ganzi/ganzi-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

统一认证

Browse Source
This commit is contained in:
mythxb 2023-12-14 17:51:58 +08:00
parent 4cc1c64d27
commit c28f8ebdbd
8 changed files with 462 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
inventory-dao/src/main/java/com/rzyc/bean/user/auth/GetCode.java Normal file
View File

@ -0,0 +1,36 @@
package com.rzyc.bean.user.auth;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
/**
* @author dong
* @date 2023-12-14 14:38
* @Version V1.0
*/
@ApiModel("获取认证code")
public class GetCode {
@ApiModelProperty("认证code")
private String code;
@ApiModelProperty("自定义字符串")
private String state;
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getState() {
return state;
}
public void setState(String state) {
this.state = state;
}
}

4
inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserMapper.java
View File

@ -199,4 +199,8 @@ public interface SysUserMapper {
/*行业监管部门用户列表*/
List<SysUser> inClassUser(@Param("inClassId") String inClassId);
/*用户信息*/
SysUser authUser(@Param("unitId") String unitId,
@Param("chinaName") String chinaName);
}

9
inventory-dao/src/main/resources/mapper/user/SysUserMapper.xml
View File

@ -1445,4 +1445,13 @@
LEFT JOIN `sys_unit_trade` ut ON ut.`unit_id` = st.`SysUnitId`
WHERE ut.`in_class_id` = #{inClassId}
</select>
<!--授权用户信息-->
<select id="authUser" resultMap="BaseResultMap">
SELECT su.* FROM `sysuser` su
WHERE FIND_IN_SET(#{unitId},su.`post_path`)
AND su.`ChinaName` = #{chinaName}
AND su.`State` = '启用'
LIMIT 1
</select>
</mapper>

7
inventory-gov/pom.xml
View File

@ -236,6 +236,13 @@
</dependency>
<!-- easyExcel -->
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>3.3.1</version>
<scope>compile</scope>
</dependency>
</dependencies>
<build>

210
inventory-gov/src/main/java/com/rzyc/controller/AuthController.java Normal file
View File

@ -0,0 +1,210 @@
package com.rzyc.controller;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.common.utils.DateUtils;
import com.common.utils.RandomNumber;
import com.common.utils.encryption.PasswdFactory;
import com.common.utils.httpClient.WebUtils;
import com.rzyc.bean.user.auth.GetCode;
import com.rzyc.enums.UserType;
import com.rzyc.model.Dynamic;
import com.rzyc.model.user.ListPerform;
import com.rzyc.model.user.SysUser;
import io.swagger.annotations.Api;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
/**
* @author dong
* @date 2023-12-14 14:22
* @Version V1.0
*/
@Api(tags = "其他")
@Controller
@RequestMapping("/auth")
@CrossOrigin("*")
public class AuthController extends BaseController{
//应用标识
private static final String clientId = "gzaqscqdzxt";
//应用安全口令
private static final String clientSecret = "082bbd818893d2fa443da6fdaf2aad97";
//回调地址
private static final String redirectUri = "http://42.193.40.239:7010/auth/getCode";
//部门id
private static final String unitId = "06623f79-19bb-48d7-8257-3f1d9545a827";
//岗位id
private static final String postId = "eca772e5-516e-45ee-afc6-0e5da78895be";
//默认密码
private static final String passwd = "gz123456@";
//用户角色
private static final String userRole = "295EF8C3-902F-41F0-95C8-D3AB9C6DA145";
/*动态详情*/
@GetMapping(value = "/getCode")
@Transactional
public String getCode(GetCode getCode, Model model){
try {
System.out.println("getCode ----> "+JSONArray.toJSONString(getCode));
String accessToken = getAccessToken(getCode.getCode());
String userName = getUserName(accessToken);
System.out.println("userName --> "+userName);
SysUser sysUser = sysUserMapper.authUser(unitId,userName);
if(null == sysUser){
sysUser = new SysUser();
sysUser.setSysuserid(RandomNumber.getUUid());
sysUser.setSysusername(userName);
ListPerform listPerform = listPerformMapper.selectByPrimaryKey(postId);
if(null != listPerform){
sysUser.setSystitle(listPerform.getListperformid());
sysUser.setPostPath(listPerform.getParentPath());
sysUser.setPostName(listPerform.getParentName());
sysUser.setAreaCode(listPerform.getAreaCode());
sysUser.setAreaPath(listPerform.getAreaPath());
sysUser.setAreaName(listPerform.getAreaPathName());
}
String passwdStr = PasswdFactory.encryptPasswd(sysUser.getSysuserid(), sysUser.getSysusername(), passwd);
sysUser.setSyspassword(passwdStr);
sysUser.setModifiedby("用户认证");
sysUser.setCreatedby("用户认证");
sysUser.setChinaname(userName);
sysUser.setModifiedon(new Date());
sysUser.setCreatedon(new Date());
sysUser.setUsertype(UserType.GOV.getType());
sysUser.setState("启用");
sysUser.setUserroles(userRole);
sysUserMapper.insert(sysUser);
}
model.addAttribute("userId",sysUser.getSysuserid());
}catch (Exception e){
e.printStackTrace();
}
return "auth/get_code";
}
public void geta()throws Exception{
String url = "https://222.209.85.39:1443/authcenter/getOauth2Token";
Map<String,String> params = new HashMap<String,String>();
params.put("grant_type","authorization_code");
params.put("client_id",clientId);
params.put("client_secret",clientSecret);
params.put("code","1231");
params.put("redirect_uri",redirectUri);
Map<String,String> headers = new HashMap<String,String>();
String tokenResult = WebUtils.doPost(url,params,headers);
System.out.println("tokenResult ---> "+tokenResult);
JSONObject jsonObject = JSONObject.parseObject(tokenResult);
String accessToken = jsonObject.get("access_token")+"";
System.out.println("accessToken ---> "+accessToken);
}
/**
* 获取accessToken
* @version v1.0
* @author dong
* @date 2023/12/14 16:32
*/
public static String getAccessToken(String code)throws Exception{
// 发送请求
Request request = new Request.Builder()
.url("https://222.209.85.39:1443/authcenter/getOauth2Token?grant_type=authorization_code&client_id="+clientId+"&client_secret="+clientSecret+"&code="+code+"&redirect_uri="+redirectUri)
.build();
Response response = getUnsafeOkHttpClient().newCall(request).execute();
String responseStr = response.body().string();
System.out.println("responseStr --> "+responseStr);
JSONObject jsonObject = JSONObject.parseObject(responseStr);
return jsonObject.get("access_token")+"";
}
/**
* 获取用户姓名
* @version v1.0
* @author dong
* @date 2023/12/14 16:30
*/
public static String getUserName(String accessToken)throws Exception{
Request request = new Request.Builder()
.url("https://222.209.85.39:1443/authcenter/getOauth2UserInfo?access_token="+accessToken+"&client_id="+clientId)
.build();
Response response = getUnsafeOkHttpClient().newCall(request).execute();
String responseStr = response.body().string();
System.out.println("responseStr --> "+responseStr);
JSONObject jsonObject = JSONObject.parseObject(responseStr);
return jsonObject.get("username")+"";
}
public static OkHttpClient getUnsafeOkHttpClient() {
try {
// 创建一个信任所有证书的TrustManager
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
};
// 创建一个不验证证书的 SSLContext并使用上面的TrustManager初始化
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// 使用上面创建的SSLContext创建一个SSLSocketFactory
javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
builder.hostnameVerifier((hostname, session) -> true);
builder.readTimeout(1, TimeUnit.MINUTES);
return builder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}

4
inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java
View File

@ -383,6 +383,10 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
//用户权限
userAuth(sysUser);
//获取用户令牌
String userToken = JwtUtil.createToken(sysUser.getSysuserid());
sysUser.setUserToken(userToken);
//数量信息
IndexNum indexNum = indexNum(sysUser.getSystitle(),sysUser.getSysuserid());
sysUser.setIndexNum(indexNum);

163
inventory-gov/src/main/java/com/rzyc/utils/InstallCert.java Normal file
View File

@ -0,0 +1,163 @@
package com.rzyc.utils;
import java.io.*;
import java.net.URL;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
/**
* @author dong
* @date 2023-12-14 15:55
* @Version V1.0
*/
public class InstallCert {
public static void main(String[] args) throws Exception {
String host = "222.209.85.39";
int port = 1443;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
passphrase = p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP
+ "lib" + SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();
SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
SSLSocketFactory factory = context.getSocketFactory();
System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}
X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}
BufferedReader reader =
new BufferedReader(new InputStreamReader(System.in));
System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println
(" " + (i + 1) + " Subject " + cert.getSubjectDN());
System.out.println(" Issuer " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " + toHexString(md5.digest()));
System.out.println();
}
System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
}
X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert);
OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close();
System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
("Added certificate to keystore 'jssecacerts' using alias '"
+ alias + "'");
}
private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}
private static class SavingTrustManager implements X509TrustManager {
private final X509TrustManager tm;
private X509Certificate[] chain;
SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}
}

29
inventory-gov/src/main/resources/templates/auth/get_code.html Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>安全生产清单制管理系统</title>
</head>
<body>
<div>
安全生产清单制管理系统授权页面
<input type="hidden" id="userId" name="userId" th:value="${userId}">
</div>
</body>
<script src="http://182.132.59.28:8018/prod-api/js/jquery.min.js"></script>
<script>
console.log('-------安全生产清单制管理系统授权页面-------')
var userId = $("#userId").val();
console.log("userId ---> "+userId)
alert("userId -> "+userId)
location.href = "http://192.168.110.226:8081/auth?uid="+userId;
</script>
</html>