辽宁CAS统一认证兼容

2026-06-17 14:19:52 +08:00
parent d36c30973d
commit 507a7f7a09
9 changed files with 238 additions and 299 deletions
--- a/pqs-auth/pom.xml
+++ b/pqs-auth/pom.xml
@@ -66,6 +66,13 @@
            <artifactId>common-oss</artifactId>
            <version>${project.version}</version>
        </dependency>
        <!--辽宁调度现场单点登录-->
        <dependency>
            <groupId>com.sgcc.epri.auth</groupId>
            <artifactId>sso-client-base</artifactId>
            <version>2.1.1 </version>
        </dependency>
    </dependencies>
    <build>
@@ -138,4 +145,4 @@
-</project>
+</project>
--- a/pqs-auth/src/main/java/com/njcn/auth/config/LnSsoClientConfig.java
+++ b/pqs-auth/src/main/java/com/njcn/auth/config/LnSsoClientConfig.java
@@ -0,0 +1,26 @@
 package com.njcn.auth.config;
 /**
 * pqs
 *
 * @author cdf
 * @date 2026/6/8
 */
 import com.sgcc.epri.auth.config.EnableSSOClient;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Configuration;
 /**
 * 仅控制 SSO 客户端开关，不影响任何其他功能
 */
@Configuration
@ConditionalOnProperty(
        prefix = "cas.client",       // 配置前缀
        name = "enabled",            // 配置项名称
        havingValue = "true",        // 值为true才生效
        matchIfMissing = false       // 不配置默认关闭
 )
@EnableSSOClient
 public class LnSsoClientConfig {
 }
--- a/pqs-auth/src/main/java/com/njcn/auth/config/WebSecurityConfig.java
+++ b/pqs-auth/src/main/java/com/njcn/auth/config/WebSecurityConfig.java
@@ -37,7 +37,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
-                .antMatchers("/oauth/getPublicKey","/oauth/logout","/auth/getImgCode","/judgeToken/guangZhou","/judgeToken/heBei","/oauth/autoLogin").permitAll()
+                .antMatchers("/oauth/getPublicKey","/oauth/logout","/auth/getImgCode","/judgeToken/guangZhou","/judgeToken/heBei","/oauth/autoLogin","/oauth/lnLogin","/oauth/lnCheck","/oauth/lnRefreshToken").permitAll()
                // @link https://gitee.com/xiaoym/knife4j/issues/I1Q5X6 (接口文档knife4j需要放行的规则)
                .antMatchers("/webjars/**","/doc.html","/swagger-resources/**","/v2/api-docs").permitAll()
                .anyRequest().authenticated()
--- a/pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java
+++ b/pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java
@@ -25,13 +25,17 @@ import com.njcn.user.pojo.po.UserStrategy;
 import com.njcn.web.controller.BaseController;
 import com.njcn.web.utils.RequestUtil;
 import com.njcn.web.utils.RestTemplateUtil;
 import com.sgcc.epri.auth.session.HttpSessionManager;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
-import lombok.AllArgsConstructor;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
 import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -39,6 +43,10 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.util.UriComponentsBuilder;
 import springfox.documentation.annotations.ApiIgnore;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.net.URI;
 import java.security.KeyPair;
 import java.security.Principal;
@@ -55,7 +63,7 @@ import java.util.stream.Collectors;
@Slf4j
@RestController
@RequestMapping("/oauth")
-@AllArgsConstructor
+@RequiredArgsConstructor
 public class AuthController extends BaseController {
@@ -71,6 +79,11 @@ public class AuthController extends BaseController {
    private final UserTokenService userTokenService;
    @Value("${cas.redirect-url:http://10.21.30.11:8088/#/login?flag=1}")
    private String redirectUrl;
    private String UsernamePrefix = "CAS_";
    @ApiIgnore
    @OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.AUTHENTICATE)
@@ -91,7 +104,6 @@ public class AuthController extends BaseController {
        String methodDescribe = getMethodDescribe("postAccessToken");
        String username = parameters.get(SecurityConstants.USERNAME);
        String grantType = parameters.get(SecurityConstants.GRANT_TYPE);
        if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_CAPTCHA) || grantType.equalsIgnoreCase(SecurityConstants.REFRESH_TOKEN_KEY)) {
            username = DesUtils.aesDecrypt(username);
@@ -104,19 +116,19 @@ public class AuthController extends BaseController {
        UserStrategy data = passWordRuleFeugnClient.getUserStrategy().getData();
        String onlineUserKey = SecurityConstants.TOKEN_ONLINE_PREFIX;
        List<UserTokenInfo> onLineUser = (List<UserTokenInfo>) redisUtil.getLikeListAllValues(onlineUserKey);
-        if(CollectionUtil.isNotEmpty(onLineUser)){
+        if (CollectionUtil.isNotEmpty(onLineUser)) {
            String finalUsername = username;
-            onLineUser = onLineUser.stream().filter(item->{
+            onLineUser = onLineUser.stream().filter(item -> {
                JSONObject jsonObject = AuthPubUtil.getLoginByToken(item.getRefreshToken());
                String login = jsonObject.getStr(SecurityConstants.USER_NAME_KEY);
                long exp = Long.parseLong(jsonObject.getStr(SecurityConstants.JWT_EXP));
-                long now = Calendar.getInstance().getTimeInMillis()/1000;
+                long now = Calendar.getInstance().getTimeInMillis() / 1000;
-                return  (exp > now) && !login.equals(finalUsername);
+                return (exp > now) && !login.equals(finalUsername);
            }).collect(Collectors.toList());
        }
        Integer maxNum = data.getMaxNum();
-        if((CollectionUtil.isNotEmpty(onLineUser)?onLineUser.size():0)>=maxNum){
+        if ((CollectionUtil.isNotEmpty(onLineUser) ? onLineUser.size() : 0) >= maxNum) {
            throw new BusinessException(UserResponseEnum.LOGIN_USER_OVERLIMIT);
        }
@@ -143,7 +155,7 @@ public class AuthController extends BaseController {
    @OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.LOGOUT)
    @ApiOperation("用户登出系统")
    @DeleteMapping("/logout")
-    public HttpResult<Object> logout() {
+    public HttpResult<Object> logout(HttpServletRequest request, HttpServletResponse response) {
        String methodDescribe = getMethodDescribe("logout");
        String userIndex = RequestUtil.getUserIndex();
        String username = RequestUtil.getUsername();
@@ -165,6 +177,24 @@ public class AuthController extends BaseController {
            long lifeTime = Math.abs(refreshTokenExpire.plusMinutes(5L).toEpochSecond(ZoneOffset.of("+8")) - LocalDateTime.now().toEpochSecond(ZoneOffset.of("+8")));
            redisUtil.saveByKeyWithExpire(blackUserKey, blackUsers, lifeTime);
        }
        // 以下代码是辽宁登出代码，关键：使 Session 失效
        request.getSession().invalidate();
        // 清除 JSESSIONID
        Cookie jsessionidCookie = new Cookie("JSESSIONID", null);
        jsessionidCookie.setMaxAge(0);
        jsessionidCookie.setPath("/");
        response.addCookie(jsessionidCookie);
        // 清除 loginUser Cookie（关键！）
        Cookie loginUserCookie = new Cookie("loginUser", null);
        loginUserCookie.setMaxAge(0);
        loginUserCookie.setPath("/");
        response.addCookie(loginUserCookie);
        log.info("登出成功。。。。。。。。。。。。。。。。");
        return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, null, methodDescribe);
    }
@@ -186,20 +216,152 @@ public class AuthController extends BaseController {
     */
    @OperateInfo(info = LogEnum.SYSTEM_COMMON, operateType = OperateType.AUTHENTICATE)
    @ApiOperation("自动登录")
-    @PostMapping("/autoLogin")
+    @GetMapping("/autoLogin")
    @ApiImplicitParam(name = "phone", value = "手机号", required = true, paramType = "query")
    @ApiIgnore
    public HttpResult<Object> autoLogin(@RequestParam String phone) {
        String methodDescribe = getMethodDescribe("autoLogin");
        String userUrl = "http://127.0.0.1:10214/oauth/token";
        UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(userUrl)
-                .queryParam("grant_type", "sms_code")
+                .queryParam("grant_type", SecurityConstants.GRANT_AUTHORIZATION_CODE)
-                .queryParam("client_id", "njcnapp")
+                .queryParam("client_id", "njcn")
                .queryParam("client_secret", "njcnpqs")
-                .queryParam("phone", phone)
+                .queryParam("username", "%2FPY4%2FD07ExoKDUg6yCi2cA%3D%3D")
-                .queryParam("smsCode", "123456789");
+                .queryParam("imageCode", "verifyCode")
                .queryParam("verifyCode", "0");
        URI uri = builder.build().encode().toUri();
        return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, Objects.requireNonNull(RestTemplateUtil.post(uri, HttpResult.class).getBody()).getData(), methodDescribe);
    }
    /**
     * 【电科院CAS调控云单点登录适配】
     * 这个只用来匹配
     */
    @ApiIgnore
    @GetMapping("/lnLogin")
    @ApiOperation("获取ln系统用户token")
    public HttpResult<Object> lnLogin(@RequestParam String clientId, @RequestParam String clientSecret, HttpServletRequest request, HttpServletResponse response) throws HttpRequestMethodNotSupportedException {
        log.info("进入lnLogin++++++++++++++++++");
        String methodDescribe = getMethodDescribe("lnLogin");
        // 读取CAS信息
        String userName = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.AUTH_USER_KEY));
        String userId = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_ID_KEY));
        String owner = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_OWNER));
        String name = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_NAME_CHN));
        String employeeId = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_EMPLOYEE_ID));
        log.info("userName:{}", userName);
        log.info("userId:{}", userId);
        log.info("owner:{}", owner);
        log.info("name:{}", name);
        log.info("employeeId:{}", employeeId);
        if ("null".equals(userName)) {
            throw new BusinessException(UserResponseEnum.LN_AUTH_ERROR);
        }
        // 2. 【关键】用户名前面加上"CAS_"前缀，让UserDetailsService识别
        String casUsername = userName;
        // 2. 直接构造 OAuth2 必要参数（跳过所有密码/加密校验）
        Map<String, String> parameters = new HashMap<>();
        parameters.put("grant_type", "password");          // 固定密码模式
        parameters.put("client_id", clientId);               // 你的客户端ID
        parameters.put("client_secret", clientSecret);        // 你的客户端秘钥
        parameters.put("username", userName);              // 统一认证传过来的用户名
        parameters.put("password", "@#001njcnpqs");
        // 3. 直接调用 OAuth2 生成 Token（跳过所有登录校验）
        Authentication authentication = new UsernamePasswordAuthenticationToken(
                clientId, clientSecret, Collections.emptyList()
        );
        OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(authentication, parameters).getBody();
        // 获取过期时间（秒数）
        int expiresIn = oAuth2AccessToken.getExpiresIn();
        log.info("token过期时间: {} 秒", expiresIn);
        log.info("token过期时间: {} 分钟", expiresIn / 60);
        log.info("token过期时间: {} 小时", expiresIn / 3600);
        log.info("====== 免密登录成功，返回token给前端 ======");
        return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, oAuth2AccessToken, methodDescribe);
    }
    /**
     * 重点：
     * 这个接口 不加 白名单
     * 访问它 → 自动跳CAS → 登录成功 → 重定向到登录页
     */
    @GetMapping("/lnCheck")
    @ApiOperation("检查CAS是否登录")
    public void lnToken(HttpServletRequest request, HttpServletResponse response) throws IOException {
        log.info("进入lnCheck。。。。");
        response.sendRedirect(redirectUrl);
    }
    /**
     */
    @GetMapping("/lnRefreshToken")
    @ApiOperation("刷新token")
    public HttpResult<Object> lnRefreshToken(
            @RequestParam String refreshToken,
            @RequestParam String clientId,
            @RequestParam String clientSecret,
            HttpServletRequest request,
            HttpServletResponse response) throws HttpRequestMethodNotSupportedException {
        log.info("进入lnRefreshToken，开始刷新token");
        String methodDescribe = getMethodDescribe("lnRefreshToken");
        // ========== 【前置：优先校验CAS会话是否过期】 ==========
        String userName = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.AUTH_USER_KEY));
        if ("null".equals(userName)) {
            log.error("CAS会话已过期，跳转登录页");
            throw new BusinessException(UserResponseEnum.LN_AUTH_ERROR);
        }
        // 1. 先尝试用refresh_token正常刷新
        Map<String, String> parameters = new HashMap<>();
        parameters.put("grant_type", "refresh_token");
        parameters.put("refresh_token", refreshToken);
        parameters.put("client_id", clientId);
        parameters.put("client_secret", clientSecret);
        Authentication authentication = new UsernamePasswordAuthenticationToken(
                clientId, clientSecret, Collections.emptyList()
        );
        try {
            OAuth2AccessToken newAccessToken = tokenEndpoint.postAccessToken(authentication, parameters).getBody();
            log.info("refresh_token刷新成功");
            return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, newAccessToken, methodDescribe);
        } catch (Exception e) {
            log.warn("refresh_token刷新失败，尝试回退到CAS会话重新签发token", e);
        }
        // 3. CAS会话有效，重新签发token（等同于重新登录）
        log.info("CAS会话有效，为用户[{}]重新签发token", userName);
        String casUsername = userName;
        Map<String, String> reLoginParams = new HashMap<>();
        reLoginParams.put("grant_type", "password");
        reLoginParams.put("client_id", clientId);
        reLoginParams.put("client_secret", clientSecret);
        reLoginParams.put("username", userName);
        reLoginParams.put("password", "@#001njcnpqs");
        Authentication reAuth = new UsernamePasswordAuthenticationToken(
                clientId, clientSecret, Collections.emptyList()
        );
        OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(reAuth, reLoginParams).getBody();
        log.info("CAS回退重签token成功，userName:{}", userName);
        return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, oAuth2AccessToken, methodDescribe);
    }
 }
--- a/pqs-auth/src/main/resources/bootstrap-sjzx.yml
+++ b/pqs-auth/src/main/resources/bootstrap-sjzx.yml
@@ -55,3 +55,22 @@ mybatis-plus:
 mqtt:
  client-id: @artifactId@${random.value}
 cas:
  client:
    # true 开启 false 关闭
    enabled: false
  redirect-url: http://PQMonitoring.dcloud.ln.dc.sgcc.com.cn/#/login?flag=1
  server-url-prefix: http://privilege-epri.dcloud.ln.dc.sgcc.com.cn/cas
  server-login-url: http://privilege-epri.dcloud.ln.dc.sgcc.com.cn/cas/login
  client-host-url: http://PQMonitoring.dcloud.ln.dc.sgcc.com.cn:80
  validation-type: CAS
  #白名单设置
  # /oauth/lnLogin$|/pqs-auth/oauth/lnLogin|/oauth/lnRefreshToken$|/pqs-auth/oauth/lnRefreshToken
 sso:
  whiteList:
--- a/pqs-gateway/src/main/java/com/njcn/gateway/filter/AuthGlobalFilter.java
+++ b/pqs-gateway/src/main/java/com/njcn/gateway/filter/AuthGlobalFilter.java
@@ -44,7 +44,7 @@ import java.util.List;
@RequiredArgsConstructor
 public class AuthGlobalFilter implements GlobalFilter, Ordered {
-    private final static List<String> USER_AGENT_IP = Arrays.asList("/pqs-auth/auth/getImgCode", "/pqs-auth/oauth/token", "/user-boot/user/generateSm2Key", "/user-boot/user/updateFirstPassword", "/user-boot/appUser/resetPsd");
+    private final static List<String> USER_AGENT_IP = Arrays.asList("/pqs-auth/auth/getImgCode", "/pqs-auth/oauth/token", "/user-boot/user/generateSm2Key", "/user-boot/user/updateFirstPassword", "/user-boot/appUser/resetPsd","/pqs-auth/oauth/lnLogin","/pqs-auth/oauth/lnCheck","/pqs-auth/oauth/lnRefreshToken");
    private final RedisUtil redisUtil;
--- a/pqs-gateway/src/main/resources/bootstrap-sjzx.yml
+++ b/pqs-gateway/src/main/resources/bootstrap-sjzx.yml
@@ -223,6 +223,9 @@ whitelist:
    - /user-boot/appUser/resetPsd
    - /pqs-auth/oauth/logout
    - /pqs-auth/oauth/token
    - /pqs-auth/oauth/lnLogin
    - /pqs-auth/oauth/lnCheck
    - /pqs-auth/oauth/lnRefreshToken
    - /pqs-auth/oauth/autoLogin
    - /pqs-auth/auth/getImgCode
    - /pqs-auth/oauth/getPublicKey
--- a/pqs-gateway/src/main/resources/bootstrap.yml
+++ b/pqs-gateway/src/main/resources/bootstrap.yml
@@ -1,283 +1,3 @@
 #当前服务的基本信息
 microservice:
  ename: @artifactId@
  name: "@name@"
  version: @version@
  sentinel:
    url: @sentinel.url@
  gateway:
    url: @gateway.url@
 server:
  port: 10215
 spring:
-  application:
+  profiles:
-    name: @artifactId@
+    active: @spring.profiles.active@
  main:
    allow-bean-definition-overriding: true
  #nacos注册中心以及配置中心的指定
  cloud:
    nacos:
      discovery:
        ip: @service.server.url@
        server-addr: @nacos.url@
        username: @nacos.username@
        password: @nacos.password@
        namespace: @nacos.namespace@
      config:
        server-addr: @nacos.url@
        username: @nacos.username@
        password: @nacos.password@
        namespace: @nacos.namespace@
        file-extension: yaml
        shared-configs:
          - data-id: share-config.yaml
            refresh: true
          - data-id: share-config-datasource-db.yaml
            refresh: true
    gateway:
      globalcors:
        corsConfigurations:
          '[/**]':
            allowCredentials: true
            exposedHeaders: "Content-Disposition,Content-Type,Cache-Control"
            allowedHeaders: "*"
            allowedOrigins: "*"
            allowedMethods: "*"
      discovery:
        locator:
          # 开启自动代理 (自动装载从配置中心serviceId)
          enabled: true
          # 服务id为true --> 这样小写服务就可访问了
          lower-case-service-id: true
      routes:
        - id: pqs-auth
          uri: lb://pqs-auth
          predicates:
            - Path=/pqs-auth/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: user-boot
          uri: lb://user-boot
          predicates:
            - Path=/user-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: device-boot
          uri: lb://device-boot
          predicates:
            - Path=/device-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: system-boot
          uri: lb://system-boot
          predicates:
            - Path=/system-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: harmonic-boot
          uri: lb://harmonic-boot
          predicates:
            - Path=/harmonic-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: energy-boot
          uri: lb://energy-boot
          predicates:
            - Path=/energy-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: event-boot
          uri: lb://event-boot
          predicates:
            - Path=/event-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: quality-boot
          uri: lb://quality-boot
          predicates:
            - Path=/quality-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: harmonic-prepare
          uri: lb://harmonic-prepare
          predicates:
            - Path=/harmonic-prepare/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: process-boot
          uri: lb://process-boot
          predicates:
            - Path=/process-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: prepare-boot
          uri: lb://prepare-boot
          predicates:
            - Path=/prepare-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: algorithm-boot
          uri: lb://algorithm-boot
          predicates:
            - Path=/algorithm-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: access-boot
          uri: lb://access-boot
          predicates:
            - Path=/access-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: cs-device-boot
          uri: lb://cs-device-boot
          predicates:
            - Path=/cs-device-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: cs-system-boot
          uri: lb://cs-system-boot
          predicates:
            - Path=/cs-system-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: cs-warn-boot
          uri: lb://cs-warn-boot
          predicates:
            - Path=/cs-warn-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: cs-harmonic-boot
          uri: lb://cs-harmonic-boot
          predicates:
            - Path=/cs-harmonic-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: advance-boot
          uri: lb://advance-boot
          predicates:
            - Path=/advance-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: bpm-boot
          uri: lb://bpm-boot
          predicates:
            - Path=/bpm-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: supervision-boot
          uri: lb://supervision-boot
          predicates:
            - Path=/supervision-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        - id: cs-report-boot
          uri: lb://cs-report-boot
          predicates:
            - Path=/cs-report-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
        #河北国网总部调用省侧接口，路径总部统一规定
        - id: hb_pms_down
          uri: lb://harmonic-boot
          predicates:
            - Path=/IndexAnalysis/**
            - Path=/pms-tech-powerquality-start/**
        - id: zl-event-boot
          uri: lb://zl-event-boot
          predicates:
            - Path=/zl-event-boot/**
          filters:
            - SwaggerHeaderFilter
            - StripPrefix=1
 #项目日志的配置
 logging:
  #config: http://@nacos.url@/nacos/v1/cs/configs?tenant=@nacos.namespace@&group=DEFAULT_GROUP&dataId=logback.xml
  level:
    root: info
 whitelist:
  urls:
    - /user-boot/user/generateSm2Key
    - /user-boot/theme/getTheme
    - /user-boot/user/updateFirstPassword
    - /user-boot/appUser/authCode
    - /user-boot/appUser/register
    - /user-boot/appUser/resetPsd
    - /pqs-auth/oauth/logout
    - /pqs-auth/oauth/token
    - /pqs-auth/oauth/autoLogin
    - /pqs-auth/auth/getImgCode
    - /pqs-auth/oauth/getPublicKey
    - /pqs-auth/judgeToken/heBei
    - /pqs-auth/judgeToken/guangZhou
    - /webjars/**
    - /actuator/**
    - /doc.html
    - /swagger-resources/**
    - /*/v2/api-docs
    - /favicon.ico
    - /system-boot/theme/getTheme
    - /system-boot/image/toStream
    - /system-boot/file/download
    - /cs-system-boot/appinfo/queryAppInfoByType
    - /system-boot/dictType/dictDataCache
    - /system-boot/file/**
    - /system-boot/area/**
    - /bpm-boot/**
    - /harmonic-boot/comAccess/getComAccessData
    - /harmonic-boot/harmonic/getHistoryResult
    - /event-boot/transient/getTransientAnalyseWave
 #    - /**
    #开始
 #    - /advance-boot/**
 #    - /device-boot/**
 #    - /system-boot/**
 #    - /harmonic-boot/**
 #    - /energy-boot/**
 #    - /event-boot/**
 #    - /quality-boot/**
 #    - /harmonic-prepare/**
 #    - /process-boot/**
 #    - /bpm-boot/**
 #   - /system-boot/**
 #   - /supervision-boot/**
 #    - /user-boot/**
 #    - /harmonic-boot/**
 #    - /cs-device-boot/**
    #结束
    - /user-boot/user/listAllUserByDeptId
    - /IndexAnalysis/**
 #mqtt:
 #  client-id: @artifactId@${random.value}
--- a/pqs-user/user-api/src/main/java/com/njcn/user/enums/UserResponseEnum.java
+++ b/pqs-user/user-api/src/main/java/com/njcn/user/enums/UserResponseEnum.java
@@ -105,6 +105,8 @@ public enum UserResponseEnum {
    REFERRAL_CODE_LAPSE("A0119","角色推荐码失效,请联系管理员"),
    REFERRAL_CODE_ERROR("A0119","角色推荐码错误,请联系管理员"),
    LN_AUTH_ERROR("A0121","统一认证过期，请重新认证"),
    ;
    private final String code;