山东通单点登录

This commit is contained in:
huangweixiong 2022-11-11 09:50:19 +08:00
parent 88915f7dcc
commit 2760c891e8
2 changed files with 101 additions and 0 deletions

View File

@ -1,5 +1,11 @@
package io.renren.modules.security.oauth2; package io.renren.modules.security.oauth2;
import cn.hutool.core.date.DateField;
import cn.hutool.core.date.DateUnit;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.net.url.UrlBuilder;
import cn.hutool.core.util.CharsetUtil;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.google.gson.Gson; import com.google.gson.Gson;
@ -9,14 +15,17 @@ import io.renren.modules.security.service.SysUserTokenService;
import io.renren.modules.security.user.SecurityUser; import io.renren.modules.security.user.SecurityUser;
import io.renren.modules.sys.dao.SysUserDao; import io.renren.modules.sys.dao.SysUserDao;
import io.renren.modules.sys.entity.SysUserEntity; import io.renren.modules.sys.entity.SysUserEntity;
import lombok.Data;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpStatus; import org.apache.http.HttpStatus;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter; import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Scope; import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
@ -24,6 +33,8 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
/** /**
@ -43,6 +54,29 @@ public class Oauth2Filter extends AuthenticatingFilter {
@Autowired(required = false) @Autowired(required = false)
private SSOValidator ssoValidator; private SSOValidator ssoValidator;
@Value("${shangdongtong.enable}")
private boolean sdtEnable;
@Value("${shangdongtong.corpid}")
private String corpid;
@Value("${shangdongtong.agentId}")
private String agentId;
@Value("${shangdongtong.secret}")
private String secret;
@Value("${shangdongtong.url}")
private String apiUrl;
@Autowired
private RestTemplate restTemplate;
static class SDTToken{
private String accessToken;
private Date expiresIn;
}
static private SDTToken sdtToken;
@Override @Override
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
//获取请求token //获取请求token
@ -157,6 +191,65 @@ public class Oauth2Filter extends AuthenticatingFilter {
requestUri = request.getRequestURI(); requestUri = request.getRequestURI();
} }
//先在这里直接处理山东通逻辑有时间再重构
if (sdtEnable && requestUri.contains("code=") && requestUri.contains("state=")) {
if (sdtToken == null || sdtToken.expiresIn.before(new Date()) || sdtToken.accessToken == null) {
synchronized (this.getClass()){
if (sdtToken == null || sdtToken.expiresIn.before(new Date()) || sdtToken.accessToken == null) {
String sdtApiUrl = String.format("%s/cgi-bin/gettoken?corpid=%s&corpsecret=%s",apiUrl, corpid, secret);
JSONObject tokenObj = restTemplate.getForObject(sdtApiUrl, JSONObject.class);
if (tokenObj.getIntValue("errcode") == 0) {
SDTToken token = new SDTToken();
token.accessToken = tokenObj.getString("access_token");
Integer expiresIn = tokenObj.getInteger("expires_in");
//提前5分钟防止误差
Integer expiresOffset = 60 * 5;
expiresIn = expiresIn < expiresOffset ? expiresIn / 2 : expiresIn -expiresOffset;
token.expiresIn = DateUtil.offset(new Date(), DateField.SECOND, expiresIn);
}
}
}
}
UrlBuilder urlBuilder = UrlBuilder.ofHttp(requestUri, CharsetUtil.CHARSET_UTF_8);
CharSequence code = urlBuilder.getQuery().get("code");
String userInfoUrl = String.format("%s/cgi-bin/user/getuserinfo?access_token=&s&code=%s",
apiUrl,
sdtToken.accessToken,
code);
JSONObject userInfoObj = restTemplate.getForObject(userInfoUrl, JSONObject.class);
String userId = userInfoObj.getString("UserId");
//还要再经过另一个接口拿手机号
if (StringUtils.isNotBlank(userId)) {
String userUrl = String.format("%s/cgi-bin/user/get?access_token=%s&userid=%s",
apiUrl,
sdtToken.accessToken,
userId);
JSONObject userObj = restTemplate.getForObject(userUrl, JSONObject.class);
String mobile = userObj.getString("mobile");
if (StringUtils.isNotBlank(mobile)) {
//认证通过
LambdaQueryWrapper<SysUserEntity> queryWrapper = new QueryWrapper<SysUserEntity>().lambda()
.eq(SysUserEntity::getMobile, mobile);
SysUserEntity sysUserEntity = sysUserDao.selectOne(queryWrapper);
if (sysUserEntity != null) {
Result<Map> result = sysUserTokenService.createToken(sysUserEntity.getId());
Object token = result.getData().get(Constant.TOKEN_HEADER);
String currentToken = (String) token;
Cookie cookie = new Cookie(Constant.TOKEN_HEADER, currentToken);
cookie.setPath("/");
response.addCookie(cookie);
response.addHeader(Constant.TOKEN_HEADER, currentToken);
//去掉凭证参数
String removeCreditParame = ssoValidator.removeCreditParame(requestUri);
response.addHeader("REDIRECT", removeCreditParame);
request.setAttribute(Constant.TOKEN_HEADER, currentToken);
return executeLogin(request, response);
}
}
}
}
if (!ssoValidator.hasCrediteInCallBackUrl(requestUri)) { if (!ssoValidator.hasCrediteInCallBackUrl(requestUri)) {
redirectToUrl(ssoValidator.getLoginUrl(requestUri), response); redirectToUrl(ssoValidator.getLoginUrl(requestUri), response);
return false; return false;

View File

@ -155,3 +155,11 @@ infrastructure:
# 是否发亚微消息 # 是否发亚微消息
notice: notice:
yawei: true yawei: true
shangdongtong:
enable: true
corpid: wwafa1a3005a15a672
agentId: 1001129
secret: fCcaNBVkCosL_O3cnQVQ0brqUUBZu3ruXuISj5k8FP8
url: http://59.206.205.195:80