hugh
/
open-JSD-9647
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
JSD-9647 IAM OAuth2单点
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.2 MiB
 
 
Tree: a7a23edee9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a7a23edee9'
${ noResults }
open-JSD-9647/doc/IAM对接代码参考/SysOamOauth.java

275 lines
11 KiB
Raw Blame History

package com.fawjiefang.modules.sys.controller;
import cn.hutool.core.codec.Base64;
import com.fawjiefang.common.cmodules.log.entity.SysLogLoginEntity;
import com.fawjiefang.common.cmodules.log.enums.LoginOperationEnum;
import com.fawjiefang.common.cmodules.log.enums.LoginStatusEnum;
import com.fawjiefang.common.cmodules.log.service.SysLogLoginService;
import com.fawjiefang.common.common.redis.RedisUtils;
import com.fawjiefang.common.common.utils.IpUtils;
import com.fawjiefang.common.common.utils.Result;
import com.fawjiefang.common.entity.UserCache;
import com.fawjiefang.common.utils.AesEncryptUtil;
import com.fawjiefang.modules.security.service.SysUserTokenService;
import com.fawjiefang.modules.sys.dto.SysUserDTO;
import com.fawjiefang.modules.sys.service.SysDictService;
import com.fawjiefang.modules.sys.service.SysUserService;
import io.swagger.annotations.ApiOperation;
import org.activiti.engine.impl.util.json.JSONObject;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.Date;
import java.util.Map;
@RestController
@RequestMapping("/idm")
public class SysOamOauth {
@Autowired
private SysUserTokenService sysUserTokenService;
@Autowired
private SysLogLoginService sysLogLoginService;
@Autowired
private RedisUtils redisUtils;
@Autowired
private SysDictService sysDictService;
//private static String AUTHORIZATION_URL = "https://www.fawidmdev.com/ms_oauth/oauth2/endpoints/oauthservice/authorize";
@Value("${jiefang.admin.authorization-url}")
private String AUTHORIZATION_URL;
@Value("${jiefang.admin.access-token-url}")
private String ACCESS_TOKEN_URL;
@Value("${jiefang.admin.user-profile-url}")
private String USER_PROFILE_URL;
@Value("${jiefang.admin.customer-service-url}")
private String CUSTOMER_SERVICE_URL;
@Value("${jiefang.admin.redirect-uri}")
private String REDIRECT_URI;
private static String CLIENT_ID = "qakz5cr8r61gzzqq5sqioga8ulrfi483";
private static String CLIENT_SECRET = "1aspst1979wz4nt296unf51lvbfng0bs";
private static String BASE_64_CREDENTIALS = "Basic " + new String(Base64.encode(CLIENT_ID+":"+ CLIENT_SECRET));
@Value("${jiefang.admin.home-url}")
private String HOME_URL;
private static String RESPONSE_TYPE = "code";
private static String OAUTH_SCOPE = "Customer.Info UserProfile.me";
private static String GRANT_TYPE = "AUTHORIZATION_CODE";
private static CloseableHttpClient httpClient;
static {
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager();
cm.setMaxTotal(100);
cm.setDefaultMaxPerRoute(20);
cm.setDefaultMaxPerRoute(50);
httpClient = HttpClients.custom().setConnectionManager(cm).build();
}
@Autowired
private SysUserService sysUserService;
@RequestMapping("validation")
@ApiOperation("idm验证")
public void validation(@RequestParam(value="code",required=false) String code, HttpServletRequest request, HttpServletResponse response) throws Exception {
if(code == null || "".equals(code)){
//response.sendRedirect(AUTHORIZATION_URL+"?client_id=" + CLIENT_ID + "&response_type=" + RESPONSE_TYPE + "&redirect_uri=" + REDIRECT_URI + "&scope=" + OAUTH_SCOPE + "&domain=IdmDomain");
//response.sendRedirect(AUTHORIZATION_URL+"?response_type=code&client_id= xcoiv98y2kd22vusuye3kch &domain=IdmDomain &scope=ResServer.Customer.Info ResServer.UserProfile.me&redirect_uri="+REDIRECT_URI);
//response.sendRedirect("http://10.60.25.66/oauth2/rest/authz?response_type=code&client_id="+CLIENT_ID+"&domain=IdmDomain&state=xcoiv98y2kd22vusuye3kch&scope=IdmResServer.Customer.Info%20IdmResServer.UserProfile.me&redirect_uri="+REDIRECT_URI);
// response.sendRedirect("https://iamuat.fawjiefang.com.cn/oauth2/rest/authz?response_type=code&client_id=qakz5cr8r61gzzqq5sqioga8ulrfi483&domain=IdmDomain&state=xyz&scope=IdmResServer.UserProfile.me openid email phone profile&redirect_uri=http://10.58.52.112:8686/jiefang-admin/idm/validation");
response.sendRedirect(AUTHORIZATION_URL+"?response_type="+RESPONSE_TYPE+"&client_id="+CLIENT_ID+"&domain=IdmDomain&state=xyz&scope=IdmResServer.UserProfile.me openid email phone profile&redirect_uri="+REDIRECT_URI);
}else{
String accessToken = getAccessToken(code);
System.out.println("accessToken:"+accessToken);
String username = getUserInfo(accessToken);
getCustomerInfo(accessToken,username);
SysUserDTO user = sysUserService.getByUsername(username);
SysLogLoginEntity log = new SysLogLoginEntity();
log.setOperation(LoginOperationEnum.LOGIN.value());
log.setCreateDate(new Date());
log.setIp(IpUtils.getIpAddr(request));
log.setUserAgent(request.getHeader(HttpHeaders.USER_AGENT));
log.setIp(IpUtils.getIpAddr(request));
if(user == null){
log.setStatus(LoginStatusEnum.FAIL.value());
log.setCreatorName(username);
sysLogLoginService.save(log);
response.sendRedirect(HOME_URL);
}else{
sysDictService.refRedisDict();
}
Result r = sysUserTokenService.createToken(user.getId());
//用户信息
Map<String,Object> map = (Map<String, Object>) r.getData();
SetUserCacheToRedis(user);
redisUtils.hSet("userinfo",user.getId().toString(),user);
String key = String.valueOf(System.currentTimeMillis());
String aesUserId = AesEncryptUtil.encrypt(new String(map.get("userId").toString().getBytes(),"UTF-8"),"123"+key,"123"+key);
String aesToken = AesEncryptUtil.encrypt(new String(map.get("token").toString().getBytes(),"UTF-8"),"123"+key,"123"+key);
log.setStatus(LoginStatusEnum.SUCCESS.value());
log.setCreator(user.getId());
log.setCreatorName(user.getUsername());
sysLogLoginService.save(log);
response.sendRedirect(HOME_URL+"?userId="+aesUserId+"&token="+aesToken+"&key="+key);
}
}
private void SetUserCacheToRedis(SysUserDTO user) {
try {
UserCache userCache = new UserCache();
userCache.setEmail(user.getEmail());
userCache.setId(user.getId());
userCache.setMobile(user.getMobile());
userCache.setUsername(user.getUsername());
userCache.setSuperAdmin(user.getSuperAdmin());
redisUtils.hSet("userCache",user.getId().toString(),userCache);
} catch (Exception e) {
}
}
public void getCustomerInfo(String token ,String uid){
if(token != null && uid != null){
for(int i=0;i<100;i++){
System.out.println("token:"+token);
System.out.println("uid:"+uid);
}
}else{
if(token == null){
System.out.println("token空了");
}else{
System.out.println("uid空了");
}
}
}
public String getAccessToken(String code){
String accessToken = null;
String params = "redirect_uri=" + REDIRECT_URI + "&grant_type=" + GRANT_TYPE + "&code=" + code;
System.out.println("参数:"+params);
byte[] postData = params.getBytes(Charset.forName("UTF-8"));
HttpURLConnection connection = null;
OutputStream wr = null;
try {
URL url = new URL(ACCESS_TOKEN_URL);
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Authorization",BASE_64_CREDENTIALS);
connection.setRequestProperty("cache-control","no-cache");
connection.setRequestProperty("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
connection.setRequestProperty("X-OAUTH-IDENTITY-DOMAIN-NAME","IdmDomain ");
connection.setDoOutput(true);
wr = new DataOutputStream(connection.getOutputStream());
wr.write(postData);
wr.flush();
wr.close();
BufferedReader rd = new BufferedReader(new InputStreamReader(connection.getInputStream(),Charset.forName("UTF-8")));
String line;
StringBuffer resp = new StringBuffer();
while((line = rd.readLine()) != null){
resp.append(line);
}
rd.close();
JSONObject obj;
obj = new JSONObject(resp.toString());
accessToken = obj.getString("access_token");
}catch (Exception e){
e.printStackTrace();
throw new RuntimeException();
}finally {
if(connection != null){
connection.disconnect();
}
try {
if(wr != null){
wr.flush();
wr.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
return accessToken;
}
public String getUserInfo(String accessToken){
String uid = null;
CloseableHttpResponse response = null;
BufferedReader in = null;
String result = "";
String params = "Authorization=" + accessToken;
byte[] postData = params.getBytes(Charset.forName("UTF-8"));
HttpURLConnection connection = null;
try {
HttpGet httpGet = new HttpGet(USER_PROFILE_URL);
RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(30000).setConnectionRequestTimeout(30000).setSocketTimeout(30000).build();
httpGet.setConfig(requestConfig);
httpGet.addHeader("X-OAUTH-IDENTITY-DOMAIN-NAME", "IdmDomain");
httpGet.setHeader("Authorization", "Bearer "+accessToken);
response = httpClient.execute(httpGet);
BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
String line;
StringBuffer resp = new StringBuffer();
while((line = rd.readLine()) != null){
resp.append(line);
}
rd.close();
JSONObject obj;
obj = new JSONObject(resp.toString());
uid = obj.getString("sub");
}catch (Exception e){
e.printStackTrace();
throw new RuntimeException();
}finally {
if(connection != null){
connection.disconnect();
}
}
return uid;
}
}