add: 新增对接统一认证资源同步接口

@@ -11,6 +11,7 @@ import com.tianbo.warehouse.controller.response.ResultJson;
 import com.tianbo.warehouse.dao.UserRoleMapper;
 import com.tianbo.warehouse.dao.UserRoleMapper;
 import com.tianbo.warehouse.model.*;
 import com.tianbo.warehouse.model.*;
 import com.tianbo.warehouse.security.filter.JwtTokenUtil;
 import com.tianbo.warehouse.security.filter.JwtTokenUtil;
+import com.tianbo.warehouse.security.login.TokenUtils;
 import com.tianbo.warehouse.service.PermissionService;
 import com.tianbo.warehouse.service.PermissionService;
 import com.tianbo.warehouse.service.RoleService;
 import com.tianbo.warehouse.service.RoleService;
 
 
@@ -266,8 +267,77 @@ public class AnonymousController {
      */
      */
     @PostMapping(value = "/userSynchronization")
     @PostMapping(value = "/userSynchronization")
     @ResponseBody
     @ResponseBody
-    public ResultMessage userSynchronization(@RequestBody Map<String, Object> map){
+    public ResultMessage userSynchronization(@RequestBody Map<String, Object> map, @RequestHeader Map<String, String> headers,HttpServletRequest request){
         log.info("[SSO-资源同步]-参数打印:\n{}",map.toString());
         log.info("[SSO-资源同步]-参数打印:\n{}",map.toString());
+        headers.forEach((key,value)->{
+            log.info("[SSO-USER-SYNCHRONIZATION-HEADER-INFO]-key:{},value:{}",key,value);
+        });
+
+        //IP白名单
+        List<String> ipWhiteList = Arrays.asList(
+                "10.5.14.108",
+                "10.5.14.109",
+                "10.5.14.110",
+                "127.0.0.1"
+        );
+
+        String requestRemoteAddr = request.getHeader("X-Forwarded-For");
+
+        if (StringUtils.isEmpty(requestRemoteAddr)){
+            requestRemoteAddr = request.getRemoteAddr();
+        }else {
+            requestRemoteAddr = requestRemoteAddr.split(",")[0];
+        }
+
+        if (ipWhiteList.contains(requestRemoteAddr)){
+            log.info("[SSO-USER-SYNCHRONIZATION-IPWhiteList]-ipWhiteList:[{}]",requestRemoteAddr);
+        }else {
+            log.info("[SSO-USER-SYNCHRONIZATION-IPWhiteList]-ip:[{}]白名单验证失败,访问IP不在白名单内",requestRemoteAddr);
+            return new  ResultMessage(400,"访问IP不在白名单内,验证失败.ip:"+requestRemoteAddr);
+        }
+
+        // 用headers Map 取值 key 键值时 key会全部转为小写 在springboot 中
+        if (headers.containsKey("once") && headers.containsKey("ts") && headers.containsKey("appkey") && headers.containsKey("signmethod") && headers.containsKey("signdata")){
+            String appAuthKey = "4768711539138560" ;
+            if (appAuthKey.equals(headers.get("appkey"))){
+                String bodyData = JSON.toJSONString(map);
+                String appPwd = "ce10ec6cc310966de5264994817a0f7c1b2b9e3b";
+                log.info("[SSO-INFO]-apppwd:{}",appPwd);
+                StringBuilder sb = new StringBuilder();
+                //签名验证格式拼接
+
+                sb.append("appKey=").append(headers.get("appkey"))
+                        .append("&ts=").append(headers.get("ts"))
+                        .append("&once=").append(headers.get("once"))
+                        .append("&signMethod=").append(headers.get("signmethod"))
+                        .append("&bodyData=").append(bodyData);
+                String signAuthURI = sb.toString();
+                // 签名生成
+                try{
+                    String signData = TokenUtils.getSignature(appPwd, signAuthURI);
+                    // 签名验证
+                    if (signData.equals(headers.get("signdata"))){
+                        log.info("[SSO-USER-SYNCHRONIZATION-HEADER-SUCCESS]-头部签名验证成功");
+                    }else {
+                        log.error("[SSO-USER-SYNCHRONIZATION-HEADER-AUTHFAIL]-头部签名验证失败");
+//                        return new  ResultMessage(400,"app签名验证失败");
+                    }
+                }catch (Exception e){
+                    log.error("[SSO-USER-SYNCHRONIZATION-HEADER-AUTH-ERR]-",e);
+//                    return new  ResultMessage(400,"app签名验证出错"+e.getMessage());
+                }
+
+            }else {
+                log.error("[SSO-USER-SYNCHRONIZATION-HEADER-FAILD],key:{},不为验证key:4768711539138560",headers.get("appKey"));
+//                return new  ResultMessage(400,"appKey验证失败");
+            }
+        }else {
+            log.error("[SSO-USER-SYNCHRONIZATION-HEADER-FAILD]-缺少必要头部验证信息");
+//            return new  ResultMessage(400,"缺少必要头部验证信息,app验证失败");
+        }
+
+
+
         //获取action的值,判断是push数据还是删除数据
         //获取action的值,判断是push数据还是删除数据
         String action = map.get("action").toString();
         String action = map.get("action").toString();
         if ("user".equals(map.get("resType").toString())){
         if ("user".equals(map.get("resType").toString())){

@@ -14,13 +14,15 @@ public class SSOUserData {
 
 
     private String USER_NO;
     private String USER_NO;
 
 
+    private Integer USER_TYPE;
+
     private String MOBILE;
     private String MOBILE;
 
 
     private String IDCARD_NO;
     private String IDCARD_NO;
 
 
     private String COUNTRY;
     private String COUNTRY;
 
 
-    private String SEX;
+    private Integer SEX;
 
 
     private String NATIONALITY;
     private String NATIONALITY;
 
 
@@ -34,9 +36,11 @@ public class SSOUserData {
 
 
     private String JOB_TITLE;
     private String JOB_TITLE;
 
 
-    private String JOB_TYPE;
+    private Integer JOB_TYPE;
+
+    private Integer JOB_STATUS;
 
 
-    private String JOB_STATUS;
+    private Integer USER_JOB_STATUS;
 
 
     private String JOB_POSITION;
     private String JOB_POSITION;
 
 
@@ -52,7 +56,7 @@ public class SSOUserData {
 
 
     private String LOGIN_NAME;
     private String LOGIN_NAME;
 
 
-    private String SHOW_ORDER;
+    private Integer SHOW_ORDER;
 
 
     private String REMARK;
     private String REMARK;
 
 
@@ -64,5 +68,5 @@ public class SSOUserData {
 
 
     private String PWD_ENCRYPT;
     private String PWD_ENCRYPT;
 
 
-    private String UPDATE_TIME;
+    private Long UPDATE_TIME;
 }
 }

+package com.tianbo.warehouse.security.login;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.ArrayUtils;
+import org.bouncycastle.crypto.digests.SM3Digest;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+@Slf4j
+public class TokenUtils {
+
+    private static String[] hexDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e",
+            "f" };
+
+    public static String getSignature(String pwd, String paramUrl) {
+
+
+        if (StringUtils.isNotBlank(paramUrl)) {
+            try {
+                paramUrl = URLDecoder.decode(paramUrl, "UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                log.error("SM3生成signData失败:", e);
+                throw new RuntimeException("生成signData失败:", e);
+            }
+        }
+
+        String[] paraArray = new String[] {};
+        if (StringUtils.isNotBlank(paramUrl)) {
+            String[] queryArray = paramUrl.split("&");
+            paraArray = (String[]) ArrayUtils.addAll(queryArray, paraArray);
+        }
+
+        Arrays.sort(paraArray);
+
+        StringBuffer buffer = new StringBuffer();
+        buffer.append(pwd);
+        buffer.append(":");
+
+        for (int i = 0; i < paraArray.length; i++) {
+            buffer.append(paraArray[i]);
+            buffer.append("&");
+        }
+        buffer.deleteCharAt(buffer.length() - 1);
+        buffer.append(":");
+        buffer.append(pwd);
+
+        MessageDigest md = null;
+        SM3Digest digest = new SM3Digest();
+        String sm3Encode1 = "";
+        try {
+            md = MessageDigest.getInstance("SHA-256");
+            md.update(buffer.toString().getBytes("UTF-8"));
+
+            //SM3
+            digest.update(buffer.toString().getBytes("UTF-8"),0, buffer.length());
+            byte[] hashSM3 = new byte[digest.getDigestSize()];
+            digest.doFinal(hashSM3, 0);
+            sm3Encode1 = byteArrayToHexString(hashSM3);
+            log.info("[sm3Encode1] = {}" , sm3Encode1);
+
+        } catch (NoSuchAlgorithmException e) {
+            log.error("生成signData失败:", e);
+            throw new RuntimeException("生成signData失败.", e);
+        } catch (UnsupportedEncodingException e) {
+            log.error("生成signData失败:", e);
+            throw new RuntimeException("生成signData失败.", e);
+        }
+        String encode = byteArrayToHexString(md.digest());
+        log.info("[SHA256-ENCODE]={}" , encode);
+        String sm3Encode = SM3EncryptUtil.passwordSm3(buffer.toString());
+        log.info("[sm3PasswordEncode] = {} " , sm3Encode);
+        return sm3Encode;
+    }
+
+    private static String byteArrayToHexString(byte[] byteArray) {
+        StringBuffer sb = new StringBuffer();
+        for (byte byt : byteArray) {
+            sb.append(byteToHexString(byt));
+        }
+        return sb.toString();
+    }
+
+    private static String byteToHexString(byte byt) {
+        int n = byt;
+        if (n < 0)
+            n = 256 + n;
+        return hexDigits[n / 16] + hexDigits[n % 16];
+    }
+}