From a2f275c727fafc8d5f5f5908638f9a6ace0bd425 Mon Sep 17 00:00:00 2001
From: 陈昶聿 <chychen@nbjetron.com>
Date: 星期五, 16 一月 2026 09:27:51 +0800
Subject: [PATCH] 【景宁】SSO单点登录接口
---
ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java | 128 ++++++++++++++++++++++++++++++++++++++----
1 files changed, 115 insertions(+), 13 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java
index e174e25..5955095 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java
@@ -25,6 +25,7 @@
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.view.RedirectView;
+import org.springframework.web.util.UriComponentsBuilder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -100,8 +101,33 @@
* SSO鐧诲綍鍏ュ彛 - 淇¢�氶櫌浼氳皟鐢ㄨ繖涓湴鍧�
* 璁块棶璺緞锛歨ttp://鍩熷悕:8095/sso/login
*/
- @GetMapping("ssoLogin")
- public RedirectView ssoLogin() {
+ @GetMapping("")
+ public void ssoLogin() {
+ log.info("鏀跺埌SSO鐧诲綍璇锋眰锛屽紑濮嬮噸瀹氬悜鍒版巿鏉冩湇鍔″櫒");
+
+ // Authorize閴存潈鎺ュ彛
+ String param = "client_id=" + clientId + "&redirect_uri=" + internalRedirectUri + "&response_type=code" + "&state=" + state + "&scope=" + scope;
+ log.info("銆怉uthorize閴存潈鎺ュ彛銆戝叆鍙備负锛歿}", param);
+ String s = HttpUtils.sendGet(internalAuthorizeUrl, param);
+ Map<String, String> result = getResult(s);
+ String code = result.get("code");
+ try {
+ SSOTokenResponse accessToken = getAccessToken(code, true);
+ SSOUserInfo userInfo = getUserInfo(accessToken.getAccess_token(), true);
+
+ createLocalSession(userInfo);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ /**
+ * SSO鐧诲綍鍏ュ彛 - 淇¢�氶櫌浼氳皟鐢ㄨ繖涓湴鍧�
+ * 璁块棶璺緞锛歨ttp://鍩熷悕:8095/sso/ssoLoginLyra
+ */
+ @GetMapping("ssoLoginLyra")
+ public RedirectView ssoLoginLyra() {
log.info("鏀跺埌SSO鐧诲綍璇锋眰锛屽紑濮嬮噸瀹氬悜鍒版巿鏉冩湇鍔″櫒");
String id = clientId;
String redirectUri = internalRedirectUri;
@@ -120,25 +146,42 @@
String s = HttpUtils.sendGet(url, param);
Map<String, String> result = getResult(s);
String code = result.get("code");
+ if (StringUtils.isEmpty(code)) {
+ log.error("鏈幏鍙栧埌鎺堟潈鐮�");
+ throw new BaseException("SSO鎺堟潈澶辫触");
+ }
+
+ String path = sysConfigService.selectConfigByKey("sys.qddz");
try {
- SSOTokenResponse accessToken = getAccessToken(code, true);
- SSOUserInfo userInfo = getUserInfo(accessToken.getAccess_token(), true);
+ SSOTokenResponse accessToken = getAccessTokenLyra(code, true);
+ SSOUserInfo userInfo = getUserInfoLyra(accessToken.getAccess_token(), true);
createLocalSession(userInfo);
-
- String path = sysConfigService.selectConfigByKey("sys.qddz");
if (StringUtils.isEmpty(path)) {
throw new BaseException("璇烽厤缃墠绔湴鍧�");
}
- String reviewUrl = path + "/loginSSO?token=" + accessToken.getAccess_token() + "&orgid=" +
- userInfo.getZuZhiJGID() + "&orgname=" + userInfo.getZuZhiJGMC() +
- "&ZuHuID="+ userInfo.getYongHuID() +"&deptCode=null";
+// String reviewUrl = path + "/loginSSO?token=" + accessToken.getAccess_token() + "&orgid=" +
+// userInfo.getZuZhiJGID() + "&orgname=" + userInfo.getZuZhiJGMC() +
+// "&ZuHuID="+ userInfo.getYongHuID() +"&deptCode=null";
+ String reviewUrl = "";
+ reviewUrl = UriComponentsBuilder.fromHttpUrl(path)
+ .path("/loginSSO")
+ .queryParam("token", accessToken.getAccess_token())
+ .queryParam("orgid", userInfo.getZuZhiJGID())
+ .queryParam("orgname", userInfo.getZuZhiJGMC())
+ .queryParam("ZuHuID", userInfo.getYongHuID())
+ .queryParam("deptCode", "null")
+ .build()
+ .toUriString();
+
log.info("鍗曠偣鐧婚檰閲嶅畾鍚戝湴鍧�涓猴細{}", reviewUrl);
redirectView.setUrl(reviewUrl);
- redirectView.setStatusCode(HttpStatus.MOVED_PERMANENTLY);
+ redirectView.setStatusCode(HttpStatus.FOUND);
} catch (Exception e) {
- e.printStackTrace();
- return new RedirectView();
+ log.error("SSO鐧诲綍澶辫触", e);
+ redirectView.setUrl(path + "/login?error=sso_failed");
+ return redirectView;
+
}
return redirectView;
@@ -168,6 +211,65 @@
* 鑾峰彇璁块棶浠ょ墝
*/
private SSOTokenResponse getAccessToken(String code, boolean isInternal) throws Exception {
+ HttpHeaders headers = new HttpHeaders();
+ headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+
+ MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+ params.add("client_id", clientId);
+ params.add("client_secret", clientSecret);
+ params.add("code", code);
+ params.add("grant_type", "authorization_code");
+ params.add("redirect_uri", getRedirectUri(isInternal));
+
+ HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+ ResponseEntity<String> response = restTemplate.exchange(getTokenUrl(isInternal), HttpMethod.POST, request, String.class);
+
+ log.info("Token鍝嶅簲: {}", response.getBody());
+
+ if (response.getBody() == null || response.getBody().trim().isEmpty()) {
+ throw new RuntimeException("Token鍝嶅簲涓虹┖");
+ }
+
+ SSOTokenResponse tokenResponse = JSON.parseObject(response.getBody(), SSOTokenResponse.class);
+
+ if (tokenResponse == null || StringUtils.isEmpty(tokenResponse.getAccess_token())) {
+ throw new RuntimeException("鑾峰彇access_token澶辫触");
+ }
+
+ return tokenResponse;
+ }
+
+ /**
+ * 鑾峰彇鐢ㄦ埛淇℃伅
+ */
+ private SSOUserInfo getUserInfo(String accessToken, boolean isInternal) throws Exception {
+ HttpHeaders headers = new HttpHeaders();
+ headers.set("Authorization", "Bearer " + accessToken);
+
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+
+ ResponseEntity<String> response = restTemplate.exchange(getUserinfoUrl(isInternal), HttpMethod.GET, entity, String.class);
+
+ log.info("鐢ㄦ埛淇℃伅鍝嶅簲: {}", response.getBody());
+
+ if (response.getBody() == null || response.getBody().trim().isEmpty()) {
+ throw new RuntimeException("鐢ㄦ埛淇℃伅鍝嶅簲涓虹┖");
+ }
+
+ SSOUserInfo userInfo = JSON.parseObject(response.getBody(), SSOUserInfo.class);
+
+ if (userInfo == null || StringUtils.isEmpty(userInfo.getName())) {
+ throw new RuntimeException("鑾峰彇鐢ㄦ埛淇℃伅澶辫触鎴栫敤鎴峰悕涓虹┖");
+ }
+
+ return userInfo;
+ }
+
+ /**
+ * 鑾峰彇璁块棶浠ょ墝
+ */
+ private SSOTokenResponse getAccessTokenLyra(String code, boolean isInternal) throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
@@ -207,7 +309,7 @@
/**
* 鑾峰彇鐢ㄦ埛淇℃伅
*/
- private SSOUserInfo getUserInfo(String accessToken, boolean isInternal) throws Exception {
+ private SSOUserInfo getUserInfoLyra(String accessToken, boolean isInternal) throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + accessToken);
--
Gitblit v1.9.3