admin/wisdomisitezw_java
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化

Browse Source
This commit is contained in:
pengjie 2023-11-14 16:19:24 +08:00
parent b921722c2a
commit 4d02e4c64d
2 changed files with 22 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/main/java/com/zhgd/xmgl/modules/basicdata/controller/admin/SystemUserAuthController.java
View File

@ -7,7 +7,6 @@ import com.zhgd.annotation.OperLog;
import com.zhgd.jeecg.common.api.vo.Result; import com.zhgd.jeecg.common.api.vo.Result;
import com.zhgd.jeecg.common.constant.CommonConstant; import com.zhgd.jeecg.common.constant.CommonConstant;
import com.zhgd.mybatis.Aes; import com.zhgd.mybatis.Aes;
import com.zhgd.xmgl.handler.exception.CustomException;
import com.zhgd.xmgl.modules.basicdata.dto.SystemUserAuthDto; import com.zhgd.xmgl.modules.basicdata.dto.SystemUserAuthDto;
import com.zhgd.xmgl.modules.basicdata.entity.Government; import com.zhgd.xmgl.modules.basicdata.entity.Government;
import com.zhgd.xmgl.modules.basicdata.entity.SystemUser; import com.zhgd.xmgl.modules.basicdata.entity.SystemUser;
@ -21,7 +20,6 @@ import com.zhgd.xmgl.security.JwtTokenProvider;
import com.zhgd.xmgl.security.SecurityUser; import com.zhgd.xmgl.security.SecurityUser;
import com.zhgd.xmgl.security.SecurityUtil; import com.zhgd.xmgl.security.SecurityUtil;
import com.zhgd.xmgl.util.CommonUtil; import com.zhgd.xmgl.util.CommonUtil;
import com.zhgd.xmgl.util.JwtUtils;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiImplicitParams;
@ -29,20 +27,14 @@ import io.swagger.annotations.ApiOperation;
import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Operation;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.MapUtils; import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.BeanUtils; import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ClassPathResource;
import org.springframework.util.FileCopyUtils;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import springfox.documentation.annotations.ApiIgnore; import springfox.documentation.annotations.ApiIgnore;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.util.Date; import java.util.Date;
import java.util.Map; import java.util.Map;
@ -243,22 +235,28 @@ public class SystemUserAuthController {
@OperLog(operModul = "用户身份认证", operType="登录", operDesc = "用户身份认证") @OperLog(operModul = "用户身份认证", operType="登录", operDesc = "用户身份认证")
@Operation(summary = "用户身份认证", description = "用户身份认证") @Operation(summary = "用户身份认证", description = "用户身份认证")
@PostMapping("/ssoLogin") @PostMapping("/ssoLogin")
public void ssoLogin(@RequestParam Map<String, Object> map, HttpServletResponse response) throws IOException { public Result<SystemUserAuthDto> ssoLogin(@RequestParam Map<String, Object> map, HttpServletResponse response) throws IOException {
String token = MapUtils.getString(map, "id_token"); Result<SystemUserAuthDto> result = new Result<SystemUserAuthDto>();
String targetUrl = MapUtils.getString(map, "target_url"); // 检查账户是否已被锁定
if (StringUtils.isEmpty(token)) { String account = MapUtils.getString(map, "account");
throw new CustomException("id_token 参数不存在"); String password = MapUtils.getString(map, "password");
if (jwtTokenProvider.checkLock(account) >=5 ) {
result.error500("账号已被锁定,还有" + DateUtil.formatBetween(jwtTokenProvider.getExpire(account) * 1000L) + "解锁");
return result;
} }
// 公钥 SystemUser user = systemUserService.getOne(Wrappers.<SystemUser>lambdaQuery()
RSAPublicKey publicKey; .eq(SystemUser::getAccount, account)
try { .eq(SystemUser::getShowPassword, password));
ClassPathResource res = new ClassPathResource("sign.cer"); SystemUserAuthDto userInfo = new SystemUserAuthDto();
publicKey = (RSAPublicKey) JwtUtils.readPublicKey(new String( checkLogin(user, userInfo, result, account);
FileCopyUtils.copyToByteArray(res.getInputStream()), StandardCharsets.UTF_8)); if (result.getCode() != CommonConstant.SC_INTERNAL_SERVER_ERROR_500) {
} catch (CertificateException | IOException e) { String token = jwtTokenProvider.createToken(userInfo.getAccount(), 3600 * 24 * 1000L);
throw new RuntimeException(e); userInfo.setToken(token);
userInfo.setIsEngineering(systemUserDataScopeService.count(Wrappers.<SystemUserDataScope>lambdaQuery()
.eq(SystemUserDataScope::getUserId, userInfo.getUserId())) > 0);
result.setResult(userInfo);
result.setSuccess(true);
} }
String username = JwtUtils.getUserNameFromToken(token, publicKey); return result;
response.sendRedirect("http://jxjzw.zhgdyun.com:6080/#/home");
} }
} }

1
src/main/java/com/zhgd/xmgl/security/WebSecurityConfig.java
View File

@ -91,6 +91,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/xmgl/systemUser/analysis").permitAll() .antMatchers("/xmgl/systemUser/analysis").permitAll()
.antMatchers("/project/workerAttendance/add").permitAll() .antMatchers("/project/workerAttendance/add").permitAll()
.antMatchers("/jwt/sso").permitAll() .antMatchers("/jwt/sso").permitAll()
.antMatchers("/xmgl/systemUser/ssoLogin").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").anonymous() .antMatchers(HttpMethod.OPTIONS, "/**").anonymous()
.anyRequest().authenticated() // 剩下所有的验证都需要验证 .anyRequest().authenticated() // 剩下所有的验证都需要验证
.and() .and()