Index: ssts-web/projectCustomLibs.json
===================================================================
diff -u -r37726 -r39484
--- ssts-web/projectCustomLibs.json (.../projectCustomLibs.json) (revision 37726)
+++ ssts-web/projectCustomLibs.json (.../projectCustomLibs.json) (revision 39484)
@@ -110,6 +110,12 @@
"type": "project",
"name": "ssts-datasync-jysrmyy-impl"
}]
+ }, {
+ "projectName": "xkyy",
+ "libs": [{
+ "type": "project",
+ "name": "ssts-client-misc"
+ }]
}
]
\ No newline at end of file
Index: ssts-web/src/main/webapp/disinfectsystem/config/xkyy/spring/security/applicationContext-acegi-security.xml
===================================================================
diff -u
--- ssts-web/src/main/webapp/disinfectsystem/config/xkyy/spring/security/applicationContext-acegi-security.xml (revision 0)
+++ ssts-web/src/main/webapp/disinfectsystem/config/xkyy/spring/security/applicationContext-acegi-security.xml (revision 39484)
@@ -0,0 +1,199 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
Index: ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/impl/xkyy/TokenAuthenticationDaoImpl.java
===================================================================
diff -u
--- ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/impl/xkyy/TokenAuthenticationDaoImpl.java (revision 0)
+++ ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/impl/xkyy/TokenAuthenticationDaoImpl.java (revision 39484)
@@ -0,0 +1,126 @@
+package com.forgon.disinfectsystem.security.dao.impl.xkyy;
+
+import java.nio.charset.Charset;
+
+import net.sf.json.JSONObject;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.HttpEntity;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.util.EntityUtils;
+import org.apache.log4j.Logger;
+
+import com.forgon.disinfectsystem.security.dao.TokenAuthenticationDao;
+import com.forgon.exception.SystemException;
+
+/**
+ * 广州市胸科医院单点登录,验证appId、token的dao
+ * XKYY-250
+ */
+public class TokenAuthenticationDaoImpl implements TokenAuthenticationDao {
+
+ private static final Logger logger = Logger.getLogger(TokenAuthenticationDaoImpl.class);
+
+ /**
+ * 令牌认证服务接口地址
+ */
+ public static final String XSO_AUTH_SERVICE_ADDRESS = "http://192.168.111.100:8085/api/userByPortal";
+
+ /**
+ * 0:成功 1:失败
+ */
+ private static final String STATUS_SUCCESS = "0";
+
+ /**
+ * 0:成功 1:失败
+ */
+ //private static final String STATUS_FAIL = "1";
+
+ @Override
+ public String authentication(String accessToken) throws Exception {
+ return null;
+ }
+
+ @Override
+ public String authentication(String appId, String token) throws Exception {
+ logger.info(String.format("单点登录系统标识appId=%s,用户标识 token=%s", appId, token));
+ if(StringUtils.isBlank(appId)){
+ throw new SystemException("接入门户的系统标识appId不能为空!");
+ }
+ if(StringUtils.isBlank(token)){
+ throw new SystemException("登录时获取到的用户标识 token不能为空!");
+ }
+ //http post请求
+ String result = doHttpPost(XSO_AUTH_SERVICE_ADDRESS, appId, token);
+ //String result = "{'status': '0','staffCode':'xxx','userInfo':{'account':'admin','userName':'xxx','staffCode':'xxx','position':'xxx','phoneNumber':'xxx','sex':'xxx'},'message': '返回描述'}";
+ //身份校验接口
+ logger.info(String.format("身份校验接口返回参数为:%s", result));
+ if(StringUtils.isBlank(result)){
+ throw new SystemException("身份校验接口返回参数为空!");
+ }
+
+ JSONObject responeJSON = JSONObject.fromObject(result);
+ String status = responeJSON.optString("status");
+ String message = responeJSON.optString("message");
+ if(!StringUtils.equals(status, STATUS_SUCCESS)){
+ throw new SystemException(String.format("身份校验失败,status=%s,message=%s!", status, message));
+ }
+ JSONObject userInfoJSON = responeJSON.optJSONObject("userInfo");
+ if(userInfoJSON == null){
+ throw new SystemException("身份校验接口返回参数用户信息为空!");
+ }
+
+ return userInfoJSON.optString("account");
+ }
+
+ /**
+ * http post请求
+ * @param postUrl
+ * @param appId 请求头
+ * @param token 请求头
+ * @return
+ * @throws Exception
+ */
+ private String doHttpPost(String postUrl, String appId, String token) {
+
+ String retStr = "";
+ try {
+ // 创建HttpClientBuilder
+ HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+ // HttpClient
+ CloseableHttpClient closeableHttpClient = httpClientBuilder.build();
+ HttpPost httpPost = new HttpPost(postUrl);
+ // 设置请求和传输超时时间
+ RequestConfig requestConfig = RequestConfig.custom()
+ .setSocketTimeout(300000)
+ .setConnectTimeout(300000).build();
+ httpPost.setConfig(requestConfig);
+ // 设置Header属性
+ httpPost.setHeader("Content-Type", "application/json;charset=UTF-8");
+ httpPost.setHeader("appId", appId);
+ httpPost.setHeader("token", token);
+ StringEntity data = new StringEntity("",Charset.forName("UTF-8"));
+ httpPost.setEntity(data);
+ CloseableHttpResponse response = closeableHttpClient.execute(httpPost);
+ HttpEntity httpEntity = response.getEntity();
+ if (httpEntity != null) {
+ // 打印响应内容
+ retStr = EntityUtils.toString(httpEntity, "UTF-8");
+ }
+ // 释放资源
+ closeableHttpClient.close();
+ } catch (Exception e) {
+ e.printStackTrace();
+ logger.info(String.format("单点登录身份校验接口调用失败:%s", e.getMessage()));
+ throw new RuntimeException(e.getMessage());
+ }
+
+ return retStr;
+ }
+
+}
Index: ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/TokenAuthenticationFilter.java
===================================================================
diff -u -r37236 -r39484
--- ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/TokenAuthenticationFilter.java (.../TokenAuthenticationFilter.java) (revision 37236)
+++ ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/TokenAuthenticationFilter.java (.../TokenAuthenticationFilter.java) (revision 39484)
@@ -16,6 +16,14 @@
public static final String SPRING_SECURITY_TOKEN_KEY = "access_token";
private String tokenParameter = SPRING_SECURITY_TOKEN_KEY;
+
+ public static final String SPRING_SECURITY_APPID_KEY = "app_id";
+
+ /**
+ * 接入门户的系统标识appId的参数名
+ * XKYY-250
+ */
+ private String appIdParameter = SPRING_SECURITY_APPID_KEY;
public TokenAuthenticationFilter() {
super("/j_spring_security_token_check");
@@ -31,15 +39,33 @@
token = token.trim();
- AccessTokenAuthenticationToken authRequest = new AccessTokenAuthenticationToken(token);
+ //非必填项目,目前只有XKYY-250需要appId和token调用单点登录验证的接口
+ String appId = obtainAppId(request);
+ if (appId == null) {
+ appId = "";
+ }
+
+ appId = appId.trim();
+
+ AccessTokenAuthenticationToken authRequest = new AccessTokenAuthenticationToken(token, appId);
+
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
/**
+ * 获取单点登录的接入门户的系统标识appId
+ * @param request
+ * @return
+ */
+ private String obtainAppId(HttpServletRequest request) {
+ return request.getParameter(appIdParameter);
+ }
+
+ /**
* 获取单点登录的token
* @param request
* @return
@@ -71,4 +97,12 @@
public final String getTokenParameter() {
return tokenParameter;
}
+
+ public String getAppIdParameter() {
+ return appIdParameter;
+ }
+
+ public void setAppIdParameter(String appIdParameter) {
+ this.appIdParameter = appIdParameter;
+ }
}
\ No newline at end of file
Index: ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/TokenAuthenticationDao.java
===================================================================
diff -u -r37724 -r39484
--- ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/TokenAuthenticationDao.java (.../TokenAuthenticationDao.java) (revision 37724)
+++ ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/dao/TokenAuthenticationDao.java (.../TokenAuthenticationDao.java) (revision 39484)
@@ -13,4 +13,15 @@
*/
public String authentication(String accessToken) throws Exception;
+ /**
+ * 身份验证,验证appId及token并返回用户账号
+ * @param appId 接入门户的系统标识
+ * @param token 登录时获取到的用户标识
+ * @return
+ * @throws Exception
+ */
+ public default String authentication(String appId, String token) throws Exception {
+ return null;
+ }
+
}
Index: ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/TokenAuthenticationProvider.java
===================================================================
diff -u -r38004 -r39484
--- ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/TokenAuthenticationProvider.java (.../TokenAuthenticationProvider.java) (revision 38004)
+++ ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/TokenAuthenticationProvider.java (.../TokenAuthenticationProvider.java) (revision 39484)
@@ -45,11 +45,16 @@
AccessTokenAuthenticationToken accessTokenAuthenticationToken = (AccessTokenAuthenticationToken) authentication;
String token = (String)accessTokenAuthenticationToken.getPrincipal();
+ String appId = (String)accessTokenAuthenticationToken.getAppId();
//调用令牌验证接口,获取用户名
String userName = "";
try {
if(tokenAuthenticationDao != null){
- userName = tokenAuthenticationDao.authentication(token);
+ if(StringUtils.isNotBlank(appId)){
+ userName = tokenAuthenticationDao.authentication(appId, token);
+ }else{
+ userName = tokenAuthenticationDao.authentication(token);
+ }
}
} catch (Exception e) {
e.printStackTrace();
Index: build.gradle
===================================================================
diff -u -r39442 -r39484
--- build.gradle (.../build.gradle) (revision 39442)
+++ build.gradle (.../build.gradle) (revision 39484)
@@ -1078,7 +1078,7 @@
copyJarOfProjectToCustomLibPath(project.name,'bjdxzlyy')
copyJarOfProjectToCustomLibPath(project.name,'gdsrmyyzhyy')
copyJarOfProjectToCustomLibPath(project.name,'blxrmyy')
-
+ copyJarOfProjectToCustomLibPath(project.name,'xkyy')
}
assemble.dependsOn copyJarToLibs
}
Index: ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/AccessTokenAuthenticationToken.java
===================================================================
diff -u -r37236 -r39484
--- ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/AccessTokenAuthenticationToken.java (.../AccessTokenAuthenticationToken.java) (revision 37236)
+++ ssts-client-misc/src/main/java/com/forgon/disinfectsystem/security/filter/AccessTokenAuthenticationToken.java (.../AccessTokenAuthenticationToken.java) (revision 39484)
@@ -16,6 +16,12 @@
//~ Instance fields ================================================================================================
private final Object principal;
+
+ /**
+ * 接入门户的系统标识appId
+ * 非必填项,广州市胸科医院需要携带appId、token 回调授权接口获取获取用户信息XKYY-250
+ */
+ private Object appId;
//~ Constructors ===================================================================================================
@@ -30,6 +36,13 @@
this.principal = principal;
setAuthenticated(false);
}
+
+ public AccessTokenAuthenticationToken(Object principal, Object appId) {
+ super(null);
+ this.principal = principal;
+ this.appId = appId;
+ setAuthenticated(false);
+ }
/**
* This constructor should only be used by AuthenticationManager or AuthenticationProvider
@@ -57,7 +70,15 @@
return this.principal;
}
- public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+ public Object getAppId() {
+ return appId;
+ }
+
+ public void setAppId(Object appId) {
+ this.appId = appId;
+ }
+
+ public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Once created you cannot set this token to authenticated. Create a new instance using the constructor which takes a GrantedAuthority list will mark this as authenticated.");