|
|
@ -16,7 +16,6 @@ import com.epmet.commons.tools.exception.ExceptionUtils; |
|
|
import com.epmet.commons.tools.exception.RenException; |
|
|
import com.epmet.commons.tools.exception.RenException; |
|
|
import com.epmet.commons.tools.security.dto.GovTokenDto; |
|
|
import com.epmet.commons.tools.security.dto.GovTokenDto; |
|
|
import com.epmet.commons.tools.security.dto.TokenDto; |
|
|
import com.epmet.commons.tools.security.dto.TokenDto; |
|
|
import com.epmet.commons.tools.security.password.PasswordUtils; |
|
|
|
|
|
import com.epmet.commons.tools.utils.*; |
|
|
import com.epmet.commons.tools.utils.*; |
|
|
import com.epmet.constant.SsoConstant; |
|
|
import com.epmet.constant.SsoConstant; |
|
|
import com.epmet.dto.*; |
|
|
import com.epmet.dto.*; |
|
|
@ -33,18 +32,16 @@ import com.epmet.redis.SsoRedis; |
|
|
import com.epmet.service.SsoService; |
|
|
import com.epmet.service.SsoService; |
|
|
import com.epmet.service.ThirdLoginService; |
|
|
import com.epmet.service.ThirdLoginService; |
|
|
import lombok.extern.slf4j.Slf4j; |
|
|
import lombok.extern.slf4j.Slf4j; |
|
|
import org.apache.commons.codec.digest.DigestUtils; |
|
|
|
|
|
import org.apache.commons.lang3.StringUtils; |
|
|
import org.apache.commons.lang3.StringUtils; |
|
|
import org.apache.http.HttpEntity; |
|
|
import org.apache.http.HttpEntity; |
|
|
import org.apache.http.client.methods.CloseableHttpResponse; |
|
|
import org.apache.http.client.methods.CloseableHttpResponse; |
|
|
import org.apache.http.client.methods.HttpPost; |
|
|
import org.apache.http.client.methods.HttpPost; |
|
|
import org.apache.http.entity.StringEntity; |
|
|
import org.apache.http.entity.mime.MultipartEntityBuilder; |
|
|
import org.apache.http.impl.client.CloseableHttpClient; |
|
|
import org.apache.http.impl.client.CloseableHttpClient; |
|
|
import org.apache.http.impl.client.HttpClients; |
|
|
import org.apache.http.impl.client.HttpClients; |
|
|
import org.apache.http.util.EntityUtils; |
|
|
import org.apache.http.util.EntityUtils; |
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
import org.springframework.beans.factory.annotation.Value; |
|
|
import org.springframework.beans.factory.annotation.Value; |
|
|
import org.springframework.http.MediaType; |
|
|
|
|
|
import org.springframework.stereotype.Service; |
|
|
import org.springframework.stereotype.Service; |
|
|
import org.springframework.util.CollectionUtils; |
|
|
import org.springframework.util.CollectionUtils; |
|
|
|
|
|
|
|
|
@ -205,104 +202,80 @@ public class SsoServiceImpl implements SsoService { |
|
|
CloseableHttpClient httpclient = null; |
|
|
CloseableHttpClient httpclient = null; |
|
|
CloseableHttpResponse response = null; |
|
|
CloseableHttpResponse response = null; |
|
|
UserTokenResultDTO userTokenResultDTO = null; |
|
|
UserTokenResultDTO userTokenResultDTO = null; |
|
|
try { |
|
|
httpclient = HttpClients.createDefault(); |
|
|
httpclient = HttpClients.createDefault(); |
|
|
HttpPost httpPost = new HttpPost(SsoConstant.TICKET_TOKEN_URL); |
|
|
HttpPost httpPost = new HttpPost(SsoConstant.TICKET_TOKEN_URL); |
|
|
MultipartEntityBuilder builder = MultipartEntityBuilder.create(); |
|
|
JSONObject infoJson = new JSONObject(); |
|
|
builder.setCharset(StandardCharsets.UTF_8); |
|
|
infoJson.put("ticket", form.getTicket()); |
|
|
builder.addTextBody("ticket", form.getTicket()); |
|
|
StringEntity stringEntity = new StringEntity(infoJson.toString(), "UTF-8"); |
|
|
HttpEntity entity = builder.build(); |
|
|
stringEntity.setContentEncoding("UTF-8"); |
|
|
httpPost.setEntity(entity); |
|
|
stringEntity.setContentType(MediaType.APPLICATION_JSON_VALUE); |
|
|
response = httpclient.execute(httpPost); |
|
|
httpPost.setEntity(stringEntity); |
|
|
JSONObject result = JSONObject.parseObject(EntityUtils.toString(response.getEntity())); |
|
|
|
|
|
if (result.getString("code").equals("200")) { |
|
|
|
|
|
String ticket = result.getString("data"); |
|
|
|
|
|
String timestamp = String.valueOf(System.currentTimeMillis()); |
|
|
|
|
|
String nonce = RandomUtil.randomString(18); |
|
|
|
|
|
httpPost = new HttpPost(SsoConstant.USER_INFO_URL); |
|
|
|
|
|
builder = MultipartEntityBuilder.create(); |
|
|
|
|
|
builder.setCharset(StandardCharsets.UTF_8); |
|
|
|
|
|
builder.addTextBody("loginId", ticket); |
|
|
|
|
|
builder.addTextBody("timestamp", timestamp); |
|
|
|
|
|
builder.addTextBody("nonce", nonce); |
|
|
|
|
|
builder.addTextBody("sign", Md5Params(ticket, timestamp, nonce)); |
|
|
|
|
|
httpPost.setEntity(builder.build()); |
|
|
response = httpclient.execute(httpPost); |
|
|
response = httpclient.execute(httpPost); |
|
|
HttpEntity entity = response.getEntity(); |
|
|
result = JSONObject.parseObject(EntityUtils.toString(response.getEntity())); |
|
|
if (entity != null) { |
|
|
|
|
|
EntityUtils.toString(entity, "UTF-8"); |
|
|
|
|
|
} |
|
|
|
|
|
JSONObject result = JSONObject.parseObject(EntityUtils.toString(entity)); |
|
|
|
|
|
if (result.getString("code").equals("200")) { |
|
|
if (result.getString("code").equals("200")) { |
|
|
String ticket = result.getString("data"); |
|
|
JSONObject data = JSONObject.parseObject(result.getString("data")); |
|
|
String timestamp = String.valueOf(System.currentTimeMillis()); |
|
|
String mobile = data.getString("phone"); |
|
|
String nonce = RandomUtil.randomString(18); |
|
|
//1、根据手机号查询政府端工作人员基本信息,校验用户是否存在
|
|
|
httpPost = new HttpPost(SsoConstant.USER_INFO_URL); |
|
|
Result<List<CustomerStaffDTO>> staffData = epmetUserFeignClient.checkCustomerStaff(mobile); |
|
|
infoJson = new JSONObject(); |
|
|
String customerId = ""; |
|
|
infoJson.put("loginId", ticket); |
|
|
String userId = ""; |
|
|
infoJson.put("timestamp", timestamp); |
|
|
if (null != staffData && staffData.getData().size() > 0) { |
|
|
infoJson.put("nonce", nonce); |
|
|
//2、根据客户Id和手机号查询登陆用户信息(代码逻辑来源于web端登陆接口)
|
|
|
infoJson.put("sign", Md5Params(ticket, timestamp, nonce)); |
|
|
CustomerStaffDTO staffDTO = staffData.getData().get(0); |
|
|
String params = DigestUtils.md5Hex(infoJson.toString().getBytes(StandardCharsets.UTF_8)); |
|
|
customerId = staffDTO.getCustomerId(); |
|
|
stringEntity = new StringEntity(params, "UTF-8"); |
|
|
userId = staffDTO.getUserId(); |
|
|
stringEntity.setContentEncoding("UTF-8"); |
|
|
GovWebOperLoginFormDTO checkDto = new GovWebOperLoginFormDTO(); |
|
|
stringEntity.setContentType(MediaType.APPLICATION_JSON_VALUE); |
|
|
checkDto.setCustomerId(staffDTO.getCustomerId()); |
|
|
httpPost.setEntity(stringEntity); |
|
|
checkDto.setMobile(staffDTO.getMobile()); |
|
|
response = httpclient.execute(httpPost); |
|
|
GovWebOperLoginResultDTO resData = epmetUserFeignClient.getStaffIdAndPwd(checkDto).getData(); |
|
|
entity = response.getEntity(); |
|
|
if (null == resData || null == resData.getUserId()) { |
|
|
if (entity != null) { |
|
|
log.warn("根据手机号查询PC工作端登陆人员信息失败,返回10003账号不存在"); |
|
|
EntityUtils.toString(entity, "UTF-8"); |
|
|
throw new EpmetException(EpmetErrorCode.ERR10003.getCode()); |
|
|
} |
|
|
|
|
|
result = JSONObject.parseObject(EntityUtils.toString(entity)); |
|
|
|
|
|
if (result.getString("code").equals("200")) { |
|
|
|
|
|
JSONObject data = JSONObject.parseObject(result.getString("data")); |
|
|
|
|
|
String mobile = data.getString("phone"); |
|
|
|
|
|
String password = data.getString("password"); |
|
|
|
|
|
//1、根据手机号查询政府端工作人员基本信息,校验用户是否存在
|
|
|
|
|
|
Result<List<CustomerStaffDTO>> staffData = epmetUserFeignClient.checkCustomerStaff(mobile); |
|
|
|
|
|
String customerId = ""; |
|
|
|
|
|
String userId = ""; |
|
|
|
|
|
if (null != staffData && staffData.getData().size() > 0) { |
|
|
|
|
|
//2、根据客户Id和手机号查询登陆用户信息(代码逻辑来源于web端登陆接口)
|
|
|
|
|
|
CustomerStaffDTO staffDTO = staffData.getData().get(0); |
|
|
|
|
|
customerId = staffDTO.getCustomerId(); |
|
|
|
|
|
userId = staffDTO.getUserId(); |
|
|
|
|
|
GovWebOperLoginFormDTO checkDto = new GovWebOperLoginFormDTO(); |
|
|
|
|
|
checkDto.setCustomerId(staffDTO.getCustomerId()); |
|
|
|
|
|
checkDto.setMobile(staffDTO.getMobile()); |
|
|
|
|
|
GovWebOperLoginResultDTO resData = epmetUserFeignClient.getStaffIdAndPwd(checkDto).getData(); |
|
|
|
|
|
if (null == resData || null == resData.getUserId()) { |
|
|
|
|
|
log.warn("根据手机号查询PC工作端登陆人员信息失败,返回10003账号不存在"); |
|
|
|
|
|
throw new EpmetException(EpmetErrorCode.ERR10003.getCode()); |
|
|
|
|
|
} |
|
|
|
|
|
//3、未禁用enable,已禁用disabled
|
|
|
|
|
|
if ("disabled".equals(resData.getEnableFlag())) { |
|
|
|
|
|
throw new EpmetException(EpmetErrorCode.GOV_STAFF_DISABLED.getCode(), |
|
|
|
|
|
String.format("当前账号已被禁用staffId:%s", resData.getUserId()), |
|
|
|
|
|
EpmetErrorCode.GOV_STAFF_DISABLED.getMsg()); |
|
|
|
|
|
} |
|
|
|
|
|
GovWebOperLoginResultDTO resultDTO = resData; |
|
|
|
|
|
//4.密码是否正确
|
|
|
|
|
|
if (!PasswordUtils.matches(password, resultDTO.getPassWord())) { |
|
|
|
|
|
log.warn("登陆密码错误"); |
|
|
|
|
|
throw new EpmetException(EpmetErrorCode.ERR10004.getCode(), "登陆密码错误!"); |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
} |
|
|
//5.生成token存到redis并返回
|
|
|
//3、未禁用enable,已禁用disabled
|
|
|
userTokenResultDTO = new UserTokenResultDTO(); |
|
|
if ("disabled".equals(resData.getEnableFlag())) { |
|
|
userTokenResultDTO.setCustomerId(customerId); |
|
|
throw new EpmetException(EpmetErrorCode.GOV_STAFF_DISABLED.getCode(), |
|
|
String token = generateToken(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId); |
|
|
String.format("当前账号已被禁用staffId:%s", resData.getUserId()), |
|
|
userTokenResultDTO.setToken(token); |
|
|
EpmetErrorCode.GOV_STAFF_DISABLED.getMsg()); |
|
|
disposeTokenDto(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId, token, customerId); |
|
|
|
|
|
// 6.发送登录事件
|
|
|
|
|
|
try { |
|
|
|
|
|
SpringContextUtils.getBean(ThirdLoginService.class).sendLoginEvent(userId, "数字社区登录", |
|
|
|
|
|
AppClientConstant.APP_GOV, |
|
|
|
|
|
AppClientConstant.CLIENT_SSO, |
|
|
|
|
|
AuthOperationConstants.LOGIN); |
|
|
|
|
|
|
|
|
|
|
|
} catch (Exception e) { |
|
|
|
|
|
log.error("【数字社区web端登录】发送登录事件失败,程序继续执行。错误信息"); |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
} else { |
|
|
//5.生成token存到redis并返回
|
|
|
log.error("校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息", result.getString("msg")); |
|
|
userTokenResultDTO = new UserTokenResultDTO(); |
|
|
throw new EpmetException(EpmetErrorCode.ERR10008.getCode(), "校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息"); |
|
|
userTokenResultDTO.setCustomerId(customerId); |
|
|
} |
|
|
String token = generateToken(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId); |
|
|
} catch (Exception e) { |
|
|
userTokenResultDTO.setToken(token); |
|
|
e.printStackTrace(); |
|
|
disposeTokenDto(AppClientConstant.APP_GOV, AppClientConstant.CLIENT_SSO, userId, token, customerId); |
|
|
} finally { |
|
|
// 6.发送登录事件
|
|
|
if (null != httpclient) { |
|
|
try { |
|
|
httpclient.close(); |
|
|
SpringContextUtils.getBean(ThirdLoginService.class).sendLoginEvent(userId, "数字社区登录", |
|
|
response.close(); |
|
|
AppClientConstant.APP_GOV, |
|
|
|
|
|
AppClientConstant.CLIENT_SSO, |
|
|
|
|
|
AuthOperationConstants.LOGIN); |
|
|
|
|
|
|
|
|
|
|
|
} catch (Exception e) { |
|
|
|
|
|
log.error("【数字社区web端登录】发送登录事件失败,程序继续执行。错误信息"); |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
} else { |
|
|
|
|
|
log.error("校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息", result.getString("msg")); |
|
|
|
|
|
throw new EpmetException(EpmetErrorCode.ERR10008.getCode(), "校验失败,没有查询到Ticket为:'" + form.getTicket() + "'的人员信息"); |
|
|
|
|
|
} |
|
|
|
|
|
if (null != httpclient) { |
|
|
|
|
|
httpclient.close(); |
|
|
|
|
|
response.close(); |
|
|
} |
|
|
} |
|
|
return userTokenResultDTO; |
|
|
return userTokenResultDTO; |
|
|
} |
|
|
} |
|
|
@ -314,17 +287,15 @@ public class SsoServiceImpl implements SsoService { |
|
|
* @return |
|
|
* @return |
|
|
*/ |
|
|
*/ |
|
|
private String Md5Params(String loginId, String timestamp, String nonce) { |
|
|
private String Md5Params(String loginId, String timestamp, String nonce) { |
|
|
String prefix = "=${"; |
|
|
String suffix = "&"; |
|
|
String suffix = "}&"; |
|
|
|
|
|
StringBuilder builder = new StringBuilder(); |
|
|
StringBuilder builder = new StringBuilder(); |
|
|
builder.append("loginId").append(prefix).append(loginId).append(suffix); |
|
|
builder.append("loginId=").append(loginId).append(suffix); |
|
|
builder.append("nonce").append(prefix).append(nonce).append(suffix); |
|
|
builder.append("nonce=").append(nonce).append(suffix); |
|
|
builder.append("timestamp").append(prefix).append(timestamp).append(suffix); |
|
|
builder.append("timestamp=").append(timestamp).append(suffix); |
|
|
builder.append("key").append("={").append(SsoConstant.SECRET_KEY).append("}"); |
|
|
builder.append("key=").append(SsoConstant.SECRET_KEY); |
|
|
return SecureUtil.md5(builder.toString()); |
|
|
return SecureUtil.md5(builder.toString()); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* @Description token放缓存 |
|
|
* @Description token放缓存 |
|
|
* @Param formDTO |
|
|
* @Param formDTO |
|
|
|
luyan
2 years ago