suojin
/
workorder_back
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ERV统一认证配置

Browse Source
main
ytl 3 years ago
parent b5ba8ee0a9
commit 060b77b1df
11 changed files with 167 additions and 259 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      lab-auth/pom.xml
  2. 6
      lab-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java
  3. 11
      lab-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java
  4. 126
      lab-auth/src/main/java/org/springblade/auth/granter/YaweiTokenGranter.java
  5. 3
      lab-auth/src/main/resources/application-dev.yml
  6. 254
      lab-common/src/main/java/org/springblade/common/constant/LauncherConstant.java.mine
  7. 1
      lab-service-api/lab-user-api/src/main/java/org/springblade/system/user/feign/IUserClient.java
  8. 1
      lab-service/lab-user/src/main/java/org/springblade/system/user/feign/UserClient.java
  9. 2
      lab-service/lab-user/src/main/java/org/springblade/system/user/mapper/UserMapper.java
  10. 5
      lab-service/lab-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml
  11. 3
      pom.xml

14
lab-auth/pom.xml
Unescape View File

@ -85,6 +85,19 @@
<groupId>com.github.whvcse</groupId> <groupId>com.github.whvcse</groupId>
<artifactId>easy-captcha</artifactId> <artifactId>easy-captcha</artifactId>
</dependency> </dependency>
<dependency>
<groupId>com.yawei.oav2</groupId>
<artifactId>yawei-pso</artifactId>
<version>2.0.2</version>
<scope>system</scope>
<systemPath>${project.basedir}/../lab-common/src/main/resources/lib/yawei-pso-2.0.2.jar</systemPath>
</dependency>
<dependency>
<groupId>org.springblade</groupId>
<artifactId>lab-dict-api</artifactId>
<version>2.8.1.RELEASE</version>
<scope>compile</scope>
</dependency>
<!-- 链路追踪、服务监控 --> <!-- 链路追踪、服务监控 -->
<!--<dependency> <!--<dependency>
<groupId>org.springblade</groupId> <groupId>org.springblade</groupId>
@ -124,6 +137,7 @@
<repository>${docker.registry.url}/${docker.namespace}/${project.artifactId}</repository> <repository>${docker.registry.url}/${docker.namespace}/${project.artifactId}</repository>
<tag>${project.version}</tag> <tag>${project.version}</tag>
<useMavenSettingsForAuth>true</useMavenSettingsForAuth> <useMavenSettingsForAuth>true</useMavenSettingsForAuth>
<buildArgs> <buildArgs>
<JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE> <JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
</buildArgs> </buildArgs>

6
lab-auth/src/main/java/org/springblade/auth/config/BladeAuthorizationServerConfiguration.java
Unescape View File

@ -8,6 +8,7 @@ import org.springblade.auth.granter.BladeTokenGranter;
import org.springblade.auth.service.BladeClientDetailsServiceImpl; import org.springblade.auth.service.BladeClientDetailsServiceImpl;
import org.springblade.core.redis.cache.BladeRedis; import org.springblade.core.redis.cache.BladeRedis;
import org.springblade.core.social.props.SocialProperties; import org.springblade.core.social.props.SocialProperties;
import org.springblade.system.feign.IDictBizClient;
import org.springblade.system.user.feign.IUserClient; import org.springblade.system.user.feign.IUserClient;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
@ -55,12 +56,15 @@ public class BladeAuthorizationServerConfiguration extends AuthorizationServerCo
private final IUserClient userClient; private final IUserClient userClient;
private final IDictBizClient dictBizClient;
private final SocialProperties socialProperties; private final SocialProperties socialProperties;
@Override @Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) { public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
//获取自定义tokenGranter //获取自定义tokenGranter
TokenGranter tokenGranter = BladeTokenGranter.getTokenGranter(authenticationManager, endpoints, bladeRedis, userClient, socialProperties); TokenGranter tokenGranter = BladeTokenGranter.getTokenGranter(authenticationManager, endpoints,
bladeRedis, userClient, dictBizClient,socialProperties);
//配置端点 //配置端点
endpoints.tokenStore(tokenStore) endpoints.tokenStore(tokenStore)

11
lab-auth/src/main/java/org/springblade/auth/granter/BladeTokenGranter.java
Unescape View File

@ -3,6 +3,7 @@ package org.springblade.auth.granter;
import org.springblade.core.redis.cache.BladeRedis; import org.springblade.core.redis.cache.BladeRedis;
import org.springblade.core.social.props.SocialProperties; import org.springblade.core.social.props.SocialProperties;
import org.springblade.system.feign.IDictBizClient;
import org.springblade.system.user.feign.IUserClient; import org.springblade.system.user.feign.IUserClient;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer; import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
@ -23,13 +24,21 @@ public class BladeTokenGranter {
/** /**
* 自定义tokenGranter * 自定义tokenGranter
*/ */
public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager, final AuthorizationServerEndpointsConfigurer endpoints, BladeRedis bladeRedis, IUserClient userClient, SocialProperties socialProperties) { public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager,
final AuthorizationServerEndpointsConfigurer endpoints,
BladeRedis bladeRedis,
IUserClient userClient,
IDictBizClient dictBizClient,
SocialProperties socialProperties) {
// 默认tokenGranter集合 // 默认tokenGranter集合
List<TokenGranter> granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter())); List<TokenGranter> granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter()));
// 增加验证码模式 // 增加验证码模式
granters.add(new CaptchaTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), bladeRedis)); granters.add(new CaptchaTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), bladeRedis));
// 增加第三方登陆模式 // 增加第三方登陆模式
granters.add(new SocialTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), userClient, socialProperties)); granters.add(new SocialTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory(), userClient, socialProperties));
// 添加亚微登录模式
granters.add(new YaweiTokenGranter(endpoints.getTokenServices(), endpoints.getClientDetailsService(),
endpoints.getOAuth2RequestFactory(), userClient, dictBizClient));
// 组合tokenGranter集合 // 组合tokenGranter集合
return new CompositeTokenGranter(granters); return new CompositeTokenGranter(granters);
} }

126
lab-auth/src/main/java/org/springblade/auth/granter/YaweiTokenGranter.java
Unescape View File

@ -0,0 +1,126 @@
package org.springblade.auth.granter;
import com.alibaba.fastjson.JSON;
import com.yawei.pso.SSOResponse;
import com.yawei.pso.TicketManager;
import lombok.RequiredArgsConstructor;
import org.springblade.auth.constant.AuthConstant;
import org.springblade.auth.service.BladeUserDetails;
import org.springblade.auth.utils.TokenUtil;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.utils.*;
import org.springblade.system.feign.IDictBizClient;
import org.springblade.system.user.entity.User;
import org.springblade.system.user.entity.UserInfo;
import org.springblade.system.user.feign.IUserClient;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
/**
* @author ytl
* @since 2023-05-19 13:38
*/
public class YaweiTokenGranter extends AbstractTokenGranter {
private static final String GRANT_TYPE = "yawei";
private static final Integer AUTH_SUCCESS_CODE = 2000;
private final IUserClient userClient;
private final IDictBizClient dictBizClient;
protected YaweiTokenGranter(AuthorizationServerTokenServices tokenServices,
ClientDetailsService clientDetailsService,
OAuth2RequestFactory requestFactory,
IUserClient userClient, IDictBizClient dictBizClient) {
super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
this.userClient = userClient;
this.dictBizClient = dictBizClient;
}
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
// 请求头租户信息
HttpServletRequest request = WebUtil.getRequest();
String tenantId = Func.toStr(request.getHeader(TokenUtil.TENANT_HEADER_KEY), TokenUtil.DEFAULT_TENANT_ID);
Map<String, String> parameters = new LinkedHashMap<>(tokenRequest.getRequestParameters());
// 金宏来源
String ssoToken = parameters.get("SSOToken");
R<UserInfo> result;
BladeUserDetails bladeUserDetails;
// 1. 未传ssotoken
if (Func.isBlank(ssoToken)) {
// 调用feign接口获取重定向地址
String redirectAddr = "http://jhoa.qd.gov.cn/Keeper.aspx";
R<String> bizResult = dictBizClient.getValue("redirectAddr", "redirectAddrKey");
// 若从字段配置中获取到重定向地址, 返回该地址, 否者返回默认地址
if (bizResult.isSuccess() && Func.isNotBlank(bizResult.getData())) {
redirectAddr = bizResult.getData();
}
throw new InvalidRequestException(redirectAddr);
}
// 如果服务器端通过认证后,会返回后执行改操作,然后写入cookie
SSOResponse ssoResp = new SSOResponse(ssoToken);
// 2. 传了ssotoken, 解析失败
TicketManager tm;
try {
tm = ssoResp.CreatePSOTicket();
result = userClient.userInfo(StringPool.EMPTY, tm.getUserName());
} catch (Exception e) {
// result = userClient.userInfo(StringPool.EMPTY, "jiangzx");
throw new InvalidGrantException("SSOToken解析失败!");
}
// 调用用户模块获取用户信息失败
if (!result.isSuccess()) {
throw new InvalidGrantException("调用用户模块获取用户信息失败!");
}
// 3. 解析成功, 未找到用户
UserInfo userInfo = result.getData();
User user = userInfo.getUser();
// 用户不存在,但提示用户名与密码错误并锁定账号
if (user == null || user.getId() == null) {
throw new InvalidGrantException(TokenUtil.USER_NOT_FOUND);
}
// 用户角色不存在
// if (Func.isEmpty(userInfo.getRoles())) {
// throw new InvalidGrantException(TokenUtil.USER_HAS_NO_ROLE);
// }
bladeUserDetails = new BladeUserDetails(user.getId(),
user.getTenantId(), StringPool.EMPTY, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), user.getRoleId(), Func.join(userInfo.getRoles()), Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR),
user.getName(), AuthConstant.ENCRYPT + user.getPassword(), userInfo.getDetail(), true, true, true, true,
AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())));
// 组装认证数据,关闭密码校验
Authentication userAuth = new UsernamePasswordAuthenticationToken(bladeUserDetails, null, bladeUserDetails.getAuthorities());
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
// 返回 OAuth2Authentication
OAuth2Authentication authentication = new OAuth2Authentication(storedOAuth2Request, userAuth);
return authentication;
}
}

3
lab-auth/src/main/resources/application-dev.yml
Unescape View File

@ -1,3 +1,6 @@
#服务器端口 #服务器端口
server: server:
port: 8002 port: 8002
social:
domain: http://127.0.0.1:1888
enabled: true

254
lab-common/src/main/java/org/springblade/common/constant/LauncherConstant.java.mine
Unescape View File

@ -1,254 +0,0 @@
package org.springblade.common.constant;
import org.springblade.core.launch.constant.AppConstant;
import static org.springblade.core.launch.constant.AppConstant.APPLICATION_NAME_PREFIX;
/**
* 启动常量
*
* @author Chill
*/
public interface LauncherConstant {
/**
* 郵件服務
*/
String APPLICATION_EMAIL_NAME = APPLICATION_NAME_PREFIX + "email";
String APPLICATION_FLOW_NAME = APPLICATION_NAME_PREFIX + "workflow";
/**
* 资产
*/
String APPLICATION_CAPITAL_NAME = APPLICATION_NAME_PREFIX + "capital";
/**
* lims
*/
String APPLICATION_LIMS_NAME = APPLICATION_NAME_PREFIX + "lims";
/**
* office
*/
String APPLICATION_OFFICE_NAME = APPLICATION_NAME_PREFIX + "office";
/**
* repair
*/
String APPLICATION_REPAIR_NAME = APPLICATION_NAME_PREFIX + "repair";
/**
* monitor
*/
String APPLICATION_MONITOR_NAME = APPLICATION_NAME_PREFIX + "monitor";
/**
* iot
*/
String APPLICATION_IOT_NAME = APPLICATION_NAME_PREFIX + "iot";
/**
* xxljob
*/
String APPLICATION_XXLJOB_NAME = APPLICATION_NAME_PREFIX + "xxljob";
/**
* xxljob
*/
String APPLICATION_XXLJOB_ADMIN_NAME = APPLICATION_NAME_PREFIX + "xxljob-admin";
/**
* nacos dev 地址
*/
// String NACOS_DEV_ADDR = "172.29.14.103:8848";
String NACOS_DEV_ADDR = "127.0.0.1:8848";
//String NACOS_DEV_ADDR = "172.29.14.103:8848";
/**
* nacos prod 地址
*/
String NACOS_PROD_ADDR = "172.30.0.48:8848";
/**
* nacos test 地址
*/
String NACOS_TEST_ADDR = "192.168.1.88:8848";
/**
* sentinel dev 地址
*/
String SENTINEL_DEV_ADDR = "127.0.0.1:8848";
/**
* sentinel prod 地址
*/
String SENTINEL_PROD_ADDR = "172.30.0.58:8858";
/**
* sentinel test 地址
*/
String SENTINEL_TEST_ADDR = "172.30.0.58:8858";
/**
* seata dev 地址
*/
String SEATA_DEV_ADDR = "127.0.0.1:8091";
/**
* seata prod 地址
*/
String SEATA_PROD_ADDR = "172.30.0.68:8091";
/**
* seata test 地址
*/
String SEATA_TEST_ADDR = "172.30.0.68:8091";
/**
* zipkin dev 地址
*/
String ZIPKIN_DEV_ADDR = "http://127.0.0.1:9411";
/**
* zipkin prod 地址
*/
String ZIPKIN_PROD_ADDR = "http://172.30.0.71:9411";
/**
* zipkin test 地址
*/
String ZIPKIN_TEST_ADDR = "http://172.30.0.71:9411";
/**
* elk dev 地址
*/
String ELK_DEV_ADDR = "127.0.0.1:9000";
/**
* elk prod 地址
*/
String ELK_PROD_ADDR = "172.30.0.72:9000";
/**
* elk test 地址
*/
String ELK_TEST_ADDR = "172.30.0.72:9000";
/**
* seata file模式
*/
String FILE_MODE = "file";
/**
* seata nacos模式
*/
String NACOS_MODE = "nacos";
/**
* seata default模式
*/
String DEFAULT_MODE = "default";
/**
* seata group后缀
*/
String GROUP_NAME = "-group";
/**
* seata 服务组格式
*
* @param appName 服务名
* @return group
*/
static String seataServiceGroup(String appName) {
return appName.concat(GROUP_NAME);
}
/**
* 动态获取nacos地址
*
* @param profile 环境变量
* @return addr
*/
static String nacosAddr(String profile) {
switch (profile) {
case (AppConstant.PROD_CODE):
return NACOS_PROD_ADDR;
case (AppConstant.TEST_CODE):
return NACOS_TEST_ADDR;
default:
return NACOS_DEV_ADDR;
}
}
/**
* 动态获取sentinel地址
*
* @param profile 环境变量
* @return addr
*/
static String sentinelAddr(String profile) {
switch (profile) {
case (AppConstant.PROD_CODE):
return SENTINEL_PROD_ADDR;
case (AppConstant.TEST_CODE):
return SENTINEL_TEST_ADDR;
default:
return SENTINEL_DEV_ADDR;
}
}
/**
* 动态获取seata地址
*
* @param profile 环境变量
* @return addr
*/
static String seataAddr(String profile) {
switch (profile) {
case (AppConstant.PROD_CODE):
return SEATA_PROD_ADDR;
case (AppConstant.TEST_CODE):
return SEATA_TEST_ADDR;
default:
return SEATA_DEV_ADDR;
}
}
/**
* 动态获取zipkin地址
*
* @param profile 环境变量
* @return addr
*/
static String zipkinAddr(String profile) {
switch (profile) {
case (AppConstant.PROD_CODE):
return ZIPKIN_PROD_ADDR;
case (AppConstant.TEST_CODE):
return ZIPKIN_TEST_ADDR;
default:
return ZIPKIN_DEV_ADDR;
}
}
/**
* 动态获取elk地址
*
* @param profile 环境变量
* @return addr
*/
static String elkAddr(String profile) {
switch (profile) {
case (AppConstant.PROD_CODE):
return ELK_PROD_ADDR;
case (AppConstant.TEST_CODE):
return ELK_TEST_ADDR;
default:
return ELK_DEV_ADDR;
}
}
}

1
lab-service-api/lab-user-api/src/main/java/org/springblade/system/user/feign/IUserClient.java
Unescape View File

@ -53,7 +53,6 @@ public interface IUserClient {
@GetMapping(ALL_USER) @GetMapping(ALL_USER)
R<List<User>> allUser(); R<List<User>> allUser();
/** /**
* 根据账号获取用户信息 * 根据账号获取用户信息
* *

1
lab-service/lab-user/src/main/java/org/springblade/system/user/feign/UserClient.java
Unescape View File

@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import org.springblade.core.tenant.annotation.NonDS; import org.springblade.core.tenant.annotation.NonDS;
import org.springblade.core.tool.api.R; import org.springblade.core.tool.api.R;
import org.springblade.core.tool.constant.BladeConstant;
import org.springblade.core.tool.utils.Func; import org.springblade.core.tool.utils.Func;
import org.springblade.system.entity.Dept; import org.springblade.system.entity.Dept;
import org.springblade.system.feign.ISysClient; import org.springblade.system.feign.ISysClient;

2
lab-service/lab-user/src/main/java/org/springblade/system/user/mapper/UserMapper.java
Unescape View File

@ -35,7 +35,7 @@ public interface UserMapper extends BaseMapper<User> {
* @param account * @param account
* @return * @return
*/ */
User getUser(String tenantId, String account); User getUser(@Param("tenantId") String tenantId, @Param("account") String account);
/** /**
* 获取导出用户数据 * 获取导出用户数据

5
lab-service/lab-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml
Unescape View File

@ -66,7 +66,10 @@
FROM FROM
blade_user blade_user
WHERE WHERE
tenant_id = #{param1} and account = #{param2} and is_deleted = 0 account = #{account} and is_deleted = 0
<if test="tenantId != null and tenantId != ''">
and tenant_id = #{tenantId}
</if>
</select> </select>
<select id="exportUser" resultType="org.springblade.system.user.excel.UserExcel"> <select id="exportUser" resultType="org.springblade.system.user.excel.UserExcel">

3
pom.xml
Unescape View File

@ -109,6 +109,7 @@
<configuration> <configuration>
<fork>true</fork> <fork>true</fork>
<finalName>${project.build.finalName}</finalName> <finalName>${project.build.finalName}</finalName>
<includeSystemScope>true</includeSystemScope>
</configuration> </configuration>
<executions> <executions>
<execution> <execution>
@ -128,9 +129,11 @@
<repository>${docker.registry.url}/${docker.namespace}/${project.artifactId}</repository> <repository>${docker.registry.url}/${docker.namespace}/${project.artifactId}</repository>
<tag>${project.version}</tag> <tag>${project.version}</tag>
<useMavenSettingsForAuth>true</useMavenSettingsForAuth> <useMavenSettingsForAuth>true</useMavenSettingsForAuth>
<buildArgs> <buildArgs>
<JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE> <JAR_FILE>target/${project.build.finalName}.jar</JAR_FILE>
</buildArgs> </buildArgs>
</configuration> </configuration>
<!--子服务添加如下配置,运行 mvn deploy 命令便会自动打包镜像--> <!--子服务添加如下配置,运行 mvn deploy 命令便会自动打包镜像-->
<!--<executions> <!--<executions>

Write Preview
Loading…
Cancel
Save