Commit 03c8043f authored by gary's avatar gary

1、滴滴权限整合

parent 681b1d24
package pwc.taxtech.atms.common;
import pwc.taxtech.atms.security.DDUserInfo;
import java.util.Optional;
public interface AuthUserHelper {
......@@ -12,4 +14,6 @@ public interface AuthUserHelper {
String getClientIp();
DDUserInfo getDDUserInfo();
}
\ No newline at end of file
......@@ -14,8 +14,10 @@ import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import pwc.taxtech.atms.dao.UserMapper;
import pwc.taxtech.atms.exception.ApplicationException;
import pwc.taxtech.atms.security.DDUserInfo;
import pwc.taxtech.atms.security.JwtUser;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.Optional;
......@@ -25,7 +27,7 @@ public class AuthUserHelperImpl implements AuditorAware<String>, AuthUserHelper
@Autowired(required = false)
private HttpServletRequest request;
@Autowired
@Resource
private UserMapper userMapper;
/*
......@@ -111,4 +113,21 @@ public class AuthUserHelperImpl implements AuditorAware<String>, AuthUserHelper
public String getClientIp() {
return Lang.getIP(request);
}
@Override
public DDUserInfo getDDUserInfo(){
SecurityContext context = SecurityContextHolder.getContext();
if (context == null) {
throw new ApplicationException("security context is null");
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
throw new ApplicationException("authentication failed");
}
JwtUser jwtUser = (JwtUser) authentication.getPrincipal();
if (jwtUser == null) {
return null;
}
return (DDUserInfo)jwtUser.getClientUserInfo();
}
}
......@@ -13,6 +13,7 @@ public class AtmsTokenDto {
private String user_name;
private String vat_api_host;
private String version;
private String ticket;
public String getAccess_token() {
return access_token;
......@@ -110,6 +111,14 @@ public class AtmsTokenDto {
this.version = version;
}
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
@Override
public String toString() {
return "CookieModel [access_token=" + access_token + ", token_type=" + token_type + ", expires_in=" + expires_in
......
......@@ -6,6 +6,10 @@ public class LoginInputDto {
private String password;
private String ticket;
private Integer type;
public String getEmail() {
return email;
}
......@@ -22,5 +26,19 @@ public class LoginInputDto {
this.password = password;
}
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
public Integer getType() {
return type;
}
public void setType(Integer type) {
this.type = type;
}
}
package pwc.taxtech.atms.security;
import com.alibaba.fastjson.annotation.JSONField;
/**
* @Auther: Gary J Li
* @Date: 05/03/2019 18:25
* @Description:
*/
public class DDUserInfo {
private int uid;
private String phone;
@JSONField(name = "username_zh")
private String username_zh;
private String email;
private String username;
public int getUid() {
return uid;
}
public void setUid(int uid) {
this.uid = uid;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getUsername_zh() {
return username_zh;
}
public void setUsername_zh(String username_zh) {
this.username_zh = username_zh;
}
}
package pwc.taxtech.atms.security;
import com.alibaba.fastjson.annotation.JSONField;
/**
* @Auther: Gary J Li
* @Date: 05/03/2019 18:25
* @Description:
*/
public class DDUserInfoRes {
private int errno;
@JSONField(name = "data")
private DDUserInfo ddUserInfo;
private String errmsg;
public int getErrno() {
return errno;
}
public void setErrno(int errno) {
this.errno = errno;
}
public DDUserInfo getDdUserInfo() {
return ddUserInfo;
}
public void setDdUserInfo(DDUserInfo ddUserInfo) {
this.ddUserInfo = ddUserInfo;
}
public String getErrmsg() {
return errmsg;
}
public void setErrmsg(String errmsg) {
this.errmsg = errmsg;
}
}
package pwc.taxtech.atms.security;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import io.jsonwebtoken.impl.DefaultClaims;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
......@@ -8,14 +10,18 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import pwc.taxtech.atms.common.util.HttpUtil;
import pwc.taxtech.atms.dto.AtmsTokenDto;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.Map;
public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
......@@ -23,13 +29,20 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
private Integer jwtExpireSecond;
@Value("${jwt.refreshSecond}")
private Integer jwtRefreshSecond;
@Value("${get_user_info_url}")
private String getUserInfoUrl;
@Value("${app_id}")
private String appId;
@Autowired
private JwtUtil jwtUtil;
@Value("${check_ticket}")
private Boolean checkTicket;
public JwtAuthenticationFilter() {
super("/**");
}
@Override
protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
String header = request.getHeader("Authorization");
return (header != null && (header.startsWith("bearer ") || header.startsWith("Bearer ")));
......@@ -53,7 +66,32 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
setDetails(request, authRequest);
return getAuthenticationManager().authenticate(authRequest);
Authentication authResult = getAuthenticationManager().authenticate(authRequest);
if (checkTicket) {
Cookie[] cookies = request.getCookies();
String ticket = "";
try {
for (Cookie cookie : cookies) {
if ("ddTicket".equals(cookie.getName())) {
ticket = cookie.getValue();
break;
}
}
JSONObject object;
String ddResp = HttpUtil.post(getUserInfoUrl + "check_ticket", "ticket=" + ticket + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
object = JSONObject.parseObject(ddResp);
Map<String, Object> res = object.getInnerMap();
int code = (int) res.get("errno");
if (code != 0) {
logger.warn(String.format("DD Ticket Check Failed:[%s]", object.toJSONString()));
return null;
}
logger.debug("ddTicket校验CODE:"+code);
} catch (Exception e) {
logger.error(String.format("调用DD获取用户信息失败:[%s]", e.getMessage()), e);
}
}
return authResult;
}
protected void setDetails(HttpServletRequest request,
......@@ -75,7 +113,7 @@ public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFil
DefaultClaims claims = jwtUser.getDefaultClaims();
if (claims.getExpiration().getTime() - System.currentTimeMillis() <= jwtRefreshSecond * 1000) {
String newToken = jwtUtil.generateToken(jwtUser.getUsername(), jwtUser.getDatabaseUsername(),
jwtUser.getUserid());
jwtUser.getUserid(),jwtUser.getTicket());
response.setHeader("Access-Control-Expose-Headers", "refreshToken");
response.setHeader("refreshToken", newToken);
logger.debug("refreshToken: " + newToken);
......
......@@ -8,20 +8,30 @@ import org.springframework.security.core.userdetails.UserDetails;
public class JwtUser implements UserDetails {
private static final long serialVersionUId = 1L;
private final String userid;
/** 登录名, 大小写不限,可以是全大写或全小写 */
private final String username;
/** 数据库用户名, 比如Admin */
private final String databaseUsername;
private final String ticket;
private Object clientUserInfo;
private final Collection<? extends GrantedAuthority> authorities;
private DefaultClaims defaultClaims;
public JwtUser(String userid, String username, String databaseUsername,
public JwtUser(String userid, String username, String databaseUsername,String ticket,Object clientUserInfo,
DefaultClaims defaultClaims, Collection<? extends GrantedAuthority> authorities) {
this.userid = userid;
this.username = username;
this.databaseUsername = databaseUsername;
this.ticket = ticket;
this.clientUserInfo = clientUserInfo;
this.authorities = authorities;
this.defaultClaims = defaultClaims;
}
......@@ -61,6 +71,18 @@ public class JwtUser implements UserDetails {
return true;
}
public String getTicket() {
return ticket;
}
public static long getSerialVersionUId() {
return serialVersionUId;
}
public Object getClientUserInfo() {
return clientUserInfo;
}
public String getUserid() {
return userid;
}
......
......@@ -3,7 +3,9 @@ package pwc.taxtech.atms.security;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import com.alibaba.fastjson.JSONObject;
import io.jsonwebtoken.*;
import org.nutz.lang.Times;
import org.slf4j.Logger;
......@@ -20,6 +22,7 @@ import io.jsonwebtoken.impl.DefaultJws;
import io.jsonwebtoken.lang.Assert;
import pwc.taxtech.atms.common.AtmsApiSettings;
import pwc.taxtech.atms.common.CommonUtils;
import pwc.taxtech.atms.common.util.HttpUtil;
@Component
public class JwtUtil implements InitializingBean {
......@@ -31,6 +34,14 @@ public class JwtUtil implements InitializingBean {
private JwtAuthenticationService jwtAuthenticationService;
@Value("${jwt.expireSecond}")
private Integer jwtExpireSecond;
@Value("${get_user_info_url}")
private String getUserInfoUrl;
@Value("${app_id}")
private String appId;
@Value("${app_key}")
private String appKey;
@Value("${check_ticket}")
private Boolean checkTicket;
@Override
public void afterPropertiesSet() throws Exception {
......@@ -50,9 +61,6 @@ public class JwtUtil implements InitializingBean {
@SuppressWarnings({ "unchecked", "rawtypes" })
public JwtUser parseToken(String token) {
if (StringUtils.hasText(jwtPowerToken) && jwtPowerToken.equals(token)) {
return new JwtUser("test_userid", "admin", "Admin", null, getAuthorities());
}
JwtParser parser = Jwts.parser().setSigningKey(jwtBase64Secret);
Jwt jwt = parser.parseClaimsJws(token);
DefaultJws<DefaultClaims> defaultJws = (DefaultJws<DefaultClaims>) jwt;
......@@ -60,8 +68,25 @@ public class JwtUtil implements InitializingBean {
String databaseUsername = String.valueOf(defaultClaims.get("databaseUsername"));
String username = String.valueOf(defaultClaims.get("username"));
String userid = String.valueOf(defaultClaims.get("userid"));
String ticket = "";
JSONObject object;
Object userInfo = null;
if(checkTicket){
ticket = String.valueOf(defaultClaims.get("ticket"));
try {
String response = HttpUtil.post(getUserInfoUrl+"get_user_by_ticket", "ticket=" + ticket + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
object = JSONObject.parseObject(response);
Map<String, Object> res = object.getInnerMap();
userInfo = res.get("data");
} catch (Exception e) {
logger.error(String.format("调用DD获取用户信息失败:[%s]", e.getMessage()), e);
}
}
if (StringUtils.hasText(jwtPowerToken) && jwtPowerToken.equals(token)) {
return new JwtUser("test_userid", "admin", "Admin", ticket, userInfo, null, getAuthorities());
}
// 原版 UserDetails return new JwtUser(userid, username, databaseUsername, defaultClaims, getAuthorities());
return new JwtUser(userid, username, databaseUsername, defaultClaims, getAuthorities(userid));
return new JwtUser(userid, username, databaseUsername, ticket, userInfo, defaultClaims, getAuthorities(userid));
}
private List<SimpleGrantedAuthority> getAuthorities() {
......@@ -91,7 +116,7 @@ public class JwtUtil implements InitializingBean {
* 用户Id
* @return
*/
public String generateToken(String username, String databaseUsername, String userid) {
public String generateToken(String username, String databaseUsername, String userid,String ticket) {
// sub: 该JWT所面向的用户
// iss: 该JWT的签发者
// iat(issued at): 在什么时候签发的token
......@@ -115,6 +140,7 @@ public class JwtUtil implements InitializingBean {
jwtBuilder.claim("username", username);
jwtBuilder.claim("databaseUsername", databaseUsername);
jwtBuilder.claim("userid", userid);
jwtBuilder.claim("ticket", ticket);
// 设置body.username为数据库用户名
jwtBuilder.signWith(SignatureAlgorithm.HS512, jwtBase64Secret);
return jwtBuilder.compact();
......
......@@ -121,13 +121,16 @@ public class MenuServiceImpl {
permissionExample.createCriteria().andIdIn(permissionIds);
List<String> menuIds = permissionMapper.selectByExample(permissionExample)
.stream().map(Permission::getMenuId).collect(Collectors.toList());
// 数据问题,,暂时用这种蠢办法
// admin权限暂时不做控制
menuIds.add("91223c21-c15a-4882-89cc-42f3807ec9e3");
menuIds.add("9bf855fb-6b44-49cd-b95b-41a6a9a8c098");
menuIds.add("F9A18F3A-7E39-4661-BA00-F149710577C3");
menuIds.add("F9A18F3A-7E39-4661-BA00-F149710577C4");
menuIds.add("F9A18F3A-7E39-4661-BA00-F149710577C7");
// 这里的权限之后需要在数据库中加上对应的权限数据
menuIds.add("6b404066-2200-4d11-9436-d0870dfd3188");
menuIds.add("6b404066-2200-4d11-9436-d0870dfd3189");
menuIds.add("5bdbc9a7-197b-43cc-b0e6-3f50e41b13eb");
menuIds.add("5bdbc9a7-197b-43cc-b0e6-3f50e41b13ec");
menuIds.add("5bdbc9a7-197b-43cc-b0e6-3f50e41b13eg");
......
package pwc.taxtech.atms.service.impl;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import org.apache.commons.lang3.BooleanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -19,6 +20,7 @@ import pwc.taxtech.atms.common.OperationModule;
import pwc.taxtech.atms.common.UserLoginType;
import pwc.taxtech.atms.common.UserStatus;
import pwc.taxtech.atms.common.message.UserMessage;
import pwc.taxtech.atms.common.util.HttpUtil;
import pwc.taxtech.atms.constant.DimensionConstant;
import pwc.taxtech.atms.constant.PermissionCode;
import pwc.taxtech.atms.constant.PermissionUrl;
......@@ -52,15 +54,9 @@ import pwc.taxtech.atms.dto.user.WebUserDto;
import pwc.taxtech.atms.entity.*;
import pwc.taxtech.atms.entity.UserRoleExample.Criteria;
import pwc.taxtech.atms.exception.ApplicationException;
import pwc.taxtech.atms.security.AtmsPasswordEncoder;
import pwc.taxtech.atms.security.JwtAuthenticationService;
import pwc.taxtech.atms.security.JwtUtil;
import pwc.taxtech.atms.security.LdapAuthenticationProvider;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import pwc.taxtech.atms.security.*;
import java.util.*;
import java.util.stream.Collectors;
import static java.util.stream.Collectors.toList;
......@@ -110,6 +106,18 @@ public class UserServiceImpl extends AbstractService {
@Value("${api.url}")
private String apiUrl;
@Value("${get_user_info_url}")
private String getUserInfoUrl;
@Value("${app_id}")
private String appId;
@Value("${app_key}")
private String appKey;
@Value("${check_ticket}")
private Boolean checkTicket;
public UserPermissionDto getUserPermission(String userName) {
User user = userMapper.selectByUserNameIgnoreCase(userName);
if (user == null) {
......@@ -368,6 +376,9 @@ public class UserServiceImpl extends AbstractService {
public OperationResultDto<LoginOutputDto> login(LoginInputDto input) {
// return dummyLogin(input);
if(input.getType() == 1){
return loginByDDTicket(input);
}
return doLogin(input);
}
......@@ -375,8 +386,10 @@ public class UserServiceImpl extends AbstractService {
logger.debug("doLogin start");
Assert.notNull(input, "Null input");
final String inputLoginName = input.getEmail();
final String ticket = input.getTicket();
Assert.hasText(inputLoginName, "empty email");
Assert.hasText(input.getPassword(), "empty password");
logger.debug("ready to call userMapper.selectByserNameIgnoreCase");
// 查找用户时需要忽略大小写
User tempUser = userMapper.selectByUserNameIgnoreCase(inputLoginName);
......@@ -437,7 +450,7 @@ public class UserServiceImpl extends AbstractService {
logger.debug("创建AtmsTokenDto");
AtmsTokenDto token = new AtmsTokenDto();
newloginResult.getData().setToken(token);
String accessToken = jwtUtil.generateToken(inputLoginName, tempUser.getUserName(), tempUser.getId());
String accessToken = jwtUtil.generateToken(inputLoginName, tempUser.getUserName(), tempUser.getId(),ticket);
token.setAccess_token(accessToken);
token.setToken_type("bearer");
token.setExpires_in(86400000L);
......@@ -474,6 +487,80 @@ public class UserServiceImpl extends AbstractService {
return newloginResult;
}
private OperationResultDto<LoginOutputDto> loginByDDTicket(LoginInputDto input){
OperationResultDto<LoginOutputDto> result = new OperationResultDto<>();
final String ticket = input.getTicket();
Assert.hasText(ticket, "empty ticket");
DDUserInfoRes ddUserInfoRes = new DDUserInfoRes();
try {
String response = HttpUtil.post(getUserInfoUrl+"get_user_by_ticket", "ticket=" + ticket + "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
logger.debug(String.format("DD-get_user_by_ticket返回:[%s]", response));
ddUserInfoRes = JSONObject.parseObject(response,DDUserInfoRes.class);
} catch (Exception e) {
logger.error(String.format("调用DD获取用户信息失败:[%s]", e.getMessage()), e);
}
if(ddUserInfoRes==null){
result.setResult(false);
LoginOutputDto data = new LoginOutputDto();
data.setCheckState(CheckState.UserNameNotExist.value());
result.setData(data);
return result;
}
String userId="";
DDUserInfo userInfo = ddUserInfoRes.getDdUserInfo();
String userName = userInfo.getUsername_zh()==null?input.getEmail():userInfo.getUsername();
User user = userMapper.selectByUserName(userName);
userId = user.getId();
// 根据用户的登录类型选择不同的登录验证方式
result.setResult(true);
LoginOutputDto data = new LoginOutputDto();
data.setCheckState(CheckState.Success.value());
result.setData(data);
final LoginOutputDto resOutputDto = result.getData();
resOutputDto.setUserId(userId);
result.getData().setMessage("Login success.");
AtmsTokenDto token = new AtmsTokenDto();
result.getData().setToken(token);
String accessToken = jwtUtil.generateToken(userName, userName, userId, ticket);
token.setAccess_token(accessToken);
token.setToken_type("bearer");
token.setExpires_in(86400000L);
token.setApi_host("NA");
token.setVat_api_host(apiUrl);
token.setTp_url(apiUrl);
token.setVersion("1.0" + ".0.0");
token.setUser_name(userName);
token.setLocal_name(userName);
token.setNeed_change_password(false);
token.setIs_external_user(true);
token.setUser_id(userId);
token.setTicket(ticket);
WebUserDto userDto = new WebUserDto();
result.getData().setUser(userDto);
userDto.setUniqueId(CommonUtils.getUUID());
userDto.setLoginName(userName);
userDto.setPassword(input.getPassword());
userDto.setHasValidPeriod(false);
// 登陆成功后清除缓存中的用户后台权限
jwtAuthenticationService.removeApiAuthList(userId);
if (logger.isDebugEnabled()) {
logger.debug("print return json:{}", JSON.toJSONString(result, true));
}
return result;
}
private void needChangePassword(User tempUser, OperationResultDto<LoginOutputDto> newloginResult) {
// 这不可能发生,InActive的用户会被activeCheck方法拒绝登录
throw new ApplicationException("Not happens");
......@@ -945,4 +1032,5 @@ public class UserServiceImpl extends AbstractService {
return operationResultDto;
}
}
......@@ -45,4 +45,11 @@ log.debug=${log.debug}
env_type=${env_type}
file_upload_post_url=${file_upload_post_url}
file_upload_query_url=${file_upload_query_url}
\ No newline at end of file
file_upload_query_url=${file_upload_query_url}
#didi-config
check_ticket=${check_ticket}
get_user_info_url=${get_user_info_url}
app_id=${app_id}
app_key=${app_key}
cookie.maxAgeSeconds=${cookie.maxAgeSeconds}
......@@ -41,4 +41,13 @@ log.debug=true
env_type=dev
file_upload_post_url=http://47.94.233.173:11005/resource/erp_tax_system
file_upload_query_url=http://47.94.233.173:11006/resource/erp_tax_system
\ No newline at end of file
file_upload_query_url=http://47.94.233.173:11006/resource/erp_tax_system
#didi-config
#ϵַget_user_info_url=http://mis.diditaxi.com.cn/auth/sso/api/
check_ticket=false
get_user_info_url=http://mis-test.diditaxi.com.cn/auth/sso/api/
app_id=2500
app_key=983258e7fd04d7fa0534735f7b1c33f3
cookie.maxAgeSeconds=86400
......@@ -46,4 +46,11 @@ log.debug=false
env_type=pub
file_upload_post_url=http://100.69.238.155:8000/resource/erp_tax_system
file_upload_query_url=http://100.69.238.155:8001/resource/erp_tax_system
\ No newline at end of file
file_upload_query_url=http://100.69.238.155:8001/resource/erp_tax_system
#ϵַget_user_info_url=http://mis.diditaxi.com.cn/auth/sso/api/
check_ticket=false
get_user_info_url=http://mis.diditaxi.com.cn/auth/sso/api/
app_id=2500
app_key=983258e7fd04d7fa0534735f7b1c33f3
cookie.maxAgeSeconds=86400
\ No newline at end of file
......@@ -24,7 +24,7 @@ public class JwtUtilTest {
@Test
public void generateTokenThenValidate() {
String token = jwtUtil.generateToken("admin", "Admin", "UUID_OF_ADMIN_USER");
String token = jwtUtil.generateToken("admin", "Admin", "UUID_OF_ADMIN_USER", "TEST_TICKET");
logger.debug("print token:{}", token);
JwtUser jwtUser = jwtUtil.parseToken(token);
logger.debug("print jwtUser:{}", JSON.toJSONString(jwtUser, true));
......
......@@ -34,7 +34,6 @@ import java.util.stream.Collectors;
* @Date: 26/02/2019 11:56
* @Description:
*/
//public class DataInitTest extends CommonIT {
public class DataInitTest extends CommonIT {
private static final Logger logger = LoggerFactory.getLogger(DataInitTest.class);
......
This diff is collapsed.
......@@ -13,6 +13,7 @@ public class AtmsTokenDto {
private String user_name;
private String vat_api_host;
private String version;
private String ticket;
public String getAccess_token() {
return access_token;
......@@ -110,6 +111,14 @@ public class AtmsTokenDto {
this.version = version;
}
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
@Override
public String toString() {
return "CookieModel [access_token=" + access_token + ", token_type=" + token_type + ", expires_in=" + expires_in
......
......@@ -6,6 +6,10 @@ public class LoginInputDto {
private String password;
private String ticket;
private Integer type;
public String getEmail() {
return email;
}
......@@ -21,6 +25,20 @@ public class LoginInputDto {
public void setPassword(String password) {
this.password = password;
}
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
public Integer getType() {
return type;
}
public void setType(Integer type) {
this.type = type;
}
}
......@@ -2,12 +2,10 @@ package pwc.taxtech.atms.web.controller;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -40,7 +38,7 @@ import pwc.taxtech.atms.dto.OperationResultDto;
import pwc.taxtech.atms.dto.OrganizationStructureDto;
import pwc.taxtech.atms.web.AtmsWebSettings;
/** @see PwC.Tax.Tech.Atms.Web\Controllers\AccountController.cs */
@Controller
@RequestMapping("/Account")
public class AccountController {
......@@ -53,6 +51,11 @@ public class AccountController {
@Autowired
private RestTemplate restTemplate;
// api callback.request
// resultDto (cookie:ticket,code)
// redirct -> #/overview/vat
@RequestMapping(value = "/LogOn", method = RequestMethod.POST)
public @ResponseBody LoginOutputDto login(@RequestBody LoginInputDto input, HttpServletResponse response)
throws UnsupportedEncodingException {
......@@ -75,7 +78,7 @@ public class AccountController {
try {
long start = System.currentTimeMillis();
logger.debug("准备调用atms-api的login接口");
operationResultDto = callApiUserLogin(input.getEmail(), input.getPassword());
operationResultDto = callApiUserLogin(input);
logger.debug("atms-api的login接口返回,用时[{}ms]", System.currentTimeMillis() - start);
} catch (RestClientException e) {
logger.error("调用atms-api的login接口出错:" + e, e);
......@@ -157,17 +160,14 @@ public class AccountController {
return resultLoginOutputDto;
}
private OperationResultDto<LoginOutputDto> callApiUserLogin(String email, String password) {
private OperationResultDto<LoginOutputDto> callApiUserLogin(LoginInputDto input) {
String url = atmsWebSettings.getApiUrl() + "/api/v1/user/login";
logger.debug("Print url:{}", url);
ParameterizedTypeReference<OperationResultDto<LoginOutputDto>> parameterizedTypeReference = new ParameterizedTypeReference<OperationResultDto<LoginOutputDto>>() {
};
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON_UTF8);
LoginInputDto loginInputDto = new LoginInputDto();
loginInputDto.setEmail(email);
loginInputDto.setPassword(password);
HttpEntity<LoginInputDto> requestEntity = new HttpEntity<>(loginInputDto, headers);
HttpEntity<LoginInputDto> requestEntity = new HttpEntity<>(input, headers);
ResponseEntity<OperationResultDto<LoginOutputDto>> responseEntity = restTemplate.exchange(url, HttpMethod.POST,
requestEntity, parameterizedTypeReference);
......@@ -180,22 +180,38 @@ public class AccountController {
// operationResultDto.getResult(),
// "operationResultDto.getResult() is false");
return operationResultDto;
}
@RequestMapping(value = { "/LogOut", "/Logout" }, produces = "text/html;charset=UTF-8")
public ModelAndView logout(HttpServletRequest request, HttpServletResponse response) {
HttpSession session = request.getSession(false);
if (session != null) {
// 删除会话
session.invalidate();
@RequestMapping(value = {"/LogOut", "/Logout"}, produces = "text/html;charset=UTF-8")
public void logout(HttpServletRequest request, HttpServletResponse response) {
try {
HttpSession session = request.getSession(false);
if (session != null) {
// 删除会话
session.invalidate();
}
Cookie cookie = new Cookie("AtmsApiToken", "");
cookie.setPath("/");
cookie.setMaxAge(0);
Cookie ddCodeCookie = new Cookie("ddCode", "");
ddCodeCookie.setPath("/");
ddCodeCookie.setMaxAge(0);
Cookie ddTicketCookie = new Cookie("ddTicket", "");
ddTicketCookie.setPath("/");
ddTicketCookie.setMaxAge(0);
Cookie ddJumptoCookie = new Cookie("ddJumpto", "");
ddJumptoCookie.setPath("/");
ddJumptoCookie.setMaxAge(0);
// 删除Cookie
response.addCookie(cookie);
response.addCookie(ddCodeCookie);
response.addCookie(ddTicketCookie);
response.addCookie(ddJumptoCookie);
// todo 这里写死为DD的登出地址了
response.sendRedirect(" http://mis.diditaxi.com.cn/auth/ldap/logout?app_id=2500");
} catch (Exception e) {
logger.error("登出失败", e);
}
Cookie cookie = new Cookie("AtmsApiToken", "");
cookie.setPath("/");
cookie.setMaxAge(0);
// 删除Cookie
response.addCookie(cookie);
return new ModelAndView("logon");
}
......
package pwc.taxtech.atms.web.controller;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.*;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.client.RestTemplate;
import pwc.taxtech.atms.common.HttpUtil;
import pwc.taxtech.atms.dto.AtmsTokenDto;
import pwc.taxtech.atms.dto.LoginOutputDto;
import pwc.taxtech.atms.web.AtmsWebSettings;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
......@@ -16,16 +27,35 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Map;
@Controller
@RequestMapping("/")
public class IndexController {
private static Logger logger = LoggerFactory.getLogger(IndexController.class);
@Value("${api.url}")
private String apiUrl;
@Value("${get_user_info_url}")
private String getUserInfoUrl;
@Value("${app_id}")
private String appId;
@Value("${app_key}")
private String appKey;
@Autowired
JwtUtil jwtUtil;
@Autowired
private AtmsWebSettings atmsWebSettings;
@Autowired
private RestTemplate restTemplate;
@RequestMapping(value = {"/", "/index", "/index.html"}, method = RequestMethod.GET)
public String login(@CookieValue(value = "AtmsApiToken", required = false) String atmsApiToken,
@CookieValue(value = "LtpaToken", required = false) String ltpaToken,
......@@ -63,6 +93,28 @@ public class IndexController {
return "redirect:Account/LogOn";
}
@RequestMapping(value = {"/sso/callback"}, method = RequestMethod.GET)
public String ddSSOCallback(@RequestParam(value = "jumpto") String jumpto,
@RequestParam(value = "code") String code,
HttpServletResponse response) throws IOException, ServletException {
try{
String ticketStr = getTicket(code);
Cookie codeCookie = new Cookie("ddCode",URLEncoder.encode(code, "UTF-8"));
codeCookie.setPath("/");
Cookie ddTicket = new Cookie("ddTicket",URLEncoder.encode(ticketStr, "UTF-8"));
ddTicket.setPath("/");
Cookie jumptoCookie = new Cookie("ddJumpto",URLEncoder.encode(jumpto, "UTF-8"));
jumptoCookie.setPath("/");
response.addCookie(codeCookie);
response.addCookie(jumptoCookie);
response.addCookie(ddTicket);
}catch (Exception e){
logger.error("ddSSOCallback error",e);
}
return "redirect:/Account/LogOn";
}
@RequestMapping(value = {"/admin", "/admin.html"}, method = RequestMethod.GET)
public String admin(@CookieValue(value = "AtmsApiToken", required = false) String atmsApiToken) {
if (StringUtils.hasText(atmsApiToken)) {
......@@ -71,4 +123,24 @@ public class IndexController {
return "redirect:Account/LogOn";
}
public String getTicket(String code) {
try{
JSONObject object;
String ddResp = HttpUtil.post(getUserInfoUrl + "check_code", "code=" + code + "&app_key=" + appKey+ "&app_id=" + appId, "application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
object = JSONObject.parseObject(ddResp);
Map<String, Object> res = object.getInnerMap();
int errno = (int) res.get("errno");
if (errno != 0) {
logger.warn(String.format("DD Ticket get Failed:[%s]", object.toJSONString()));
return null;
}else{
Map<String, String> data = (Map)res.get("data");
return data.get("ticket");
}
}catch (Exception e){
logger.error(String.format("通过code:[%s]获取Ticket失败",code));
}
return null;
}
}
api.url=${api.url}
cookie.maxAgeSeconds=${cookie.maxAgeSeconds}
api.url=${api.url}
jwt.base64Secret=${jwt.base64Secret}
jwt.powerToken=${jwt.powerToken}
......@@ -8,4 +6,11 @@ jwt.expireSecond=${jwt.expireSecond}
jwt.refreshSecond=${jwt.refreshSecond}
#log
log.level=${log.level}
\ No newline at end of file
log.level=${log.level}
#didi-config
check_ticket=${check_ticket}
get_user_info_url=${get_user_info_url}
app_id=${app_id}
app_key=${app_key}
cookie.maxAgeSeconds=${cookie.maxAgeSeconds}
api.url=http://dts.erp.didichuxing.com:8180/
cookie.maxAgeSeconds=86400
jwt.base64Secret=TXppQjFlZFBSbnJzMHc0Tg==
jwt.powerToken=xxxx
jwt.expireSecond=180000
jwt.refreshSecond=600
log.level=DEBUG
#didi-config
check_ticket=false
get_user_info_url=http://mis-test.diditaxi.com.cn/auth/sso/api/
app_id=2500
app_key=983258e7fd04d7fa0534735f7b1c33f3
cookie.maxAgeSeconds=86400
\ No newline at end of file
api.url=http://172.20.201.164:8180/
cookie.maxAgeSeconds=86400
jwt.base64Secret=TXppQjFlZFBSbnJzMHc0Tg==
jwt.powerToken=xxxx
jwt.expireSecond=180000
jwt.refreshSecond=600
log.level=INFO
#didi-config
check_ticket=false
get_user_info_url=http://mis-test.diditaxi.com.cn/auth/sso/api/
app_id=2500
app_key=983258e7fd04d7fa0534735f7b1c33f3
cookie.maxAgeSeconds=86400
\ No newline at end of file
......@@ -570,6 +570,6 @@ grunt.registerTask('dev', '开发环境', function () {
'concat:commonJs', 'concat:frameworkJs','concat:frameworkLess',
'concat:taxDocumentManageLess', 'concat:taxDocumentManageJs','concat:appJs',
'concat:vatJs', 'concat:vatCss','concat:vatLess',
'concat:dataImpJs', 'concat:dataImpCss','concat:dataImpLess',
'concat:dataImpJs', 'concat:dataImpCss','concat:dataImpLess','concat:scriptsLogin',
'less', 'copy', 'clean'])
});
......@@ -2,6 +2,10 @@
// store login info.
var loginModel = {};
var checkResult = {};
var cookie = document.cookie;
var ticket = "";
var failFullLoginCount = 0, failMemberLoginCount = 0;
if (!window.console) window.console = {};
......@@ -43,10 +47,12 @@
$('loginFullEmail').focus();
};
var resetLoginModel = function (email, password) {
var resetLoginModel = function (email, password,ticket,type) {
loginModel = {
email: email,
password: password
password: password,
ticket:ticket,
type:type
};
}
......@@ -412,6 +418,27 @@
}
});
};
if(""!==cookie&&getCookie("ddTicket")){
ticket = getCookie("ddTicket");
loginForm.resetLoginModel("DD", "DD".val(),ticket,1);
login($(this), function () {
// todo DD logOut
setTimeout(function () {
resetErrorStatus();
}, 20);
});
}
function getCookie(name) {
var list = cookie.split("; ");
for(var i = 0; i < list.length; i++) {
var arr = list[i].split("=");
if(arr[0] == name)
return decodeURIComponent(arr[1]);
}
return "";
}
// initialize
// bind events
......@@ -424,9 +451,8 @@
// validatorFull.focusInvalid();
return;
}
// set the login data to post
loginForm.resetLoginModel($('#loginFullEmail').val(), $('#loginFullPwd').val());
loginForm.resetLoginModel($('#loginFullEmail').val(), $('#loginFullPwd').val(),ticket,0);
login($(this), function () {
if (!$('#loginFull').valid()) {
//fix bug 1888
......@@ -481,7 +507,7 @@
return;
}
loginForm.resetLoginModel($('#findFullEmail').val(), null);
loginForm.resetLoginModel($('#findFullEmail').val(), null,ticket,0);
// send password over email user entered
sendPassword($('#findFullEmail').val(), $(this), function () {
// case of send email success
......
<!--@using Scripts = System.Web.Optimization.Scripts
@using Styles = System.Web.Optimization.Styles
@{
Layout = null;
}-->
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" http-equiv="X-UA-Compatible" content="chrome=1; IE=11; IE=10; IE=9; IE=EDGE">
<title>Apex+</title>
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon" />
<!-- @Styles.Render("~/Account/login") -->
<link href="/bundles/accountLogin.css" rel="stylesheet" type="text/css" />
</head>
<body class="login-body">
<!-- @Html.AntiForgeryToken() -->
<div class="login">
<div class="tilte">
<span class="text" id="logo_text">Apex+</span>
</div>
<div id="mainForm" class="form-wrapper">
<form id="loginFull" class="frame form-main-content">
<div class="background-frame">
<img src="/app-resources/images/load-indicator.gif" id="createIndicator" class="loadingImg" style="display:none" alt="loading">
</div>
<!--<div class="loginframe">
<div class="loginfull">
<div class="form-group">
<input id="loginFullEmail" name="loginFullEmail" type="text" placeholder="用户名" class="form-control-customer" />
</div>
<div class="form-group">
<input id="loginFullPwd" name="loginFullPwd" type="password" placeholder="密码" class="form-control-customer" />
</div>
<!--<div class="form-group">-->
<!--<a href="javascript:void(0)" id="btnShowForgotPwd" rel="forgot_password" class="form-forget-password">忘记密码?</a>-->
<!--</div>-->
</div>
<div class="button-wrapper">
<button id="btnFullLogin" class="btn-customer btn-customer-lg login-button" type="button" tabindex="0">登录</button>
</div>
</div> -->
</form>
<form id="forget_password_form" class="frame form-main-content">
<div class="background-frame">
</div>
<div class="loginframe">
<div class="loginfull">
<div class="form-group">
<input id="findFullEmail" name="findFullEmail" type="text" spellcheck="false" placeholder="新密码将会发送至您的注册邮箱" class="form-control-customer" />
</div>
<div class="form-group">
<input type="text" class="form-control-customer" style="visibility:hidden" />
</div>
<div class="form-group">
<a href="javascript:void(0)" rel="forgot_password" class="form-forget-password btnLoginFrame">返回登录?</a>
</div>
</div>
<div class="button-wrapper">
<button id="btnSendPwd" class="btn-customer btn-customer-lg login-button" type="button" tabindex="0">发送</button>
</div>
</div>
</form>
<form id="forget_password_form_sucess" class="frame form-main-content">
<div class="background-frame">
</div>
<div class="loginframe">
<div class="loginfull">
<div class="form-group">
<label class="successMsg"> 邮件发送成功!</label>
</div>
<div class="form-group">
<input type="text" class="form-control-customer" style="visibility:hidden" />
</div>
<div class="form-group">
<a href="javascript:void(0)" rel="forgot_password" class="form-forget-password btnLoginFrame">返回登陆?</a>
</div>
</div>
</div>
</form>
</div>
</div>
<div id="wait" class="notice-center" style="display:none">
<div> 系统正在加载中,请稍等... </div>
<div class='uil-flickr-css' style='transform:scale(0.26);margin:-112px;margin-left: 125px;'> <div></div><div></div></div>
</div>
<!-- @Scripts.Render("~/bundles/modernizr")
@Scripts.Render("~/bundles/jquery", "~/Scripts/login") -->
<script type="text/javascript" src="/bundles/modernizr.js"></script>
<script type="text/javascript" src="/bundles/jquery.js"></script>
<script type="text/javascript" src="/bundles/scriptsLogin.js"></script>
</body>
</html>
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment