| | |
|---|
| | | import com.alibaba.fastjson.JSON; |
|---|
| | | import com.ruoyi.common.core.domain.entity.SysUser; |
|---|
| | | import com.ruoyi.common.core.domain.model.LoginUser; |
|---|
| | | import com.ruoyi.common.exception.base.BaseException; |
|---|
| | | import com.ruoyi.common.utils.HttpUtil; |
|---|
| | | import com.ruoyi.common.utils.StringUtils; |
|---|
| | | import com.ruoyi.common.utils.http.HttpUtils; |
|---|
| | | import com.ruoyi.framework.web.service.TokenService; |
|---|
| | | import com.ruoyi.system.service.ISysConfigService; |
|---|
| | | import com.ruoyi.system.service.ISysUserService; |
|---|
| | | import com.smartor.domain.SSOTokenResponse; |
|---|
| | | import com.smartor.domain.SSOUserInfo; |
|---|
| | |
|---|
| | | import org.springframework.web.bind.annotation.RequestParam; |
|---|
| | | import org.springframework.web.bind.annotation.RestController; |
|---|
| | | import org.springframework.web.client.RestTemplate; |
|---|
| | | import org.springframework.web.servlet.view.RedirectView; |
|---|
| | | import org.springframework.web.util.UriComponentsBuilder; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import javax.servlet.http.HttpServletResponse; |
|---|
| | |
|---|
| | | @Autowired |
|---|
| | | private TokenService tokenService; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private ISysConfigService sysConfigService; |
|---|
| | | |
|---|
| | | private final RestTemplate restTemplate; |
|---|
| | | |
|---|
| | | public SSOController() { |
|---|
| | |
|---|
| | | } catch (Exception e) { |
|---|
| | | e.printStackTrace(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * SSO登录入口 - 信通院会调用这个地址 |
|---|
| | | * 访问路径:http://域名:8095/sso/ssoLoginLyra |
|---|
| | | */ |
|---|
| | | @GetMapping("ssoLoginLyra") |
|---|
| | | public RedirectView ssoLoginLyra() { |
|---|
| | | log.info("收到SSO登录请求,开始重定向到授权服务器"); |
|---|
| | | String redirectUri = internalRedirectUri; |
|---|
| | | String path = sysConfigService.selectConfigByKey("sys.qddz"); |
|---|
| | | String lyraPath = "https://9.208.39.29:13021"; |
|---|
| | | String clientId = "1553548571532333056"; |
|---|
| | | String clientSecret = "suifangxt"; |
|---|
| | | String scope = "openid"; |
|---|
| | | redirectUri = URLEncoder.encode(internalRedirectUri); |
|---|
| | | |
|---|
| | | String authorizeUrl = lyraPath + "/mediinfo-lyra-authserver/connect/authorize"; |
|---|
| | | String accessTokenUrl = lyraPath + "/mediinfo-lyra-authserver/connect/token"; |
|---|
| | | String userInfoUrl = lyraPath + "/mediinfo-lyra-authserver/connect/userinfo"; |
|---|
| | | // 重定向地址对象(重定向地址 |
|---|
| | | RedirectView redirectView = new RedirectView(); |
|---|
| | | |
|---|
| | | // Authorize鉴权接口 |
|---|
| | | String param = "client_id=" + clientId + "&redirect_uri=" + redirectUri + "&response_type=code" + |
|---|
| | | "&state=" + state + "&scope=" + scope; |
|---|
| | | log.info("【Authorize鉴权接口】入参为:{}", param); |
|---|
| | | // String url = internalAuthorizeUrl; |
|---|
| | | String s = HttpUtils.sendGet(authorizeUrl, param); |
|---|
| | | Map<String, String> result = getResult(s); |
|---|
| | | String code = result.get("code"); |
|---|
| | | if (StringUtils.isEmpty(code)) { |
|---|
| | | log.error("未获取到授权码"); |
|---|
| | | throw new BaseException("SSO授权失败"); |
|---|
| | | } |
|---|
| | | try { |
|---|
| | | SSOTokenResponse accessToken = getAccessTokenLyra(code, accessTokenUrl, clientId, clientSecret,true); |
|---|
| | | SSOUserInfo userInfo = getUserInfoLyra(accessToken.getAccess_token(), userInfoUrl,true); |
|---|
| | | |
|---|
| | | createLocalSession(userInfo); |
|---|
| | | if (StringUtils.isEmpty(path)) { |
|---|
| | | throw new BaseException("请配置前端地址"); |
|---|
| | | } |
|---|
| | | // String reviewUrl = path + "/loginSSO?token=" + accessToken.getAccess_token() + "&orgid=" + |
|---|
| | | // userInfo.getZuZhiJGID() + "&orgname=" + userInfo.getZuZhiJGMC() + |
|---|
| | | // "&ZuHuID="+ userInfo.getYongHuID() +"&deptCode=null"; |
|---|
| | | String reviewUrl = ""; |
|---|
| | | reviewUrl = UriComponentsBuilder.fromHttpUrl(path) |
|---|
| | | .path("/loginSSO") |
|---|
| | | .queryParam("token", accessToken.getAccess_token()) |
|---|
| | | .queryParam("orgid", userInfo.getZuZhiJGID()) |
|---|
| | | .queryParam("orgname", userInfo.getZuZhiJGMC()) |
|---|
| | | .queryParam("ZuHuID", userInfo.getYongHuID()) |
|---|
| | | .queryParam("deptCode", "null") |
|---|
| | | .build() |
|---|
| | | .toUriString(); |
|---|
| | | |
|---|
| | | log.info("单点登陆重定向地址为:{}", reviewUrl); |
|---|
| | | redirectView.setUrl(reviewUrl); |
|---|
| | | redirectView.setStatusCode(HttpStatus.FOUND); |
|---|
| | | } catch (Exception e) { |
|---|
| | | log.error("SSO登录失败", e); |
|---|
| | | redirectView.setUrl(path + "/login?error=sso_failed"); |
|---|
| | | return redirectView; |
|---|
| | | |
|---|
| | | } |
|---|
| | | |
|---|
| | | return redirectView; |
|---|
| | | } |
|---|
| | | |
|---|
| | | private Map<String, String> getResult(String param) { |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取访问令牌 |
|---|
| | | */ |
|---|
| | | private SSOTokenResponse getAccessTokenLyra(String code, String accessTokenUrl, String clientId, String clientSecret, boolean isInternal) throws Exception { |
|---|
| | | HttpHeaders headers = new HttpHeaders(); |
|---|
| | | headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); |
|---|
| | | |
|---|
| | | MultiValueMap<String, String> params = new LinkedMultiValueMap<>(); |
|---|
| | | String redirectUri = getRedirectUri(isInternal); |
|---|
| | | params.add("client_id", clientId); |
|---|
| | | params.add("client_secret", clientSecret); |
|---|
| | | params.add("code", code); |
|---|
| | | params.add("grant_type", "authorization_code"); |
|---|
| | | params.add("redirect_uri", redirectUri); |
|---|
| | | |
|---|
| | | HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers); |
|---|
| | | |
|---|
| | | ResponseEntity<String> response = restTemplate.exchange(accessTokenUrl, HttpMethod.POST, request, String.class); |
|---|
| | | |
|---|
| | | log.info("Token响应: {}", response.getBody()); |
|---|
| | | |
|---|
| | | if (response.getBody() == null || response.getBody().trim().isEmpty()) { |
|---|
| | | throw new RuntimeException("Token响应为空"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | SSOTokenResponse tokenResponse = JSON.parseObject(response.getBody(), SSOTokenResponse.class); |
|---|
| | | |
|---|
| | | if (tokenResponse == null || StringUtils.isEmpty(tokenResponse.getAccess_token())) { |
|---|
| | | throw new RuntimeException("获取access_token失败"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return tokenResponse; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取用户信息 |
|---|
| | | */ |
|---|
| | | private SSOUserInfo getUserInfoLyra(String accessToken, String userInfoUrl, boolean isInternal) throws Exception { |
|---|
| | | HttpHeaders headers = new HttpHeaders(); |
|---|
| | | headers.set("Authorization", "Bearer " + accessToken); |
|---|
| | | |
|---|
| | | HttpEntity<String> entity = new HttpEntity<>(headers); |
|---|
| | | |
|---|
| | | ResponseEntity<String> response = restTemplate.exchange(userInfoUrl, HttpMethod.GET, entity, String.class); |
|---|
| | | |
|---|
| | | log.info("用户信息响应: {}", response.getBody()); |
|---|
| | | |
|---|
| | | if (response.getBody() == null || response.getBody().trim().isEmpty()) { |
|---|
| | | throw new RuntimeException("用户信息响应为空"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | SSOUserInfo userInfo = JSON.parseObject(response.getBody(), SSOUserInfo.class); |
|---|
| | | |
|---|
| | | if (userInfo == null || StringUtils.isEmpty(userInfo.getName())) { |
|---|
| | | throw new RuntimeException("获取用户信息失败或用户名为空"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return userInfo; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 创建本地会话 |
|---|
| | | */ |
|---|
| | | private String createLocalSession(SSOUserInfo userInfo) { |
|---|
