朱兆平 / spring cloud基础开发框架 · 提交

转到一个项目

作者 朱兆平
提交 79bd0353bab5269f7e456baed531ed167f2551fc 1 个父辈 64d1d1f0

add: 新增对接统一认证资源同步接口

内嵌 并排对比
正在显示 3 个修改的文件 包含 174 行增加6 行删除
... ... @@ -11,6 +11,7 @@ import com.tianbo.warehouse.controller.response.ResultJson;
import com.tianbo.warehouse.dao.UserRoleMapper;
import com.tianbo.warehouse.model.*;
import com.tianbo.warehouse.security.filter.JwtTokenUtil;
import com.tianbo.warehouse.security.login.TokenUtils;
import com.tianbo.warehouse.service.PermissionService;
import com.tianbo.warehouse.service.RoleService;
... ... @@ -266,8 +267,77 @@ public class AnonymousController {
*/
@PostMapping(value = "/userSynchronization")
@ResponseBody
public ResultMessage userSynchronization(@RequestBody Map<String, Object> map){
public ResultMessage userSynchronization(@RequestBody Map<String, Object> map, @RequestHeader Map<String, String> headers,HttpServletRequest request){
log.info("[SSO-资源同步]-参数打印:\n{}",map.toString());
headers.forEach((key,value)->{
log.info("[SSO-USER-SYNCHRONIZATION-HEADER-INFO]-key:{},value:{}",key,value);
});
//IP白名单
List<String> ipWhiteList = Arrays.asList(
"10.5.14.108",
"10.5.14.109",
"10.5.14.110",
"127.0.0.1"
);
String requestRemoteAddr = request.getHeader("X-Forwarded-For");
if (StringUtils.isEmpty(requestRemoteAddr)){
requestRemoteAddr = request.getRemoteAddr();
}else {
requestRemoteAddr = requestRemoteAddr.split(",")[0];
}
if (ipWhiteList.contains(requestRemoteAddr)){
log.info("[SSO-USER-SYNCHRONIZATION-IPWhiteList]-ipWhiteList:[{}]",requestRemoteAddr);
}else {
log.info("[SSO-USER-SYNCHRONIZATION-IPWhiteList]-ip:[{}]白名单验证失败,访问IP不在白名单内",requestRemoteAddr);
return new ResultMessage(400,"访问IP不在白名单内,验证失败.ip:"+requestRemoteAddr);
}
// 用headers Map 取值 key 键值时 key会全部转为小写 在springboot 中
if (headers.containsKey("once") && headers.containsKey("ts") && headers.containsKey("appkey") && headers.containsKey("signmethod") && headers.containsKey("signdata")){
String appAuthKey = "4768711539138560" ;
if (appAuthKey.equals(headers.get("appkey"))){
String bodyData = JSON.toJSONString(map);
String appPwd = "ce10ec6cc310966de5264994817a0f7c1b2b9e3b";
log.info("[SSO-INFO]-apppwd:{}",appPwd);
StringBuilder sb = new StringBuilder();
//签名验证格式拼接
sb.append("appKey=").append(headers.get("appkey"))
.append("&ts=").append(headers.get("ts"))
.append("&once=").append(headers.get("once"))
.append("&signMethod=").append(headers.get("signmethod"))
.append("&bodyData=").append(bodyData);
String signAuthURI = sb.toString();
// 签名生成
try{
String signData = TokenUtils.getSignature(appPwd, signAuthURI);
// 签名验证
if (signData.equals(headers.get("signdata"))){
log.info("[SSO-USER-SYNCHRONIZATION-HEADER-SUCCESS]-头部签名验证成功");
}else {
log.error("[SSO-USER-SYNCHRONIZATION-HEADER-AUTHFAIL]-头部签名验证失败");
// return new ResultMessage(400,"app签名验证失败");
}
}catch (Exception e){
log.error("[SSO-USER-SYNCHRONIZATION-HEADER-AUTH-ERR]-",e);
// return new ResultMessage(400,"app签名验证出错"+e.getMessage());
}
}else {
log.error("[SSO-USER-SYNCHRONIZATION-HEADER-FAILD],key:{},不为验证key:4768711539138560",headers.get("appKey"));
// return new ResultMessage(400,"appKey验证失败");
}
}else {
log.error("[SSO-USER-SYNCHRONIZATION-HEADER-FAILD]-缺少必要头部验证信息");
// return new ResultMessage(400,"缺少必要头部验证信息,app验证失败");
}
//获取action的值,判断是push数据还是删除数据
String action = map.get("action").toString();
if ("user".equals(map.get("resType").toString())){
... ...
... ... @@ -14,13 +14,15 @@ public class SSOUserData {
private String USER_NO;
private Integer USER_TYPE;
private String MOBILE;
private String IDCARD_NO;
private String COUNTRY;
private String SEX;
private Integer SEX;
private String NATIONALITY;
... ... @@ -34,9 +36,11 @@ public class SSOUserData {
private String JOB_TITLE;
private String JOB_TYPE;
private Integer JOB_TYPE;
private Integer JOB_STATUS;
private String JOB_STATUS;
private Integer USER_JOB_STATUS;
private String JOB_POSITION;
... ... @@ -52,7 +56,7 @@ public class SSOUserData {
private String LOGIN_NAME;
private String SHOW_ORDER;
private Integer SHOW_ORDER;
private String REMARK;
... ... @@ -64,5 +68,5 @@ public class SSOUserData {
private String PWD_ENCRYPT;
private String UPDATE_TIME;
private Long UPDATE_TIME;
}
... ...
package com.tianbo.warehouse.security.login;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.crypto.digests.SM3Digest;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@Slf4j
public class TokenUtils {
private static String[] hexDigits = { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e",
"f" };
public static String getSignature(String pwd, String paramUrl) {
if (StringUtils.isNotBlank(paramUrl)) {
try {
paramUrl = URLDecoder.decode(paramUrl, "UTF-8");
} catch (UnsupportedEncodingException e) {
log.error("SM3生成signData失败:", e);
throw new RuntimeException("生成signData失败:", e);
}
}
String[] paraArray = new String[] {};
if (StringUtils.isNotBlank(paramUrl)) {
String[] queryArray = paramUrl.split("&");
paraArray = (String[]) ArrayUtils.addAll(queryArray, paraArray);
}
Arrays.sort(paraArray);
StringBuffer buffer = new StringBuffer();
buffer.append(pwd);
buffer.append(":");
for (int i = 0; i < paraArray.length; i++) {
buffer.append(paraArray[i]);
buffer.append("&");
}
buffer.deleteCharAt(buffer.length() - 1);
buffer.append(":");
buffer.append(pwd);
MessageDigest md = null;
SM3Digest digest = new SM3Digest();
String sm3Encode1 = "";
try {
md = MessageDigest.getInstance("SHA-256");
md.update(buffer.toString().getBytes("UTF-8"));
//SM3
digest.update(buffer.toString().getBytes("UTF-8"),0, buffer.length());
byte[] hashSM3 = new byte[digest.getDigestSize()];
digest.doFinal(hashSM3, 0);
sm3Encode1 = byteArrayToHexString(hashSM3);
log.info("[sm3Encode1] = {}" , sm3Encode1);
} catch (NoSuchAlgorithmException e) {
log.error("生成signData失败:", e);
throw new RuntimeException("生成signData失败.", e);
} catch (UnsupportedEncodingException e) {
log.error("生成signData失败:", e);
throw new RuntimeException("生成signData失败.", e);
}
String encode = byteArrayToHexString(md.digest());
log.info("[SHA256-ENCODE]={}" , encode);
String sm3Encode = SM3EncryptUtil.passwordSm3(buffer.toString());
log.info("[sm3PasswordEncode] = {} " , sm3Encode);
return sm3Encode;
}
private static String byteArrayToHexString(byte[] byteArray) {
StringBuffer sb = new StringBuffer();
for (byte byt : byteArray) {
sb.append(byteToHexString(byt));
}
return sb.toString();
}
private static String byteToHexString(byte byt) {
int n = byt;
if (n < 0)
n = 256 + n;
return hexDigits[n / 16] + hexDigits[n % 16];
}
}
... ...