package com.securityControl.auth.controller; import cn.hutool.core.lang.TypeReference; import com.alibaba.fastjson2.JSONObject; import com.google.common.collect.Maps; import com.securityControl.auth.form.Aes; import com.securityControl.auth.form.LoginBody; import com.securityControl.auth.service.SysLoginService; import com.securityControl.common.core.constant.SecurityConstants; import com.securityControl.common.core.domain.R; import com.securityControl.common.core.utils.JwtUtils; import com.securityControl.common.core.utils.ServletUtils; import com.securityControl.common.core.utils.StringUtils; import com.securityControl.common.core.utils.aes.DateTimeHelper; import com.securityControl.common.core.utils.aes.ListHelper; import com.securityControl.common.core.utils.ip.IpUtils; import com.securityControl.common.redis.service.RedisService; import com.securityControl.common.security.auth.AuthUtil; import com.securityControl.common.security.service.TokenService; import com.securityControl.common.security.utils.SecurityUtils; import com.securityControl.system.api.RemoteLogService; import com.securityControl.system.api.domain.SysOperLog; import com.securityControl.system.api.domain.SysUser; import com.securityControl.system.api.domain.decision.IscMenu; import com.securityControl.system.api.domain.decision.SysMenu; import com.securityControl.system.api.model.LoginUser; import com.sgcc.isc.core.orm.complex.FunctionNode; import com.sgcc.isc.core.orm.complex.FunctionTree; import com.sgcc.isc.core.orm.identity.User; import com.sgcc.isc.core.orm.resource.Function; import com.sgcc.isc.framework.common.constant.Constants; import com.sgcc.isc.service.adapter.factory.AdapterFactory; import com.sgcc.isc.service.adapter.helper.IIdentityService; import com.sgcc.isc.service.adapter.helper.IResourceService; import com.sgcc.isc.service.adapter.impl.ResourceService; import com.sgcc.isc.ualogin.client.CASClient; import com.sgcc.isc.ualogin.client.CASTicket; import com.sgcc.isc.ualogin.client.IscServiceTicketValidator; import com.sgcc.isc.ualogin.client.util.IscSSOResourceUtil; import com.sgcc.isc.ualogin.client.vo.IscSSOUserBean; import io.jsonwebtoken.Claims; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.RestTemplate; import org.xml.sax.SAXException; import test.org.jasig.cas.client.Base64Util; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.lang.reflect.Member; import java.net.URL; import java.net.URLConnection; import java.net.URLDecoder; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.*; /** * token 控制 * * @author czc */ @Api(tags = "系统登录") @RestController @Slf4j public class TokenController { @Autowired private TokenService tokenService; @Autowired private RedisService redisUtil; @Autowired private SysLoginService sysLoginService; @Autowired private RemoteLogService remoteLogService; private String[] userList={"wangzh0059","jysp","!jysp","ahsbd","weit0037","zhuy461x","wb_chennh0013","wb_guoc7712","lijf431X","wangyl253x","zhouxf8318","liurw0614","wb_zhux4635","liyy6816","bonus","!bns"}; /** * 统一权限性能地址 */ @Value("${isc.url_xn}") private String url_xn; @Value("${isc.appId}") private String appId; @Value("${isc.dateUrl}") private String dateUrl; @Value("${isc.dateLogin}") private String dateLogin; @Value("${isc.menu_url}") private String menu_url; @PostMapping("login") public R login(LoginBody form) { form.setPassword(Aes.aesDecrypt(form.getPassword())); form.setUsername(Aes.aesDecrypt(form.getUsername())); Map map= iscLogin(form.getUsername(),form.getPassword()); String pwd=(String) map.get("pwd"); // List menu= (List) map.get("menu"); String isL=map.get("isL").toString();//是否成功 if(getUserNoLj(form.getUsername())){//过滤账号不走isc pwd=form.getPassword(); } // pwd=form.getPassword(); List menu=null; LoginUser userInfo = sysLoginService.login(form.getUsername(), pwd,menu); // 获取登录token return R.ok(tokenService.createToken(userInfo)); } //isc登录 public Map iscLogin(String username,String password){ Map map= Maps.newHashMap(); Boolean isLogin=false; try{ if(StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password)){ String server = url_xn + "/v1/tickets"; String service = dateLogin; String pwd = new String(Base64Util.encode(password.getBytes("UTF-8"))); CASTicket ticket = CASClient.getTicket(server, username, pwd, service); /* ticket校验器 */ IscServiceTicketValidator sv = new IscServiceTicketValidator(); /*统一认证服务端校验器地址*/ sv.setCasValidateUrl(dateUrl); /*业务系统LoginModule访问地址*/ sv.setService(dateLogin); /*设置Ticket*/ sv.setServiceTicket(ticket.getServiceTicket()); /*校验*/ sv.validate(); String user = ""; if (sv.isAuthenticationSuccesful()) { user = sv.getUser(); } else { String errorCode = sv.getErrorCode(); String errorMessage = sv.getErrorMessage(); System.out.println("errorInfo -----------> " + errorCode + "\r\n" + errorMessage); } IscSSOUserBean iscSSOUserBean = null; /*获取当前用户登录信息*/ iscSSOUserBean = IscSSOResourceUtil.transferIscUserBean(user); /*当前登录用户ID*/ String userid = iscSSOUserBean.getIscUserId(); /*当前登录用户账号*/ String loginName = iscSSOUserBean.getIscUserSourceId(); LoginUser loginUser = new LoginUser(); // sysUser.setMenus(getMenuList(userid)); List list=getMenuList(userid); map.put("menu",list); map.put("isL","true"); map.put("pwd","jysp@Bns2023**"); map.put("loginName",loginName); } }catch (Exception e){ map.put("menu",new ArrayList<>()); map.put("isL","false"); map.put("pwd","1233"); map.put("loginName",username); e.printStackTrace(); } return map; } /** * 不拦截用户 * @return */ public Boolean getUserNoLj(String userName){ return Arrays.asList(userList).contains(userName); } /** * 本地推出登录 * * @param request * @return */ @PostMapping("logout") public R loginOut(HttpServletRequest request) { String jwtToken = SecurityUtils.getToken(request); Claims claims = JwtUtils.parseToken(jwtToken); Integer userId = (Integer) claims.get(SecurityConstants.DETAILS_USER_ID); String iscUser = (String) claims.get(SecurityConstants.DETAILS_ISC_USER_ID); String userName = (String) claims.get(SecurityConstants.DETAILS_USERNAME); redisUtil.delete("token:" + jwtToken); redisUtil.delete("userId:" + userId); redisUtil.delete("ISCUserId:" + iscUser); redisUtil.delete("userName:" + userName); return R.ok(); } @PostMapping("refresh") public R refresh(HttpServletRequest request) { /* String sessionConfigStr = (String) (new RestTemplate()).getForObject(url_aq + "/loadSessionPolicy" + "?appid=" + appId, String.class, new Object[0]); com.alibaba.fastjson2.JSONObject sessionInfo = com.alibaba.fastjson2.JSONObject.parseObject(sessionConfigStr); */ //刷新进行时间 String jwtToken = SecurityUtils.getToken(request); Claims claims = JwtUtils.parseToken(jwtToken); String userId = (String) claims.get(SecurityConstants.DETAILS_USER_ID); String iscUser = (String) claims.get(SecurityConstants.DETAILS_ISC_USER_ID); String userName = (String) claims.get(SecurityConstants.DETAILS_USERNAME); Integer times = 60 * 30; /* if (sessionInfo.containsKey("sessionTimeout")) { Integer sessionTimeout = sessionInfo.getInteger("sessionTimeout") / 60; times = sessionInfo.getInteger("sessionTimeout"); }*/ redisUtil.set("token:" + jwtToken, jwtToken, times); redisUtil.set("userId::" + userId, jwtToken, times); redisUtil.set("ISCUserId:" + jwtToken, iscUser, times); redisUtil.set("userName:" + jwtToken, userName, times); LoginUser loginUser = tokenService.getLoginUser(request); if (StringUtils.isNotNull(loginUser)) { // 刷新令牌有效期 tokenService.refreshToken(loginUser); return R.ok(); } return R.ok(); } @ApiOperation(value = "3.0根据统一权限获取人员基本信息") @GetMapping("getUserTicket") public R getUserTicketPlus(HttpServletRequest request, HttpServletResponse response) throws Exception { IscSSOUserBean userbean = IscSSOResourceUtil.getIscUserBean(request); String ticket = request.getParameter("ticket"); System.out.println("ticket -----------> " + ticket); if(StringUtils.isNotNull(userbean)) { System.out.println("userbean -----------> iscId= " + userbean.getIscUserId()); } /* *//*判断ticket是否存在,不存在重定向到统一认证客户端*//* if (null == request.getParameter("ticket") || "".equals(request.getParameter("ticket"))) { *//*重定向到统一认证服务端,service参数是业务系统LoginModule请求地址*//* response.sendRedirect(dateLogin + "?service=http://127.0.0.1:8082/sap_sso/login"); return R.ok(); }*/ /* ticket校验器 */ IscServiceTicketValidator sv = new IscServiceTicketValidator(); System.out.println("tick校验器 dateUrl >>>>>>>>>>>> " + dateUrl); /*统一认证服务端校验器地址*/ sv.setCasValidateUrl(dateUrl); System.out.println("tick校验器 dateLogin >>>>>>>>>>>> " + dateLogin); /*业务系统LoginModule访问地址*/ sv.setService(dateLogin); /*设置Ticket*/ sv.setServiceTicket(request.getParameter("ticket")); /*校验*/ try { sv.validate(); } catch (SAXException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ParserConfigurationException e) { // TODO Auto-generated catch block e.printStackTrace(); } String user = ""; if (sv.isAuthenticationSuccesful()) { user = sv.getUser(); } else { String errorCode = sv.getErrorCode(); String errorMessage = sv.getErrorMessage(); /* handle the error */ System.out.println("errorInfo -----------> " + errorCode + "\r\n" + errorMessage); } System.out.println("tick校验器 userinfo >>>>>>>>>>>> " + user); IscSSOUserBean iscSSOUserBean = null; try { /*获取当前用户登录信息*/ iscSSOUserBean = IscSSOResourceUtil.transferIscUserBean(user); /*当前登录用户ID*/ String userid = iscSSOUserBean.getIscUserId(); System.out.println(userid); /*当前登录用户账号*/ String loginName = iscSSOUserBean.getIscUserSourceId(); System.out.println("当前登录用户名:"+loginName); LoginUser loginUser = new LoginUser(); SysUser sysUser = new SysUser(); sysUser.setMenus(getMenuList(userid)); loginUser.setSysUser(sysUser); loginUser.getSysUser().setRoleId(3L); loginUser.getSysUser().setRoleName("继远管理员"); loginUser.getSysUser().setOrgName("建设分公司"); loginUser.getSysUser().setOrgId("***12Z0"); loginUser.getSysUser().setUserId(2L); loginUser.getSysUser().setIsSup("1"); loginUser.getSysUser().setUserName(loginName); loginUser.getSysUser().setIscUserId(userid); String pers = "sys:violationStatistics:add,sys:violationStatistics:setVoiType,team:dev:detail,team:dev:edit,sys:dev:add," + "sys:dev:edit,sys:dev:del,sys:dev:exp,sys:type:add,sys:type:edit,sys:type:del,sys:user:add," + "sys:user:pwd,sys:user:edit,sys:user:del,sys:role:add,sys:role:edit,sys:role:aux,sys:role:del," + "sys:menu:add,sys:menu:edit,sys:menu:del,sys:dict:add,sys:dict:edit,sys:dict:del"; String[] persArr = pers.split(","); List persList = Arrays.asList(persArr); HashSet hashSet = new HashSet<>(persList); loginUser.setPermissions(hashSet); loginUser.getSysUser().setPers(persList); Map resultMap = tokenService.createToken(loginUser); //添加登录日志 addLoginLog(loginName, "用户登录", "系统登录", "com.securityControl.auth.controller.getUserTicket()", "/auth/getUserTicket"); return R.ok(resultMap); } catch (Exception e) { log.error(e.toString(),e); // TODO Auto-generated catch block e.printStackTrace(); } return R.ok(); } public static void main(String[] args) { IResourceService service = (IResourceService) AdapterFactory.getInstance(Constants.CLASS_RESOURCE); System.out.println("IscMenu 请求路径-----------------01------------------------------------------------------>service"); } private List getMenuList(String userId){ List menuList=new ArrayList<>(); System.out.println("IscMenu 请求路径----------->"+menu_url + "/userResource/all/" + userId+"/"+appId); String data = (String) (new RestTemplate()).getForObject(menu_url + "/userResource/all/" + userId+"/"+appId, String.class, new Object[0]); System.out.println("IscMenu 菜单数据----------->"+data); try{ com.alibaba.fastjson2.JSONObject obj = com.alibaba.fastjson2.JSONObject.parseObject(data); com.alibaba.fastjson2.JSONArray jsonArray=obj.getJSONArray("data"); List list= jsonArray.toList(IscMenu.class); getChilderList(menuList,list); }catch (Exception e){ log.error(e.toString(),e); e.printStackTrace(); } return menuList; } private static void getChilderList(List menuList, List iscList){ try{ for (IscMenu isc: iscList) { if(StringUtils.isEmpty(isc.getParentId())){//没有上级节点的为父节点 SysMenu menu=new SysMenu(); menu.setMenuId(isc.getId()); menu.setMenuName(isc.getName()); menu.setUrl(isc.getConent()); menu.setLast(false); getChilderList2(menu,iscList); if("Y".equals(isc.getStatus())){ menuList.add(menu); } } } }catch (Exception e){ log.error(e.toString(),e); } } private static void getChilderList2(SysMenu sysMenu,List iscLis){ List childer=new ArrayList<>(); for (IscMenu isc:iscLis) { if(StringUtils.isNotEmpty(sysMenu.getMenuId())){ if (sysMenu.getMenuId().equals(isc.getParentId())){ SysMenu menu=new SysMenu(); menu.setMenuId(isc.getId()); menu.setMenuName(isc.getName()); menu.setUrl(isc.getConent()); menu.setLast(true); if("Y".equals(isc.getStatus())){ childer.add(menu); } } } } if(ListHelper.isEmpty(childer)){ sysMenu.setLast(true); }else{ sysMenu.setLast(false); sysMenu.setChilder(childer ); } } /** * 记录登录信息 * * @param username 用户名 * @param title 标题 * @param detail 详情 * @return */ public void addLoginLog(String username, String title, String detail, String method, String url) { SysOperLog sysOperLog = new SysOperLog(); sysOperLog.setGrade(title); sysOperLog.setTimes(DateTimeHelper.getNowTime()); sysOperLog.setOperName(username); String roleName = "继远管理员"; String deptName = ""; LoginUser loginUser = SecurityUtils.getLoginUser(); if (null != loginUser && null != loginUser.getSysUser()) { SysUser sysUser = loginUser.getSysUser(); roleName = sysUser.getRoleName(); deptName = sysUser.getOrgName(); } sysOperLog.setRoleName(roleName); sysOperLog.setDeptName(deptName); sysOperLog.setOperIp(IpUtils.getIpAddr(ServletUtils.getRequest())); sysOperLog.setTitle(title); sysOperLog.setRequestMethod("POST"); sysOperLog.setMethod(method); sysOperLog.setBusinessType(0); sysOperLog.setOperUrl(url); sysOperLog.setOperParam(username); sysOperLog.setDetail(detail); sysOperLog.setLogType("系统日志"); sysOperLog.setSysMenu(""); remoteLogService.saveLogs(sysOperLog, SecurityConstants.INNER); } }