList)) {
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        }
+        List<TokenOperationDto> logList = new ArrayList<>();
+        for (TokenReceiveVO receiveVo : tokenReceiveReqVoList) {
+            // 校验请求签名
+            ZeroTrustMessageRespVO check = tokenReceiveSignCheck(receiveVo);
+            if (check.isRespFail()) {
+                return check;
+            }
+            // 令牌缓存处理
+            String pid = tokenReceiveCache(receiveVo);
+            TokenOperationDto dto = TokenOperationDto.builder()
+                    .action(receiveVo.getAction())
+                    .operateTime(new Date())
+                    .pid(pid)
+                    .tokenType(receiveVo.getType())
+                    .build();
+            // 添加日志
+            logList.add(dto);
+        }
+        // 发送令牌处理日志
+        qmAuditPushService.pushTokenReceiveLog(logList);
+        return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+    }
+
+    private String tokenReceiveCache(TokenReceiveVO receiveVo) throws JsonProcessingException {
         String action = receiveVo.getAction();
         String type = receiveVo.getType();
         String token = receiveVo.getToken();
-        String generalNoticeSign = generalNoticeSign(receiveVo);
-        String requestSign = receiveVo.getSign();
-        if (!generalNoticeSign.equalsIgnoreCase(requestSign)) {
-            log.info("request Sign:{}, generalSign:{}", requestSign, generalNoticeSign);
-            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
-        }
-
         String pid;
         ObjectMapper objectMapper = new ObjectMapper();
         if (TokenTypeEnum.USER.getValue().equals(type)) {
@@ -193,14 +182,18 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
             pid = tokenInfo.getUserToken().getPid();
             cacheBusiness.appTokenActionHandle(tokenInfo, action);
         }
-        TokenOperationDto dto = TokenOperationDto.builder()
-                .action(receiveVo.getAction())
-                .operateTime(new Date())
-                .pid(pid)
-                .tokenType(receiveVo.getType())
-                .build();
-        qmAuditPushService.pushTokenReceiveLog(dto);
-        return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        return pid;
+    }
+
+    private ZeroTrustMessageRespVO tokenReceiveSignCheck(TokenReceiveVO receiveVo) {
+        String generalNoticeSign = generalNoticeSign(receiveVo);
+        String requestSign = receiveVo.getSign();
+        if (!generalNoticeSign.equalsIgnoreCase(requestSign)) {
+            log.info("令牌接收签名校验不通过, 请求中的签名:{}, 原文生成的签名:{}", requestSign, generalNoticeSign);
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL);
+        } else {
+            return ZeroTrustMessageRespVO.messageEnumMessage(ZeroTrustBusinessRespEnum.SUCCESS);
+        }
     }
 
 
@@ -210,7 +203,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         String userTokenId = reqVo.getUserTokenId();
         String appTokenId = reqVo.getAppTokenId();
         if (StringUtils.isNotBlank(userTokenId)) {
-            UserTokenInfoRespVO userToken = tokenBusiness.getUserTokenInfo(userTokenId);
+            UserTokenInfoRespVO userToken = getUserTokenInfo(userTokenId);
             if (null != userToken) {
                 respVo.setUserTokenOnline(TokenActionEnum.ONLINE.getLabel());
             } else {
@@ -218,7 +211,7 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
             }
         }
         if (StringUtils.isNotBlank(appTokenId)) {
-            AppTokenInfoRespVO appToken = tokenBusiness.getAppTokenInfo(appTokenId);
+            AppTokenInfoRespVO appToken = getAppTokenInfo(appTokenId);
             if (null != appToken) {
                 respVo.setAppTokenOnline(TokenActionEnum.ONLINE.getLabel());
             } else {
@@ -228,7 +221,6 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         return respVo;
     }
 
-
     /**
      * 生成令牌通知签名
      *
@@ -247,9 +239,6 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
     }
 
 
-
-
-
     private AuthUserVo getAuthUserVo(String pid) {
         // pid为人员身份证号
         // 查询权限中心用户信息, 填充id字段
@@ -262,55 +251,4 @@ public class AuthTokenBusinessImpl implements IAuthTokenBusiness {
         return userVo;
     }
 
-    private TokenUserInfoRespVo getTokenUserByPidRemote(String pid) {
-        if (StringUtils.isBlank(pid)) {
-            return null;
-        }
-        String url = zerotrustConfig.getUserInfoQueryUrl();
-        TokenUserInfoReqVo userReqVo = new TokenUserInfoReqVo();
-        userReqVo.setIdcard(pid);
-        HttpEntity<TokenUserInfoReqVo> entity = new HttpEntity<>(userReqVo);
-
-        log.info("getTokenUserByPid url:{}, pid:{}", url, pid);
-
-        ResponseEntity<ResultRespPageVo<TokenUserInfoRespVo>> response = restTemplate.exchange(url, HttpMethod.POST, entity, new ParameterizedTypeReference<ResultRespPageVo<TokenUserInfoRespVo>>() {
-        });
-        ResultRespPageVo<TokenUserInfoRespVo> respBody = getRespBody(response);
-        if (null == respBody) {
-            return null;
-        }
-        ResultRespPageVo.ResultPageContent<TokenUserInfoRespVo> pageContent = respBody.getResult();
-        if (null == pageContent) {
-            return null;
-        }
-        List<TokenUserInfoRespVo> rows = pageContent.getRows();
-        return CollectionUtils.isEmpty(rows) ? null : rows.get(0);
-
-    }
-
-    private <T> T getTokenInfo(String tokenQueryUrl, ParameterizedTypeReference<ResultRespVO<T>> responseType, Map<String, String> param) {
-        HttpEntity<Object> entity = new HttpEntity<>(param);
-        ResponseEntity<ResultRespVO<T>> response = restTemplate.exchange(tokenQueryUrl, HttpMethod.POST, entity,
-                responseType);
-        ResultRespVO<T> respBody = getRespBody(response);
-        if (null == respBody) {
-            return null;
-        }
-        return respBody.getResult();
-    }
-
-    private <T extends MessageRespVO> T getRespBody(ResponseEntity<T> response) {
-        HttpStatus statusCode = response.getStatusCode();
-        if (!statusCode.is2xxSuccessful()) {
-            log.info("request failed, resp:{}", response);
-            return null;
-        }
-        T body = response.getBody();
-        log.info("response body:{}", JSON.toJSONString(body));
-
-        if (body == null || !body.isRespSuccess()) {
-            return null;
-        }
-        return body;
-    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/TokenRemoteCallBusinessImpl.java

@@ -0,0 +1,305 @@
+package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.lang.Assert;
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
+import com.dragoninfo.dcuc.auth.api.vo.ResultRespVO;
+import com.dragoninfo.dcuc.auth.business.zerotrust.ITokenRemoteCallBusiness;
+import com.dragoninfo.dcuc.auth.config.zerotrust.DcucAuthZerotrustConfig;
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.ZeroTrustAppTokenInfoReqVO;
+import com.dragoninfo.dcuc.auth.token.vo.ZeroTrustUserTokenInfoReqVO;
+import com.dragoninfo.dcuc.common.utils.LangUtil;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import com.dragonsoft.smtools.loader.SMFactory;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.RequestEntity;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Locale;
+import java.util.Map;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/7
+ */
+@Slf4j
+@Component
+public class TokenRemoteCallBusinessImpl implements ITokenRemoteCallBusiness {
+
+    private RestTemplate restTemplate;
+
+    private ObjectMapper objectMapper;
+
+    private SMFactory smFactory;
+
+    private DcucAuthZerotrustConfig zerotrustConfig;
+
+    @Autowired
+    public void setObjectMapper(ObjectMapper objectMapper) {
+        this.objectMapper = objectMapper;
+    }
+
+    @Autowired
+    public void setZerotrustConfig(DcucAuthZerotrustConfig zerotrustConfig) {
+        this.zerotrustConfig = zerotrustConfig;
+    }
+
+    @Autowired
+    public void setSmFactory(SMFactory smFactory) {
+        this.smFactory = smFactory;
+    }
+
+    @Autowired
+    public void setRestTemplate(RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    @Override
+    public UserTokenInfoRespVO getUserTokenInfo(String useTokenId) {
+        Assert.notBlank(useTokenId);
+        String requestName = "获取用户令牌信息";
+
+        ZeroTrustUserTokenInfoReqVO zeroTrustUserTokenInfoReqVO = new ZeroTrustUserTokenInfoReqVO();
+        zeroTrustUserTokenInfoReqVO.setUserTokenId(useTokenId);
+
+        log.info("{} 请求 :{}", requestName, JsonUtils.toJSONString(zeroTrustUserTokenInfoReqVO));
+
+        String reqUrl = zerotrustConfig.getUserTokenQueryUrl();
+        RequestEntity<ZeroTrustUserTokenInfoReqVO> httpEntity = new RequestEntity<>(zeroTrustUserTokenInfoReqVO, HttpMethod.POST, URI.create(reqUrl));
+
+        TypeReference<ResultRespVO<UserTokenInfoRespVO>> parameterizedTypeReference =
+                new TypeReference<ResultRespVO<UserTokenInfoRespVO>>() {
+                };
+
+        ResponseEntity<String> responseEntity = restTemplate.exchange(httpEntity, String.class);
+        log.info("{}返回参数 :{}", requestName, JsonUtils.toJSONString(responseEntity));
+
+        if (responseEntity.getStatusCode().is2xxSuccessful()) {
+            String responseEntityJsonBody = responseEntity.getBody();
+
+            ResultRespVO<UserTokenInfoRespVO> responseEntityBody = null;
+            try {
+                responseEntityBody = objectMapper.readValue(responseEntityJsonBody, parameterizedTypeReference);
+            } catch (JsonProcessingException e) {
+                log.error("解析JSON异常", e);
+            }
+            if (responseEntityBody != null) {
+                if (responseEntityBody.getStatusCode().equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue())) {
+
+                    // 校验令牌签名
+                    if (zerotrustConfig.getCheckTokenSign()) {
+                        boolean b = checkUserTokenSign(responseEntityJsonBody);
+                        if (!b) {
+                            return null;
+                        }
+                    }
+
+                    return responseEntityBody.getResult();
+                } else {
+                    log.error("{} statusCode:{} , message:{}", requestName, responseEntityBody.getStatusCode(), responseEntityBody.getMessage());
+                }
+            } else {
+                log.error("{} 返回 isnull:{}", requestName, JsonUtils.toJSONString(responseEntity));
+            }
+
+        } else {
+            log.error("{} 请求 error :{}", requestName, JsonUtils.toJSONString(responseEntity));
+        }
+        return null;
+    }
+
+    @Override
+    public AppTokenInfoRespVO getAppTokenInfo(String appTokenId) {
+        Assert.notBlank(appTokenId);
+        String requestName = "获取应用令牌信息";
+
+        ZeroTrustAppTokenInfoReqVO zeroTrustAppTokenInfoReqVO = new ZeroTrustAppTokenInfoReqVO();
+        zeroTrustAppTokenInfoReqVO.setAppTokenId(appTokenId);
+
+        String reqUrl = zerotrustConfig.getAppTokenQueryUrl();
+        log.info("{} 请求 :{}", requestName, JsonUtils.toJSONString(zeroTrustAppTokenInfoReqVO));
+        RequestEntity<ZeroTrustAppTokenInfoReqVO> httpEntity = new RequestEntity<>(zeroTrustAppTokenInfoReqVO, HttpMethod.POST, URI.create(reqUrl));
+
+        TypeReference<ResultRespVO<AppTokenInfoRespVO>> parameterizedTypeReference =
+                new TypeReference<ResultRespVO<AppTokenInfoRespVO>>() {
+                };
+
+        ResponseEntity<String> responseEntity = restTemplate.exchange(httpEntity, String.class);
+        log.info("{}返回参数 :{}", requestName, JsonUtils.toJSONString(responseEntity));
+
+        if (responseEntity.getStatusCode().is2xxSuccessful()) {
+            String responseEntityJsonBody = responseEntity.getBody();
+
+            ResultRespVO<AppTokenInfoRespVO> responseEntityBody = null;
+            try {
+                responseEntityBody = objectMapper.readValue(responseEntityJsonBody, parameterizedTypeReference);
+            } catch (JsonProcessingException e) {
+                log.error("解析JSON异常", e);
+            }
+            if (responseEntityBody != null) {
+                if (responseEntityBody.getStatusCode().equalsIgnoreCase(ZeroTrustBusinessRespEnum.SUCCESS.getValue())) {
+
+                    // 校验令牌签名
+                    if (zerotrustConfig.getCheckTokenSign()) {
+                        boolean b = checkAppTokenSign(responseEntityJsonBody);
+                        if (!b) {
+                            return null;
+                        }
+                    }
+
+                    return responseEntityBody.getResult();
+                } else {
+                    log.error("{} statusCode:{} , message:{}", requestName, responseEntityBody.getStatusCode(), responseEntityBody.getMessage());
+                }
+            } else {
+                log.error("{} 返回 isnull:{}", requestName, JsonUtils.toJSONString(responseEntity));
+            }
+
+        } else {
+            log.error("{} 请求 error :{}", requestName, JsonUtils.toJSONString(responseEntity));
+        }
+        return null;
+    }
+
+    /**
+     * 校验应用令牌签名
+     *
+     * @param appTokenJson 应用令牌信息
+     * @return 是否成功
+     */
+    @SuppressWarnings("unchecked")
+    @SneakyThrows(JsonProcessingException.class)
+    public boolean checkAppTokenSign(String appTokenJson) {
+
+        TypeReference<LinkedHashMap<String, Object>> objectTypeReference = new TypeReference<LinkedHashMap<String, Object>>() {
+        };
+        LinkedHashMap<String, Object> body = objectMapper.readValue(appTokenJson, objectTypeReference);
+        LinkedHashMap<String, Object> userTokenInfo = (LinkedHashMap<String, Object>) body.getOrDefault("result", Collections.emptyMap());
+        LinkedHashMap<String, Object> userToken = (LinkedHashMap<String, Object>) userTokenInfo.getOrDefault("userToken", Collections.emptyMap());
+        String userTokenString = generalAppTokenCheckUserTokenString(userToken);
+        log.info("生成后的用户令牌信息：{}", userTokenString);
+        userTokenInfo.put("userToken", userTokenString);
+        return checkAppTokenSign(userTokenInfo);
+    }
+
+    /**
+     * 校验用户令牌签名
+     *
+     * @param userTokenJson 用户令牌JSON
+     * @return 状态
+     */
+    @SuppressWarnings("unchecked")
+    @SneakyThrows(JsonProcessingException.class)
+    public boolean checkUserTokenSign(String userTokenJson) {
+
+        TypeReference<LinkedHashMap<String, Object>> objectTypeReference = new TypeReference<LinkedHashMap<String, Object>>() {
+        };
+        LinkedHashMap<String, Object> body = objectMapper.readValue(userTokenJson, objectTypeReference);
+        LinkedHashMap<String, Object> userTokenInfo = (LinkedHashMap<String, Object>) body.getOrDefault("result", Collections.emptyMap());
+        return checkUserTokenSign(userTokenInfo);
+    }
+
+    /**
+     * 生成应用令牌校验签名的用户令牌字符串
+     *
+     * @param userTokenMap 用户令牌信息
+     * @return 用户令牌字符串
+     */
+    protected String generalAppTokenCheckUserTokenString(LinkedHashMap<String, Object> userTokenMap) {
+        if (CollUtil.isEmpty(userTokenMap)) {
+            throw new IllegalArgumentException();
+        }
+        String symbol = StrUtil.COMMA + " ";
+
+        StringBuilder userTokenStringBuilder = new StringBuilder("{");
+
+        for (String key : userTokenMap.keySet()) {
+            userTokenStringBuilder.append(key).append("=");
+            String value = userTokenMap.getOrDefault(key, "").toString();
+            userTokenStringBuilder.append(value).append(symbol);
+        }
+
+        String string = userTokenStringBuilder.toString();
+        String subLastSymbol = LangUtil.subLastSymbol(string, symbol);
+        return subLastSymbol + "}";
+    }
+
+
+    /**
+     * 校验用户令牌签名
+     *
+     * @param useTokenInfoMap 用户令牌信息
+     * @return 签名结果
+     */
+    protected boolean checkUserTokenSign(Map<String, Object> useTokenInfoMap) {
+        String userTokenId = useTokenInfoMap.getOrDefault("userTokenId", "").toString();
+        String createTime = useTokenInfoMap.getOrDefault("createTime", "").toString();
+        String expireAt = useTokenInfoMap.getOrDefault("expireAt", "").toString();
+        String pid = useTokenInfoMap.getOrDefault("pid", "").toString();
+        String orgCode = useTokenInfoMap.getOrDefault("orgCode", "").toString();
+        String ip = useTokenInfoMap.getOrDefault("ip", "").toString();
+        String mid = useTokenInfoMap.getOrDefault("mid", "").toString();
+        String env = useTokenInfoMap.getOrDefault("env", "").toString();
+        String sign = useTokenInfoMap.getOrDefault("sign", "").toString();
+
+        String origin = "userTokenId=" + userTokenId +
+                "&createTime=" + createTime + "&expireAt=" + expireAt + "&pid=" + pid + "&orgCode=" + orgCode
+                + "&ip=" + ip + "&mid=" + mid + "&env=" + env;
+        log.info("用户令牌校验签名签名原文：{}", origin);
+
+        String generalSign = smFactory.getSM3().summary(origin).toString().toLowerCase(Locale.ROOT);
+        log.info("用户令牌校验签名签名后的值：{}", generalSign);
+        log.info("用户令牌校验签名令牌信息中的签名值：{}", sign);
+
+        boolean ignoreCase = generalSign.equalsIgnoreCase(sign);
+        log.info("用户令牌：{} 校验签名签名结果：{}", userTokenId, ignoreCase);
+
+        return ignoreCase;
+    }
+
+    /**
+     * 校验应用令牌签名
+     *
+     * @param apTokenInfoMap 应用令牌信息
+     * @return 签名结果
+     */
+    protected boolean checkAppTokenSign(Map<String, Object> apTokenInfoMap) {
+        String appTokenId = apTokenInfoMap.getOrDefault("appTokenId", "").toString();
+        String createTime = apTokenInfoMap.getOrDefault("createTime", "").toString();
+        String expireAt = apTokenInfoMap.getOrDefault("expireAt", "").toString();
+        String appId = apTokenInfoMap.getOrDefault("appId", "").toString();
+        String userToken = apTokenInfoMap.getOrDefault("userToken", "").toString();
+        String sign = apTokenInfoMap.getOrDefault("sign", "").toString();
+
+        String origin = "appTokenId=" + appTokenId + "&createTime=" + createTime + "&expireAt=" +
+                expireAt + "&appId=" + appId + "&userToken=" + userToken;
+        log.info("应用令牌校验签名签名原文：{}", origin);
+
+        String generalSign = smFactory.getSM3().summary(origin).toString().toLowerCase(Locale.ROOT);
+        log.info("应用令牌校验签名签名后的值：{}", generalSign);
+        log.info("应用令牌校验签名令牌信息中的签名值：{}", sign);
+
+        boolean ignoreCase = generalSign.equalsIgnoreCase(sign);
+        log.info("应用令牌：{} 校验签名签名结果：{}", appTokenId, ignoreCase);
+
+        return ignoreCase;
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/dto/ApprovalBaseRespDto.java

@@ -0,0 +1,87 @@
+package com.dragoninfo.dcuc.auth.business.impl.zerotrust.dto;
+
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalResultEnum;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Data;
+
+/**
+ * @author mazq
+ * 审批返回结果
+ */
+@Data
+public class ApprovalBaseRespDto {
+
+    /**
+     * “0000” 表示令牌有效；
+     * 其他值表示无效或接口调用出错
+     */
+    @JsonProperty("status_code")
+    private String statusCode;
+
+    /**
+     * 状态码对应的详细描述
+     */
+    private String message;
+
+    public ApprovalBaseRespDto success() {
+         this.messageEnumMessage(ApprovalResultEnum.SUCCESS);
+         return this;
+    }
+
+    /**
+     * 设置业务枚举
+     *
+     * @param businessRespEnum 业务枚举
+     */
+    public void setBusinessRespEnum(ApprovalResultEnum businessRespEnum) {
+        setStatusCode(businessRespEnum.getValue());
+        setMessage(businessRespEnum.getLabel());
+    }
+
+
+    /**
+     * 设置业务枚举
+     *
+     * @param businessRespEnum 业务枚举
+     */
+    public ApprovalBaseRespDto messageEnumMessage(ApprovalResultEnum businessRespEnum) {
+        this.setBusinessRespEnum(businessRespEnum);
+        return this;
+    }
+
+
+    /**
+     * 设置请求参数异常
+     *
+     * @param businessRespEnum 枚举
+     * @param message          异常信息
+     */
+    public ApprovalBaseRespDto messageEnumMessage(ApprovalResultEnum businessRespEnum, String message) {
+        ApprovalBaseRespDto respDto = new ApprovalBaseRespDto();
+        respDto.setStatusCode(businessRespEnum.getValue());
+        respDto.setMessage(message);
+        return respDto;
+    }
+
+    /**
+     * 是否成功
+     *
+     * @return 是否成功
+     */
+    @JsonIgnore
+    public boolean isRespSuccess() {
+        return this.statusCode.equalsIgnoreCase(ApprovalResultEnum.SUCCESS.getValue());
+    }
+
+    /**
+     * 是否失败
+     *
+     * @return 是否失败
+     */
+    @JsonIgnore
+    public boolean isRespFail() {
+        return !isRespSuccess();
+    }
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/dto/FlowApplyReqDTO.java

@@ -0,0 +1,88 @@
+package com.dragoninfo.dcuc.auth.business.impl.zerotrust.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 安盟审批流程申请Dto
+ *
+ * @author huangzqa
+ * @date 2023/7/4
+ */
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Data
+public class FlowApplyReqDTO {
+
+
+    /**
+     * 应用令牌
+     */
+    @NotBlank
+    private String appTokenId;
+
+    /**
+     * 流程定义 Id
+     * 调用审批服务需先在审批中心注册流程，每个注册流程有唯一流程定义ID
+     */
+    @NotBlank
+    private String processDefId;
+
+    /**
+     * 流程标题
+     * 对应任务编号的任务名称(格式为申请任务名称+时间区间到秒的字符串，xxx20230628174811)
+     */
+    @NotBlank
+    private String title;
+
+    /**
+     * 任务类型
+     * 申请类型，1：权限申请
+     */
+    @NotBlank
+    private String taskClass;
+
+    /**
+     * 审批流程所关联的任务唯一标识，任务编号编码规则（共 32 位）：
+     * RWBH+公安机关组织机构代码（应符合 GA/T 380 的要求）+日期（由年月日时分秒组成的中国时区时间字符串，格式是 yyyy-MM-dd HH:mm:ss）+8 位流水号
+     */
+    @NotBlank
+    private String taskId;
+
+    /**
+     * 表单
+     * “表名”：[{"字段 1":"值","字段 2":"值"}，{"字段 1":"值","字段2":"值"}]}
+     */
+    private Map<String, List<Map<String, String>>> bo = Collections.emptyMap();
+
+    /**
+     * 回调地址（应用开发的接收审批结果变动的地址）
+     */
+    @NotBlank
+    private String callbackUrl;
+
+    /**
+     * 业务数据
+     * 扩展字段
+     */
+    private Map<String, String> bizData;
+
+    /**
+     * 电子签名
+     * 应采用国产密码算法对接口请求参数进行完整性保护
+     * 应采用国产密码算法对接口请求参数进行完整性保护
+     * （appTokenId ,processDefId,title用&符号链接后SM3加密(appTokenId &processDefId&title)）
+     */
+    @NotBlank
+    private String callerSign;
+
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/dto/FlowApplyRespDTO.java

@@ -0,0 +1,19 @@
+package com.dragoninfo.dcuc.auth.business.impl.zerotrust.dto;
+
+import lombok.Data;
+
+/**
+ * 安盟开启流程返回
+ *
+ * @author mazq
+ * @date 2023/5/26
+ */
+@Data
+public class FlowApplyRespDTO {
+
+    /**
+     * 流程实例 Id
+     */
+    private String processInstId;
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/dto/FlowDataRespDto.java

@@ -0,0 +1,23 @@
+package com.dragoninfo.dcuc.auth.business.impl.zerotrust.dto;
+
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalResultEnum;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * 审批流程申请响应内容
+ *
+ * @author mazq
+ * @date 2023/4/4
+ */
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class FlowDataRespDto<T> extends ApprovalBaseRespDto {
+
+    private T data;
+
+    @Override
+    public boolean isRespSuccess() {
+        return this.getStatusCode().equals(ApprovalResultEnum.SUCCESS.getValue());
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IApiCommonBusiness.java

@@ -1,5 +1,6 @@
 package com.dragoninfo.dcuc.auth.business.zerotrust;
 
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustSignReqVO;
 
@@ -11,10 +12,17 @@ public interface IApiCommonBusiness {
 
 
     /**
-     * 校验令牌签名
+     * 校验接口调用签名
      * @param signReqVO
      * @return
      */
     ZeroTrustMessageRespVO checkSecret(ZeroTrustSignReqVO signReqVO);
 
+    /**
+     * 任务信息校验
+     * @param appTokenId
+     * @param taskId
+     * @return
+     */
+    ZeroTrustDataRespVO<String> taskIdCheck(String appTokenId, String taskId);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IApprovalBusiness.java

@@ -52,7 +52,7 @@ public interface IApprovalBusiness {
     ResponseDTO<FlowDetailRespDTO> flowDetail(String processInstId);
 
     /**
-     * 安盟审批回调
+     * 审批回调
      *
      * @param approvalCallBackReqVO 安盟审批回调请求
      * @return 状态

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IAuthTokenBusiness.java

@@ -4,6 +4,8 @@ import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.*;
 import com.dragoninfo.duceap.core.response.Result;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2023/2/14
@@ -39,10 +41,10 @@ public interface IAuthTokenBusiness {
     /**
      * 接收令牌
      *
-     * @param receiveVO
+     * @param tokenReceiveReqVoList
      * @return
      */
-    ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO);
+    ZeroTrustMessageRespVO tokenReceive(List<TokenReceiveVO> tokenReceiveReqVoList);
 
     /**
      * 令牌在线查询

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/ITokenRemoteCallBusiness.java

@@ -0,0 +1,31 @@
+package com.dragoninfo.dcuc.auth.business.zerotrust;
+
+import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
+import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
+
+/**
+ * <p>
+ * 竹云相关
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2023/6/7
+ */
+public interface ITokenRemoteCallBusiness {
+
+    /**
+     * 获取用户令牌信息
+     *
+     * @param useTokenId 用户令牌标识
+     * @return 用户令牌信息
+     */
+    UserTokenInfoRespVO getUserTokenInfo(String useTokenId);
+
+    /**
+     * 获取应用令牌信息
+     *
+     * @param appTokenId 应用令牌标识
+     * @return 应用令牌信息
+     */
+    AppTokenInfoRespVO getAppTokenInfo(String appTokenId);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/RestTemplateConfig.java

@@ -15,8 +15,8 @@ public class RestTemplateConfig {
     @Bean
     public RestTemplate restTemplate() {
         NoSSLHttpClientFactory factory = new NoSSLHttpClientFactory();
-        factory.setReadTimeout(5000);
-        factory.setConnectTimeout(5000);
+        factory.setReadTimeout(15000);
+        factory.setConnectTimeout(15000);
         return new RestTemplate(factory);
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/AuthServiceConfig.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.auth.config.zerotrust;
+
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * @author mazq
+ * @date 2023/3/30
+ */
+@Slf4j
+@Configuration
+public class AuthServiceConfig {
+    @Qualifier("dragonObjectMapper")
+    @Bean()
+    public ObjectMapper dragonObjectMapper() {
+        ObjectMapper mapper = new ObjectMapper();
+        // 忽略不对应的字段
+        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+        return mapper;
+    }
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/DcucAuthZerotrustConfig.java

@@ -39,7 +39,7 @@ public class DcucAuthZerotrustConfig {
     /**
      * 鉴权接口是否检查taskId的正确性
      */
-    private Boolean checkAuthApiRealTaskId = false;
+    private Boolean checkAuthApiRealTaskId = true;
 
     /**
      * 接口签名校验，时间误差范围，单位秒，默认30分钟
@@ -47,10 +47,15 @@ public class DcucAuthZerotrustConfig {
     private Integer timeStampCheckSeconds = 30 * 60;
 
     /**
-     * 是否检查调用令牌签名值
+     * 是否检查接口调用签名值
      */
     private Boolean checkCallerSign = true;
 
+    /**
+     * 是否校验令牌内容签名值
+     */
+    private Boolean checkTokenSign = true;
+
     /**
      * 应用权限变更通知地址
      */

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/constance/ApprovalApiConstance.java

@@ -55,10 +55,10 @@ public class ApprovalApiConstance {
     /**
      * 任务校验地址
      */
-    public static final String TASK_ID_CHECK_URL = "/approve-core/api/v1/tasks/{taskCode}";
+    public static final String TASK_ID_CHECK_URL = "/approve-core/api/v3/tasks/{taskCode}";
 
     /**
      * 任务列表获取地址
      */
-    public static final String CLASS_TYPE_URL = "/approve-core/api/v1/task-classes";
+    public static final String CLASS_TYPE_URL = "/approve-core/api/v3/task-classes";
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/element/business/impl/EnvElementBusiness.java

@@ -115,7 +115,7 @@ public class EnvElementBusiness implements IEnvElementBusiness {
         String elementId = elementIdCondition.getValue().toString();
         Page<ElementUserRel> elementUserRels = getElementUserRels(searchable, elementId, userInfos);
         if (elementUserRels.isEmpty()) {
-            return new PageImpl(new ArrayList());
+            return new PageImpl(new ArrayList(), searchable.getPage(), 0);
         }
         // 用户查询为空再次查询用户
         if (null == userInfos) {
@@ -126,11 +126,11 @@ public class EnvElementBusiness implements IEnvElementBusiness {
                     .collect(Collectors.toList());
             userInfos = userInfoService.findByIds(userIds);
             if (CollectionUtils.isEmpty(userInfos)) {
-                return new PageImpl(new ArrayList());
+                return new PageImpl(new ArrayList(), searchable.getPage(), 0);
             }
         }
         Result<List<ElementUserRelRespVo>> result = getPageVos(elementUserRels, userInfos);
-        return new PageImpl(result.getContent(), Pageable.unpaged(), result.getTotalElements());
+        return new PageImpl(result.getContent(), searchable.getPage(), result.getTotalElements());
 
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/msg/PermissionUpdateProducer.java

@@ -10,6 +10,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.Resource;
@@ -33,6 +34,9 @@ public class PermissionUpdateProducer {
     @Resource(name = "redisTemplate")
     private RedisTemplate<String, Object> redisTemplate;
 
+    @Resource
+    private StringRedisTemplate stringRedisTemplate;
+
     @Autowired
     private DcucAuthZerotrustConfig zerotrustConfig;
 
@@ -120,11 +124,12 @@ public class PermissionUpdateProducer {
                     // 加上认证下发的用户令牌前缀
                     .map(item -> ZerotrustAuthRedisConstant.REDIS_IDCARD_TOKEN_NAMESPACE + item)
                     .collect(Collectors.toList());
-            List<Object> tokenList = redisTemplate.opsForValue().multiGet(userTokenKeys);
+            // 因为存入的时候使用的是StringRedisTemplate取值也要用对应的对象,key序列化问题导致
+            List<String> tokenList = stringRedisTemplate.opsForValue().multiGet(userTokenKeys);
             List<String> userTokens = Optional.ofNullable(tokenList)
                     .orElse(Collections.emptyList())
                     .stream()
-                    .map(e -> Optional.ofNullable(e).map(Object::toString).orElse(""))
+                    .map(e -> Optional.ofNullable(e).orElse(""))
                     .collect(Collectors.toList());
 
             // 标注规范用户权限变更通知

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/sub/entity/AuthSubTaskType.java

@@ -6,8 +6,10 @@ import lombok.Data;
 import lombok.EqualsAndHashCode;
 import org.hibernate.annotations.GenericGenerator;
 import org.hibernate.annotations.Where;
+import org.springframework.data.annotation.CreatedDate;
 
 import javax.persistence.*;
+import java.util.Date;
 
 /**
  * 主体管理-任务类型
@@ -56,5 +58,10 @@ public class AuthSubTaskType extends BaseUpdateEntity {
      */
     @Column(name = "PARENT_CODE")
     private String parentCode;
+
+    /** 创建时间 */
+    @CreatedDate
+    @Column(name = "CREATE_TIME")
+    private Date createTime;
 }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/token/facade/AuthTokenFacade.java

@@ -5,11 +5,12 @@ import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.token.vo.TokenOnlineReqVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenOnlineRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.TokenReceiveVO;
-import com.dragoninfo.duceap.core.response.Result;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.List;
+
 /**
  * @author mazq
  * @date 2023/2/22
@@ -26,8 +27,8 @@ public class AuthTokenFacade implements IAuthTokenFacade {
     }
 
     @Override
-    public ZeroTrustMessageRespVO tokenReceive(TokenReceiveVO receiveVO) {
-        return tokenBusiness.tokenReceive(receiveVO);
+    public ZeroTrustMessageRespVO tokenReceive(List<TokenReceiveVO> tokenReceiveReqVoList) {
+        return tokenBusiness.tokenReceive(tokenReceiveReqVoList);
     }
 
     @Override

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/util/ValidUtil.java

@@ -0,0 +1,155 @@
+package com.dragoninfo.dcuc.auth.util;
+
+import cn.hutool.core.lang.Assert;
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.StrUtil;
+import com.dragoninfo.dcuc.common.Constants;
+import com.dragoninfo.dcuc.common.utils.LangUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.extern.slf4j.Slf4j;
+import sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl;
+
+import javax.validation.ConstraintViolation;
+import javax.validation.Path;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import java.lang.reflect.Field;
+import java.lang.reflect.Type;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * <p>
+ *
+ * </p>
+ *
+ * @author huangzqa
+ * @date 2022/12/8
+ */
+@Slf4j
+public class ValidUtil {
+
+    /**
+     * 校验请求参数
+     *
+     * @param t   请求参数
+     * @param <T> 请求参数泛型
+     * @return 结果，错误信息
+     */
+    public static <T> ResponseStatus validReqVo(T t) {
+        Set<ConstraintViolation<T>> constraintViolationSet = getValidator().validate(t);
+        StringBuilder errorMessageBuilder = new StringBuilder();
+        for (ConstraintViolation<T> constraintViolation : constraintViolationSet) {
+            String message = constraintViolation.getMessage();
+            Path propertyPath = constraintViolation.getPropertyPath();
+            List<String> nodeNameList = new ArrayList<>();
+            for (Path.Node node : propertyPath) {
+                String name = node.getName();
+                nodeNameList.add(name);
+            }
+            Class<T> rootBeanClass = constraintViolation.getRootBeanClass();
+
+            String fieldName = getVoFieldName(nodeNameList, rootBeanClass);
+            Object invalidValue = constraintViolation.getInvalidValue();
+            String valueString = "";
+            if (ObjectUtil.isNotNull(invalidValue)) {
+                valueString = invalidValue.toString();
+            }
+
+            errorMessageBuilder.append(fieldName).append("：【").append(valueString)
+                    .append("】")
+                    .append(message)
+                    .append(Constants.CHINESE_COMMA);
+        }
+        String string = errorMessageBuilder.toString();
+        if (StrUtil.isNotBlank(string)) {
+            return ResponseStatus.fail(string);
+        }
+        return ResponseStatus.success();
+    }
+
+    /**
+     * 获取VO的中文名称
+     *
+     * @param nodeNameList  节点列表
+     * @param rootBeanClass 类
+     * @param <T>           泛型
+     * @return 获取后的中文名称
+     */
+    public static <T> String getVoFieldName(List<String> nodeNameList, Class<T> rootBeanClass) {
+        Assert.notNull(rootBeanClass);
+        StringBuilder stringBuilder = new StringBuilder();
+
+        Class<?> declaringClass = rootBeanClass;
+        for (int i = 0; i < nodeNameList.size(); i++) {
+            String nodeName = nodeNameList.get(i);
+            Field declaredField = null;
+            try {
+                declaredField = declaringClass.getDeclaredField(nodeName);
+            } catch (NoSuchFieldException e) {
+                log.error("getFiled error", e);
+            }
+            String apiModelPropertyName = getApiModelPropertyName(declaredField);
+            if (i < (nodeNameList.size() - 1)) {
+                stringBuilder.append(apiModelPropertyName).append(StrUtil.DASHED);
+                if (ObjectUtil.isNotNull(declaredField)) {
+                    Type genericType = declaredField.getGenericType();
+                    Type[] parameterizedType = ((ParameterizedTypeImpl) genericType).getActualTypeArguments();
+                    Class<?> childrenDeclaringClass = null;
+                    if (ObjectUtil.isNotNull(parameterizedType) && parameterizedType.length > 0) {
+                        String name = ((Class) parameterizedType[0]).getName();
+                        if (StrUtil.isNotBlank(name)) {
+                            try {
+                                childrenDeclaringClass = Class.forName(name);
+                            } catch (ClassNotFoundException e) {
+                                log.error("Class error", e);
+                            }
+                        }
+                    }
+
+                    if (ObjectUtil.isNull(childrenDeclaringClass)) {
+                        childrenDeclaringClass = declaredField.getType();
+                    }
+
+                    declaringClass = childrenDeclaringClass;
+                }
+            } else {
+                stringBuilder.append(apiModelPropertyName).append(Constants.CHINESE_COMMA);
+            }
+        }
+
+        return LangUtil.subLastSymbol(stringBuilder.toString(), Constants.CHINESE_COMMA);
+    }
+
+    /**
+     * 获取字段中 ApiModelProperty中的名称
+     *
+     * @param declaredField 字段
+     * @return 名称
+     */
+    public static String getApiModelPropertyName(Field declaredField) {
+        String nodeName = "";
+        if (ObjectUtil.isNotNull(declaredField)) {
+            ApiModelProperty apiModelProperty = declaredField.getAnnotation(ApiModelProperty.class);
+            if (ObjectUtil.isNotNull(apiModelProperty)) {
+                String value = apiModelProperty.value();
+                if (StrUtil.isNotBlank(value)) {
+                    nodeName = value;
+                }
+            }
+        }
+        return nodeName;
+    }
+
+    /**
+     * 获取校验器
+     *
+     * @return 校验器
+     */
+    private static Validator getValidator() {
+        return Validation.buildDefaultValidatorFactory()
+                .getValidator();
+    }
+}

dcuc-auth-service/src/main/resources/application-auth.yml

@@ -10,10 +10,10 @@ dcuc:
       user-info-query-url:
       notify-app-url-list:
       approval:
-        base-url:
-        call-back-url:
-        role-operate-def-id:
-        role-manage-task-type:
+        base-url: http://10.11.0.168:8866/approve-gateway/approve-core/
+        call-back-url: http://10.11.0.240:8861/dcucauth/api/auth-service/v1/approval/call-back
+        role-operate-def-id: dcuc-function-auth-apply
+        role-manage-task-type: 222
     app-code: QXXT0000000000000001
     menu-noclear: true
     #服务变更通知
@@ -42,7 +42,7 @@ dcuc:
       data-auth-bus-code:
     audit-log:
       #是否开启kafka功能
-      kafka: true
+      kafka: false
       authentication-topic: 10000028
       authentication-groupId: auditlog
       authorize-topic: 10000029
@@ -60,7 +60,7 @@ dcuc:
     gm-enable: false
     gm-select-enable: false
     approval-center-url: http://10.254.11.185:8866/approve-gateway
-    user-center-url: http://10.11.1.237:8860/dcuc
+    user-center-url: http://10.201.1.50:8860/dcuc
     root-user-id: 402881cb4era66f4014b0ghd0b875485
     root-org-id: 7F08CCC3C4984A2586C9D3F0A6B804E5
     operator-idcard: '000000000000000001'
@@ -69,6 +69,6 @@ dcuc:
       address: redis://127.0.0.1:6379
       password:
 app:
-  audit:
+  auditlog:
     qmtj:
-      host-address: https://127.0.0.1:8843
+      host-address: https://10.11.0.168:8843

dcuc-auth-service/src/main/resources/config/mysql/V4_3_0032__AddAuthSubTask.sql

@@ -0,0 +1,65 @@
+CREATE TABLE T_AUTH_SUB_TASK_TYPE
+(
+    ID             VARCHAR(32) NOT NULL COMMENT 'ID 主键id',
+    TASK_TYPE_NAME VARCHAR(128) COMMENT 'TASK_TYPE_NAME 任务类型名称',
+    TASK_TYPE_CODE VARCHAR(32) COMMENT 'TASK_TYPE_CODE 任务类型编码',
+    DELETED        VARCHAR(5) DEFAULT '0' COMMENT 'DELETED 是否删除',
+    CREATE_USER    VARCHAR(32) COMMENT 'CREATE_USER 创建人',
+    CREATE_TIME    DATETIME DEFAULT CURRENT_TIMESTAMP COMMENT 'CREATE_TIME 创建时间',
+    UPDATE_USER    VARCHAR(32) COMMENT 'UPDATE_USER 更新人',
+    UPDATE_TIME    DATETIME DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT 'UPDATE_TIME 更新时间',
+    DELETE_USER    VARCHAR(32) COMMENT 'DELETE_USER 删除人',
+    DELETE_TIME    DATETIME COMMENT 'DELETE_TIME 删除时间',
+    PRIMARY KEY (ID)
+) COMMENT = '任务类型 ';
+
+ALTER TABLE T_AUTH_SUB_TASK_TYPE
+    ADD INDEX T_AUTH_S_T_INX_T_CODE (TASK_TYPE_CODE);
+
+UPDATE T_AUTH_SUB_TASK_TYPE SET CREATE_TIME = now() WHERE CREATE_TIME IS NULL;
+alter table t_auth_sub_task_type modify TASK_TYPE_CODE varchar(50) null comment 'TASK_TYPE_CODE 任务类型编码';
+alter table t_auth_sub_task_type add PARENT_ID varchar(32) null comment '父级id';
+alter table t_auth_sub_task_type add PARENT_CODE varchar(50) null comment '父级id';
+
+INSERT INTO t_auth_menu_info (ID, NAME, CODE, APP_ID, PARENT_ID, URL, SHOW_MODE, IS_ACTIVE, SEQ, CREATE_TIME, CREATOR, MODIFIED_TIME, MODIFIER, REMARK, IS_SYSTEM, IS_HIDE, RESOURCE_TYPE) VALUES ('fca158d1b47d4d5d8e5ed8a5c6db1342', '主体环境要素管理', 'QXGL_SQGL_ZTGL_ZTHJYSGL', '00000000000000000000000000000000', '836d3a356a264300832841aa97b945e0', null, '1', '1', 4, null, null, null, null, null, '0', '0', null);
+
+CREATE TABLE T_AUTH_APPROVAL_RESULT(
+       ID VARCHAR(32) NOT NULL   COMMENT 'ID 主键id' ,
+       PROCESS_INST_ID VARCHAR(64)    COMMENT 'PROCESS_INST_ID 流程实例id' ,
+       OPEN_ID DATETIME    COMMENT 'OPEN_ID 流程发起人标识' ,
+       USER_NAME VARCHAR(32)    COMMENT 'USER_NAME 发起人姓名' ,
+       UPDATED_TIME DATETIME    COMMENT 'END_FLAG 审批结果标识 “1”表示审批通过； “2”表示审批不通过' ,
+       TASK_ID VARCHAR(32)    COMMENT 'TASK_ID 任务编号' ,
+       PROCESS_DEF_ID VARCHAR(64)    COMMENT 'PROCESS_DEF_ID 流程定义id' ,
+       BUSINESS_KEY VARCHAR(64)    COMMENT 'BUSINESS_KEY 业务标识' ,
+       APPLY_TYPE VARCHAR(32)    COMMENT 'APPLY_TYPE 申请类型' ,
+       DELETED VARCHAR(32)   DEFAULT '0' COMMENT 'DELETED 是否删除' ,
+       CREATE_USER VARCHAR(32)    COMMENT 'CREATE_USER' ,
+       CREATE_TIME VARCHAR(32)    COMMENT 'CREATE_TIME' ,
+       UPDATE_USER VARCHAR(32)    COMMENT 'UPDATE_USER' ,
+       UPDATE_TIME VARCHAR(32)    COMMENT 'UPDATE_TIME' ,
+       DELETE_USER VARCHAR(32)    COMMENT 'DELETE_USER' ,
+       DELETE_TIME VARCHAR(32)    COMMENT 'DELETE_TIME' ,
+       PRIMARY KEY (ID)
+) COMMENT = '审批结果表 ';
+
+alter table t_auth_approval_result modify TASK_ID varchar(50) null comment 'TASK_ID 任务编号';
+alter table t_auth_approval_result add TASK_ID_DATE varchar(20) null;
+
+ALTER TABLE T_AUTH_APPROVAL_RESULT ADD INDEX t_auth_a_r_inx_psid(PROCESS_INST_ID);
+
+alter table t_auth_approval_result
+    change UPDATED_TIME END_FLAG varchar(5) null comment 'END_FLAG 审批结果标识 “1”表示审批通过； “2”表示审批不通过';
+
+alter table t_auth_approval_result
+    modify OPEN_ID varchar(32) null comment 'OPEN_ID 流程发起人标识';
+
+alter table t_auth_approval_result
+    modify CREATE_TIME DATETIME null comment 'CREATE_TIME';
+
+alter table t_auth_approval_result
+    modify UPDATE_TIME DATETIME null comment 'UPDATE_TIME';
+
+alter table t_auth_approval_result
+    modify DELETE_TIME DATETIME null comment 'DELETE_TIME';
+

dcuc-auth-service/src/test/java/com/dragoninfo/dcuc/auth/auth/service/LogSendComponentTest.java

@@ -0,0 +1,40 @@
+package com.dragoninfo.dcuc.auth.auth.service;
+
+import com.dragoninfo.dcuc.auth.DcucAuthApplication;
+import com.dragoninfo.dcuc.auth.audit.config.AuditConfig;
+import com.dragoninfo.dcuc.auth.audit.constance.AuditConstance;
+import com.dragoninfo.dcuc.auth.config.DcucAuthConfig;
+import com.dragonsoft.auditlog.collection.qmtj.LogSendComponent;
+import com.dragonsoft.auditlog.collection.qmtj.pojo.req.AuthenticationBusLog;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2023/4/3
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = DcucAuthApplication.class)
+public class LogSendComponentTest {
+
+    @Autowired
+    private LogSendComponent logSendComponent;
+
+    @Test
+    public void httpsLogSend() {
+        List<AuthenticationBusLog> busLogs = new ArrayList<>();
+        AuthenticationBusLog busLog = new AuthenticationBusLog();
+        busLog.setAppToken("appToken");
+        busLog.setAuthId("authId");
+        busLog.setAuthIdcard("0000000000000000001");
+        busLogs.add(busLog);
+        logSendComponent.sendAuthenticationBusLog("sysId", AuditConstance.AUDIT_LOG_TYPE_JQ, busLogs);
+    }
+
+}

dcuc-auth-service/src/test/java/com/dragoninfo/dcuc/auth/auth/service/QmAuditPushServiceTest.java

@@ -43,6 +43,7 @@ public class QmAuditPushServiceTest {
 
         LogSendComponent logSendComponent = new LogSendComponent();
         QmTjProperties qmTjProperties = Mockito.spy(QmTjProperties.class);
+        qmTjProperties.setHostAddress("https://10.11.0.168:8843");
         logSendComponent.setQmTjProperties(qmTjProperties);
 
         qmAuditPushService.setConfig(auditConfig);
@@ -183,7 +184,7 @@ public class QmAuditPushServiceTest {
                 .tokenType("user")
                 .build();
 
-        qmAuditPushService.pushTokenReceiveLog(dto);
+        qmAuditPushService.pushTokenReceiveLog(Collections.singletonList(dto));
     }
 
 }