ubcs.git - Gitblit

			@@ -3,15 +3,15 @@
			import com.alibaba.fastjson.JSON;
			import com.vci.ubcs.code.entity.TokenUserObject;
			import com.vci.ubcs.code.service.IPasswordFreeLoginService;
			import com.vci.ubcs.code.util.HttpUtils;
			import com.vci.ubcs.starter.util.HttpUtils;
			import io.jsonwebtoken.Claims;
			import lombok.extern.slf4j.Slf4j;
			import org.apache.http.auth.AuthenticationException;
			import org.springblade.core.jwt.JwtUtil;
			import org.springblade.core.jwt.props.JwtProperties;
			import org.springblade.core.log.exception.ServiceException;
			import org.springblade.core.redis.cache.BladeRedis;
			import org.springblade.core.secure.BladeUser;
			import org.springblade.core.secure.utils.AuthUtil;
			import org.springblade.core.tool.support.Kv;
			import org.springblade.core.tool.utils.Func;
			import org.springblade.core.tool.utils.ObjectUtil;
			@@ -31,7 +31,10 @@
			import javax.servlet.http.HttpServletRequest;
			import java.util.List;
			import java.util.Map;
			import java.util.logging.Logger;

			import static com.vci.ubcs.starter.util.AESUtils.aesDecrypt;
			import static com.vci.ubcs.starter.util.AESUtils.aesEncrypt;
			import static org.springblade.core.secure.utils.AuthUtil.parseJWT;

			/**
			@@ -40,17 +43,30 @@
			* @date 2023/9/11 15:45
			*/
			@Service
			@Slf4j
			public class PasswordFreeLoginServiceImpl implements IPasswordFreeLoginService {

			// 通过服务注册中心获取网关的端口号
			@Autowired
			private DiscoveryClient discoveryClient;

			// 配置的免密登录的账号所属的租户id
			@Value("${password-free.pwd-free-tenant-id}")
			// 配置的token在redis中的生存时间
			@Value("${password-free.pwd-free-tenant-id:000000}")
			private String pwdFreeTenantId;
			@Value("${password-free.token-redis-expire}")

			// 配置的token在redis中的生存时间
			@Value("${password-free.token-redis-expire:36000}")
			private Long tokenRedisExpire;

			@Value("${password-free.pwd-free-addr:localhost}")
			private String pwdFreeAddr;

			@Value("${password-free.client-id:a104c4fd2f0e4958}")
			private String clientId;//应用ID

			@Value("${password-free.secret-key:9fbd170bd83eb869}")
			private String secretKey;//应用秘钥

			@Autowired
			private BladeRedis bladeRedis;

			@@ -75,10 +91,12 @@
			/**
			* 免密登录，改变当前webservice请求的header
			* @param userName 账号
			* @return
			* @param servletRequest
			* @return boolean
			* @throws AuthenticationException
			*/
			@Override
			public boolean passwordFreeLogin(String userName, ServletRequest servletRequest) throws AuthenticationException {
			public boolean pwdFreeLoginByBoolean(String userName, ServletRequest servletRequest) throws AuthenticationException {
			//进来先判断缓存中是否存在token
			// 请求来自己哪个ip地址
			HttpServletRequest request = (HttpServletRequest) servletRequest;
			@@ -90,26 +108,7 @@
			BladeUser user = this.getUser(token2);
			//不存在就请求
			if(Func.isEmpty(authToken) \|\| Func.isEmpty(user)){
			// 免密登录接口地址
			String loginUrl = "http://localhost:"+this.getGatewayPort("ubcs-gateway")+"/ubcs-auth/oauth/token";
			// 请求ubcs-auth服务获取token，先设置请求头
			HttpHeaders headers = new HttpHeaders();
			headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
			headers.set("Authorization", "Basic c3dvcmQ6c3dvcmRfc2VjcmV0");
			headers.set("Tenant-Id", pwdFreeTenantId);
			//设置请求体参数
			MultiValueMap<String,String> parameters = new LinkedMultiValueMap<String,String>();
			parameters.add("username",userName);
			parameters.add("grant_type", "passwordfree");
			parameters.add("scope", "all");
			parameters.add("type", "account");
			String responseBody = null;
			try {
			// 发送POST请求
			responseBody = HttpUtils.post(loginUrl, parameters,headers);
			}catch (Exception e){
			throw new AuthenticationException("调用鉴权服务ubcs-auth失败，原因："+e.getMessage());
			}
			String responseBody = this.passwordFreeLogin(userName);
			//拿到响应体其中包含token,用request中的ip地址作为键值，将token存入缓存
			TokenUserObject tokenUserObject = null;
			try {
			@@ -124,10 +123,65 @@
			token2 = JwtUtil.getToken(authToken);
			user = this.getUser(token2);
			}

			//request.setAttribute("Blade-Auth",token);
			request.setAttribute("_BLADE_USER_REQUEST_ATTR_",user);
			return true;
			}

			/**
			* 免密登录请求发送
			* @param userName 账号
			* @return 返回token
			* @throws AuthenticationException
			*/
			@Override
			public String passwordFreeLogin(String userName) throws AuthenticationException {
			// 免密登录接口地址
			String loginUrl = "http://"+pwdFreeAddr+":"+this.getGatewayPort("ubcs-gateway")+"/ubcs-auth/oauth/token";
			log.debug("当前免密登录调用地址："+loginUrl);
			// 请求ubcs-auth服务获取token，先设置请求头
			HttpHeaders headers = new HttpHeaders();
			headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
			headers.set("Authorization", "Basic c3dvcmQ6c3dvcmRfc2VjcmV0");
			headers.set("Tenant-Id", pwdFreeTenantId);
			//设置请求体参数
			MultiValueMap<String,String> parameters = new LinkedMultiValueMap<String,String>();
			parameters.add("username",userName);
			parameters.add("grant_type", "passwordfree");
			parameters.add("scope", "all");
			parameters.add("type", "account");
			String responseBody = null;
			try {
			// 发送POST请求
			responseBody = HttpUtils.post(loginUrl, parameters,headers);
			}catch (Exception e){
			throw new AuthenticationException("调用鉴权服务ubcs-auth失败，原因："+e.getMessage());
			}
			return responseBody;
			}

			/**
			* 单点登录
			* @param empCode
			* @return
			* @throws Exception
			*/
			@Override
			public String ssoFreeLogin(String empCode) throws Exception {
			if(Func.isBlank(empCode)){
			throw new ServiceException("未获取到empCode参数");
			}
			String enStr2;
			try {
			String enStr1 = aesDecrypt(empCode, secretKey);
			enStr2 = aesDecrypt(enStr1, clientId);
			}catch (Exception e){
			throw new ServiceException("empCode参数解密失败！原因:"+e.getMessage());
			}
			// 解密
			log.debug("单点登录参数解密后："+enStr2);
			String token = this.passwordFreeLogin(enStr2);
			return token;
			}

			/**
			@@ -211,6 +265,5 @@

			return jwtProperties;
			}


			}