ERV统一认证配置

lab-auth/pom.xml

@@ -85,6 +85,19 @@
             <groupId>com.github.whvcse</groupId>
             <artifactId>easy-captcha</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.yawei.oav2</groupId>
+            <artifactId>yawei-pso</artifactId>
+            <version>2.0.2</version>
+            <scope>system</scope>
+            <systemPath>${project.basedir}/../lab-common/src/main/resources/lib/yawei-pso-2.0.2.jar</systemPath>
+        </dependency>
+        <dependency>
+            <groupId>org.springblade</groupId>
+            <artifactId>lab-dict-api</artifactId>
+            <version>2.8.1.RELEASE</version>
+            <scope>compile</scope>
+        </dependency>
         <!-- 链路追踪、服务监控 -->
         <!--<dependency>
             <groupId>org.springblade</groupId>
@@ -124,6 +137,7 @@
                     <repository>${docker.registry.url}/${docker.namespace}/${project.artifactId}</repository>
                     <tag>${project.version}</tag>
                     <useMavenSettingsForAuth>true</useMavenSettingsForAuth>
+
                     <buildArgs>
                         <JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
                     </buildArgs>

lab-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java

@@ -8,6 +8,7 @@ import org.springblade.auth.granter.BladeTokenGranter;
 import org.springblade.auth.service.BladeClientDetailsServiceImpl;
 import org.springblade.core.redis.cache.BladeRedis;
 import org.springblade.core.social.props.SocialProperties;
+import org.springblade.system.feign.IDictBizClient;
 import org.springblade.system.user.feign.IUserClient;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -55,12 +56,15 @@ public class BladeAuthorizationServerConfiguration extends AuthorizationServerCo
 
 	private final IUserClient userClient;
 
+	private final IDictBizClient dictBizClient;
+
 	private final SocialProperties socialProperties;
 
 	@Override
 	public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
 		//获取自定义tokenGranter
-		TokenGranter tokenGranter = BladeTokenGranter.getTokenGranter(authenticationManager, endpoints, bladeRedis, userClient, socialProperties);
+		TokenGranter tokenGranter = BladeTokenGranter.getTokenGranter(authenticationManager, endpoints,
+				bladeRedis, userClient, dictBizClient,socialProperties);
 
 		//配置端点
 		endpoints.tokenStore(tokenStore)

lab-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java

@@ -3,6 +3,7 @@ package org.springblade.auth.granter;
 
 import org.springblade.core.redis.cache.BladeRedis;
 import org.springblade.core.social.props.SocialProperties;
+import org.springblade.system.feign.IDictBizClient;
 import org.springblade.system.user.feign.IUserClient;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@@ -23,13 +24,21 @@ public class BladeTokenGranter {
 	/**
 	 * 自定义tokenGranter
 	 */
-	public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager, final AuthorizationServerEndpointsConfigurer endpoints, BladeRedis bladeRedis, IUserClient userClient, SocialProperties socialProperties) {
+	public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager,
+											   final AuthorizationServerEndpointsConfigurer endpoints,
+											   BladeRedis bladeRedis,
+											   IUserClient userClient,
+											   IDictBizClient dictBizClient,
+											   SocialProperties socialProperties) {
 		// 默认tokenGranter集合
 		List<TokenGranter> granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter()));
 		// 增加验证码模式
 		granters.add(new CaptchaTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), bladeRedis));
 		// 增加第三方登陆模式
 		granters.add(new SocialTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), userClient, socialProperties));
+		// 添加亚微登录模式
+		granters.add(new YaweiTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(),
+				endpoints.getOAuth2RequestFactory(), userClient, dictBizClient));
 		// 组合tokenGranter集合
 		return new CompositeTokenGranter(granters);
 	}

lab-auth/src/main/java/org/springblade/auth/granter/YaweiTokenGranter.java

@@ -0,0 +1,126 @@
+package org.springblade.auth.granter;
+
+import com.alibaba.fastjson.JSON;
+import com.yawei.pso.SSOResponse;
+import com.yawei.pso.TicketManager;
+import lombok.RequiredArgsConstructor;
+import org.springblade.auth.constant.AuthConstant;
+import org.springblade.auth.service.BladeUserDetails;
+import org.springblade.auth.utils.TokenUtil;
+import org.springblade.core.tool.api.R;
+import org.springblade.core.tool.utils.*;
+import org.springblade.system.feign.IDictBizClient;
+import org.springblade.system.user.entity.User;
+import org.springblade.system.user.entity.UserInfo;
+import org.springblade.system.user.feign.IUserClient;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
+import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
+import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
+import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
+import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
+import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Objects;
+
+/**
+ * @author ytl
+ * @since 2023-05-19  13:38
+ */
+public class YaweiTokenGranter extends AbstractTokenGranter {
+
+    private static final String GRANT_TYPE = "yawei";
+    private static final Integer AUTH_SUCCESS_CODE = 2000;
+
+    private final IUserClient userClient;
+    private final IDictBizClient dictBizClient;
+
+    protected YaweiTokenGranter(AuthorizationServerTokenServices tokenServices,
+                                ClientDetailsService clientDetailsService,
+                                OAuth2RequestFactory requestFactory,
+                                IUserClient userClient, IDictBizClient dictBizClient) {
+        super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
+        this.userClient = userClient;
+        this.dictBizClient = dictBizClient;
+    }
+
+    @Override
+    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
+        // 请求头租户信息
+        HttpServletRequest request = WebUtil.getRequest();
+        String tenantId = Func.toStr(request.getHeader(TokenUtil.TENANT_HEADER_KEY), TokenUtil.DEFAULT_TENANT_ID);
+
+        Map<String, String> parameters = new LinkedHashMap<>(tokenRequest.getRequestParameters());
+        // 金宏来源
+        String ssoToken = parameters.get("SSOToken");
+        R<UserInfo> result;
+        BladeUserDetails bladeUserDetails;
+
+        // 1. 未传ssotoken
+        if (Func.isBlank(ssoToken)) {
+            // 调用feign接口获取重定向地址
+            String redirectAddr = "http://jhoa.qd.gov.cn/Keeper.aspx";
+            R<String> bizResult = dictBizClient.getValue("redirectAddr", "redirectAddrKey");
+            // 若从字段配置中获取到重定向地址， 返回该地址， 否者返回默认地址
+            if (bizResult.isSuccess() && Func.isNotBlank(bizResult.getData())) {
+                redirectAddr = bizResult.getData();
+            }
+
+            throw new InvalidRequestException(redirectAddr);
+        }
+
+        // 如果服务器端通过认证后，会返回后执行改操作，然后写入cookie
+        SSOResponse ssoResp = new SSOResponse(ssoToken);
+
+        // 2. 传了ssotoken， 解析失败
+        TicketManager tm;
+        try {
+            tm = ssoResp.CreatePSOTicket();
+            result = userClient.userInfo(StringPool.EMPTY, tm.getUserName());
+        } catch (Exception e) {
+//            result = userClient.userInfo(StringPool.EMPTY, "jiangzx");
+            throw new InvalidGrantException("SSOToken解析失败！");
+        }
+
+        // 调用用户模块获取用户信息失败
+        if (!result.isSuccess()) {
+            throw new InvalidGrantException("调用用户模块获取用户信息失败！");
+        }
+
+        // 3. 解析成功， 未找到用户
+        UserInfo userInfo = result.getData();
+        User user = userInfo.getUser();
+
+        // 用户不存在,但提示用户名与密码错误并锁定账号
+        if (user == null || user.getId() == null) {
+            throw new InvalidGrantException(TokenUtil.USER_NOT_FOUND);
+        }
+
+        // 用户角色不存在
+//        if (Func.isEmpty(userInfo.getRoles())) {
+//            throw new InvalidGrantException(TokenUtil.USER_HAS_NO_ROLE);
+//        }
+
+        bladeUserDetails = new BladeUserDetails(user.getId(),
+                user.getTenantId(), StringPool.EMPTY, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), user.getRoleId(), Func.join(userInfo.getRoles()), Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR),
+                user.getName(), AuthConstant.ENCRYPT + user.getPassword(), userInfo.getDetail(), true, true, true, true,
+                AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())));
+
+        // 组装认证数据，关闭密码校验
+        Authentication userAuth = new UsernamePasswordAuthenticationToken(bladeUserDetails, null, bladeUserDetails.getAuthorities());
+        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
+        OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
+
+        // 返回 OAuth2Authentication
+        OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuth);
+        return authentication;
+    }
+}

lab-auth/src/main/resources/application-dev.yml

@@ -1,3 +1,6 @@
 #服务器端口
 server:
   port: 8002
+social:
+  domain:  http://127.0.0.1:1888
+  enabled: true

lab-common/src/main/java/org/springblade/common/constant/LauncherConstant.java.mine

@@ -1,254 +0,0 @@
-
-package org.springblade.common.constant;
-
-import org.springblade.core.launch.constant.AppConstant;
-
-import static org.springblade.core.launch.constant.AppConstant.APPLICATION_NAME_PREFIX;
-
-/**
- * 启动常量
- *
- * @author Chill
- */
-public interface LauncherConstant {
-
-	/**
-	 * 郵件服務
-	 */
-	String APPLICATION_EMAIL_NAME = APPLICATION_NAME_PREFIX + "email";
-
-
-	String APPLICATION_FLOW_NAME = APPLICATION_NAME_PREFIX  + "workflow";
-
-	/**
-	 * 资产
-	 */
-	String APPLICATION_CAPITAL_NAME = APPLICATION_NAME_PREFIX + "capital";
-
-	/**
-	 * lims
-	 */
-	String APPLICATION_LIMS_NAME = APPLICATION_NAME_PREFIX + "lims";
-
-	/**
-	 * office
-	 */
-	String APPLICATION_OFFICE_NAME = APPLICATION_NAME_PREFIX + "office";
-	/**
-	 * repair
-	 */
-	String APPLICATION_REPAIR_NAME = APPLICATION_NAME_PREFIX + "repair";
-
-	/**
-	 * monitor
-	 */
-	String APPLICATION_MONITOR_NAME = APPLICATION_NAME_PREFIX + "monitor";
-
-	/**
-	 * iot
-	 */
-	String APPLICATION_IOT_NAME = APPLICATION_NAME_PREFIX + "iot";
-	/**
-	 * xxljob
-	 */
-	String APPLICATION_XXLJOB_NAME = APPLICATION_NAME_PREFIX + "xxljob";
-
-	/**
-	 * xxljob
-	 */
-	String APPLICATION_XXLJOB_ADMIN_NAME = APPLICATION_NAME_PREFIX + "xxljob-admin";
-
-	/**
-	 * nacos dev 地址
-	 */
-//	String NACOS_DEV_ADDR = "172.29.14.103:8848";
-	String NACOS_DEV_ADDR = "127.0.0.1:8848";
-
-	//String NACOS_DEV_ADDR = "172.29.14.103:8848";
-
-	/**
-	 * nacos prod 地址
-	 */
-	String NACOS_PROD_ADDR = "172.30.0.48:8848";
-
-	/**
-	 * nacos test 地址
-	 */
-	String NACOS_TEST_ADDR = "192.168.1.88:8848";
-
-	/**
-	 * sentinel dev 地址
-	 */
-	String SENTINEL_DEV_ADDR = "127.0.0.1:8848";
-
-	/**
-	 * sentinel prod 地址
-	 */
-	String SENTINEL_PROD_ADDR = "172.30.0.58:8858";
-
-	/**
-	 * sentinel test 地址
-	 */
-	String SENTINEL_TEST_ADDR = "172.30.0.58:8858";
-
-	/**
-	 * seata dev 地址
-	 */
-	String SEATA_DEV_ADDR = "127.0.0.1:8091";
-
-	/**
-	 * seata prod 地址
-	 */
-	String SEATA_PROD_ADDR = "172.30.0.68:8091";
-
-	/**
-	 * seata test 地址
-	 */
-	String SEATA_TEST_ADDR = "172.30.0.68:8091";
-
-	/**
-	 * zipkin dev 地址
-	 */
-	String ZIPKIN_DEV_ADDR = "http://127.0.0.1:9411";
-
-	/**
-	 * zipkin prod 地址
-	 */
-	String ZIPKIN_PROD_ADDR = "http://172.30.0.71:9411";
-
-	/**
-	 * zipkin test 地址
-	 */
-	String ZIPKIN_TEST_ADDR = "http://172.30.0.71:9411";
-
-	/**
-	 * elk dev 地址
-	 */
-	String ELK_DEV_ADDR = "127.0.0.1:9000";
-
-	/**
-	 * elk prod 地址
-	 */
-	String ELK_PROD_ADDR = "172.30.0.72:9000";
-
-	/**
-	 * elk test 地址
-	 */
-	String ELK_TEST_ADDR = "172.30.0.72:9000";
-
-	/**
-	 * seata file模式
-	 */
-	String FILE_MODE = "file";
-
-	/**
-	 * seata nacos模式
-	 */
-	String NACOS_MODE = "nacos";
-
-	/**
-	 * seata default模式
-	 */
-	String DEFAULT_MODE = "default";
-
-	/**
-	 * seata group后缀
-	 */
-	String GROUP_NAME = "-group";
-
-	/**
-	 * seata 服务组格式
-	 *
-	 * @param appName 服务名
-	 * @return group
-	 */
-	static String seataServiceGroup(String appName) {
-		return appName.concat(GROUP_NAME);
-	}
-
-	/**
-	 * 动态获取nacos地址
-	 *
-	 * @param profile 环境变量
-	 * @return addr
-	 */
-	static String nacosAddr(String profile) {
-		switch (profile) {
-			case (AppConstant.PROD_CODE):
-				return NACOS_PROD_ADDR;
-			case (AppConstant.TEST_CODE):
-				return NACOS_TEST_ADDR;
-			default:
-				return NACOS_DEV_ADDR;
-		}
-	}
-
-	/**
-	 * 动态获取sentinel地址
-	 *
-	 * @param profile 环境变量
-	 * @return addr
-	 */
-	static String sentinelAddr(String profile) {
-		switch (profile) {
-			case (AppConstant.PROD_CODE):
-				return SENTINEL_PROD_ADDR;
-			case (AppConstant.TEST_CODE):
-				return SENTINEL_TEST_ADDR;
-			default:
-				return SENTINEL_DEV_ADDR;
-		}
-	}
-
-	/**
-	 * 动态获取seata地址
-	 *
-	 * @param profile 环境变量
-	 * @return addr
-	 */
-	static String seataAddr(String profile) {
-		switch (profile) {
-			case (AppConstant.PROD_CODE):
-				return SEATA_PROD_ADDR;
-			case (AppConstant.TEST_CODE):
-				return SEATA_TEST_ADDR;
-			default:
-				return SEATA_DEV_ADDR;
-		}
-	}
-
-	/**
-	 * 动态获取zipkin地址
-	 *
-	 * @param profile 环境变量
-	 * @return addr
-	 */
-	static String zipkinAddr(String profile) {
-		switch (profile) {
-			case (AppConstant.PROD_CODE):
-				return ZIPKIN_PROD_ADDR;
-			case (AppConstant.TEST_CODE):
-				return ZIPKIN_TEST_ADDR;
-			default:
-				return ZIPKIN_DEV_ADDR;
-		}
-	}
-
-	/**
-	 * 动态获取elk地址
-	 *
-	 * @param profile 环境变量
-	 * @return addr
-	 */
-	static String elkAddr(String profile) {
-		switch (profile) {
-			case (AppConstant.PROD_CODE):
-				return ELK_PROD_ADDR;
-			case (AppConstant.TEST_CODE):
-				return ELK_TEST_ADDR;
-			default:
-				return ELK_DEV_ADDR;
-		}
-	}
-
-}

lab-service-api/lab-user-api/src/main/java/org/springblade/system/user/feign/IUserClient.java

@@ -53,7 +53,6 @@ public interface IUserClient {
 	@GetMapping(ALL_USER)
 	R<List<User>> allUser();
 
-
 	/**
 	 * 根据账号获取用户信息
 	 *

lab-service/lab-user/src/main/java/org/springblade/system/user/feign/UserClient.java

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import lombok.AllArgsConstructor;
 import org.springblade.core.tenant.annotation.NonDS;
 import org.springblade.core.tool.api.R;
+import org.springblade.core.tool.constant.BladeConstant;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.system.entity.Dept;
 import org.springblade.system.feign.ISysClient;

lab-service/lab-user/src/main/java/org/springblade/system/user/mapper/UserMapper.java

@@ -35,7 +35,7 @@ public interface UserMapper extends BaseMapper<User> {
 	 * @param account
 	 * @return
 	 */
-	User getUser(String tenantId, String account);
+	User getUser(@Param("tenantId") String tenantId, @Param("account") String account);
 
 	/**
 	 * 获取导出用户数据

lab-service/lab-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml

@@ -66,7 +66,10 @@
         FROM
             blade_user
         WHERE
-            tenant_id = #{param1} and account = #{param2} and is_deleted = 0
+           account = #{account} and is_deleted = 0
+        <if test="tenantId != null and tenantId != ''">
+            and  tenant_id = #{tenantId}
+        </if>
     </select>
 
     <select id="exportUser" resultType="org.springblade.system.user.excel.UserExcel">

pom.xml

@@ -109,6 +109,7 @@
                     <configuration>
                         <fork>true</fork>
                         <finalName>${project.build.finalName}</finalName>
+                        <includeSystemScope>true</includeSystemScope>
                     </configuration>
                     <executions>
                         <execution>
@@ -128,9 +129,11 @@
                         <repository>${docker.registry.url}/${docker.namespace}/${project.artifactId}</repository>
                         <tag>${project.version}</tag>
                         <useMavenSettingsForAuth>true</useMavenSettingsForAuth>
+
                         <buildArgs>
                             <JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
                         </buildArgs>
+
                     </configuration>
                     <!--子服务添加如下配置，运行 mvn deploy 命令便会自动打包镜像-->
                     <!--<executions>