diff --git a/src/main/java/com/zhgd/sjmq/listener/UopModifyMessageReceiveListener.java b/src/main/java/com/zhgd/sjmq/listener/UopModifyMessageReceiveListener.java index 66bd6c071..4ac65140c 100644 --- a/src/main/java/com/zhgd/sjmq/listener/UopModifyMessageReceiveListener.java +++ b/src/main/java/com/zhgd/sjmq/listener/UopModifyMessageReceiveListener.java @@ -2,33 +2,32 @@ package com.zhgd.sjmq.listener; import com.chinacreator.c2.uop.sync.receiver.UopMQMessageReceiverServiceImpl; import com.zhgd.sjmq.service.UopCustomMessageReceiverServiceImpl; +import com.zhgd.xmgl.util.ProfileJudgeUtil; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Configuration; -import org.springframework.stereotype.Component; import javax.annotation.PostConstruct; import javax.annotation.PreDestroy; +/** + * 三江用户和机构同步mq初始化 + */ @Configuration -@ConditionalOnProperty(name = "spring.profiles.active",havingValue = "sjjt-gsx") public class UopModifyMessageReceiveListener { private UopMQMessageReceiverServiceImpl receiver; - @Value("${spring.profiles.active}") - private String activeProfile; - - @Value("${uop_sync_mq_brokerurl}") + @Value("${uop_sync_mq_brokerurl:}") private String uop_sync_mq_brokerurl; - @Value("${uop_sync_mq_username}") + @Value("${uop_sync_mq_username:}") private String uop_sync_mq_username; - @Value("${uop_sync_mq_password}") + @Value("${uop_sync_mq_password:}") private String uop_sync_mq_password; - @Value("${c2_orguser_subscription}") + @Value("${c2_orguser_subscription:}") private String c2_orguser_subscription; @PostConstruct public void start() { - if ("sjjt-gsx".equals(activeProfile)) { + if (ProfileJudgeUtil.isSjjtGsx()) { if (receiver != null) { receiver.stop(); } @@ -46,7 +45,7 @@ public class UopModifyMessageReceiveListener { @PreDestroy public void end() { - if ("sjjt-gsx".equals(activeProfile)) { + if (ProfileJudgeUtil.isSjjtGsx()) { receiver.stop(); System.out.println("关闭mq"); } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java index c34eb399c..fe459741a 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java @@ -1,11 +1,13 @@ package com.zhgd.xmgl.modules.basicdata.controller; +import com.zhgd.jeecg.common.api.vo.Result; import com.zhgd.xmgl.entity.sj.TokenResponse; import com.zhgd.xmgl.util.sj.CookieUtils; import com.zhgd.xmgl.util.sj.SjUnifiedAuthenticationHttpUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -20,11 +22,19 @@ import java.io.IOException; */ @Controller @Slf4j -@RequestMapping("/xmgl") +@RequestMapping("/xmgl/sj/unifiedAuthentication") public class SjLoginController { @Autowired private SjUnifiedAuthenticationHttpUtil sjUnifiedAuthenticationHttpUtil; + /** + * 根据code获取token + * + * @param code + * @param response + * @param request + * @throws IOException + */ @GetMapping("/getTokenByCode") public void getTokenByCode(@RequestParam String code, HttpServletResponse response, HttpServletRequest request) throws IOException { //根据授权码获取令牌 @@ -38,6 +48,13 @@ public class SjLoginController { response.sendRedirect("http://baidu.com"); } + /** + * 登出接口 + * + * @param request + * @param response + * @throws IOException + */ @GetMapping("/logout") public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException { //④清除本地请求头request里面存储的cookie:C2AT、C2RT,返回302重定向到应用页面 @@ -47,4 +64,15 @@ public class SjLoginController { //重定向到应用页面(一般为首页) response.sendRedirect("http://baidu.com"); } + + /** + * 根据token获取用户登录信息 + * + * @param c2at + * @return + */ + @GetMapping("getLoginInfoByToken") + public Result getLoginInfoByToken(@CookieValue("C2AT") String c2at) { + return null; + } } diff --git a/src/main/java/com/zhgd/xmgl/modules/project/service/impl/ProgressTaskServiceImpl.java b/src/main/java/com/zhgd/xmgl/modules/project/service/impl/ProgressTaskServiceImpl.java index 5e571f30b..205abb216 100644 --- a/src/main/java/com/zhgd/xmgl/modules/project/service/impl/ProgressTaskServiceImpl.java +++ b/src/main/java/com/zhgd/xmgl/modules/project/service/impl/ProgressTaskServiceImpl.java @@ -23,6 +23,7 @@ import com.zhgd.xmgl.modules.project.entity.dto.ProgressTaskPredecessorDTO; import com.zhgd.xmgl.modules.project.entity.vo.ActualProgressVO; import com.zhgd.xmgl.modules.project.mapper.ProgressTaskMapper; import com.zhgd.xmgl.modules.project.service.ProgressTaskService; +import com.zhgd.xmgl.util.ProfileJudgeUtil; import lombok.extern.slf4j.Slf4j; import net.sf.mpxj.ProjectFile; import net.sf.mpxj.Relation; @@ -87,7 +88,7 @@ public class ProgressTaskServiceImpl extends ServiceImpl deleteList = getBimTasksByProgressTasks(progressTasks); if (CollUtil.isNotEmpty(deleteList)) { @@ -101,7 +102,7 @@ public class ProgressTaskServiceImpl extends ServiceImpl bimProgressTaskRqBodies = getBimTasksByProgressTasks(progressTasks); if (CollUtil.isNotEmpty(bimProgressTaskRqBodies)) { @@ -367,7 +368,7 @@ public class ProgressTaskServiceImpl extends ServiceImpl progressTasks = progressTaskMapper.selectList(new LambdaQueryWrapper<>()); List bimTasksByProgressTasks = getBimTasksByProgressTasks(progressTasks); if (CollUtil.isNotEmpty(bimTasksByProgressTasks)) { diff --git a/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java b/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java index 2aaf6b70b..f721be78d 100644 --- a/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java +++ b/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java @@ -2,6 +2,7 @@ package com.zhgd.xmgl.security; import com.zhgd.xmgl.entity.sj.JwtPayloadUserInfo; import com.zhgd.xmgl.entity.sj.TokenResponse; +import com.zhgd.xmgl.util.ProfileJudgeUtil; import com.zhgd.xmgl.util.sj.JwtRsaUtils; import com.zhgd.xmgl.util.sj.SjUnifiedAuthenticationHttpUtil; import lombok.extern.slf4j.Slf4j; @@ -35,8 +36,6 @@ public class JwtTokenFilter extends OncePerRequestFilter { private JwtTokenProvider jwtTokenProvider; @Value("${security.enable}") private boolean securityEnable; - @Value("${spring.profiles.active}") - private String activeProfile; @Autowired private SjUnifiedAuthenticationHttpUtil sjUnifiedAuthenticationHttpUtil; @@ -47,18 +46,18 @@ public class JwtTokenFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (securityEnable) { - //三江统一认证 - if ("sjjt-gsx".equals(activeProfile)) { - //try { - // //验证不通过不放行 - // boolean b = validateSjProfile(request, response, filterChain); - // if (!b) { - // return; - // } - //} catch (InvalidKeySpecException e) { - // log.error("认证失败ex::", e); - // return; - //} + //三江统一认证,3.登录:过滤器判断,回调地址获取code调用获取令牌,首页根据令牌获取登录数据信息 + if (ProfileJudgeUtil.isSjjtGsx()) { + try { + //验证不通过不放行 + boolean b = validateSjProfile(request, response, filterChain); + if (!b) { + return; + } + } catch (InvalidKeySpecException e) { + log.error("认证失败ex::", e); + return; + } } else { validateOtherProfile(request); @@ -86,19 +85,19 @@ public class JwtTokenFilter extends OncePerRequestFilter { //C2AT的校验 //1.判断是否过期 //2.令牌校验 - JwtPayloadUserInfo jwtPayloadUserInfo = null; - - jwtPayloadUserInfo = JwtRsaUtils.verifyWithUserInfo(c2AT); + JwtPayloadUserInfo jwtPayloadUserInfo = JwtRsaUtils.verifyWithUserInfo(c2AT); + //token校验失败,先尝试刷新token,失败就重定向统一登录 if (jwtPayloadUserInfo == null) { String c2rt = request.getHeader("C2RT"); if (StringUtils.isNotBlank(c2rt)) { //刷新token TokenResponse rs = sjUnifiedAuthenticationHttpUtil.refreshToken(c2rt); + //刷新token成功 if (rs.getErrorCode() == null) { response.addCookie(new Cookie("C2AT", rs.getAccess_token())); response.addCookie(new Cookie("C2RT", rs.getRefresh_token())); } else { - //重定向登录页面 + //刷新token失败,重定向登录页面 sjUnifiedAuthenticationHttpUtil.getCodeRedirect(response); return false; } diff --git a/src/main/java/com/zhgd/xmgl/util/ProfileJudgeUtil.java b/src/main/java/com/zhgd/xmgl/util/ProfileJudgeUtil.java index 125401c90..d2629a89e 100644 --- a/src/main/java/com/zhgd/xmgl/util/ProfileJudgeUtil.java +++ b/src/main/java/com/zhgd/xmgl/util/ProfileJudgeUtil.java @@ -3,6 +3,8 @@ package com.zhgd.xmgl.util; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import javax.annotation.PostConstruct; + /** * 环境判断 */ @@ -11,12 +13,39 @@ public class ProfileJudgeUtil { @Value("${spring.profiles.active}") private String activeProfile; + private static String p; + + @PostConstruct + public void setActiveProfile() { + p = activeProfile; + } + /** * 是否金林湾生产环境 * * @return */ - public boolean isJlw() { - return "ljw".equals(activeProfile); + public static boolean isJlw() { + return "ljw".equals(p); } + + /** + * 是否三江本地环境 + * + * @return + */ + public static boolean isSjjtGsx() { + return "sjjt-gsx".equals(p); + } + + /** + * 是否中建四局生产环境 + * + * @return + */ + public static boolean isZjsj() { + return "zjsj".equals(p); + } + + } diff --git a/src/main/java/com/zhgd/xmgl/util/sj/JwtRsaUtils.java b/src/main/java/com/zhgd/xmgl/util/sj/JwtRsaUtils.java index fc934df81..34ae7cf9e 100644 --- a/src/main/java/com/zhgd/xmgl/util/sj/JwtRsaUtils.java +++ b/src/main/java/com/zhgd/xmgl/util/sj/JwtRsaUtils.java @@ -3,7 +3,6 @@ package com.zhgd.xmgl.util.sj; import cn.hutool.core.io.FileUtil; import com.alibaba.fastjson.JSON; - import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; @@ -223,12 +222,12 @@ public class JwtRsaUtils { } /** - * 验证jwt并返回用户信息 + * 三江统一登录,验证jwt并返回用户信息 * * @throws InvalidKeySpecException */ public static JwtPayloadUserInfo verifyWithUserInfo(String token) throws InvalidKeySpecException { - String publicKey = FileUtil.readString(Thread.currentThread().getContextClassLoader().getResource("auth_public_key.pem").getPath(), "UTF-8"); + String publicKey = FileUtil.readString(Thread.currentThread().getContextClassLoader().getResource("sj/auth_public_key.pem").getPath(), "UTF-8"); RSAKey rsaKey = JwtRsaUtils.getRsaKey("", publicKey); // 验证并返回payload diff --git a/src/main/java/com/zhgd/xmgl/util/sj/SjUnifiedAuthenticationHttpUtil.java b/src/main/java/com/zhgd/xmgl/util/sj/SjUnifiedAuthenticationHttpUtil.java index 2c0432ed9..9400bd33d 100644 --- a/src/main/java/com/zhgd/xmgl/util/sj/SjUnifiedAuthenticationHttpUtil.java +++ b/src/main/java/com/zhgd/xmgl/util/sj/SjUnifiedAuthenticationHttpUtil.java @@ -4,6 +4,7 @@ import cn.hutool.http.HttpUtil; import com.alibaba.fastjson.JSON; import com.zhgd.xmgl.entity.sj.TokenResponse; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletResponse; @@ -12,6 +13,13 @@ import java.io.IOException; @Component @Slf4j public class SjUnifiedAuthenticationHttpUtil { + + @Value("${sj.unifiedAuthentication.login.url:}") + private String sjUnifiedAuthenticationLoginUrl; + + @Value("${sj.unifiedAuthentication.login.code.url:}") + private String sjUnifiedAuthenticationLoginCodeUrl; + /** * 令牌检验 */ @@ -27,7 +35,7 @@ public class SjUnifiedAuthenticationHttpUtil { * 更新令牌 */ public TokenResponse refreshToken(String refresh_token) { - String url = "http://116.169.63.183:30913/oauth2/refresh_token?client_id=EuPYxx1mTw-0JIA47wBYww&client_secret=StDiw5ZZSby0iJeOHcGmiQ&grant_type=refresh_token&refresh_token=" + String url = sjUnifiedAuthenticationLoginUrl + "/oauth2/refresh_token?client_id=EuPYxx1mTw-0JIA47wBYww&client_secret=StDiw5ZZSby0iJeOHcGmiQ&grant_type=refresh_token&refresh_token=" + refresh_token; log.info("refreshToken的url:{}", url); String rs = HttpUtil.get(url); @@ -40,10 +48,9 @@ public class SjUnifiedAuthenticationHttpUtil { */ public void getCodeRedirect(HttpServletResponse response) throws IOException { //获取授权码,客户端申请授权的URI,在浏览器中以GET请求发送到认证服务器: - String redirect_uri = "http://ruau8s.natappfree.cc/test/getTokenByCode"; - String redirectLoginUrl = "http://116.169.63.183:30913/oauth2/authorize?client_id=EuPYxx1mTw-0JIA47wBYww&response_type=code" + - "&redirect_uri=" + redirect_uri + "&scope=user.read"; - log.info("getCode重定向的url:{}", redirect_uri); + String redirectLoginUrl = sjUnifiedAuthenticationLoginUrl + "/oauth2/authorize?client_id=EuPYxx1mTw-0JIA47wBYww&response_type=code" + + "&redirect_uri=" + sjUnifiedAuthenticationLoginCodeUrl + "&scope=user.read"; + log.info("getCode重定向的url:{}", sjUnifiedAuthenticationLoginCodeUrl); // 将data数据进行响应 response.sendRedirect(redirectLoginUrl); } @@ -53,7 +60,7 @@ public class SjUnifiedAuthenticationHttpUtil { */ public TokenResponse getTokenByCode(String code) { String redirect_uri = "http://ruau8s.natappfree.cc/test/getTokenByCode"; - String url = "http://116.169.63.183:30913/oauth2/access_token?client_id=EuPYxx1mTw-0JIA47wBYww&client_secret=StDiw5ZZSby0iJeOHcGmiQ&grant_type=authorization_code&code=" + String url = sjUnifiedAuthenticationLoginUrl + "/oauth2/access_token?client_id=EuPYxx1mTw-0JIA47wBYww&client_secret=StDiw5ZZSby0iJeOHcGmiQ&grant_type=authorization_code&code=" + code + "&redirect_uri=" + redirect_uri; log.info("getTokenByCode的url:{}", url); diff --git a/src/main/resources/application-zjsj.properties b/src/main/resources/application-zjsj.properties index c4b5df95a..9c9bae175 100644 --- a/src/main/resources/application-zjsj.properties +++ b/src/main/resources/application-zjsj.properties @@ -72,4 +72,12 @@ double-carbon.ammeter-data-url=http://test.cesms.net license.licensePath=C:/jxj/prod/backEnd/license/license.lic license.publicKeysStorePath=C:/jxj/prod/backEnd/license/publicCerts.keystore #\u9AD8\u652F\u6A21\u7684tcp\u670D\u52A1\u7AEF\u7684\u7AEF\u53E3\u53F7 -high_formwork.netty.port=15333 \ No newline at end of file +high_formwork.netty.port=15333 +#\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u5730\u5740 +sj.unifiedAuthentication.login.url=http://116.169.63.183:30913 +#\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u6210\u529F\u8DF3\u8F6C\u540E\u63A5\u6536code\u7684\u5730\u5740 +sj.unifiedAuthentication.login.code.url=http://ruau8s.natappfree.cc/test/getTokenByCode +#\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u6210\u529F\u540E\u8DF3\u8F6C\u81EA\u5DF1\u5E94\u7528\u7684\u5730\u5740 +sj.unifiedAuthentication.application.home.url=http://baidu.com +#\u4E09\u6C5F\u7EDF\u4E00\u767B\u51FA\u5730\u5740 +sj.unifiedAuthentication.logout.redirect.url= \ No newline at end of file diff --git a/src/main/resources/sj/auth_public_key.pem b/src/main/resources/sj/auth_public_key.pem new file mode 100644 index 000000000..243a0ad8a --- /dev/null +++ b/src/main/resources/sj/auth_public_key.pem @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCufiaX7LnqAL9YNax00Gi9L/Zq +W4syUa5c0G9aJiwKc7YD2oljH78fSO+zekmKGLm3LRHvEEKooYlabispSMc0iNOt +5x+IHDwjrX+c66vl2udEh4m7OaSO0Locittt7dKQe0BbleGQt/VY2tmX3gvF4TDn +5kSYYNmRpBYTWXYqrwIDAQAB +-----END PUBLIC KEY-----