From e204640f2ec823be00484ee26b5ca9daf1deab08 Mon Sep 17 00:00:00 2001 From: Administrator <1923636941@qq.com> Date: Mon, 27 Mar 2023 19:48:10 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=89=E6=B1=9F=E7=BB=9F=E4=B8=80=E7=99=BB?= =?UTF-8?q?=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../UopCustomMessageReceiverServiceImpl.java | 31 ++ .../controller/SjLoginController.java | 31 +- .../basicdata/service/ISystemUserService.java | 5 + .../service/impl/SystemUserServiceImpl.java | 268 ++++++++++-------- .../HighFormworkMeasureCurrentDataMapper.xml | 1 + .../zhgd/xmgl/security/JwtTokenFilter.java | 69 +++-- .../zhgd/xmgl/security/WebSecurityConfig.java | 7 + .../com/zhgd/xmgl/util/sj/CookieUtils.java | 33 +++ .../resources/application-sjjt-gsx.properties | 7 +- .../resources/application-zjsj.properties | 6 +- 10 files changed, 301 insertions(+), 157 deletions(-) diff --git a/src/main/java/com/zhgd/sjmq/service/UopCustomMessageReceiverServiceImpl.java b/src/main/java/com/zhgd/sjmq/service/UopCustomMessageReceiverServiceImpl.java index 0946b3296..3556e3794 100644 --- a/src/main/java/com/zhgd/sjmq/service/UopCustomMessageReceiverServiceImpl.java +++ b/src/main/java/com/zhgd/sjmq/service/UopCustomMessageReceiverServiceImpl.java @@ -20,6 +20,11 @@ import com.chinacreator.c2.uop.sync.message.user.UserDeleteMessage; import com.chinacreator.c2.uop.sync.message.user.UserOrgChangeMessage; import com.chinacreator.c2.uop.sync.message.user.UserUpdateMessage; import com.chinacreator.c2.uop.sync.receiver.UopModifyMessageListener; +import com.zhgd.xmgl.modules.basicdata.entity.Company; +import com.zhgd.xmgl.modules.basicdata.mapper.CompanyMapper; +import com.zhgd.xmgl.modules.basicdata.mapper.SystemUserMapper; +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Autowired; import java.util.Map; @@ -27,6 +32,10 @@ import java.util.Map; * 三江统一登录的mq数据同步处理service */ public class UopCustomMessageReceiverServiceImpl implements UopModifyMessageListener { + @Autowired + private CompanyMapper companyMapper; + @Autowired + private SystemUserMapper systemUserMapper; @Override public void onAppSystemManageMessage(Map arg0) { @@ -90,7 +99,29 @@ public class UopCustomMessageReceiverServiceImpl implements UopModifyMessageList @Override public void onOrgCreated(OrgCreateMessage orgCreateMessage) { + Company company = convertToCompany(orgCreateMessage); + companyMapper.insert(company); + } + private Company convertToCompany(OrgCreateMessage orgCreateMessage) { + Map organization = orgCreateMessage.getOrganization(); + Company company = new Company(); + //company.setCompanyId(); + //company.setCompanySn(); + //company.setCompanyName(); + //company.setCreateTime(); + //company.setCompanyTel(); + //company.setCompanyType(); + //company.setParentId(); + //company.setHeadquartersSn(); + //company.setLongitude(); + //company.setLatitude(); + //company.setPropagateFile(); + //company.setFullSn(); + //company.setRangeAddr(); + //company.setParentSn(); + //company.setEditType(); + return company; } @Override diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java index fe459741a..e03cd113c 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SjLoginController.java @@ -1,21 +1,24 @@ package com.zhgd.xmgl.modules.basicdata.controller; import com.zhgd.jeecg.common.api.vo.Result; +import com.zhgd.xmgl.entity.sj.JwtPayloadUserInfo; import com.zhgd.xmgl.entity.sj.TokenResponse; +import com.zhgd.xmgl.modules.basicdata.service.impl.SystemUserServiceImpl; +import com.zhgd.xmgl.util.MessageUtil; import com.zhgd.xmgl.util.sj.CookieUtils; +import com.zhgd.xmgl.util.sj.JwtRsaUtils; import com.zhgd.xmgl.util.sj.SjUnifiedAuthenticationHttpUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.security.spec.InvalidKeySpecException; /** * 三江统一登录 @@ -26,6 +29,8 @@ import java.io.IOException; public class SjLoginController { @Autowired private SjUnifiedAuthenticationHttpUtil sjUnifiedAuthenticationHttpUtil; + @Autowired + private SystemUserServiceImpl systemUserService; /** * 根据code获取token @@ -41,11 +46,14 @@ public class SjLoginController { log.info("code:{}", code); TokenResponse tokenByCode = sjUnifiedAuthenticationHttpUtil.getTokenByCode(code); //⑦将获取到的用户凭证(access_token)值存储到cookie中,名称可定为C2AT,获取到的用户刷新凭证(refresh_token)值存储到cookie中,名称为C2RT,接口返回307,重定向到应用页面(一般为首页) - response.addCookie(new Cookie("C2AT", tokenByCode.getAccess_token())); - response.addCookie(new Cookie("C2RT", tokenByCode.getRefresh_token())); + String access_token = tokenByCode.getAccess_token(); + CookieUtils.setCookie(request, response, "C2AT", access_token, Integer.valueOf(tokenByCode.getExpires_in()), "UTF-8", + false, "192.168.34.150:8080", "/"); + CookieUtils.setCookie(request, response, "C2RT", tokenByCode.getRefresh_token(), Integer.valueOf(tokenByCode.getRe_expires_in()), "UTF-8", false, + "192.168.34.150:8080", "/"); //获取用户信息 //重定向到应用页面(一般为首页) - response.sendRedirect("http://baidu.com"); + response.sendRedirect("http://192.168.34.150:8080/index.html#/login?UID=" + access_token); } /** @@ -57,22 +65,27 @@ public class SjLoginController { */ @GetMapping("/logout") public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException { + log.info("logout"); //④清除本地请求头request里面存储的cookie:C2AT、C2RT,返回302重定向到应用页面 CookieUtils.setCookie(request, response, "C2AT", "", 0); CookieUtils.setCookie(request, response, "C2RT", "", 0); //重定向到应用页面(一般为首页) - response.sendRedirect("http://baidu.com"); + response.sendRedirect("/index.html#/"); } /** * 根据token获取用户登录信息 * - * @param c2at + * @param uid jwt_token * @return */ @GetMapping("getLoginInfoByToken") - public Result getLoginInfoByToken(@CookieValue("C2AT") String c2at) { - return null; + public Result getLoginInfoByToken(@RequestParam String uid) throws InvalidKeySpecException { + JwtPayloadUserInfo jwtPayloadUserInfo = JwtRsaUtils.verifyWithUserInfo(uid); + if (jwtPayloadUserInfo != null) { + return systemUserService.sjLogin(jwtPayloadUserInfo); + } + return Result.error(MessageUtil.get("systemErr")); } } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ISystemUserService.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ISystemUserService.java index 5246ec0bd..01a79face 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ISystemUserService.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ISystemUserService.java @@ -1,6 +1,8 @@ package com.zhgd.xmgl.modules.basicdata.service; +import com.zhgd.jeecg.common.api.vo.Result; import com.zhgd.jeecg.common.mybatis.EntityMap; +import com.zhgd.xmgl.entity.sj.JwtPayloadUserInfo; import com.zhgd.xmgl.modules.basicdata.entity.SystemUser; import com.baomidou.mybatisplus.extension.service.IService; @@ -46,4 +48,7 @@ public interface ISystemUserService extends IService { void sendSafetyHatAccountData(Map map); void sendSafetyHatProjectData(Map map); + + + Result sjLogin(JwtPayloadUserInfo jwtPayloadUserInfo); } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java index 67084d61f..44d665ff0 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java @@ -5,8 +5,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import com.gexin.fastjson.JSON; import com.zhgd.exception.CustomException; +import com.zhgd.jeecg.common.api.vo.Result; import com.zhgd.jeecg.common.execption.OpenAlertException; import com.zhgd.jeecg.common.mybatis.EntityMap; +import com.zhgd.xmgl.entity.sj.JwtPayloadUserInfo; import com.zhgd.xmgl.modules.basicdata.entity.*; import com.zhgd.xmgl.modules.basicdata.mapper.*; import com.zhgd.xmgl.modules.basicdata.service.IBaseMenuService; @@ -120,134 +122,140 @@ public class SystemUserServiceImpl extends ServiceImpl result = new HashMap<>(); - CompanyConfig companyConfig = null; - if (systemUser.getAccountType() == 1) { - companyConfig = new CompanyConfig(); - companyConfig.setIsEnable(1); - companyConfig.setEffectiveTime(60 * 60 * 24); - companyConfig.setDiffDay(20); - companyConfig.setModuleShowType(0); - companyConfig.setMobileAttendance(0); - companyConfig.setProjectKanban(0); - companyConfig.setCompanyBigScreen(0); - companyConfig.setInputQrCode(0); - companyConfig.setStyleType(1); - companyConfig.setEnterProjectBackType(0); - companyConfig.setExpireTime(DateUtil.format(DateUtil.tomorrow(), DatePattern.NORM_DATE_PATTERN)); - companyConfig.setAddProjectType(0); - companyConfig.setStyleType(1); - } else if (systemUser.getAccountType() == 5 || systemUser.getAccountType() == 6) { - companyConfig = companyConfigMapper.getCompanyConfigByProject(systemUser.getSn()); - } else { - companyConfig = companyConfigMapper.getCompanyConfigBySN(systemUser.getSn()); - } - log.info("companyConfig:{}", JSON.toJSONString(companyConfig)); - if (companyConfig.getExpireTime() == null) { - throw new OpenAlertException(MessageUtil.get("loginEnabledErr")); - } else { - DateTime expireTime = DateUtil.parse(companyConfig.getExpireTime(), "yyyy-MM-dd"); - DateTime currentDate = new DateTime(); - - if (expireTime.getTime() < currentDate.getTime()) { - throw new OpenAlertException(MessageUtil.get("loginEnabledErr")); - } else { - companyConfig.setDiffDay((int) DateUtil.between(currentDate, DateUtil.offset(expireTime, DateField.DAY_OF_MONTH, 1), DateUnit.DAY)); - } - } - - - if (companyConfig == null || companyConfig.getIsEnable() == 0) { - throw new OpenAlertException(MessageUtil.get("loginEnabledErr")); - } - if (companyConfig.getDiffDay() == 0) { - throw new OpenAlertException(MessageUtil.get("loginExpiredErr")); - } - if (companyConfig.getEffectiveTime() == null) { - companyConfig.setEffectiveTime(60 * 60 * 24); - } authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(MapUtils.getString(map, "account"), password)); - String token = jwtTokenProvider.createToken(MapUtils.getString(map, "account"), companyConfig.getEffectiveTime()); - UserEnterprise userEnterprise = userEnterpriseService.selectUserEnterpriseByUserId(systemUser.getUserId()); - if (userEnterprise != null) { - result.put("userEnterpriseId", userEnterprise.getEnterpriseId()); - } else { - result.put("userEnterpriseId", ""); - } - if (systemUser.getAccountType() == 6) { - //项目子账号要判断是否能查看设备中台 - BaseRole baseRole = baseRoleMapper.selectRoleByUserId(systemUser.getUserId()); - if (baseRole == null) { - result.put("seeEquipment", 1); - } else { - result.put("seeEquipment", baseRole.getSeeEquipment()); - } - } else { - result.put("seeEquipment", 0); - } - result.put("token", token); - if (systemUser != null && systemUser.getUserId() != null) { - result.put("userId", systemUser.getUserId().toString()); - } else { - result.put("userId", ""); - } - result.put("account", systemUser.getAccount()); - result.put("userTel", systemUser.getUserTel()); - result.put("realName", systemUser.getRealName()); - if (systemUser != null && systemUser.getWorkerId() != null) { - result.put("workerId", systemUser.getWorkerId().toString()); - } else { - result.put("workerId", ""); - } - result.put("sn", systemUser.getSn()); - result.put("styleType", companyConfig.getStyleType()); - result.put("accountType", systemUser.getAccountType()); - result.put("headquartersSn", companyConfig.getHeadquartersSn()); - result.put("companyName", companyConfig.getCompanyName()); - result.put("propagateFile", companyConfig.getPropagateFile()); - result.put("moduleShowType", companyConfig.getModuleShowType()); - result.put("mobileAttendance", companyConfig.getMobileAttendance()); - result.put("customerServicePhone", companyConfig.getCustomerServicePhone()); - result.put("inputQrCode", companyConfig.getInputQrCode()); - result.put("projectKanban", companyConfig.getProjectKanban()); - result.put("addProjectType", companyConfig.getAddProjectType()); - result.put("enterProjectBackType", companyConfig.getEnterProjectBackType()); - result.put("companyBigScreen", companyConfig.getCompanyBigScreen()); - Map menuAuthority = getUserAuthority(systemUser.getUserId(), systemUser.getAccountType(), systemUser.getSn(), companyConfig.getHeadquartersSn(), companyConfig.getStyleType()); - result.put("menuAuthority", menuAuthority); - result.put("scope", scope); - return result; - //return getUserInfo(systemUser); + + return doLogin(map, systemUser); } catch (AuthenticationException e) { e.printStackTrace(); throw new CustomException("Invalid username/password supplied", HttpStatus.UNPROCESSABLE_ENTITY); } } + private Map doLogin(Map map, SystemUser systemUser) { + // 保存 手机传输的clientId 推送消息时使用 + if (map.containsKey("clientId") && null != map.get("clientId") && StringUtils.isNotEmpty(map.get("clientId").toString())) { + systemUser.setClientId(map.get("clientId").toString()); + log.warn("收到clientId---------" + map.get("clientId").toString()); + updateById(systemUser); + } else { + log.warn("未收到clientId-------------------"); + } + if (map.containsKey("loginType")) { + if (systemUser.getAccountType() != 1) { + Integer loginType = MapUtils.getInteger(map, "loginType"); + if (loginType == 1) { + if (systemUser.getAccountType() != 2 && systemUser.getAccountType() != 3 && systemUser.getAccountType() != 4 && systemUser.getAccountType() != 7) { + log.info("账号类型不正确,loginType:{}", loginType); + throw new OpenAlertException(MessageUtil.get("loginErr")); + } + } else if (loginType == 2) { + if (systemUser.getAccountType() != 5 && systemUser.getAccountType() != 6) { + log.info("账号类型不正确,loginType:{}", loginType); + throw new OpenAlertException(MessageUtil.get("loginErr")); + } + } + } + } + Map result = new HashMap<>(); + CompanyConfig companyConfig = null; + if (systemUser.getAccountType() == 1) { + companyConfig = new CompanyConfig(); + companyConfig.setIsEnable(1); + companyConfig.setEffectiveTime(60 * 60 * 24); + companyConfig.setDiffDay(20); + companyConfig.setModuleShowType(0); + companyConfig.setMobileAttendance(0); + companyConfig.setProjectKanban(0); + companyConfig.setCompanyBigScreen(0); + companyConfig.setInputQrCode(0); + companyConfig.setStyleType(1); + companyConfig.setEnterProjectBackType(0); + companyConfig.setExpireTime(DateUtil.format(DateUtil.tomorrow(), DatePattern.NORM_DATE_PATTERN)); + companyConfig.setAddProjectType(0); + companyConfig.setStyleType(1); + } else if (systemUser.getAccountType() == 5 || systemUser.getAccountType() == 6) { + companyConfig = companyConfigMapper.getCompanyConfigByProject(systemUser.getSn()); + } else { + companyConfig = companyConfigMapper.getCompanyConfigBySN(systemUser.getSn()); + } + log.info("companyConfig:{}", JSON.toJSONString(companyConfig)); + if (companyConfig.getExpireTime() == null) { + throw new OpenAlertException(MessageUtil.get("loginEnabledErr")); + } else { + DateTime expireTime = DateUtil.parse(companyConfig.getExpireTime(), "yyyy-MM-dd"); + DateTime currentDate = new DateTime(); + + if (expireTime.getTime() < currentDate.getTime()) { + throw new OpenAlertException(MessageUtil.get("loginEnabledErr")); + } else { + companyConfig.setDiffDay((int) DateUtil.between(currentDate, DateUtil.offset(expireTime, DateField.DAY_OF_MONTH, 1), DateUnit.DAY)); + } + } + + + if (companyConfig == null || companyConfig.getIsEnable() == 0) { + throw new OpenAlertException(MessageUtil.get("loginEnabledErr")); + } + if (companyConfig.getDiffDay() == 0) { + throw new OpenAlertException(MessageUtil.get("loginExpiredErr")); + } + if (companyConfig.getEffectiveTime() == null) { + companyConfig.setEffectiveTime(60 * 60 * 24); + } + + String token = jwtTokenProvider.createToken(MapUtils.getString(map, "account"), companyConfig.getEffectiveTime()); + UserEnterprise userEnterprise = userEnterpriseService.selectUserEnterpriseByUserId(systemUser.getUserId()); + if (userEnterprise != null) { + result.put("userEnterpriseId", userEnterprise.getEnterpriseId()); + } else { + result.put("userEnterpriseId", ""); + } + if (systemUser.getAccountType() == 6) { + //项目子账号要判断是否能查看设备中台 + BaseRole baseRole = baseRoleMapper.selectRoleByUserId(systemUser.getUserId()); + if (baseRole == null) { + result.put("seeEquipment", 1); + } else { + result.put("seeEquipment", baseRole.getSeeEquipment()); + } + } else { + result.put("seeEquipment", 0); + } + result.put("token", token); + if (systemUser != null && systemUser.getUserId() != null) { + result.put("userId", systemUser.getUserId().toString()); + } else { + result.put("userId", ""); + } + result.put("account", systemUser.getAccount()); + result.put("userTel", systemUser.getUserTel()); + result.put("realName", systemUser.getRealName()); + if (systemUser != null && systemUser.getWorkerId() != null) { + result.put("workerId", systemUser.getWorkerId().toString()); + } else { + result.put("workerId", ""); + } + result.put("sn", systemUser.getSn()); + result.put("styleType", companyConfig.getStyleType()); + result.put("accountType", systemUser.getAccountType()); + result.put("headquartersSn", companyConfig.getHeadquartersSn()); + result.put("companyName", companyConfig.getCompanyName()); + result.put("propagateFile", companyConfig.getPropagateFile()); + result.put("moduleShowType", companyConfig.getModuleShowType()); + result.put("mobileAttendance", companyConfig.getMobileAttendance()); + result.put("customerServicePhone", companyConfig.getCustomerServicePhone()); + result.put("inputQrCode", companyConfig.getInputQrCode()); + result.put("projectKanban", companyConfig.getProjectKanban()); + result.put("addProjectType", companyConfig.getAddProjectType()); + result.put("enterProjectBackType", companyConfig.getEnterProjectBackType()); + result.put("companyBigScreen", companyConfig.getCompanyBigScreen()); + Map menuAuthority = getUserAuthority(systemUser.getUserId(), systemUser.getAccountType(), systemUser.getSn(), companyConfig.getHeadquartersSn(), companyConfig.getStyleType()); + result.put("menuAuthority", menuAuthority); + result.put("scope", scope); + return result; + //return getUserInfo(systemUser); + } + @Override public void register(Map map) { @@ -855,4 +863,22 @@ public class SystemUserServiceImpl extends ServiceImpl queryWrapper = new QueryWrapper(); + queryWrapper.lambda() + .eq(SystemUser::getAccount, jwtPayloadUserInfo.getAc()); + SystemUser systemUser = systemUserMapper.selectOne(queryWrapper); + HashMap map = new HashMap<>(); + map.put("account", jwtPayloadUserInfo.getAc()); + Map rsMap = doLogin(map, systemUser); + return Result.success(rsMap); + } } diff --git a/src/main/java/com/zhgd/xmgl/modules/highformwork/mapper/xml/HighFormworkMeasureCurrentDataMapper.xml b/src/main/java/com/zhgd/xmgl/modules/highformwork/mapper/xml/HighFormworkMeasureCurrentDataMapper.xml index 308531189..47e5c28ff 100644 --- a/src/main/java/com/zhgd/xmgl/modules/highformwork/mapper/xml/HighFormworkMeasureCurrentDataMapper.xml +++ b/src/main/java/com/zhgd/xmgl/modules/highformwork/mapper/xml/HighFormworkMeasureCurrentDataMapper.xml @@ -49,6 +49,7 @@ INNER JOIN high_formwork_measure_point mp ON mp.measure_point_number = cd.measure_point_number WHERE cd.project_sn = #{q.projectSn} + order by cd.id DESC \ No newline at end of file diff --git a/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java b/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java index f721be78d..a313d8f02 100644 --- a/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java +++ b/src/main/java/com/zhgd/xmgl/security/JwtTokenFilter.java @@ -1,14 +1,17 @@ package com.zhgd.xmgl.security; +import com.zhgd.exception.CustomException; import com.zhgd.xmgl.entity.sj.JwtPayloadUserInfo; import com.zhgd.xmgl.entity.sj.TokenResponse; import com.zhgd.xmgl.util.ProfileJudgeUtil; +import com.zhgd.xmgl.util.sj.CookieUtils; import com.zhgd.xmgl.util.sj.JwtRsaUtils; import com.zhgd.xmgl.util.sj.SjUnifiedAuthenticationHttpUtil; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpStatus; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; @@ -16,11 +19,11 @@ import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.security.spec.InvalidKeySpecException; +import java.util.Arrays; /** * @program: devManage @@ -39,6 +42,8 @@ public class JwtTokenFilter extends OncePerRequestFilter { @Autowired private SjUnifiedAuthenticationHttpUtil sjUnifiedAuthenticationHttpUtil; + public static ThreadLocal sjUser = new ThreadLocal<>(); + /*public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) { this.jwtTokenProvider = jwtTokenProvider; }*/ @@ -65,7 +70,7 @@ public class JwtTokenFilter extends OncePerRequestFilter { } //log.info(request.getRequestURI()); filterChain.doFilter(request, response); - + sjUser.remove(); } /** @@ -78,42 +83,64 @@ public class JwtTokenFilter extends OncePerRequestFilter { * @throws ServletException */ private boolean validateSjProfile(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws InvalidKeySpecException, IOException, ServletException { + //不拦截url + String permitUrls = "xmgl/sj/unifiedAuthentication/logout,xmgl/sj/unifiedAuthentication/getTokenByCode,xmgl/sj/unifiedAuthentication/getLoginInfoByToken"; + if (Arrays.asList(permitUrls.split(",")).stream().anyMatch(s -> request.getRequestURL().toString().contains(s))) { + return true; + } + //②应用过滤器中判断请求头request中是否含有C2AT(若C2AT存在,C2AT的校验、过期更新请参考凭证更新令牌流程) //C2AT不存在,且更新令牌失败,则返回401,并在Location中带上登录页面地址,登录页面地址在应用过滤器中拼装,拼装方式请参考3.1.1获取授权码接口地址 String c2AT = request.getHeader("C2AT"); + String c2rt = request.getHeader("C2RT"); + JwtPayloadUserInfo jwtPayloadUserInfo = null; if (StringUtils.isNotBlank(c2AT)) { //C2AT的校验 //1.判断是否过期 //2.令牌校验 - JwtPayloadUserInfo jwtPayloadUserInfo = JwtRsaUtils.verifyWithUserInfo(c2AT); + jwtPayloadUserInfo = JwtRsaUtils.verifyWithUserInfo(c2AT); + sjUser.set(jwtPayloadUserInfo); //token校验失败,先尝试刷新token,失败就重定向统一登录 if (jwtPayloadUserInfo == null) { - String c2rt = request.getHeader("C2RT"); - if (StringUtils.isNotBlank(c2rt)) { - //刷新token - TokenResponse rs = sjUnifiedAuthenticationHttpUtil.refreshToken(c2rt); - //刷新token成功 - if (rs.getErrorCode() == null) { - response.addCookie(new Cookie("C2AT", rs.getAccess_token())); - response.addCookie(new Cookie("C2RT", rs.getRefresh_token())); - } else { - //刷新token失败,重定向登录页面 - sjUnifiedAuthenticationHttpUtil.getCodeRedirect(response); - return false; - } - } + return tryRefreshToken(request, response); } - + } else if (StringUtils.isNotBlank(c2rt)) { + return tryRefreshToken(request, response); } else { - //C2AT不存在 + //C2AT和C2RT都不存在 //重定向登录页面 //获取授权码,客户端申请授权的URI,在浏览器中以GET请求发送到认证服务器: - sjUnifiedAuthenticationHttpUtil.getCodeRedirect(response); - return false; + throw new CustomException("Unauthorized", HttpStatus.UNAUTHORIZED); } return true; } + /** + * 刷新令牌 + * + * @param request + * @param response + * @return + * @throws IOException + */ + private boolean tryRefreshToken(HttpServletRequest request, HttpServletResponse response) throws IOException { + String c2rt = request.getHeader("C2RT"); + if (StringUtils.isNotBlank(c2rt)) { + //刷新token + TokenResponse rs = sjUnifiedAuthenticationHttpUtil.refreshToken(c2rt); + //刷新token成功 + if (rs.getErrorCode() == null) { + CookieUtils.setCookie(request, response, "C2AT", rs.getAccess_token(), Integer.valueOf(rs.getExpires_in())); + CookieUtils.setCookie(request, response, "C2RT", rs.getRefresh_token(), Integer.valueOf(rs.getRe_expires_in())); + return true; + } else { + //刷新token失败,重定向登录页面 + throw new CustomException("Unauthorized", HttpStatus.UNAUTHORIZED); + } + } + return false; + } + /** * 其他环境的验证token方法 * diff --git a/src/main/java/com/zhgd/xmgl/security/WebSecurityConfig.java b/src/main/java/com/zhgd/xmgl/security/WebSecurityConfig.java index fb844be47..10f493eb1 100644 --- a/src/main/java/com/zhgd/xmgl/security/WebSecurityConfig.java +++ b/src/main/java/com/zhgd/xmgl/security/WebSecurityConfig.java @@ -209,6 +209,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers("/zhgd/**").permitAll() .antMatchers("/xmgl/lifter/list").permitAll() .antMatchers("/xmgl/progressTask/downloadTemplate").permitAll() //进度管理系统-分布分项工程管理-下载模板 + .antMatchers("/xmgl/sj/unifiedAuthentication/getTokenByCode").permitAll() + .antMatchers("/xmgl/sj/unifiedAuthentication/logout").permitAll() + .antMatchers("/xmgl/sj/unifiedAuthentication/getLoginInfoByToken").permitAll() + .antMatchers("/xmgl/weight/receivingForwardingUnit/list").permitAll() + .antMatchers("/xmgl/weight/goodsName/list").permitAll() + .antMatchers("/xmgl/weight/weighBookVehicleInfo/weighingType").permitAll() + .antMatchers("/xmgl/weight/weighBookVehicleInfo/add").permitAll() .antMatchers(HttpMethod.OPTIONS, "/**").anonymous() .anyRequest().authenticated() // 剩下所有的验证都需要验证 .and() diff --git a/src/main/java/com/zhgd/xmgl/util/sj/CookieUtils.java b/src/main/java/com/zhgd/xmgl/util/sj/CookieUtils.java index 05539462b..713c43815 100644 --- a/src/main/java/com/zhgd/xmgl/util/sj/CookieUtils.java +++ b/src/main/java/com/zhgd/xmgl/util/sj/CookieUtils.java @@ -150,6 +150,39 @@ public final class CookieUtils { } } + /** + * 设置Cookie的值,并使其在指定时间内生效 + * + * @param cookieMaxAge cookie生效的最大秒数 + */ + public static final void setCookie(HttpServletRequest request, HttpServletResponse response, String cookieName, String cookieValue, + Integer cookieMaxAge, String encodeString, Boolean httpOnly,String domain,String path) { + try { + if (StringUtils.isBlank(encodeString)) { + encodeString = "utf-8"; + } + + if (cookieValue == null) { + cookieValue = ""; + } else { + cookieValue = URLEncoder.encode(cookieValue, encodeString); + } + Cookie cookie = new Cookie(cookieName, cookieValue); + if (cookieMaxAge != null && cookieMaxAge > 0) + cookie.setMaxAge(cookieMaxAge); + if (null != request)// 设置域名的cookie + cookie.setDomain(domain); + cookie.setPath(path); + + if (httpOnly != null) { + cookie.setHttpOnly(httpOnly); + } + response.addCookie(cookie); + } catch (Exception e) { + logger.error("Cookie Encode Error.", e); + } + } + /** * 得到cookie的域名 */ diff --git a/src/main/resources/application-sjjt-gsx.properties b/src/main/resources/application-sjjt-gsx.properties index 1e1cda79e..7162966b8 100644 --- a/src/main/resources/application-sjjt-gsx.properties +++ b/src/main/resources/application-sjjt-gsx.properties @@ -74,10 +74,15 @@ license.publicKeysStorePath=C:/jxj/prod/backEnd/license/publicCerts.keystore #\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u7684\u6570\u636E\u540C\u6B65 #mq\u768461616\u7AEF\u53E3\u5BF9\u5E94\u7684\u5730\u5740 -uop_sync_mq_brokerurl=tcp://192.168.98.48:31089 +uop_sync_mq_brokerurl=tcp://116.169.63.183:31089 #mq\u7684\u7528\u6237\u540D uop_sync_mq_username=admin #mq\u7684\u5BC6\u7801 uop_sync_mq_password=admin #\u5F00\u542F\u6D88\u606F\u63A5\u6536 c2_orguser_subscription=true + +#\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u5730\u5740 +sj.unifiedAuthentication.login.url=http://116.169.63.183:30913 +#\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u6210\u529F\u8DF3\u8F6C\u540E\u63A5\u6536code\u7684\u5730\u5740 +sj.unifiedAuthentication.login.code.url=http://wbtqry.natappfree.cc/xmgl/sj/unifiedAuthentication/getTokenByCode \ No newline at end of file diff --git a/src/main/resources/application-zjsj.properties b/src/main/resources/application-zjsj.properties index 9c9bae175..6b0414f16 100644 --- a/src/main/resources/application-zjsj.properties +++ b/src/main/resources/application-zjsj.properties @@ -76,8 +76,4 @@ high_formwork.netty.port=15333 #\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u5730\u5740 sj.unifiedAuthentication.login.url=http://116.169.63.183:30913 #\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u6210\u529F\u8DF3\u8F6C\u540E\u63A5\u6536code\u7684\u5730\u5740 -sj.unifiedAuthentication.login.code.url=http://ruau8s.natappfree.cc/test/getTokenByCode -#\u4E09\u6C5F\u7EDF\u4E00\u767B\u5F55\u6210\u529F\u540E\u8DF3\u8F6C\u81EA\u5DF1\u5E94\u7528\u7684\u5730\u5740 -sj.unifiedAuthentication.application.home.url=http://baidu.com -#\u4E09\u6C5F\u7EDF\u4E00\u767B\u51FA\u5730\u5740 -sj.unifiedAuthentication.logout.redirect.url= \ No newline at end of file +sj.unifiedAuthentication.login.code.url=http://ruau8s.natappfree.cc/test/getTokenByCode \ No newline at end of file