Microservice/pqs
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

辽宁CAS统一认证兼容

Browse Source
This commit is contained in:
cdf
2026-06-17 14:19:52 +08:00
parent d36c30973d
commit 507a7f7a09
9 changed files with 238 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pqs-auth/pom.xml
View File

@@ -66,6 +66,13 @@
<artifactId>common-oss</artifactId>
<version>${project.version}</version>
</dependency>
<!--辽宁调度现场单点登录-->
<dependency>
<groupId>com.sgcc.epri.auth</groupId>
<artifactId>sso-client-base</artifactId>
<version>2.1.1 </version>
</dependency>
</dependencies>
<build>

26
pqs-auth/src/main/java/com/njcn/auth/config/LnSsoClientConfig.java Normal file
View File

@@ -0,0 +1,26 @@
package com.njcn.auth.config;
/**
* pqs
*
* @author cdf
* @date 2026/6/8
*/
import com.sgcc.epri.auth.config.EnableSSOClient;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
/**
* 仅控制 SSO 客户端开关,不影响任何其他功能
*/
@Configuration
@ConditionalOnProperty(
prefix = "cas.client", // 配置前缀
name = "enabled", // 配置项名称
havingValue = "true", // 值为true才生效
matchIfMissing = false // 不配置默认关闭
)
@EnableSSOClient
public class LnSsoClientConfig {
}

2
pqs-auth/src/main/java/com/njcn/auth/config/WebSecurityConfig.java
View File

@@ -37,7 +37,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/oauth/getPublicKey","/oauth/logout","/auth/getImgCode","/judgeToken/guangZhou","/judgeToken/heBei","/oauth/autoLogin").permitAll()
.antMatchers("/oauth/getPublicKey","/oauth/logout","/auth/getImgCode","/judgeToken/guangZhou","/judgeToken/heBei","/oauth/autoLogin","/oauth/lnLogin","/oauth/lnCheck","/oauth/lnRefreshToken").permitAll()
// @link https://gitee.com/xiaoym/knife4j/issues/I1Q5X6 (接口文档knife4j需要放行的规则)
.antMatchers("/webjars/**","/doc.html","/swagger-resources/**","/v2/api-docs").permitAll()
.anyRequest().authenticated()

180
pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java
View File

@@ -25,13 +25,17 @@ import com.njcn.user.pojo.po.UserStrategy;
import com.njcn.web.controller.BaseController;
import com.njcn.web.utils.RequestUtil;
import com.njcn.web.utils.RestTemplateUtil;
import com.sgcc.epri.auth.session.HttpSessionManager;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import lombok.AllArgsConstructor;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -39,6 +43,10 @@ import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.UriComponentsBuilder;
import springfox.documentation.annotations.ApiIgnore;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URI;
import java.security.KeyPair;
import java.security.Principal;
@@ -55,7 +63,7 @@ import java.util.stream.Collectors;
@Slf4j
@RestController
@RequestMapping("/oauth")
@AllArgsConstructor
@RequiredArgsConstructor
public class AuthController extends BaseController {
@@ -71,6 +79,11 @@ public class AuthController extends BaseController {
private final UserTokenService userTokenService;
@Value("${cas.redirect-url:http://10.21.30.11:8088/#/login?flag=1}")
private String redirectUrl;
private String UsernamePrefix = "CAS_";
@ApiIgnore
@OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.AUTHENTICATE)
@@ -91,7 +104,6 @@ public class AuthController extends BaseController {
String methodDescribe = getMethodDescribe("postAccessToken");
String username = parameters.get(SecurityConstants.USERNAME);
String grantType = parameters.get(SecurityConstants.GRANT_TYPE);
if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_CAPTCHA) || grantType.equalsIgnoreCase(SecurityConstants.REFRESH_TOKEN_KEY)) {
username = DesUtils.aesDecrypt(username);
@@ -143,7 +155,7 @@ public class AuthController extends BaseController {
@OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.LOGOUT)
@ApiOperation("用户登出系统")
@DeleteMapping("/logout")
public HttpResult<Object> logout() {
public HttpResult<Object> logout(HttpServletRequest request, HttpServletResponse response) {
String methodDescribe = getMethodDescribe("logout");
String userIndex = RequestUtil.getUserIndex();
String username = RequestUtil.getUsername();
@@ -165,6 +177,24 @@ public class AuthController extends BaseController {
long lifeTime = Math.abs(refreshTokenExpire.plusMinutes(5L).toEpochSecond(ZoneOffset.of("+8")) - LocalDateTime.now().toEpochSecond(ZoneOffset.of("+8")));
redisUtil.saveByKeyWithExpire(blackUserKey, blackUsers, lifeTime);
}
// 以下代码是辽宁登出代码,关键:使 Session 失效
request.getSession().invalidate();
// 清除 JSESSIONID
Cookie jsessionidCookie = new Cookie("JSESSIONID", null);
jsessionidCookie.setMaxAge(0);
jsessionidCookie.setPath("/");
response.addCookie(jsessionidCookie);
// 清除 loginUser Cookie关键
Cookie loginUserCookie = new Cookie("loginUser", null);
loginUserCookie.setMaxAge(0);
loginUserCookie.setPath("/");
response.addCookie(loginUserCookie);
log.info("登出成功。。。。。。。。。。。。。。。。");
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, null, methodDescribe);
}
@@ -186,20 +216,152 @@ public class AuthController extends BaseController {
*/
@OperateInfo(info = LogEnum.SYSTEM_COMMON, operateType = OperateType.AUTHENTICATE)
@ApiOperation("自动登录")
@PostMapping("/autoLogin")
@GetMapping("/autoLogin")
@ApiImplicitParam(name = "phone", value = "手机号", required = true, paramType = "query")
@ApiIgnore
public HttpResult<Object> autoLogin(@RequestParam String phone) {
String methodDescribe = getMethodDescribe("autoLogin");
String userUrl = "http://127.0.0.1:10214/oauth/token";
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(userUrl)
.queryParam("grant_type", "sms_code")
.queryParam("client_id", "njcnapp")
.queryParam("grant_type", SecurityConstants.GRANT_AUTHORIZATION_CODE)
.queryParam("client_id", "njcn")
.queryParam("client_secret", "njcnpqs")
.queryParam("phone", phone)
.queryParam("smsCode", "123456789");
.queryParam("username", "%2FPY4%2FD07ExoKDUg6yCi2cA%3D%3D")
.queryParam("imageCode", "verifyCode")
.queryParam("verifyCode", "0");
URI uri = builder.build().encode().toUri();
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, Objects.requireNonNull(RestTemplateUtil.post(uri, HttpResult.class).getBody()).getData(), methodDescribe);
}
/**
* 【电科院CAS调控云单点登录适配】
* 这个只用来匹配
*/
@ApiIgnore
@GetMapping("/lnLogin")
@ApiOperation("获取ln系统用户token")
public HttpResult<Object> lnLogin(@RequestParam String clientId, @RequestParam String clientSecret, HttpServletRequest request, HttpServletResponse response) throws HttpRequestMethodNotSupportedException {
log.info("进入lnLogin++++++++++++++++++");
String methodDescribe = getMethodDescribe("lnLogin");
// 读取CAS信息
String userName = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.AUTH_USER_KEY));
String userId = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_ID_KEY));
String owner = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_OWNER));
String name = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_NAME_CHN));
String employeeId = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.USER_EMPLOYEE_ID));
log.info("userName:{}", userName);
log.info("userId:{}", userId);
log.info("owner:{}", owner);
log.info("name:{}", name);
log.info("employeeId:{}", employeeId);
if ("null".equals(userName)) {
throw new BusinessException(UserResponseEnum.LN_AUTH_ERROR);
}
// 2. 【关键】用户名前面加上"CAS_"前缀让UserDetailsService识别
String casUsername = userName;
// 2. 直接构造 OAuth2 必要参数(跳过所有密码/加密校验)
Map<String, String> parameters = new HashMap<>();
parameters.put("grant_type", "password"); // 固定密码模式
parameters.put("client_id", clientId); // 你的客户端ID
parameters.put("client_secret", clientSecret); // 你的客户端秘钥
parameters.put("username", userName); // 统一认证传过来的用户名
parameters.put("password", "@#001njcnpqs");
// 3. 直接调用 OAuth2 生成 Token跳过所有登录校验
Authentication authentication = new UsernamePasswordAuthenticationToken(
clientId, clientSecret, Collections.emptyList()
);
OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(authentication, parameters).getBody();
// 获取过期时间(秒数)
int expiresIn = oAuth2AccessToken.getExpiresIn();
log.info("token过期时间: {} 秒", expiresIn);
log.info("token过期时间: {} 分钟", expiresIn / 60);
log.info("token过期时间: {} 小时", expiresIn / 3600);
log.info("====== 免密登录成功返回token给前端 ======");
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, oAuth2AccessToken, methodDescribe);
}
/**
* 重点:
* 这个接口 不加 白名单
* 访问它 → 自动跳CAS → 登录成功 → 重定向到登录页
*/
@GetMapping("/lnCheck")
@ApiOperation("检查CAS是否登录")
public void lnToken(HttpServletRequest request, HttpServletResponse response) throws IOException {
log.info("进入lnCheck。。。。");
response.sendRedirect(redirectUrl);
}
/**
*/
@GetMapping("/lnRefreshToken")
@ApiOperation("刷新token")
public HttpResult<Object> lnRefreshToken(
@RequestParam String refreshToken,
@RequestParam String clientId,
@RequestParam String clientSecret,
HttpServletRequest request,
HttpServletResponse response) throws HttpRequestMethodNotSupportedException {
log.info("进入lnRefreshToken开始刷新token");
String methodDescribe = getMethodDescribe("lnRefreshToken");
// ========== 【前置优先校验CAS会话是否过期】 ==========
String userName = String.valueOf(HttpSessionManager.getAttribute(request, HttpSessionManager.AUTH_USER_KEY));
if ("null".equals(userName)) {
log.error("CAS会话已过期跳转登录页");
throw new BusinessException(UserResponseEnum.LN_AUTH_ERROR);
}
// 1. 先尝试用refresh_token正常刷新
Map<String, String> parameters = new HashMap<>();
parameters.put("grant_type", "refresh_token");
parameters.put("refresh_token", refreshToken);
parameters.put("client_id", clientId);
parameters.put("client_secret", clientSecret);
Authentication authentication = new UsernamePasswordAuthenticationToken(
clientId, clientSecret, Collections.emptyList()
);
try {
OAuth2AccessToken newAccessToken = tokenEndpoint.postAccessToken(authentication, parameters).getBody();
log.info("refresh_token刷新成功");
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, newAccessToken, methodDescribe);
} catch (Exception e) {
log.warn("refresh_token刷新失败尝试回退到CAS会话重新签发token", e);
}
// 3. CAS会话有效重新签发token等同于重新登录
log.info("CAS会话有效为用户[{}]重新签发token", userName);
String casUsername = userName;
Map<String, String> reLoginParams = new HashMap<>();
reLoginParams.put("grant_type", "password");
reLoginParams.put("client_id", clientId);
reLoginParams.put("client_secret", clientSecret);
reLoginParams.put("username", userName);
reLoginParams.put("password", "@#001njcnpqs");
Authentication reAuth = new UsernamePasswordAuthenticationToken(
clientId, clientSecret, Collections.emptyList()
);
OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(reAuth, reLoginParams).getBody();
log.info("CAS回退重签token成功userName:{}", userName);
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, oAuth2AccessToken, methodDescribe);
}
}

19
pqs-auth/src/main/resources/bootstrap-sjzx.yml
View File

@@ -55,3 +55,22 @@ mybatis-plus:
mqtt:
client-id: @artifactId@${random.value}
cas:
client:
# true 开启 false 关闭
enabled: false
redirect-url: http://PQMonitoring.dcloud.ln.dc.sgcc.com.cn/#/login?flag=1
server-url-prefix: http://privilege-epri.dcloud.ln.dc.sgcc.com.cn/cas
server-login-url: http://privilege-epri.dcloud.ln.dc.sgcc.com.cn/cas/login
client-host-url: http://PQMonitoring.dcloud.ln.dc.sgcc.com.cn:80
validation-type: CAS
#白名单设置
# /oauth/lnLogin$|/pqs-auth/oauth/lnLogin|/oauth/lnRefreshToken$|/pqs-auth/oauth/lnRefreshToken
sso:
whiteList:

2
pqs-gateway/src/main/java/com/njcn/gateway/filter/AuthGlobalFilter.java
View File

@@ -44,7 +44,7 @@ import java.util.List;
@RequiredArgsConstructor
public class AuthGlobalFilter implements GlobalFilter, Ordered {
private final static List<String> USER_AGENT_IP = Arrays.asList("/pqs-auth/auth/getImgCode", "/pqs-auth/oauth/token", "/user-boot/user/generateSm2Key", "/user-boot/user/updateFirstPassword", "/user-boot/appUser/resetPsd");
private final static List<String> USER_AGENT_IP = Arrays.asList("/pqs-auth/auth/getImgCode", "/pqs-auth/oauth/token", "/user-boot/user/generateSm2Key", "/user-boot/user/updateFirstPassword", "/user-boot/appUser/resetPsd","/pqs-auth/oauth/lnLogin","/pqs-auth/oauth/lnCheck","/pqs-auth/oauth/lnRefreshToken");
private final RedisUtil redisUtil;

3
pqs-gateway/src/main/resources/bootstrap-sjzx.yml
View File

@@ -223,6 +223,9 @@ whitelist:
- /user-boot/appUser/resetPsd
- /pqs-auth/oauth/logout
- /pqs-auth/oauth/token
- /pqs-auth/oauth/lnLogin
- /pqs-auth/oauth/lnCheck
- /pqs-auth/oauth/lnRefreshToken
- /pqs-auth/oauth/autoLogin
- /pqs-auth/auth/getImgCode
- /pqs-auth/oauth/getPublicKey

284
pqs-gateway/src/main/resources/bootstrap.yml
View File

@@ -1,283 +1,3 @@
#当前服务的基本信息
microservice:
ename: @artifactId@
name: "@name@"
version: @version@
sentinel:
url: @sentinel.url@
gateway:
url: @gateway.url@
server:
port: 10215
spring:
application:
name: @artifactId@
main:
allow-bean-definition-overriding: true
#nacos注册中心以及配置中心的指定
cloud:
nacos:
discovery:
ip: @service.server.url@
server-addr: @nacos.url@
username: @nacos.username@
password: @nacos.password@
namespace: @nacos.namespace@
config:
server-addr: @nacos.url@
username: @nacos.username@
password: @nacos.password@
namespace: @nacos.namespace@
file-extension: yaml
shared-configs:
- data-id: share-config.yaml
refresh: true
- data-id: share-config-datasource-db.yaml
refresh: true
gateway:
globalcors:
corsConfigurations:
'[/**]':
allowCredentials: true
exposedHeaders: "Content-Disposition,Content-Type,Cache-Control"
allowedHeaders: "*"
allowedOrigins: "*"
allowedMethods: "*"
discovery:
locator:
# 开启自动代理 (自动装载从配置中心serviceId)
enabled: true
# 服务id为true --> 这样小写服务就可访问了
lower-case-service-id: true
routes:
- id: pqs-auth
uri: lb://pqs-auth
predicates:
- Path=/pqs-auth/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: user-boot
uri: lb://user-boot
predicates:
- Path=/user-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: device-boot
uri: lb://device-boot
predicates:
- Path=/device-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: system-boot
uri: lb://system-boot
predicates:
- Path=/system-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: harmonic-boot
uri: lb://harmonic-boot
predicates:
- Path=/harmonic-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: energy-boot
uri: lb://energy-boot
predicates:
- Path=/energy-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: event-boot
uri: lb://event-boot
predicates:
- Path=/event-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: quality-boot
uri: lb://quality-boot
predicates:
- Path=/quality-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: harmonic-prepare
uri: lb://harmonic-prepare
predicates:
- Path=/harmonic-prepare/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: process-boot
uri: lb://process-boot
predicates:
- Path=/process-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: prepare-boot
uri: lb://prepare-boot
predicates:
- Path=/prepare-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: algorithm-boot
uri: lb://algorithm-boot
predicates:
- Path=/algorithm-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: access-boot
uri: lb://access-boot
predicates:
- Path=/access-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: cs-device-boot
uri: lb://cs-device-boot
predicates:
- Path=/cs-device-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: cs-system-boot
uri: lb://cs-system-boot
predicates:
- Path=/cs-system-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: cs-warn-boot
uri: lb://cs-warn-boot
predicates:
- Path=/cs-warn-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: cs-harmonic-boot
uri: lb://cs-harmonic-boot
predicates:
- Path=/cs-harmonic-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: advance-boot
uri: lb://advance-boot
predicates:
- Path=/advance-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: bpm-boot
uri: lb://bpm-boot
predicates:
- Path=/bpm-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: supervision-boot
uri: lb://supervision-boot
predicates:
- Path=/supervision-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
- id: cs-report-boot
uri: lb://cs-report-boot
predicates:
- Path=/cs-report-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
#河北国网总部调用省侧接口,路径总部统一规定
- id: hb_pms_down
uri: lb://harmonic-boot
predicates:
- Path=/IndexAnalysis/**
- Path=/pms-tech-powerquality-start/**
- id: zl-event-boot
uri: lb://zl-event-boot
predicates:
- Path=/zl-event-boot/**
filters:
- SwaggerHeaderFilter
- StripPrefix=1
#项目日志的配置
logging:
#config: http://@nacos.url@/nacos/v1/cs/configs?tenant=@nacos.namespace@&group=DEFAULT_GROUP&dataId=logback.xml
level:
root: info
whitelist:
urls:
- /user-boot/user/generateSm2Key
- /user-boot/theme/getTheme
- /user-boot/user/updateFirstPassword
- /user-boot/appUser/authCode
- /user-boot/appUser/register
- /user-boot/appUser/resetPsd
- /pqs-auth/oauth/logout
- /pqs-auth/oauth/token
- /pqs-auth/oauth/autoLogin
- /pqs-auth/auth/getImgCode
- /pqs-auth/oauth/getPublicKey
- /pqs-auth/judgeToken/heBei
- /pqs-auth/judgeToken/guangZhou
- /webjars/**
- /actuator/**
- /doc.html
- /swagger-resources/**
- /*/v2/api-docs
- /favicon.ico
- /system-boot/theme/getTheme
- /system-boot/image/toStream
- /system-boot/file/download
- /cs-system-boot/appinfo/queryAppInfoByType
- /system-boot/dictType/dictDataCache
- /system-boot/file/**
- /system-boot/area/**
- /bpm-boot/**
- /harmonic-boot/comAccess/getComAccessData
- /harmonic-boot/harmonic/getHistoryResult
- /event-boot/transient/getTransientAnalyseWave
# - /**
#开始
# - /advance-boot/**
# - /device-boot/**
# - /system-boot/**
# - /harmonic-boot/**
# - /energy-boot/**
# - /event-boot/**
# - /quality-boot/**
# - /harmonic-prepare/**
# - /process-boot/**
# - /bpm-boot/**
# - /system-boot/**
# - /supervision-boot/**
# - /user-boot/**
# - /harmonic-boot/**
# - /cs-device-boot/**
#结束
- /user-boot/user/listAllUserByDeptId
- /IndexAnalysis/**
#mqtt:
# client-id: @artifactId@${random.value}
profiles:
active: @spring.profiles.active@

2
pqs-user/user-api/src/main/java/com/njcn/user/enums/UserResponseEnum.java
View File

@@ -105,6 +105,8 @@ public enum UserResponseEnum {
REFERRAL_CODE_LAPSE("A0119","角色推荐码失效,请联系管理员"),
REFERRAL_CODE_ERROR("A0119","角色推荐码错误,请联系管理员"),
LN_AUTH_ERROR("A0121","统一认证过期,请重新认证"),
;
private final String code;