[Feature] HuaWei ZeroTrust V1.0

src/main/java/com/dragon/tj/portal/PortalServiceApplication.java

@@ -1,9 +1,14 @@
 package com.dragon.tj.portal;
 
+import com.dragon.tj.portal.auth.properties.AppProperties;
+import com.dragon.tj.portal.auth.properties.CasProperties;
+import com.dragon.tj.portal.auth.properties.ZeroTrustProperties;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 
 @SpringBootApplication
+@EnableConfigurationProperties({AppProperties.class, CasProperties.class, ZeroTrustProperties.class})
 public class PortalServiceApplication {
 
     public static void main(String[] args) {

src/main/java/com/dragon/tj/portal/auth/common/constants/AuthType.java

@@ -0,0 +1,6 @@
+package com.dragon.tj.portal.auth.common.constants;
+
+public interface AuthType {
+    String CAS = "cas";
+    String ZERO_TRUST = "zeroTrust";
+}

src/main/java/com/dragon/tj/portal/auth/config/RetrofitCasConfig.java

@@ -0,0 +1,42 @@
+package com.dragon.tj.portal.auth.config;
+
+import com.alibaba.fastjson.support.retrofit.Retrofit2ConverterFactory;
+import com.dragon.tj.portal.auth.module.cas.CasAuthenticationClient;
+import com.dragon.tj.portal.auth.module.cas.CasAuthorizationClient;
+import com.dragon.tj.portal.auth.properties.CasProperties;
+import okhttp3.OkHttpClient;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import retrofit2.Retrofit;
+import retrofit2.converter.jackson.JacksonConverterFactory;
+
+@Configuration
+public class RetrofitCasConfig {
+
+    private final CasProperties casProperties;
+
+    public RetrofitCasConfig(CasProperties casProperties) {
+        this.casProperties = casProperties;
+    }
+
+    @Bean
+    public CasAuthenticationClient casAuthenticationClient(OkHttpClient okHttpClient) {
+        Retrofit retrofit = new Retrofit.Builder()
+                .client(okHttpClient)
+                .baseUrl(casProperties.getAuthenticationUrl())
+                .addConverterFactory(JacksonConverterFactory.create())
+                .build();
+        return retrofit.create(CasAuthenticationClient.class);
+    }
+
+    @Bean
+    public CasAuthorizationClient casAuthorizationClient(OkHttpClient okHttpClient) {
+        Retrofit retrofit = new Retrofit.Builder()
+                .client(okHttpClient)
+                .baseUrl(casProperties.getAuthorizeUrl())
+                .addConverterFactory(Retrofit2ConverterFactory.create())
+                .build();
+        return retrofit.create(CasAuthorizationClient.class);
+    }
+
+}

src/main/java/com/dragon/tj/portal/auth/config/RetrofitConfig.java

@@ -1,27 +1,18 @@
 package com.dragon.tj.portal.auth.config;
 
-import com.alibaba.fastjson.support.retrofit.Retrofit2ConverterFactory;
-import com.dragon.tj.portal.auth.client.DcucAuthClient;
-import com.dragon.tj.portal.auth.client.DcucUserClient;
+import com.dragon.tj.portal.auth.util.SSLSocketManager;
 import okhttp3.OkHttpClient;
 import okhttp3.logging.HttpLoggingInterceptor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import retrofit2.Retrofit;
-import retrofit2.converter.jackson.JacksonConverterFactory;
 
 import java.util.concurrent.TimeUnit;
 
 @Configuration
 public class RetrofitConfig {
-    @Value("${client.dcuc.user.url}")
-    private String dcucUserUrl;
 
-    @Value("${client.dcuc.auth.url}")
-    private String dcucAuthUrl;
-
-    @Value("${client.log.enabled:false}")
+    @Value("${okhttp.log.enabled:false}")
     private boolean logEnabled;
 
     @Bean
@@ -35,26 +26,9 @@ public class RetrofitConfig {
         if (logEnabled) {
             httpClientBuilder.addInterceptor(loggingInterceptor);
         }
-        return httpClientBuilder.build();
-    }
-
-    @Bean
-    public DcucUserClient dcucUserClient(OkHttpClient okHttpClient) {
-        Retrofit retrofit = new Retrofit.Builder()
-                .client(okHttpClient)
-                .baseUrl(dcucUserUrl)
-                .addConverterFactory(JacksonConverterFactory.create())
-                .build();
-        return retrofit.create(DcucUserClient.class);
-    }
 
-    @Bean
-    public DcucAuthClient dcucAuthClient() {
-        Retrofit retrofit = new Retrofit.Builder()
-                .client(okHttpClient())
-                .baseUrl(dcucAuthUrl)
-                .addConverterFactory(Retrofit2ConverterFactory.create())
-                .build();
-        return retrofit.create(DcucAuthClient.class);
+        httpClientBuilder.sslSocketFactory(SSLSocketManager.getSSLSocketFactory(), SSLSocketManager.getTrustManager());
+        httpClientBuilder.hostnameVerifier(SSLSocketManager.getHostNameVerifier());
+        return httpClientBuilder.build();
     }
 }

src/main/java/com/dragon/tj/portal/auth/config/RetrofitZeroTrustConfig.java

@@ -0,0 +1,41 @@
+package com.dragon.tj.portal.auth.config;
+
+import com.alibaba.fastjson.support.retrofit.Retrofit2ConverterFactory;
+import com.dragon.tj.portal.auth.module.zerotrust.ZeroTrustAuthenticationClient;
+import com.dragon.tj.portal.auth.module.zerotrust.ZeroTrustAuthorizeClient;
+import com.dragon.tj.portal.auth.properties.ZeroTrustProperties;
+import okhttp3.OkHttpClient;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import retrofit2.Retrofit;
+
+@Configuration
+public class RetrofitZeroTrustConfig {
+
+    private final ZeroTrustProperties zeroTrustProperties;
+
+    public RetrofitZeroTrustConfig(ZeroTrustProperties zeroTrustProperties) {
+        this.zeroTrustProperties = zeroTrustProperties;
+    }
+
+    @Bean
+    public ZeroTrustAuthenticationClient zeroTrustAuthenticationClient(OkHttpClient okHttpClient) {
+        Retrofit retrofit = new Retrofit.Builder()
+                .client(okHttpClient)
+                .baseUrl(zeroTrustProperties.getAuthenticationUrl())
+                .addConverterFactory(Retrofit2ConverterFactory.create())
+                .build();
+        return retrofit.create(ZeroTrustAuthenticationClient.class);
+    }
+
+    @Bean
+    public ZeroTrustAuthorizeClient zeroTrustAuthorizeClient(OkHttpClient okHttpClient) {
+        Retrofit retrofit = new Retrofit.Builder()
+                .client(okHttpClient)
+                .baseUrl(zeroTrustProperties.getAuthorizeUrl())
+                .addConverterFactory(Retrofit2ConverterFactory.create())
+                .build();
+        return retrofit.create(ZeroTrustAuthorizeClient.class);
+    }
+
+}

src/main/java/com/dragon/tj/portal/auth/config/WebSecurityCasConfig.java

@@ -0,0 +1,125 @@
+package com.dragon.tj.portal.auth.config;
+
+import com.dragon.tj.portal.auth.common.constants.AuthType;
+import com.dragon.tj.portal.auth.module.cas.MyCasAuthenticationEntryPoint;
+import com.dragon.tj.portal.auth.module.cas.MySimpleUrlAuthenticationSuccessHandler;
+import com.dragon.tj.portal.auth.properties.AppProperties;
+import com.dragon.tj.portal.auth.properties.CasProperties;
+import com.dragon.tj.portal.auth.service.JwtTokenAuthenticationFilter;
+import com.dragon.tj.portal.auth.service.JwtTokenLogoutSuccessHandler;
+import com.dragon.tj.portal.auth.service.MyUserDetailsByNameServiceWrapper;
+import com.dragon.tj.portal.auth.service.MyUserDetailsService;
+import com.dragon.tj.portal.auth.service.TokenService;
+import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
+import org.jasig.cas.client.validation.TicketValidator;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationFilter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+
+@Configuration
+@ConditionalOnProperty(name = "app.auth-type", havingValue = AuthType.CAS, matchIfMissing = true)
+@EnableConfigurationProperties(CasProperties.class)
+public class WebSecurityCasConfig {
+
+    private final AppProperties appProperties;
+    private final CasProperties casProperties;
+    private final JwtTokenAuthenticationFilter jwtTokenAuthenticationFilter;
+    private final MyUserDetailsService userDetailsService;
+    private final MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
+    private final TokenService tokenService;
+
+    public WebSecurityCasConfig(
+            AppProperties appProperties, CasProperties casProperties,
+            JwtTokenAuthenticationFilter jwtTokenAuthenticationFilter,
+            MyUserDetailsService userDetailsService,
+            MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler,
+            TokenService tokenService) {
+        this.appProperties = appProperties;
+        this.casProperties = casProperties;
+        this.jwtTokenAuthenticationFilter = jwtTokenAuthenticationFilter;
+        this.userDetailsService = userDetailsService;
+        this.mySimpleUrlAuthenticationSuccessHandler = mySimpleUrlAuthenticationSuccessHandler;
+        this.tokenService = tokenService;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                // CSRF禁用，因为不使用session
+                .csrf().disable()
+                // Enable CORS
+                .cors()
+                .and()
+                .authorizeRequests()
+                .antMatchers(WebSecurityConfig.WHITE_LIST.toArray(new String[0])).permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                // 因为CasAuthenticationFilter仅拦截/sso/login，所以未认证前访问其他url失败时都走到这个兜底的exception处理
+                .exceptionHandling(exceptions -> exceptions.authenticationEntryPoint(authenticationEntryPoint()))
+                // CAS SSO
+                .addFilter(casAuthenticationFilter())
+                .addFilterBefore(jwtTokenAuthenticationFilter, CasAuthenticationFilter.class)
+                .logout()
+                .logoutUrl(appProperties.getLogoutUrl())
+                .logoutSuccessHandler(jwtTokenLogoutSuccessHandler());
+        return http.build();
+    }
+
+    public AuthenticationEntryPoint authenticationEntryPoint() {
+        MyCasAuthenticationEntryPoint casAuthenticationEntryPoint = new MyCasAuthenticationEntryPoint();
+        casAuthenticationEntryPoint.setLoginUrl(casProperties.getLoginUrl());
+        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
+        return casAuthenticationEntryPoint;
+    }
+
+    public CasAuthenticationFilter casAuthenticationFilter() {
+        CasAuthenticationFilter filter = new CasAuthenticationFilter();
+        filter.setFilterProcessesUrl(appProperties.getFilterUrl());
+
+        CasAuthenticationProvider casAuthenticationProvider = casAuthenticationProvider(userDetailsService);
+        filter.setAuthenticationManager(new ProviderManager(casAuthenticationProvider));
+
+        mySimpleUrlAuthenticationSuccessHandler.setDefaultTargetUrl(appProperties.getTargetUrl());
+        filter.setAuthenticationSuccessHandler(mySimpleUrlAuthenticationSuccessHandler);
+        filter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(appProperties.getFailureUrl()));
+
+        return filter;
+    }
+
+    public CasAuthenticationProvider casAuthenticationProvider(UserDetailsService userDetailsService) {
+        CasAuthenticationProvider provider = new CasAuthenticationProvider();
+        provider.setAuthenticationUserDetailsService(new MyUserDetailsByNameServiceWrapper<>(userDetailsService));
+        provider.setServiceProperties(serviceProperties());
+        provider.setTicketValidator(ticketValidator());
+        provider.setKey("key");
+        return provider;
+    }
+
+    public ServiceProperties serviceProperties() {
+        ServiceProperties serviceProperties = new ServiceProperties();
+        serviceProperties.setService(appProperties.getServiceUrl());
+        return serviceProperties;
+    }
+
+    private TicketValidator ticketValidator() {
+        return new Cas20ServiceTicketValidator(casProperties.getBaseUrl());
+    }
+
+    public JwtTokenLogoutSuccessHandler jwtTokenLogoutSuccessHandler() {
+        return new JwtTokenLogoutSuccessHandler(appProperties.getHomeUrl(), casProperties.getLogoutUrl(), tokenService);
+    }
+
+}

src/main/java/com/dragon/tj/portal/auth/config/WebSecurityConfig.java

@@ -1,77 +1,44 @@
 package com.dragon.tj.portal.auth.config;
 
 import com.dragon.tj.portal.auth.module.hmac.HmacAuthenticationFilter;
-import com.dragon.tj.portal.auth.service.JwtTokenAuthenticationFilter;
-import com.dragon.tj.portal.auth.service.JwtTokenLogoutSuccessHandler;
-import com.dragon.tj.portal.auth.service.MyCasAuthenticationEntryPoint;
-import com.dragon.tj.portal.auth.service.MySimpleUrlAuthenticationSuccessHandler;
-import com.dragon.tj.portal.auth.service.MyUserDetailsByNameServiceWrapper;
-import com.dragon.tj.portal.auth.service.MyUserDetailsService;
-import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
-import org.jasig.cas.client.validation.TicketValidator;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.jdbc.core.JdbcTemplate;
-import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.cas.ServiceProperties;
-import org.springframework.security.cas.authentication.CasAuthenticationProvider;
-import org.springframework.security.cas.web.CasAuthenticationFilter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig {
-    private static final StringBuilder whiteList = new StringBuilder();
-    private static final String DELIMITER_COMMA = ",";
+
+    public static final List<String> WHITE_LIST;
 
     static {
         // 白名单
-        whiteList.append("/test/login").append(DELIMITER_COMMA)
-                .append("/file/**").append(DELIMITER_COMMA);
+        WHITE_LIST = new ArrayList<>();
+        WHITE_LIST.add("/test/login");
+        WHITE_LIST.add("/file/**");
     }
 
-    @Value("${cas.base.url}")
-    private String casBaseUrl;
-    @Value("${cas.login.url}")
-    private String casLoginUrl;
-    @Value("${app.logout.url}")
-    private String appLogoutUrl;
-    @Value("${cas.service.url}")
-    private String casServiceUrl;
-    @Value("${cas.filter.url}")
-    private String casFilterUrl;
-    @Value("${cas.target.url}")
-    private String casTargetUrl;
-    @Value("${cas.failure.url}")
-    private String casFailureUrl;
+    private final JdbcTemplate jdbcTemplate;
 
-    @Autowired
-    private JdbcTemplate jdbcTemplate;
-    @Autowired
-    private JwtTokenAuthenticationFilter jwtTokenAuthenticationFilter;
-    @Autowired
-    private MyUserDetailsService userDetailsService;
-    @Autowired
-    private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
-    @Autowired
-    private JwtTokenLogoutSuccessHandler logoutSuccessHandler;
+    public WebSecurityConfig(JdbcTemplate jdbcTemplate) {
+        this.jdbcTemplate = jdbcTemplate;
+    }
 
     @Bean
     public WebSecurityCustomizer webSecurityCustomizer() {
@@ -115,76 +82,4 @@ public class WebSecurityConfig {
         return filter;
     }
 
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-        http
-                // CSRF禁用，因为不使用session
-                .csrf().disable()
-                // Enable CORS
-                .cors()
-                .and()
-                .authorizeRequests()
-                .antMatchers(whiteList.toString().split(DELIMITER_COMMA)).permitAll()
-                .anyRequest().authenticated()
-                .and()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-                // 因为CasAuthenticationFilter仅拦截/sso/login，所以未认证前访问其他url失败时都走到这个兜底的exception处理
-                .exceptionHandling(exceptions -> exceptions.authenticationEntryPoint(authenticationEntryPoint()))
-                .addFilter(casAuthenticationFilter())
-                .addFilterBefore(jwtTokenAuthenticationFilter, CasAuthenticationFilter.class)
-                // .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
-                .logout()
-                .logoutUrl(appLogoutUrl)
-                .logoutSuccessHandler(logoutSuccessHandler);
-        return http.build();
-    }
-
-    public AuthenticationEntryPoint authenticationEntryPoint() {
-        MyCasAuthenticationEntryPoint casAuthenticationEntryPoint = new MyCasAuthenticationEntryPoint();
-        casAuthenticationEntryPoint.setLoginUrl(this.casLoginUrl);
-        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
-        return casAuthenticationEntryPoint;
-    }
-
-    public CasAuthenticationFilter casAuthenticationFilter() {
-        CasAuthenticationFilter filter = new CasAuthenticationFilter();
-        filter.setFilterProcessesUrl(casFilterUrl);
-
-        CasAuthenticationProvider casAuthenticationProvider = casAuthenticationProvider(userDetailsService);
-        filter.setAuthenticationManager(new ProviderManager(casAuthenticationProvider));
-
-        mySimpleUrlAuthenticationSuccessHandler.setDefaultTargetUrl(casTargetUrl);
-        filter.setAuthenticationSuccessHandler(mySimpleUrlAuthenticationSuccessHandler);
-        filter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(casFailureUrl));
-
-        return filter;
-    }
-
-    public CasAuthenticationProvider casAuthenticationProvider(UserDetailsService userDetailsService) {
-        CasAuthenticationProvider provider = new CasAuthenticationProvider();
-        provider.setAuthenticationUserDetailsService(new MyUserDetailsByNameServiceWrapper<>(userDetailsService));
-        provider.setServiceProperties(serviceProperties());
-        provider.setTicketValidator(ticketValidator());
-        provider.setKey("key");
-        return provider;
-    }
-
-    public ServiceProperties serviceProperties() {
-        ServiceProperties serviceProperties = new ServiceProperties();
-        serviceProperties.setService(casServiceUrl);
-        return serviceProperties;
-    }
-
-    private TicketValidator ticketValidator() {
-        return new Cas20ServiceTicketValidator(this.casBaseUrl);
-    }
-
-//    @Bean
-//    public SingleSignOutFilter singleSignOutFilter() {
-//        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
-//        singleSignOutFilter.setIgnoreInitConfiguration(true);
-//        return singleSignOutFilter;
-//    }
-
 }

src/main/java/com/dragon/tj/portal/auth/config/WebSecurityZeroTrustConfig.java

@@ -0,0 +1,105 @@
+package com.dragon.tj.portal.auth.config;
+
+import com.dragon.tj.portal.auth.common.constants.AuthType;
+import com.dragon.tj.portal.auth.module.cas.MyCasAuthenticationEntryPoint;
+import com.dragon.tj.portal.auth.module.cas.MySimpleUrlAuthenticationSuccessHandler;
+import com.dragon.tj.portal.auth.module.zerotrust.ZeroTrustAuthenticationFilter;
+import com.dragon.tj.portal.auth.module.zerotrust.ZeroTrustAuthenticationProvider;
+import com.dragon.tj.portal.auth.properties.AppProperties;
+import com.dragon.tj.portal.auth.properties.ZeroTrustProperties;
+import com.dragon.tj.portal.auth.service.JwtTokenAuthenticationFilter;
+import com.dragon.tj.portal.auth.service.JwtTokenLogoutSuccessHandler;
+import com.dragon.tj.portal.auth.service.MyUserDetailsService;
+import com.dragon.tj.portal.auth.service.TokenService;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@ConditionalOnProperty(name = "app.auth-type", havingValue = AuthType.ZERO_TRUST)
+@EnableConfigurationProperties(ZeroTrustProperties.class)
+public class WebSecurityZeroTrustConfig {
+
+    private final AppProperties appProperties;
+    private final ZeroTrustProperties zeroTrustProperties;
+    private final JwtTokenAuthenticationFilter jwtTokenAuthenticationFilter;
+    private final MyUserDetailsService userDetailsService;
+    private final MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
+    private final TokenService tokenService;
+
+    public WebSecurityZeroTrustConfig(
+            AppProperties appProperties,
+            ZeroTrustProperties zeroTrustProperties,
+            JwtTokenAuthenticationFilter jwtTokenAuthenticationFilter,
+            MyUserDetailsService userDetailsService,
+            MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler,
+            TokenService tokenService) {
+        this.appProperties = appProperties;
+        this.zeroTrustProperties = zeroTrustProperties;
+        this.jwtTokenAuthenticationFilter = jwtTokenAuthenticationFilter;
+        this.userDetailsService = userDetailsService;
+        this.mySimpleUrlAuthenticationSuccessHandler = mySimpleUrlAuthenticationSuccessHandler;
+        this.tokenService = tokenService;
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                // CSRF禁用，因为不使用session
+                .csrf().disable()
+                // Enable CORS
+                .cors()
+                .and()
+                .authorizeRequests()
+                .antMatchers(WebSecurityConfig.WHITE_LIST.toArray(new String[0])).permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                // 因为CasAuthenticationFilter仅拦截/sso/login，所以未认证前访问其他url失败时都走到这个兜底的exception处理
+                .exceptionHandling(exceptions -> exceptions.authenticationEntryPoint(authenticationEntryPoint()))
+                // HuaWei Zero Trust
+                .addFilterBefore(jwtTokenAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(zeroTrustAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
+                .logout()
+                .logoutUrl(appProperties.getLogoutUrl())
+                .logoutSuccessHandler(jwtTokenLogoutSuccessHandler());
+        return http.build();
+    }
+
+    public AuthenticationEntryPoint authenticationEntryPoint() {
+        MyCasAuthenticationEntryPoint casAuthenticationEntryPoint = new MyCasAuthenticationEntryPoint();
+        casAuthenticationEntryPoint.setLoginUrl(zeroTrustProperties.getLoginUrl());
+        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
+        return casAuthenticationEntryPoint;
+    }
+
+    public ServiceProperties serviceProperties() {
+        ServiceProperties serviceProperties = new ServiceProperties();
+        serviceProperties.setService(appProperties.getServiceUrl());
+        return serviceProperties;
+    }
+
+    public ZeroTrustAuthenticationFilter zeroTrustAuthenticationFilter() {
+        ZeroTrustAuthenticationFilter filter = new ZeroTrustAuthenticationFilter(appProperties.getFilterUrl());
+        filter.setAuthenticationManager(new ProviderManager(new ZeroTrustAuthenticationProvider(userDetailsService)));
+        mySimpleUrlAuthenticationSuccessHandler.setDefaultTargetUrl(appProperties.getTargetUrl());
+        filter.setAuthenticationSuccessHandler(mySimpleUrlAuthenticationSuccessHandler);
+        filter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(appProperties.getFailureUrl()));
+        return filter;
+    }
+
+    public JwtTokenLogoutSuccessHandler jwtTokenLogoutSuccessHandler() {
+        return new JwtTokenLogoutSuccessHandler(appProperties.getHomeUrl(), zeroTrustProperties.getLogoutUrl(), tokenService);
+    }
+
+}

src/main/java/com/dragon/tj/portal/auth/controller/SsoController.java

@@ -46,7 +46,7 @@ public class SsoController {
         if (StringUtils.isBlank(idCard)) {
             idCard = "120222197001010002";
         }
-        SysUser sysUser = sysUserService.getUserById(idCard);
+        SysUser sysUser = sysUserService.getUserByKey(idCard);
         List<String> perms = Arrays.asList("gzt", "yyzx", "ywzx", "xxgl", "rjxz", "rzcx", "cjwt");
         LoginUser loginUser = new LoginUser(sysUser.getIdcard(), sysUser.getOrgCode(), sysUser, new HashSet<>(perms));
         UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());

src/main/java/com/dragon/tj/portal/auth/model/LoginUser.java

@@ -16,58 +16,53 @@ import java.util.stream.Collectors;
  * @author tienchin
  */
 public class LoginUser implements UserDetails {
-
+    private static final long serialVersionUID = -8692404576335771235L;
+    SysUser user;
     /**
      * 用户idCard
      */
     private String idCard;
-
     /**
      * 部门code
      */
     private String orgCode;
-
     /**
      * 用户唯一标识
      */
     private String token;
-
     /**
      * 登录时间
      */
     private Long loginTime;
-
     /**
      * 过期时间
      */
     private Long expireTime;
-
     /**
      * 登录IP地址
      */
     private String ipaddr;
-
     /**
      * 登录地点
      */
     private String loginLocation;
-
     /**
      * 浏览器类型
      */
     private String browser;
-
     /**
      * 操作系统
      */
     private String os;
-
     /**
      * 权限列表
      */
     private Set<String> permissions;
-
-    SysUser user;
+    /**
+     * HuaWei Zero Trust Required
+     */
+    private String userToken;
+    private String appToken;
 
     public LoginUser(SysUser user, Set<String> permissions) {
         this.user = user;
@@ -206,4 +201,20 @@ public class LoginUser implements UserDetails {
     public void setUser(SysUser user) {
         this.user = user;
     }
+
+    public String getUserToken() {
+        return userToken;
+    }
+
+    public void setUserToken(String userToken) {
+        this.userToken = userToken;
+    }
+
+    public String getAppToken() {
+        return appToken;
+    }
+
+    public void setAppToken(String appToken) {
+        this.appToken = appToken;
+    }
 }

src/main/java/com/dragon/tj/portal/auth/model/zeroTrust/AuthenticationMsg.java

@@ -0,0 +1,26 @@
+package com.dragon.tj.portal.auth.model.zeroTrust;
+
+import java.io.Serializable;
+
+public class AuthenticationMsg implements Serializable {
+    private static final long serialVersionUID = 5219010289324571546L;
+
+    private String code;
+    private String info;
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public String getInfo() {
+        return info;
+    }
+
+    public void setInfo(String info) {
+        this.info = info;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/model/zeroTrust/AuthenticationResponse.java

@@ -0,0 +1,35 @@
+package com.dragon.tj.portal.auth.model.zeroTrust;
+
+import java.io.Serializable;
+
+public class AuthenticationResponse implements Serializable {
+    public static final String SUCCESS = "successed";
+    private static final long serialVersionUID = -8244370439799252224L;
+    private String tag;
+    private AuthenticationMsg msg;
+    private AuthenticationResult result;
+
+    public String getTag() {
+        return tag;
+    }
+
+    public void setTag(String tag) {
+        this.tag = tag;
+    }
+
+    public AuthenticationMsg getMsg() {
+        return msg;
+    }
+
+    public void setMsg(AuthenticationMsg msg) {
+        this.msg = msg;
+    }
+
+    public AuthenticationResult getResult() {
+        return result;
+    }
+
+    public void setResult(AuthenticationResult result) {
+        this.result = result;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/model/zeroTrust/AuthenticationResult.java

@@ -0,0 +1,71 @@
+package com.dragon.tj.portal.auth.model.zeroTrust;
+
+import java.io.Serializable;
+
+public class AuthenticationResult implements Serializable {
+    private static final long serialVersionUID = -8244370439799252224L;
+
+    private String yhId;
+    private String xm;
+    private String jh;
+    private String sfzh;
+    private String dwdm;
+    private String dwmc;
+    private String zw;
+
+    public String getYhId() {
+        return yhId;
+    }
+
+    public void setYhId(String yhId) {
+        this.yhId = yhId;
+    }
+
+    public String getXm() {
+        return xm;
+    }
+
+    public void setXm(String xm) {
+        this.xm = xm;
+    }
+
+    public String getJh() {
+        return jh;
+    }
+
+    public void setJh(String jh) {
+        this.jh = jh;
+    }
+
+    public String getSfzh() {
+        return sfzh;
+    }
+
+    public void setSfzh(String sfzh) {
+        this.sfzh = sfzh;
+    }
+
+    public String getDwdm() {
+        return dwdm;
+    }
+
+    public void setDwdm(String dwdm) {
+        this.dwdm = dwdm;
+    }
+
+    public String getDwmc() {
+        return dwmc;
+    }
+
+    public void setDwmc(String dwmc) {
+        this.dwmc = dwmc;
+    }
+
+    public String getZw() {
+        return zw;
+    }
+
+    public void setZw(String zw) {
+        this.zw = zw;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/model/zeroTrust/AuthorizationRequest.java

@@ -0,0 +1,30 @@
+package com.dragon.tj.portal.auth.model.zeroTrust;
+
+import java.io.Serializable;
+
+public class AuthorizationRequest implements Serializable {
+    private static final long serialVersionUID = -205960148507843883L;
+    private String appTokenId;
+    private String taskId;
+
+    public AuthorizationRequest(String appTokenId, String taskId) {
+        this.appTokenId = appTokenId;
+        this.taskId = taskId;
+    }
+
+    public String getAppTokenId() {
+        return appTokenId;
+    }
+
+    public void setAppTokenId(String appTokenId) {
+        this.appTokenId = appTokenId;
+    }
+
+    public String getTaskId() {
+        return taskId;
+    }
+
+    public void setTaskId(String taskId) {
+        this.taskId = taskId;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/model/zeroTrust/AuthorizationResponse.java

@@ -0,0 +1,38 @@
+package com.dragon.tj.portal.auth.model.zeroTrust;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.io.Serializable;
+
+public class AuthorizationResponse implements Serializable {
+    public static final String SUCCESS = "0000";
+    private static final long serialVersionUID = -5801293871151627485L;
+    @JsonProperty(value = "status_code")
+    private String statusCode;
+    private String message;
+    private AuthorizationResult data;
+
+    public String getStatusCode() {
+        return statusCode;
+    }
+
+    public void setStatusCode(String statusCode) {
+        this.statusCode = statusCode;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public AuthorizationResult getData() {
+        return data;
+    }
+
+    public void setData(AuthorizationResult data) {
+        this.data = data;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/model/zeroTrust/AuthorizationResult.java

@@ -0,0 +1,17 @@
+package com.dragon.tj.portal.auth.model.zeroTrust;
+
+import java.io.Serializable;
+
+public class AuthorizationResult implements Serializable {
+    private static final long serialVersionUID = -264826196112684730L;
+
+    private String result;
+
+    public String getResult() {
+        return result;
+    }
+
+    public void setResult(String result) {
+        this.result = result;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/client/DcucUserClient.java → src/main/java/com/dragon/tj/portal/auth/module/cas/CasAuthenticationClient.java

@@ -1,4 +1,4 @@
-package com.dragon.tj.portal.auth.client;
+package com.dragon.tj.portal.auth.module.cas;
 
 import com.dragon.tj.portal.auth.model.RR;
 import com.dragon.tj.portal.auth.web.entity.SysUser;
@@ -7,7 +7,7 @@ import retrofit2.http.GET;
 import retrofit2.http.Header;
 import retrofit2.http.Path;
 
-public interface DcucUserClient {
+public interface CasAuthenticationClient {
 
     @GET("user-service/v1/users/{idCard}")
     Call<RR<SysUser>> getUserInfo(

src/main/java/com/dragon/tj/portal/auth/client/DcucAuthClient.java → src/main/java/com/dragon/tj/portal/auth/module/cas/CasAuthorizationClient.java

@@ -1,4 +1,4 @@
-package com.dragon.tj.portal.auth.client;
+package com.dragon.tj.portal.auth.module.cas;
 
 import com.dragon.tj.portal.auth.model.AuthReq;
 import com.dragon.tj.portal.auth.model.AuthResult;
@@ -10,7 +10,7 @@ import retrofit2.http.POST;
 
 import java.util.List;
 
-public interface DcucAuthClient {
+public interface CasAuthorizationClient {
 
     @POST("auth-service/v3/auths/functions")
     Call<RR<List<AuthResult>>> getAuthFunctions(

src/main/java/com/dragon/tj/portal/auth/service/MyCasAuthenticationEntryPoint.java → src/main/java/com/dragon/tj/portal/auth/module/cas/MyCasAuthenticationEntryPoint.java

@@ -1,4 +1,4 @@
-package com.dragon.tj.portal.auth.service;
+package com.dragon.tj.portal.auth.module.cas;
 
 import cn.hutool.json.JSONUtil;
 import org.jasig.cas.client.util.CommonUtils;
@@ -101,14 +101,14 @@ public class MyCasAuthenticationEntryPoint implements AuthenticationEntryPoint,
         return this.loginUrl;
     }
 
-    public final ServiceProperties getServiceProperties() {
-        return this.serviceProperties;
-    }
-
     public final void setLoginUrl(String loginUrl) {
         this.loginUrl = loginUrl;
     }
 
+    public final ServiceProperties getServiceProperties() {
+        return this.serviceProperties;
+    }
+
     public final void setServiceProperties(ServiceProperties serviceProperties) {
         this.serviceProperties = serviceProperties;
     }
@@ -116,20 +116,20 @@ public class MyCasAuthenticationEntryPoint implements AuthenticationEntryPoint,
     /**
      * Sets whether to encode the service url with the session id or not.
      *
-     * @param encodeServiceUrlWithSessionId whether to encode the service url with the
-     *                                      session id or not.
+     * @return whether to encode the service url with the session id or not.
      */
-    public final void setEncodeServiceUrlWithSessionId(boolean encodeServiceUrlWithSessionId) {
-        this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
+    protected boolean getEncodeServiceUrlWithSessionId() {
+        return this.encodeServiceUrlWithSessionId;
     }
 
     /**
      * Sets whether to encode the service url with the session id or not.
      *
-     * @return whether to encode the service url with the session id or not.
+     * @param encodeServiceUrlWithSessionId whether to encode the service url with the
+     *                                      session id or not.
      */
-    protected boolean getEncodeServiceUrlWithSessionId() {
-        return this.encodeServiceUrlWithSessionId;
+    public final void setEncodeServiceUrlWithSessionId(boolean encodeServiceUrlWithSessionId) {
+        this.encodeServiceUrlWithSessionId = encodeServiceUrlWithSessionId;
     }
 
 }

src/main/java/com/dragon/tj/portal/auth/service/MySimpleUrlAuthenticationSuccessHandler.java → src/main/java/com/dragon/tj/portal/auth/module/cas/MySimpleUrlAuthenticationSuccessHandler.java

@@ -1,6 +1,7 @@
-package com.dragon.tj.portal.auth.service;
+package com.dragon.tj.portal.auth.module.cas;
 
 import com.dragon.tj.portal.auth.model.LoginUser;
+import com.dragon.tj.portal.auth.service.TokenService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.core.Authentication;

src/main/java/com/dragon/tj/portal/auth/module/zerotrust/ZeroTrustAuthenticationClient.java

@@ -0,0 +1,14 @@
+package com.dragon.tj.portal.auth.module.zerotrust;
+
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthenticationResponse;
+import retrofit2.Call;
+import retrofit2.http.Field;
+import retrofit2.http.FormUrlEncoded;
+import retrofit2.http.POST;
+
+public interface ZeroTrustAuthenticationClient {
+
+    @FormUrlEncoded
+    @POST("tacs/getNewIDPUserAttributes")
+    Call<AuthenticationResponse> getUserInfo(@Field("appId") String appId, @Field("userToken") String userToken);
+}

src/main/java/com/dragon/tj/portal/auth/module/zerotrust/ZeroTrustAuthenticationFilter.java

@@ -0,0 +1,29 @@
+package com.dragon.tj.portal.auth.module.zerotrust;
+
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class ZeroTrustAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+    private static final String HEADER_USER_TOKEN = "RZZX-USERTOKEN";
+    private static final String HEADER_APP_TOKEN = "RZZX-APPTOKEN";
+
+    public ZeroTrustAuthenticationFilter(String defaultFilterProcessesUrl) {
+        super(defaultFilterProcessesUrl);
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+        String userToken = request.getHeader(HEADER_USER_TOKEN);
+        String appToken = request.getHeader(HEADER_APP_TOKEN);
+        UsernamePasswordAuthenticationToken authRequest =
+                UsernamePasswordAuthenticationToken.unauthenticated(userToken, appToken);
+        // Allow subclasses to set the "details" property
+        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+}

src/main/java/com/dragon/tj/portal/auth/module/zerotrust/ZeroTrustAuthenticationProvider.java

@@ -0,0 +1,48 @@
+package com.dragon.tj.portal.auth.module.zerotrust;
+
+import com.dragon.tj.portal.auth.model.LoginUser;
+import com.dragon.tj.portal.auth.service.MyUserDetailsService;
+import org.jasig.cas.client.validation.AssertionImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.cas.authentication.CasAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+
+public class ZeroTrustAuthenticationProvider implements AuthenticationProvider {
+    private static final Logger LOGGER = LoggerFactory.getLogger(ZeroTrustAuthenticationProvider.class);
+    private final MyUserDetailsService userDetailsService;
+
+    public ZeroTrustAuthenticationProvider(MyUserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        if (authentication.getPrincipal() == null || "".equals(authentication.getPrincipal())) {
+            throw new BadCredentialsException("Failed to get the user token");
+        }
+        if (authentication.getCredentials() == null || "".equals(authentication.getCredentials())) {
+            throw new BadCredentialsException("Failed to get the app token");
+        }
+        String userToken = authentication.getName();
+        String appToken = authentication.getCredentials().toString();
+        LOGGER.info("Current User Token: {}, App Token: {}", userToken, appToken);
+        UserDetails userDetails = userDetailsService.loadUserByZeroTrust(userToken, appToken);
+        if (userDetails instanceof LoginUser) {
+            ((LoginUser) userDetails).setUserToken(userToken);
+            ((LoginUser) userDetails).setAppToken(appToken);
+        }
+        return new CasAuthenticationToken("ZeroTrust", userDetails, authentication.getCredentials(),
+                userDetails.getAuthorities(), userDetails, new AssertionImpl(""));
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+}

src/main/java/com/dragon/tj/portal/auth/module/zerotrust/ZeroTrustAuthorizeClient.java

@@ -0,0 +1,13 @@
+package com.dragon.tj.portal.auth.module.zerotrust;
+
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthorizationRequest;
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthorizationResponse;
+import retrofit2.Call;
+import retrofit2.http.Body;
+import retrofit2.http.POST;
+
+public interface ZeroTrustAuthorizeClient {
+
+    @POST("auth-service/v4/functionAuth")
+    Call<AuthorizationResponse> getAuthFunctions(@Body AuthorizationRequest body);
+}

src/main/java/com/dragon/tj/portal/auth/properties/AppProperties.java

@@ -0,0 +1,16 @@
+package com.dragon.tj.portal.auth.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@Data
+@ConfigurationProperties(prefix = "app")
+public class AppProperties {
+    private String logoutUrl;
+    private String homeUrl;
+    private String serviceUrl;
+    private String filterUrl;
+    private String targetUrl;
+    private String failureUrl;
+    private String authType;
+}

src/main/java/com/dragon/tj/portal/auth/properties/CasProperties.java

@@ -0,0 +1,15 @@
+package com.dragon.tj.portal.auth.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@Data
+@ConfigurationProperties(prefix = "auth.cas")
+public class CasProperties {
+    private String appCode;
+    private String baseUrl;
+    private String loginUrl;
+    private String logoutUrl;
+    private String authenticationUrl;
+    private String authorizeUrl;
+}

src/main/java/com/dragon/tj/portal/auth/properties/ZeroTrustProperties.java

@@ -0,0 +1,16 @@
+package com.dragon.tj.portal.auth.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+@Data
+@ConfigurationProperties(prefix = "auth.zerotrust")
+public class ZeroTrustProperties {
+    private String appCode;
+    private String baseUrl;
+    private String loginUrl;
+    private String logoutUrl;
+    private String authenticationUrl;
+    private String authorizeUrl;
+    private String taskId;
+}

src/main/java/com/dragon/tj/portal/auth/service/JwtTokenLogoutSuccessHandler.java

@@ -2,9 +2,6 @@ package com.dragon.tj.portal.auth.service;
 
 import cn.hutool.json.JSONUtil;
 import com.dragon.tj.portal.auth.model.LoginUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@@ -19,17 +16,17 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 
-@Configuration
 public class JwtTokenLogoutSuccessHandler implements LogoutSuccessHandler {
 
-    @Autowired
-    private TokenService tokenService;
+    private final String homeUrl;
+    private final String logoutUrl;
+    private final TokenService tokenService;
 
-    @Value("${cas.logout.url}")
-    private String casLogoutUrl;
-
-    @Value("${app.home.url}")
-    private String appHomeUrl;
+    public JwtTokenLogoutSuccessHandler(String homeUrl, String logoutUrl, TokenService tokenService) {
+        this.homeUrl = homeUrl;
+        this.logoutUrl = logoutUrl;
+        this.tokenService = tokenService;
+    }
 
     /**
      * 退出处理
@@ -43,7 +40,7 @@ public class JwtTokenLogoutSuccessHandler implements LogoutSuccessHandler {
             tokenService.delLoginUser(loginUser.getToken());
         }
         Map<String, String> data = new HashMap<>();
-        data.put("casLogoutUrl", casLogoutUrl + "?service=" + URLEncoder.encode(appHomeUrl, StandardCharsets.UTF_8.name()));
+        data.put("casLogoutUrl", logoutUrl + "?service=" + URLEncoder.encode(homeUrl, StandardCharsets.UTF_8.name()));
         response.setStatus(HttpServletResponse.SC_OK);
         response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         response.getWriter().write(JSONUtil.toJsonStr(data));

src/main/java/com/dragon/tj/portal/auth/service/MyUserDetailsService.java

@@ -3,17 +3,14 @@ package com.dragon.tj.portal.auth.service;
 import com.dragon.tj.portal.auth.model.LoginUser;
 import com.dragon.tj.portal.auth.web.entity.SysUser;
 import com.dragon.tj.portal.auth.web.service.SysUserService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 
 import java.util.HashSet;
+import java.util.List;
 import java.util.Objects;
-import java.util.Set;
 
 /**
  * 用户验证处理
@@ -22,24 +19,38 @@ import java.util.Set;
  */
 @Service
 public class MyUserDetailsService implements UserDetailsService {
-    private static final Logger LOGGER = LoggerFactory.getLogger(MyUserDetailsService.class);
+    private final SysUserService userService;
+    private final SysPermissionService sysPermissionService;
 
-    @Autowired
-    private SysUserService userService;
-    @Autowired
-    private SysPermissionService sysPermissionService;
+    public MyUserDetailsService(SysUserService userService, SysPermissionService sysPermissionService) {
+        this.userService = userService;
+        this.sysPermissionService = sysPermissionService;
+    }
 
     @Override
-    public UserDetails loadUserByUsername(String idCard) throws UsernameNotFoundException {
-        SysUser user = userService.getUserById(idCard);
+    public UserDetails loadUserByUsername(String key) throws UsernameNotFoundException {
+        SysUser user = userService.getUserByKey(key);
         if (Objects.isNull(user)) {
-            throw new UsernameNotFoundException(idCard);
+            throw new UsernameNotFoundException(key);
         }
         return createLoginUser(user);
     }
 
-    public UserDetails createLoginUser(SysUser sysUser) {
-        Set<String> permissions = sysPermissionService.getMenuPermission(sysUser);
+    private UserDetails createLoginUser(SysUser sysUser) {
+        List<String> permissions = sysPermissionService.getMenuPermission(sysUser);
+        return new LoginUser(sysUser.getIdcard(), sysUser.getOrgCode(), sysUser, new HashSet<>(permissions));
+    }
+
+    public UserDetails loadUserByZeroTrust(String userToken, String appToken) {
+        SysUser user = userService.getUserFromZeroTrust(userToken);
+        if (Objects.isNull(user)) {
+            throw new UsernameNotFoundException(userToken);
+        }
+        return createLoginUserByZeroTrust(user, userToken, appToken);
+    }
+
+    private UserDetails createLoginUserByZeroTrust(SysUser sysUser, String userToken, String appToken) {
+        List<String> permissions = sysPermissionService.getMenuPermissionFromZeroTrust(userToken, appToken);
         return new LoginUser(sysUser.getIdcard(), sysUser.getOrgCode(), sysUser, new HashSet<>(permissions));
     }
 }

src/main/java/com/dragon/tj/portal/auth/service/SysPermissionService.java

@@ -1,19 +1,23 @@
 package com.dragon.tj.portal.auth.service;
 
-import com.dragon.tj.portal.auth.client.DcucAuthClient;
 import com.dragon.tj.portal.auth.model.AuthReq;
 import com.dragon.tj.portal.auth.model.AuthResult;
 import com.dragon.tj.portal.auth.model.RR;
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthorizationRequest;
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthorizationResponse;
+import com.dragon.tj.portal.auth.module.cas.CasAuthorizationClient;
+import com.dragon.tj.portal.auth.module.zerotrust.ZeroTrustAuthorizeClient;
+import com.dragon.tj.portal.auth.properties.CasProperties;
+import com.dragon.tj.portal.auth.properties.ZeroTrustProperties;
 import com.dragon.tj.portal.auth.web.entity.SysUser;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 import retrofit2.Call;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Objects;
@@ -28,11 +32,21 @@ import java.util.Set;
 public class SysPermissionService {
     private static final Logger LOGGER = LoggerFactory.getLogger(SysPermissionService.class);
 
-    @Autowired
-    private DcucAuthClient dcucAuthClient;
+    private final CasProperties casProperties;
+    private final ZeroTrustProperties zeroTrustProperties;
+    private final CasAuthorizationClient casAuthorizationClient;
+    private final ZeroTrustAuthorizeClient zeroTrustAuthorizeClient;
 
-    @Value("${app.code}")
-    private String appCode;
+    public SysPermissionService(
+            CasProperties casProperties,
+            ZeroTrustProperties zeroTrustProperties,
+            CasAuthorizationClient casAuthorizationClient,
+            ZeroTrustAuthorizeClient zeroTrustAuthorizeClient) {
+        this.casProperties = casProperties;
+        this.zeroTrustProperties = zeroTrustProperties;
+        this.casAuthorizationClient = casAuthorizationClient;
+        this.zeroTrustAuthorizeClient = zeroTrustAuthorizeClient;
+    }
 
     /**
      * 获取数据权限
@@ -50,17 +64,23 @@ public class SysPermissionService {
      * @param user 用户信息
      * @return 菜单权限信息
      */
-    public Set<String> getMenuPermission(SysUser user) {
-        Set<String> perms = new HashSet<>();
-        String idCard = user.getIdcard();
+    public List<String> getMenuPermission(SysUser user) {
+        // Default Auth: DCUC
+        return getMenuPermissionFromDcuc(user.getIdcard());
+    }
+
+    private List<String> getMenuPermissionFromDcuc(String idCard) {
         try {
             LOGGER.info("登录用户[{}]调用权限管理服务-功能级鉴权接口", idCard);
-            Call<RR<List<AuthResult>>> call = dcucAuthClient.getAuthFunctions(appCode, idCard, new AuthReq(appCode, idCard));
+            Call<RR<List<AuthResult>>> call = casAuthorizationClient.getAuthFunctions(
+                    casProperties.getAppCode(), idCard, new AuthReq(casProperties.getAppCode(), idCard));
             RR<List<AuthResult>> body = call.execute().body();
             if (Objects.nonNull(body)) {
                 if ("200".equals(body.getStatusCode())) {
                     List<AuthResult> results = body.getResult();
-                    perms.addAll(extractPermissions(results));
+                    List<String> permissions = extractPermissions(results);
+                    LOGGER.info("登录用户[{}]调用权限管理服务-功能级鉴权接口 成功: {}", idCard, permissions);
+                    return permissions;
                 } else {
                     LOGGER.error("登录用户[{}]调用权限管理服务-功能级鉴权接口 出错: {}", idCard, body.getMessage());
                 }
@@ -70,8 +90,31 @@ public class SysPermissionService {
         } catch (Exception e) {
             LOGGER.error("登录用户[{}]调用权限管理服务-功能级鉴权接口 出错", idCard, e);
         }
+        return new ArrayList<>();
+    }
 
-        return perms;
+    public List<String> getMenuPermissionFromZeroTrust(String userToken, String appToken) {
+        try {
+            LOGGER.info("登录用户[{}]调用零信任-功能级鉴权接口", userToken);
+            Call<AuthorizationResponse> call = zeroTrustAuthorizeClient.getAuthFunctions(
+                    new AuthorizationRequest(appToken, zeroTrustProperties.getTaskId()));
+            AuthorizationResponse body = call.execute().body();
+            if (Objects.nonNull(body)) {
+                if (AuthorizationResponse.SUCCESS.equals(body.getStatusCode())) {
+                    String results = body.getData().getResult();
+                    List<String> permissions = Arrays.asList(results.split(","));
+                    LOGGER.info("登录用户[{}]调用零信任-功能级鉴权接口 成功: {}", userToken, permissions);
+                    return permissions;
+                } else {
+                    LOGGER.error("登录用户[{}]调用零信任-功能级鉴权接口 出错: {}", userToken, body.getMessage());
+                }
+            } else {
+                LOGGER.error("登录用户[{}]调用零信任-功能级鉴权接口 出错: 返回为空", userToken);
+            }
+        } catch (Exception e) {
+            LOGGER.error("登录用户[{}]调用零信任-功能级鉴权接口 出错", userToken, e);
+        }
+        return new ArrayList<>();
     }
 
     private List<String> extractPermissions(List<AuthResult> results) {

src/main/java/com/dragon/tj/portal/auth/util/SSLSocketManager.java

@@ -0,0 +1,46 @@
+package com.dragon.tj.portal.auth.util;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+public class SSLSocketManager {
+
+    public static SSLSocketFactory getSSLSocketFactory() {
+        try {
+            SSLContext sslContext = SSLContext.getInstance("SSL");
+            sslContext.init(null, new TrustManager[]{getTrustManager()}, new SecureRandom());
+            return sslContext.getSocketFactory();
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static X509TrustManager getTrustManager() {
+        return new X509TrustManager() {
+            @Override
+            public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
+
+            }
+
+            @Override
+            public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+
+            }
+
+            @Override
+            public X509Certificate[] getAcceptedIssuers() {
+                return new X509Certificate[]{};
+            }
+        };
+    }
+
+    public static HostnameVerifier getHostNameVerifier() {
+        return (s, sslSession) -> true;
+    }
+}

src/main/java/com/dragon/tj/portal/auth/web/entity/SysUser.java

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.ToString;
 import lombok.experimental.Accessors;
 
 import java.io.Serializable;
@@ -20,6 +21,7 @@ import java.util.List;
  */
 @Getter
 @Setter
+@ToString
 @Accessors(chain = true)
 @TableName("sys_user")
 public class SysUser implements Serializable {

src/main/java/com/dragon/tj/portal/auth/web/service/SysUserService.java

@@ -15,7 +15,9 @@ import com.dragon.tj.portal.entity.PageParam;
  */
 public interface SysUserService extends IService<SysUser> {
 
-    SysUser getUserById(String idCard);
+    SysUser getUserByKey(String key);
+
+    SysUser getUserFromZeroTrust(String userToken);
 
     Page<SysUser> list(PageParam<SysUser> pageParam);
 }

src/main/java/com/dragon/tj/portal/auth/web/service/impl/SysUserServiceImpl.java

@@ -4,8 +4,13 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.OrderItem;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.dragon.tj.portal.auth.client.DcucUserClient;
 import com.dragon.tj.portal.auth.model.RR;
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthenticationResponse;
+import com.dragon.tj.portal.auth.model.zeroTrust.AuthenticationResult;
+import com.dragon.tj.portal.auth.module.cas.CasAuthenticationClient;
+import com.dragon.tj.portal.auth.module.zerotrust.ZeroTrustAuthenticationClient;
+import com.dragon.tj.portal.auth.properties.CasProperties;
+import com.dragon.tj.portal.auth.properties.ZeroTrustProperties;
 import com.dragon.tj.portal.auth.web.entity.SysUser;
 import com.dragon.tj.portal.auth.web.mapper.SysUserMapper;
 import com.dragon.tj.portal.auth.web.service.SysUserService;
@@ -13,8 +18,6 @@ import com.dragon.tj.portal.entity.PageParam;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 import retrofit2.Call;
@@ -33,20 +36,24 @@ import java.util.Objects;
 public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements SysUserService {
     private static final Logger LOGGER = LoggerFactory.getLogger(SysUserServiceImpl.class);
 
-    @Autowired
-    private DcucUserClient dcucUserClient;
+    private final CasProperties casProperties;
+    private final ZeroTrustProperties zeroTrustProperties;
+    private final CasAuthenticationClient casAuthenticationClient;
+    private final ZeroTrustAuthenticationClient zeroTrustAuthenticationClient;
 
-    @Value("${app.code}")
-    private String appCode;
+    public SysUserServiceImpl(
+            CasProperties casProperties, ZeroTrustProperties zeroTrustProperties,
+            CasAuthenticationClient casAuthenticationClient,
+            ZeroTrustAuthenticationClient zeroTrustAuthenticationClient) {
+        this.casProperties = casProperties;
+        this.zeroTrustProperties = zeroTrustProperties;
+        this.casAuthenticationClient = casAuthenticationClient;
+        this.zeroTrustAuthenticationClient = zeroTrustAuthenticationClient;
+    }
 
     @Override
-    public SysUser getUserById(String idCard) {
-        SysUser sysUser = getById(idCard);
-        if (Objects.isNull(sysUser)) {
-            LOGGER.info("登录用户[{}]调用用户管理服务-获取警员详情接口", idCard);
-            sysUser = getUserFromDcuc(idCard);
-        }
-        return sysUser;
+    public SysUser getUserByKey(String key) {
+        return getUserFromDcuc(key);
     }
 
     @Override
@@ -70,19 +77,51 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
     public SysUser getUserFromDcuc(String idCard) {
         SysUser sysUser = null;
         try {
-            Call<RR<SysUser>> call = dcucUserClient.getUserInfo(appCode, idCard, idCard);
+            LOGGER.info("登录用户[{}]调用DCUC用户管理服务-获取警员详情接口", idCard);
+            Call<RR<SysUser>> call = casAuthenticationClient.getUserInfo(casProperties.getAppCode(), idCard, idCard);
             RR<SysUser> body = call.execute().body();
             if (Objects.nonNull(body)) {
                 if ("200".equals(body.getStatusCode())) {
                     sysUser = body.getResult();
+                    LOGGER.info("登录用户[{}]调用DCUC用户管理服务-获取警员详情接口 成功: {}", idCard, sysUser);
+                } else {
+                    LOGGER.error("登录用户[{}]调用DCUC用户管理服务-获取警员详情接口 出错: {}", idCard, body.getMessage());
+                }
+            } else {
+                LOGGER.error("登录用户[{}]调用DCUC用户管理服务-获取警员详情接口 出错: 返回为空", idCard);
+            }
+        } catch (Exception e) {
+            LOGGER.error("登录用户[{}]调用DCUC用户管理服务-获取警员详情接口 出错", idCard, e);
+        }
+        return sysUser;
+    }
+
+    @Override
+    public SysUser getUserFromZeroTrust(String userToken) {
+        SysUser sysUser = null;
+        try {
+            LOGGER.info("登录用户[{}]调用零信任-获取认证用户接口", userToken);
+            Call<AuthenticationResponse> call = zeroTrustAuthenticationClient.getUserInfo(
+                    zeroTrustProperties.getAppCode(), userToken);
+            AuthenticationResponse body = call.execute().body();
+            if (Objects.nonNull(body)) {
+                if (AuthenticationResponse.SUCCESS.equals(body.getTag())) {
+                    AuthenticationResult result = body.getResult();
+                    sysUser = new SysUser();
+                    sysUser.setIdcard(result.getSfzh());
+                    sysUser.setName(result.getXm());
+                    sysUser.setPoliceNumber(result.getJh());
+                    sysUser.setOrgCode(result.getDwdm());
+                    sysUser.setOrgName(result.getDwmc());
+                    LOGGER.info("登录用户[{}]调用零信任-获取认证用户接口 成功: {}", userToken, sysUser);
                 } else {
-                    LOGGER.error("登录用户[{}]调用用户管理服务-获取警员详情接口 出错: {}", idCard, body.getMessage());
+                    LOGGER.error("登录用户[{}]调用零信任-获取认证用户接口 出错: {}", userToken, body.getMsg().getInfo());
                 }
             } else {
-                LOGGER.error("登录用户[{}]调用用户管理服务-获取警员详情接口 出错: 返回为空", idCard);
+                LOGGER.error("登录用户[{}]调用零信任-获取认证用户接口 出错: 返回为空", userToken);
             }
         } catch (Exception e) {
-            LOGGER.error("登录用户[{}]调用用户管理服务-获取警员详情接口 出错", idCard, e);
+            LOGGER.error("登录用户[{}]调用零信任-获取认证用户接口 出错", userToken, e);
         }
         return sysUser;
     }

src/main/resources/application-dev.properties

@@ -1,8 +1,5 @@
-###########server#############
-server.port=8082
-
 ###########spring#############
-spring.datasource.url=jdbc:mysql://127.0.0.1:3306/portal?useSSL=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
+spring.datasource.url=jdbc:mysql://1.94.209.147:3306/portal?useSSL=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
 spring.datasource.username=portal
 spring.datasource.password=portal01!
 mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
@@ -10,7 +7,7 @@ mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
 
 ###########kafka#############
 #\u6307\u5B9A\u54EA\u4E9BappId\u80FD\u53D1topic\uFF0C\u52A8\u6001\u53D8\u66F4\u540E,\u4E0D\u80FD\u81EA\u52A8\u8BA2\u9605\u9700\u91CD\u542F\u670D\u52A1
-spring.kafka.bootstrap-servers=127.0.0.1:9092
+spring.kafka.bootstrap-servers=1.94.209.147:9092
 spring.kafka.producer.retries=2
 spring.kafka.producer.acks=1
 spring.kafka.producer.batch-size=16384
@@ -21,40 +18,58 @@ spring.kafka.consumer.auto-commit-interval=100
 spring.kafka.listener.ack-mode=manual
 
 ###########redis#############
-spring.redis.host=127.0.0.1
-#\u7AEF\u53E3\u53F7 \u9ED8\u8BA46379
+### redis standalone
+spring.redis.host=1.94.209.147
 spring.redis.port=6379
-#redis\u914D\u7F6E\u7684\u5BC6\u7801
 spring.redis.password=redis01!
 
-##########cas################
-cas.base.url=http://127.0.0.1:8780/cas
-cas.login.url=${cas.base.url}/login
-cas.logout.url=${cas.base.url}/logout
-cas.service.url=http://localhost:8081/api/sso/login
-cas.filter.url=/sso/login
-cas.target.url=http://localhost:8081/#/auth-redirect?token=
-cas.failure.url=http://localhost:8081/#/401
-app.logout.url=/user/logout
-app.home.url=http://localhost:8081
+### redis sentinel
+#spring.redis.password=dragon
+#spring.redis.sentinel.master=mymaster
+#spring.redis.sentinel.nodes=17.22.42.101:26379,17.22.42.84:26379
+#spring.redis.sentinel.password=dragon
 
-########## external link ###########
-external.dcuc.url=http://localhost:8084
-external.esou.url=http://localhost:8084/?idcard={USER_IDCARD}&query={QUERY}
+##########app config################
+app.logout-url=/user/logout
+app.home-url=http://localhost:8081
+app.service-url=http://localhost:8081/api/sso/login
+app.filter-url=/sso/login
+app.target-url=http://localhost:8081/#/auth-redirect?token=
+app.failure-url=http://localhost:8081/#/401
+app.auth-type=zerotrust
+
+##########cas auth################
+auth.cas.app-code=A-120000200000-9999
+auth.cas.base-url=http://1.94.209.147:8780/cas
+auth.cas.login-url=${auth.cas.base-url}/login
+auth.cas.logout-url=${auth.cas.base-url}/logout
+
+auth.cas.authentication-url=http://localhost:8086/dcuc/user/api/
+auth.cas.authorize-url=http://localhost:8086/dcuc/auth/api/
+##########cas auth end############
+
+##########HW Zero Trust############
+auth.zerotrust.app-code=A-120000020000-0100
+auth.zerotrust.base-url=https://login.iam.com.tj/idp
+auth.zerotrust.login-url=${auth.zerotrust.base-url}/authcenter/ActionAuthChain?entityId=AppHub
+auth.zerotrust.logout-url=${auth.zerotrust.base-url}/profile/OAUTH2/Redirect/GLO?redirectToLogin=false
 
-########## dcuc api ################
-client.log.enabled=true
-client.dcuc.user.url=http://localhost:8086/dcuc/user/api/
-client.dcuc.auth.url=http://localhost:8086/dcuc/auth/api/
+auth.zerotrust.authentication-url=http://localhost:8086/
+auth.zerotrust.authorize-url=http://localhost:8086/dcuc/auth/api/
+##########HW Zero Trust End########
+
+########## retrofit ################
+okhttp.log.enabled=true
 
 ########## attachment path ################
 # Must end with '/'
 dragon.file.path=/tmp/tjj/
 
-########notice##########
-message-secret=false
-
 ########logging##########
 logging.level.org.springframework.security=trace
 logging.level.org.jasig.cas=trace
 logging.level.org.apache.kafka=warn
+
+########## external link ###########
+external.dcuc.url=http://localhost:8084
+external.esou.url=http://localhost:8084/?idcard={USER_IDCARD}&query={QUERY}

src/main/resources/application-prod.properties

@@ -0,0 +1,83 @@
+###########spring#############
+spring.datasource.url=jdbc:mysql://17.22.81.89:3306/portal?useSSL=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
+spring.datasource.username=root
+spring.datasource.password=dragon@123
+mybatis-plus.configuration.log-impl=org.apache.ibatis.logging.stdout.StdOutImpl
+#log-impl: org.apache.ibatis.logging.nologging.NoLoggingImpl
+
+###########kafka#############
+#\u6307\u5B9A\u54EA\u4E9BappId\u80FD\u53D1topic\uFF0C\u52A8\u6001\u53D8\u66F4\u540E,\u4E0D\u80FD\u81EA\u52A8\u8BA2\u9605\u9700\u91CD\u542F\u670D\u52A1
+spring.kafka.bootstrap-servers=17.22.42.101:9092,17.22.81.84:9092,17.22.81.85:9092,17.22.81.105:9092,17.22.81.106:9092
+spring.kafka.producer.retries=2
+spring.kafka.producer.acks=1
+spring.kafka.producer.batch-size=16384
+spring.kafka.producer.buffer-memory=33554432
+spring.kafka.consumer.group-id=sse_group
+spring.kafka.consumer.enable-auto-commit=false
+spring.kafka.consumer.auto-commit-interval=100
+spring.kafka.listener.ack-mode=manual
+
+###########redis#############
+### redis standalone
+#spring.redis.host=17.22.42.101
+#spring.redis.port=6379
+#spring.redis.password=dragon
+
+### redis sentinel
+spring.redis.password=dragon
+spring.redis.sentinel.master=mymaster
+spring.redis.sentinel.nodes=17.22.42.101:26379,17.22.81.84:26379,17.22.81.85:26379,17.22.81.105:26379,17.22.81.106:26379
+#spring.redis.sentinel.password=dragon
+
+##########app config################
+app.logout-url=/user/logout
+app.home-url=http://17.22.42.101:8886
+app.service-url=http://17.22.42.101:8886/api/sso/login
+app.filter-url=/sso/login
+app.target-url=http://17.22.42.101:8886/#/auth-redirect?token=
+app.failure-url=http://17.22.42.101:8886/#/401
+app.auth-type=zerotrust
+
+##########cas auth################
+auth.cas.app-code=A-120000200000-0999
+auth.cas.base-url=http://17.22.43.52:8877/sso
+auth.cas.login-url=${auth.cas.base-url}/login
+auth.cas.logout-url=${auth.cas.base-url}/logout
+
+auth.cas.authentication-url=http://17.22.60.108:8870/dcuc/api/
+auth.cas.authorize-url=http://17.22.60.108:8871/dcucauth/api/
+##########cas auth end############
+
+##########HW Zero Trust############
+auth.zerotrust.app-code=A-120000020000-0100
+auth.zerotrust.base-url=https://login.iam.com.tj/idp
+auth.zerotrust.login-url=${auth.zerotrust.base-url}/authcenter/ActionAuthChain?entityId=AppHub
+auth.zerotrust.logout-url=${auth.zerotrust.base-url}/profile/OAUTH2/Redirect/GLO?redirectToLogin=false
+
+auth.zerotrust.authentication-url=https://17.22.202.44:443/
+auth.zerotrust.authorize-url=https://www.tyqxkxzd.iam.com.tj:8871/dcucauth/api/
+auth.zerotrust.task-id=RWBH0100000000002023240925000100000001
+##########HW Zero Trust End########
+
+########## retrofit ################
+okhttp.log.enabled=true
+
+########## attachment path ################
+# Must end with '/'
+dragon.file.path=/opt/proda/bus/nfs_files/
+
+########logging##########
+logging.level.org.springframework.security=info
+logging.level.org.apache.kafka=warn
+
+########## external link ###########
+external.dcuc.url=http://17.22.60.108:8871/#/home/index
+
+#external.esou.url=http://17.22.41.46:8080/eagle/resource/tables?idcard={USER_IDCARD}&q={QUERY}
+#external.esou.url=http://17.22.32.244:9090/didsserver/login?service=http%3A%2F%2F17.22.41.46%3A8080%2Feagle%2FssoLogin%3FforwardUrl%3D%2Findex.jsp&appId=120000000000011&loginName=&loginPage=dragonLoginView_hidden2.jsp?idcard={USER_IDCARD}&q={QUERY}
+
+#external.esou.url=http://17.22.32.244:9090/didsserver/login?service=http%3A%2F%2F17.22.41.46%3A8080%2Feagle%2FssoLogin%3FforwardUrl%3D%2Findex.jsp&appId=120000000000011&loginName=&loginPage=dragonLoginView_hidden2.jsp?idcard=PSlf7qJgJW5cFYAmnBLAgHPq0MRyqiCE&param2=0gcghcnhcmchnhc
+
+
+external.esou.url=http://17.22.32.244:9090/didsserver/login?service\=http%3A%2F%2F17.22.41.46%3A8080%2Feagle%2Fresource%2Ftables%3Fq%3D{QUERY}&appId=120000000000011&loginName\=&loginPage\=dragonLoginView_hidden2.jsp?idcard\={USER_IDCARD}
+

src/main/resources/application.properties

@@ -1,17 +1,14 @@
-spring.profiles.active=dev
+server.port=8082
+spring.profiles.active=prod
 
 spring.servlet.multipart.enabled=true
 spring.servlet.multipart.max-file-size=200MB
 spring.servlet.multipart.max-request-size=210MB
 
-###########app################
-app.code=A-120000200000-9999
-
 ########### token #############
 # \u4EE4\u724C\u81EA\u5B9A\u4E49\u6807\u8BC6
 token.header=Authorization
 # \u4EE4\u724C\u5BC6\u94A5
 token.secret=3a2ffb600242ac110004
 # \u4EE4\u724C\u6709\u6548\u671F\uFF08\u9ED8\u8BA412\u5C0F\u65F6\uFF09
-token.expireTime=720
-
+token.expireTime=360