Explorar el Código

接入 浙政钉扫码登陆管理优化

tags/24080901
liuxinxin hace 1 año
padre
commit
a3c6f1bfc8
Se han modificado 16 ficheros con 282 adiciones y 102 borrados
  1. +1
    -2
      pmapi/src/main/java/com/ningdatech/pmapi/common/handler/GlobalResponseHandler.java
  2. +2
    -1
      pmapi/src/main/java/com/ningdatech/pmapi/projectdeclared/manage/ConstructionPlanManage.java
  3. +30
    -0
      pmapi/src/main/java/com/ningdatech/pmapi/user/constant/LoginTypeEnum.java
  4. +0
    -20
      pmapi/src/main/java/com/ningdatech/pmapi/user/controller/NdUserAuthController.java
  5. +0
    -20
      pmapi/src/main/java/com/ningdatech/pmapi/user/controller/NdUserInfoController.java
  6. +7
    -4
      pmapi/src/main/java/com/ningdatech/pmapi/user/controller/UserAuthController.java
  7. +39
    -0
      pmapi/src/main/java/com/ningdatech/pmapi/user/manage/UserAuthLoginManage.java
  8. +5
    -8
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/WebSecurityConfig.java
  9. +42
    -0
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/AccountIdLoginUserDetailService.java
  10. +12
    -5
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthSecurityConfig.java
  11. +13
    -5
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthToken.java
  12. +3
    -3
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialLoginUserDetailService.java
  13. +42
    -0
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/PhoneNoLoginUserDetailService.java
  14. +43
    -10
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthFilter.java
  15. +39
    -12
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthProvider.java
  16. +4
    -12
      pmapi/src/main/resources/integration/zwdd-dev.yml

+ 1
- 2
pmapi/src/main/java/com/ningdatech/pmapi/common/handler/GlobalResponseHandler.java Ver fichero

@@ -2,7 +2,6 @@ package com.ningdatech.pmapi.common.handler;

import cn.hutool.json.JSONUtil;
import com.ningdatech.basic.model.ApiResponse;
import com.ningdatech.pmapi.common.util.BizUtils;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
@@ -24,7 +23,7 @@ import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
"com.ningdatech.pmapi.projectlib.controller",
"com.ningdatech.pmapi.sys.controller",
"com.ningdatech.pmapi.todocenter.controller",
"com.ningdatech.pmapi.user.controller"
"com.ningdatech.pmapi.user.controller",
})
public class GlobalResponseHandler implements ResponseBodyAdvice<Object> {



+ 2
- 1
pmapi/src/main/java/com/ningdatech/pmapi/projectdeclared/manage/ConstructionPlanManage.java Ver fichero

@@ -20,6 +20,7 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.BeanUtils;
import org.springframework.stereotype.Component;

import java.time.LocalDateTime;
import java.util.Collections;
import java.util.Map;
@@ -69,7 +70,7 @@ public class ConstructionPlanManage {

//首先要判断 项目当前状态 是不是 方案待申报
VUtils.isTrue(!ProjectStatusEnum.PLAN_TO_BE_DECLARED.getCode().equals(projectInfo.getStatus()) ||
!ProjectStatusEnum.NOT_APPROVED.getCode().equals(projectInfo.getStage()))
!ProjectStatusEnum.NOT_APPROVED.getCode().equals(projectInfo.getStage()))
.throwMessage("提交失败 该项目不是 待预审状态或者未立项阶段");
//TODO 再判断 该项目是否 真实走完 单位内部审批



+ 30
- 0
pmapi/src/main/java/com/ningdatech/pmapi/user/constant/LoginTypeEnum.java Ver fichero

@@ -0,0 +1,30 @@
package com.ningdatech.pmapi.user.constant;

import io.swagger.annotations.ApiModel;
import lombok.AllArgsConstructor;
import lombok.Getter;

/**
* @author liuxinxin
* @date 2022/8/17 下午5:55
*/
@AllArgsConstructor
@Getter
@ApiModel("登陆类型")
public enum LoginTypeEnum {
/**
* 浙政钉扫码登陆
*/
DING_QR_LOGIN,

/**
* 手机号验证码登陆
*/
PHONE_VERIFICATION_CODE_LOGIN,

/**
* 账号密码登陆
*/
USERNAME_PASSWORD_LOGIN;

}

+ 0
- 20
pmapi/src/main/java/com/ningdatech/pmapi/user/controller/NdUserAuthController.java Ver fichero

@@ -1,20 +0,0 @@
package com.ningdatech.pmapi.user.controller;


import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.stereotype.Controller;

/**
* <p>
* 前端控制器
* </p>
*
* @author Lierbao
* @since 2023-02-01
*/
@Controller
@RequestMapping("/pmapi.user/nd-user-auth")
public class NdUserAuthController {

}

+ 0
- 20
pmapi/src/main/java/com/ningdatech/pmapi/user/controller/NdUserInfoController.java Ver fichero

@@ -1,20 +0,0 @@
package com.ningdatech.pmapi.user.controller;


import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
* <p>
* 前端控制器
* </p>
*
* @author Lierbao
* @since 2023-02-01
*/
@Controller
@RequestMapping("/pmapi.user/nd-user-info")
public class NdUserInfoController {


}

+ 7
- 4
pmapi/src/main/java/com/ningdatech/pmapi/user/controller/UserAuthController.java Ver fichero

@@ -36,13 +36,16 @@ public class UserAuthController {

private final ObjectMapper objectMapper;

@PostMapping(value = "/login/password", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@PostMapping(value = "/login", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
@ApiOperation(value = "账号密码的登陆方式")
@ApiImplicitParams({
@ApiImplicitParam(name = "username", value = "用户名", required = true, paramType = "form", dataType = "String"),
@ApiImplicitParam(name = "password", value = "密码", required = true, paramType = "form", dataType = "String")})
@ApiImplicitParam(name = "identifier", value = "用户名", required = true, paramType = "form", dataType = "String"),
@ApiImplicitParam(name = "credential", value = "凭证", required = true, paramType = "form", dataType = "String"),
@ApiImplicitParam(name = "loginType", value = "DING_QR_LOGIN 浙政钉扫码登陆,PHONE_VERIFICATION_CODE_LOGIN 手机号验证码登陆"
, required = true, paramType = "form", dataType = "String")})
public void loginByUsernameAndPassword(@RequestParam("username") String username,
@RequestParam("password") String password) {
@RequestParam("credential") String credential,
@RequestParam("loginType") String loginType) {
// 不实现任何内容,只是为了出api文档
}



+ 39
- 0
pmapi/src/main/java/com/ningdatech/pmapi/user/manage/UserAuthLoginManage.java Ver fichero

@@ -18,6 +18,12 @@ public class UserAuthLoginManage {
private final IUserAuthService iUserAuthService;
private final IUserInfoService iUserInfoService;

/**
* 根据用户名获取
*
* @param username
* @return
*/
public UserFullInfoDTO queryUserInfoInPasswordAuth(String username) {
UserFullInfoDTO userFullInfoDTO = new UserFullInfoDTO();
userFullInfoDTO.setCompanyId(1L);
@@ -27,4 +33,37 @@ public class UserAuthLoginManage {
userFullInfoDTO.setUsername("测试账号");
return userFullInfoDTO;
}

/**
* 根据手机号获取
*
* @param phoneNo
* @return
*/
public UserFullInfoDTO queryUserInfoInPhoneNoAuth(String phoneNo) {
UserFullInfoDTO userFullInfoDTO = new UserFullInfoDTO();
userFullInfoDTO.setCompanyId(1L);
userFullInfoDTO.setUserId(1L);
userFullInfoDTO.setIdentifier("123456");
userFullInfoDTO.setRealName("测试账号");
userFullInfoDTO.setUsername("测试账号");
return userFullInfoDTO;
}


/**
* 根据accountId
*
* @param accountId
* @return
*/
public UserFullInfoDTO queryUserInfoInAccountIdAuth(String accountId) {
UserFullInfoDTO userFullInfoDTO = new UserFullInfoDTO();
userFullInfoDTO.setCompanyId(1L);
userFullInfoDTO.setUserId(1L);
userFullInfoDTO.setIdentifier("123456");
userFullInfoDTO.setRealName("测试账号");
userFullInfoDTO.setUsername("测试账号");
return userFullInfoDTO;
}
}

+ 5
- 8
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/WebSecurityConfig.java Ver fichero

@@ -1,13 +1,11 @@
package com.ningdatech.pmapi.user.security.auth;

import com.google.common.collect.Lists;
import com.ningdatech.basic.util.CollUtils;
import com.ningdatech.basic.util.NdJsonUtil;
import com.ningdatech.basic.util.StrPool;
import com.ningdatech.pmapi.common.constant.BizConst;
import com.ningdatech.pmapi.common.constant.CommonConstant;
import com.ningdatech.pmapi.user.security.auth.handler.DefaultExpiredSessionStrategy;
import com.ningdatech.pmapi.user.security.auth.password.UsernamePasswordAuthSecurityConfig;
import com.ningdatech.pmapi.user.security.auth.credential.CredentialAuthSecurityConfig;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
@@ -18,7 +16,6 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;

@@ -31,16 +28,16 @@ import java.util.Set;
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

private final AuthProperties authProperties;
private final UsernamePasswordAuthSecurityConfig usernamePasswordAuthSecurityConfig;
private final CredentialAuthSecurityConfig credentialAuthSecurityConfig;
private final LogoutSuccessHandler logoutSuccessHandler;
private final DefaultExpiredSessionStrategy defaultExpiredSessionStrategy;

public WebSecurityConfig(AuthProperties authProperties,
UsernamePasswordAuthSecurityConfig usernamePasswordAuthSecurityConfig,
CredentialAuthSecurityConfig credentialAuthSecurityConfig,
@Qualifier(value = "defaultLogoutSuccessHandler") LogoutSuccessHandler logoutSuccessHandler,
DefaultExpiredSessionStrategy defaultExpiredSessionStrategy) {
this.authProperties = authProperties;
this.usernamePasswordAuthSecurityConfig = usernamePasswordAuthSecurityConfig;
this.credentialAuthSecurityConfig = credentialAuthSecurityConfig;
this.logoutSuccessHandler = logoutSuccessHandler;
this.defaultExpiredSessionStrategy = defaultExpiredSessionStrategy;
}
@@ -50,7 +47,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
assemblerPreAuthUrls(http);
http.formLogin()
.loginPage(authProperties.getAuthRequireUrl())
.and().apply(usernamePasswordAuthSecurityConfig)
.and().apply(credentialAuthSecurityConfig)
.and()
.authorizeRequests().antMatchers(authProperties.getIgnoreAuthUrlsArray()).permitAll().anyRequest()
.authenticated().and()


+ 42
- 0
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/AccountIdLoginUserDetailService.java Ver fichero

@@ -0,0 +1,42 @@
package com.ningdatech.pmapi.user.security.auth.credential;


import com.ningdatech.pmapi.user.manage.UserAuthLoginManage;
import com.ningdatech.pmapi.user.security.auth.model.UserFullInfoDTO;
import com.ningdatech.pmapi.user.security.auth.model.UserInfoDetails;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.Objects;

/**
* @author LiuXinXin
* @date 2022/9/30 上午9:49
*/

@Service("accountIdLoginUserDetailService")
@RequiredArgsConstructor
public class AccountIdLoginUserDetailService implements UserDetailsService {

private final UserAuthLoginManage userAuthLoginManage;

@Override
public UserInfoDetails loadUserByUsername(String accountId) throws UsernameNotFoundException {
UserFullInfoDTO userFullInfoDTO = userAuthLoginManage.queryUserInfoInAccountIdAuth(accountId);
if (Objects.isNull(userFullInfoDTO)) {
throw new UsernameNotFoundException(String.format("%s user not exist", accountId));
}
UserInfoDetails userInfoDetails = new UserInfoDetails();
userInfoDetails.setUserId(userFullInfoDTO.getUserId());
userInfoDetails.setUsername(userFullInfoDTO.getUsername());
userInfoDetails.setRealName(userFullInfoDTO.getRealName());
userInfoDetails.setRole(userFullInfoDTO.getRole());
userInfoDetails.setRegionCode(userFullInfoDTO.getRegionCode());
userInfoDetails.setCompanyId(userFullInfoDTO.getCompanyId());
userInfoDetails.setIdentifier(userFullInfoDTO.getIdentifier());
userInfoDetails.setPassword(userFullInfoDTO.getCredential());
return userInfoDetails;
}
}

pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/password/UsernamePasswordAuthSecurityConfig.java → pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthSecurityConfig.java Ver fichero

@@ -1,6 +1,7 @@
package com.ningdatech.pmapi.user.security.auth.password;
package com.ningdatech.pmapi.user.security.auth.credential;

import com.ningdatech.pmapi.user.security.auth.AuthProperties;
import com.ningdatech.zwdd.client.ZwddAuthClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationManager;
@@ -18,7 +19,7 @@ import org.springframework.stereotype.Component;
* 账号密码登陆的认证配置
*/
@Component
public class UsernamePasswordAuthSecurityConfig
public class CredentialAuthSecurityConfig
extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

@Autowired
@@ -30,8 +31,8 @@ public class UsernamePasswordAuthSecurityConfig
protected AuthenticationFailureHandler defaultLoginFailureHandler;

@Autowired
@Qualifier(value = "passwordLoginUserDetailService")
private UserDetailsService passwordLoginUserDetailService;
@Qualifier(value = "credentialLoginUserDetailService")
private UserDetailsService credentialLoginUserDetailService;

@Autowired
private PasswordEncoder passwordEncoder;
@@ -41,6 +42,9 @@ public class UsernamePasswordAuthSecurityConfig

private AuthenticationManager authenticationManager;

@Autowired
private ZwddAuthClient zwddAuthClient;

@Override
public void configure(HttpSecurity http) throws Exception {
UsernamePasswordAuthFilter usernamePasswordAuthFilter =
@@ -51,9 +55,12 @@ public class UsernamePasswordAuthSecurityConfig
usernamePasswordAuthFilter.setAuthenticationFailureHandler(defaultLoginFailureHandler);

UsernamePasswordAuthProvider authenticationProvider = new UsernamePasswordAuthProvider();
authenticationProvider.setUserDetailsService(passwordLoginUserDetailService);
authenticationProvider.setUserDetailsService(credentialLoginUserDetailService);
// 确保对密码进行加密的encoder和解密的encoder相同
authenticationProvider.setPasswordEncoder(passwordEncoder);
// 传入浙政钉client
authenticationProvider.setZwddAuthClient(zwddAuthClient);

http.authenticationProvider(authenticationProvider).addFilterAfter(usernamePasswordAuthFilter,
UsernamePasswordAuthenticationFilter.class);
}

pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/password/UsernamePasswordAuthToken.java → pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthToken.java Ver fichero

@@ -1,5 +1,6 @@
package com.ningdatech.pmapi.user.security.auth.password;
package com.ningdatech.pmapi.user.security.auth.credential;

import com.ningdatech.pmapi.user.constant.LoginTypeEnum;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
@@ -11,7 +12,7 @@ import java.util.Collection;
* @Date 2020/8/3 8:52 下午
* @Version 1.0
**/
public class UsernamePasswordAuthToken extends AbstractAuthenticationToken {
public class CredentialAuthToken extends AbstractAuthenticationToken {

private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

@@ -19,16 +20,18 @@ public class UsernamePasswordAuthToken extends AbstractAuthenticationToken {

private final Object credentials;

private final LoginTypeEnum loginTypeEnum;

/**
* This constructor can be safely used by any code that wishes to create a
* <code>UsernamePasswordAuthenticationToken</code>, as the {@link #isAuthenticated()} will return
* <code>false</code>.
*/
public UsernamePasswordAuthToken(String principal, String credentials) {
public CredentialAuthToken(String principal, String credentials, String loginTypeEnum) {
super(null);
this.principal = principal;
this.credentials = credentials;
this.loginTypeEnum = LoginTypeEnum.valueOf(loginTypeEnum);
setAuthenticated(false);
}

@@ -40,15 +43,20 @@ public class UsernamePasswordAuthToken extends AbstractAuthenticationToken {
* @param principal
* @param authorities
*/
public UsernamePasswordAuthToken(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities) {
public CredentialAuthToken(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
this.loginTypeEnum = null;
// must use super, as we override
super.setAuthenticated(true);
}

public LoginTypeEnum getLoginTypeEnum() {
return this.loginTypeEnum;
}

@Override
public Object getCredentials() {
return this.credentials;

pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/password/PasswordLoginUserDetailService.java → pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialLoginUserDetailService.java Ver fichero

@@ -1,4 +1,4 @@
package com.ningdatech.pmapi.user.security.auth.password;
package com.ningdatech.pmapi.user.security.auth.credential;


import com.ningdatech.pmapi.user.manage.UserAuthLoginManage;
@@ -16,9 +16,9 @@ import java.util.Objects;
* @date 2022/9/30 上午9:49
*/

@Service("passwordLoginUserDetailService")
@Service("credentialLoginUserDetailService")
@RequiredArgsConstructor
public class PasswordLoginUserDetailService implements UserDetailsService {
public class CredentialLoginUserDetailService implements UserDetailsService {

private final UserAuthLoginManage userAuthLoginManage;


+ 42
- 0
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/PhoneNoLoginUserDetailService.java Ver fichero

@@ -0,0 +1,42 @@
package com.ningdatech.pmapi.user.security.auth.credential;


import com.ningdatech.pmapi.user.manage.UserAuthLoginManage;
import com.ningdatech.pmapi.user.security.auth.model.UserFullInfoDTO;
import com.ningdatech.pmapi.user.security.auth.model.UserInfoDetails;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import java.util.Objects;

/**
* @author LiuXinXin
* @date 2022/9/30 上午9:49
*/

@Service("phoneNoLoginUserDetailService")
@RequiredArgsConstructor
public class PhoneNoLoginUserDetailService implements UserDetailsService {

private final UserAuthLoginManage userAuthLoginManage;

@Override
public UserInfoDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserFullInfoDTO userFullInfoDTO = userAuthLoginManage.queryUserInfoInPhoneNoAuth(username);
if (Objects.isNull(userFullInfoDTO)) {
throw new UsernameNotFoundException(String.format("%s user not exist", username));
}
UserInfoDetails userInfoDetails = new UserInfoDetails();
userInfoDetails.setUserId(userFullInfoDTO.getUserId());
userInfoDetails.setUsername(userFullInfoDTO.getUsername());
userInfoDetails.setRealName(userFullInfoDTO.getRealName());
userInfoDetails.setRole(userFullInfoDTO.getRole());
userInfoDetails.setRegionCode(userFullInfoDTO.getRegionCode());
userInfoDetails.setCompanyId(userFullInfoDTO.getCompanyId());
userInfoDetails.setIdentifier(userFullInfoDTO.getIdentifier());
userInfoDetails.setPassword(userFullInfoDTO.getCredential());
return userInfoDetails;
}
}

pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/password/UsernamePasswordAuthFilter.java → pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthFilter.java Ver fichero

@@ -1,6 +1,7 @@
package com.ningdatech.pmapi.user.security.auth.password;
package com.ningdatech.pmapi.user.security.auth.credential;

import com.ningdatech.basic.exception.BizException;
import com.ningdatech.pmapi.user.constant.LoginTypeEnum;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
@@ -24,8 +25,9 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing

private boolean postOnly = true;

private static final String USERNAME_PARAMETER = "username";
private static final String PASSWORD_PARAMETER = "password";
private static final String IDENTIFIER_PARAMETER = "identifier";
private static final String CREDENTIAL_PARAMETER = "credential";
private static final String LOGIN_TYPE_PARAMETER = "loginType";


// ~ Constructors
@@ -44,15 +46,22 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing
if (postOnly && !request.getMethod().equals(HttpMethod.POST.name())) {
throw new AuthenticationServiceException("请求方法错误");
}
String username = request.getParameter(USERNAME_PARAMETER);
String password = request.getParameter(PASSWORD_PARAMETER);
if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
String identifier = request.getParameter(IDENTIFIER_PARAMETER);
String credential = request.getParameter(CREDENTIAL_PARAMETER);
String loginType = request.getParameter(LOGIN_TYPE_PARAMETER);
if (StringUtils.isBlank(loginType)) {
throw new BadCredentialsException("登陆类型不能为空");
}

if (StringUtils.isBlank(identifier) || StringUtils.isBlank(credential)) {
throw new UsernameNotFoundException("用户名或密码不能为空");
}
username = username.trim();
password = password.trim();

identifier = identifier.trim();
credential = credential.trim();
loginType = loginType.trim();
try {
UsernamePasswordAuthToken authRequest = new UsernamePasswordAuthToken(username, password);
CredentialAuthToken authRequest = new CredentialAuthToken(identifier, credential, loginType);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
@@ -65,7 +74,31 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing
}
}

protected void setDetails(HttpServletRequest request, UsernamePasswordAuthToken authRequest) {
protected void setDetails(HttpServletRequest request, CredentialAuthToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}

private void valid(String identifier, String credential, String loginType) {
LoginTypeEnum loginTypeEnum = LoginTypeEnum.valueOf(loginType);
switch (loginTypeEnum) {
case DING_QR_LOGIN: {
if (StringUtils.isBlank(credential)) {
throw new BadCredentialsException("浙政钉扫码登陆 授权码 不能为空 credential");
}
}
break;
case USERNAME_PASSWORD_LOGIN: {
if (StringUtils.isBlank(identifier) || StringUtils.isBlank(credential)) {
throw new BadCredentialsException("账号密码登陆 账号密码不能为空 identifier credential");
}
}
break;
case PHONE_VERIFICATION_CODE_LOGIN: {
if (StringUtils.isBlank(identifier) || StringUtils.isBlank(credential)) {
throw new BadCredentialsException("手机号验证码登陆 手机号或验证码不能为空 identifier credential");
}
}
break;
}
}
}

pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/password/UsernamePasswordAuthProvider.java → pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthProvider.java Ver fichero

@@ -1,5 +1,7 @@
package com.ningdatech.pmapi.user.security.auth.password;
package com.ningdatech.pmapi.user.security.auth.credential;

import com.ningdatech.pmapi.user.constant.LoginTypeEnum;
import com.ningdatech.zwdd.client.ZwddAuthClient;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
@@ -20,25 +22,46 @@ public class UsernamePasswordAuthProvider implements AuthenticationProvider {

private PasswordEncoder passwordEncoder;

private ZwddAuthClient zwddAuthClient;

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!(authentication instanceof UsernamePasswordAuthToken)) {
if (!(authentication instanceof CredentialAuthToken)) {
throw new RuntimeException("CustomAuthProvider 只支持 CustomAuthToken");
}
UsernamePasswordAuthToken authenticationToken = (UsernamePasswordAuthToken) authentication;
CredentialAuthToken authenticationToken = (CredentialAuthToken) authentication;
String credentials = (String) authenticationToken.getCredentials();

UserDetails user = userDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());
if (user == null) {
throw new InternalAuthenticationServiceException("can not get user info!");
UserDetails user = null;
LoginTypeEnum loginTypeEnum = authenticationToken.getLoginTypeEnum();
switch (loginTypeEnum) {
case DING_QR_LOGIN: {
// TODO 补充浙政钉扫码逻辑
user = userDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());
}
break;
case PHONE_VERIFICATION_CODE_LOGIN: {
// TODO
user = userDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());
}
break;
case USERNAME_PASSWORD_LOGIN: {
user = userDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());
if (user == null) {
throw new InternalAuthenticationServiceException("can not get user info!");
}
// 账号密码登陆 更改
additionalAuthenticationChecks(user, authenticationToken);
}
break;
}
// TODO 开发使用暂时关闭账号密码验证
// additionalAuthenticationChecks(user, authenticationToken);
// 校验用户是否有当前端的登陆权限


// 将用户定义的user放入token中,这样可以在session中查询到所有自定义的用户信息
return new UsernamePasswordAuthToken(user, user.getPassword(), user.getAuthorities());
return new CredentialAuthToken(user, user.getPassword(), user.getAuthorities());
}

protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthToken authentication)
protected void additionalAuthenticationChecks(UserDetails userDetails, CredentialAuthToken authentication)
throws AuthenticationException {
if (authentication.getCredentials() == null) {
throw new BadCredentialsException("login fail! password is null");
@@ -51,7 +74,7 @@ public class UsernamePasswordAuthProvider implements AuthenticationProvider {

@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthToken.class.isAssignableFrom(authentication);
return CredentialAuthToken.class.isAssignableFrom(authentication);
}

public void setUserDetailsService(UserDetailsService userDetailsService) {
@@ -62,4 +85,8 @@ public class UsernamePasswordAuthProvider implements AuthenticationProvider {
this.passwordEncoder = passwordEncoder;
}

public void setZwddAuthClient(ZwddAuthClient zwddAuthClient) {
this.zwddAuthClient = zwddAuthClient;
}

}

+ 4
- 12
pmapi/src/main/resources/integration/zwdd-dev.yml Ver fichero

@@ -2,19 +2,11 @@
integration:
zzd:
#扫码
app-auth-key: expert-base_dingoa-c5nnefYVnie
app-auth-secret: nm8qtST8uK431HYrjr7srcE23sT4889QgMcYFM3L
# #免登/获取信息
# app-key: file-manage-4Mjx9358wuxjyYFjY3
# app-secret: hE41938wqyQ5LOpc1QDRA9e7gb5YugoClWD3nY4O
app-auth-key: ls-rebuild_dingoa-rgeWs3YVr26z
app-auth-secret: 37qCe6ylNMW0N8K2741z0c2b9vJP2gtuMRQQtZ9P
#免登/获取信息
app-key: ls_rebuild-10c8n5X0707yFV7jURr
app-secret: gN8J3WazyXLMWKDuFmx6C4yaH5lFUY41x8rYLLo6
#专有钉钉在开发管理工作台,右键查看网页源码realmId: '31141',浙政钉固定196729
tenantId: 31141
domain: openplatform.dg-work.cn

# integration.zzd.enabled=true
# #扫码
# integration.zzd.app-auth-key=file-manage_dingoa-zte2LbiAfIj
# integration.zzd.app-auth-secret=H794aFZf271QbfUr50pbBpBTlXSrWIP71q9RTR34
# integration.zzd.domain=openplatform.dg-work.cn
domain: openplatform.dg-work.cn

Cargando…
Cancelar
Guardar