From c161e54886d869964b74959f1ad228d24d360849 Mon Sep 17 00:00:00 2001
From: 陈昶聿 <chychen@nbjetron.com>
Date: 星期五, 16 一月 2026 10:29:37 +0800
Subject: [PATCH] 【景宁】SSO单点登录接口

---
 ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java |  135 +++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 135 insertions(+), 0 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java
index 78296c7..0a429a9 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/sso/SSOController.java
@@ -3,10 +3,12 @@
 import com.alibaba.fastjson.JSON;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.exception.base.BaseException;
 import com.ruoyi.common.utils.HttpUtil;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.http.HttpUtils;
 import com.ruoyi.framework.web.service.TokenService;
+import com.ruoyi.system.service.ISysConfigService;
 import com.ruoyi.system.service.ISysUserService;
 import com.smartor.domain.SSOTokenResponse;
 import com.smartor.domain.SSOUserInfo;
@@ -22,6 +24,8 @@
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.web.servlet.view.RedirectView;
+import org.springframework.web.util.UriComponentsBuilder;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -80,6 +84,9 @@
     @Autowired
     private TokenService tokenService;
 
+    @Autowired
+    private ISysConfigService sysConfigService;
+
     private final RestTemplate restTemplate;
 
     public SSOController() {
@@ -113,6 +120,74 @@
         } catch (Exception e) {
             e.printStackTrace();
         }
+    }
+
+    /**
+     * SSO鐧诲綍鍏ュ彛 - 淇￠�氶櫌浼氳皟鐢ㄨ繖涓湴鍧�
+     * 璁块棶璺緞锛歨ttp://鍩熷悕:8095/sso/ssoLoginLyra
+     */
+    @GetMapping("ssoLoginLyra")
+    public RedirectView ssoLoginLyra() {
+        log.info("鏀跺埌SSO鐧诲綍璇锋眰锛屽紑濮嬮噸瀹氬悜鍒版巿鏉冩湇鍔″櫒");
+        String redirectUri = internalRedirectUri;
+        String path = sysConfigService.selectConfigByKey("sys.qddz");
+        String lyraPath = "https://9.208.39.29:13021";
+        String clientId = "1553548571532333056";
+        String clientSecret = "suifangxt";
+        String scope = "openid";
+        redirectUri = URLEncoder.encode(internalRedirectUri);
+
+        String authorizeUrl = lyraPath + "/mediinfo-lyra-authserver/connect/authorize";
+        String accessTokenUrl = lyraPath + "/mediinfo-lyra-authserver/connect/token";
+        String userInfoUrl =  lyraPath + "/mediinfo-lyra-authserver/connect/userinfo";
+        // 閲嶅畾鍚戝湴鍧�瀵硅薄(閲嶅畾鍚戝湴鍧�
+        RedirectView redirectView = new RedirectView();
+
+        // Authorize閴存潈鎺ュ彛
+        String param = "client_id=" + clientId + "&redirect_uri=" + redirectUri + "&response_type=code" +
+                "&state=" + state + "&scope=" + scope;
+        log.info("銆怉uthorize閴存潈鎺ュ彛銆戝叆鍙備负锛歿}", param);
+//        String url = internalAuthorizeUrl;
+        String s = HttpUtils.sendGet(authorizeUrl, param);
+        Map<String, String> result = getResult(s);
+        String code = result.get("code");
+        if (StringUtils.isEmpty(code)) {
+            log.error("鏈幏鍙栧埌鎺堟潈鐮�");
+            throw new BaseException("SSO鎺堟潈澶辫触");
+        }
+        try {
+            SSOTokenResponse accessToken = getAccessTokenLyra(code, accessTokenUrl, clientId, clientSecret,true);
+            SSOUserInfo userInfo = getUserInfoLyra(accessToken.getAccess_token(), userInfoUrl,true);
+
+            createLocalSession(userInfo);
+            if (StringUtils.isEmpty(path)) {
+                throw new BaseException("璇烽厤缃墠绔湴鍧�");
+            }
+//            String reviewUrl = path + "/loginSSO?token=" + accessToken.getAccess_token() + "&orgid=" +
+//                    userInfo.getZuZhiJGID() + "&orgname=" + userInfo.getZuZhiJGMC() +
+//                    "&ZuHuID="+ userInfo.getYongHuID() +"&deptCode=null";
+            String reviewUrl = "";
+            reviewUrl = UriComponentsBuilder.fromHttpUrl(path)
+                    .path("/loginSSO")
+                    .queryParam("token", accessToken.getAccess_token())
+                    .queryParam("orgid", userInfo.getZuZhiJGID())
+                    .queryParam("orgname", userInfo.getZuZhiJGMC())
+                    .queryParam("ZuHuID", userInfo.getYongHuID())
+                    .queryParam("deptCode", "null")
+                    .build()
+                    .toUriString();
+
+            log.info("鍗曠偣鐧婚檰閲嶅畾鍚戝湴鍧�涓猴細{}", reviewUrl);
+            redirectView.setUrl(reviewUrl);
+            redirectView.setStatusCode(HttpStatus.FOUND);
+        } catch (Exception e) {
+            log.error("SSO鐧诲綍澶辫触", e);
+            redirectView.setUrl(path + "/login?error=sso_failed");
+            return redirectView;
+
+        }
+
+        return redirectView;
     }
 
     private Map<String, String> getResult(String param) {
@@ -195,6 +270,66 @@
     }
 
     /**
+     * 鑾峰彇璁块棶浠ょ墝
+     */
+    private SSOTokenResponse getAccessTokenLyra(String code, String accessTokenUrl, String clientId, String clientSecret, boolean isInternal) throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        String redirectUri = getRedirectUri(isInternal);
+        params.add("client_id", clientId);
+        params.add("client_secret", clientSecret);
+        params.add("code", code);
+        params.add("grant_type", "authorization_code");
+        params.add("redirect_uri", redirectUri);
+
+        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);
+
+        ResponseEntity<String> response = restTemplate.exchange(accessTokenUrl, HttpMethod.POST, request, String.class);
+
+        log.info("Token鍝嶅簲: {}", response.getBody());
+
+        if (response.getBody() == null || response.getBody().trim().isEmpty()) {
+            throw new RuntimeException("Token鍝嶅簲涓虹┖");
+        }
+
+        SSOTokenResponse tokenResponse = JSON.parseObject(response.getBody(), SSOTokenResponse.class);
+
+        if (tokenResponse == null || StringUtils.isEmpty(tokenResponse.getAccess_token())) {
+            throw new RuntimeException("鑾峰彇access_token澶辫触");
+        }
+
+        return tokenResponse;
+    }
+
+    /**
+     * 鑾峰彇鐢ㄦ埛淇℃伅
+     */
+    private SSOUserInfo getUserInfoLyra(String accessToken, String userInfoUrl, boolean isInternal) throws Exception {
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Authorization", "Bearer " + accessToken);
+
+        HttpEntity<String> entity = new HttpEntity<>(headers);
+
+        ResponseEntity<String> response = restTemplate.exchange(userInfoUrl, HttpMethod.GET, entity, String.class);
+
+        log.info("鐢ㄦ埛淇℃伅鍝嶅簲: {}", response.getBody());
+
+        if (response.getBody() == null || response.getBody().trim().isEmpty()) {
+            throw new RuntimeException("鐢ㄦ埛淇℃伅鍝嶅簲涓虹┖");
+        }
+
+        SSOUserInfo userInfo = JSON.parseObject(response.getBody(), SSOUserInfo.class);
+
+        if (userInfo == null || StringUtils.isEmpty(userInfo.getName())) {
+            throw new RuntimeException("鑾峰彇鐢ㄦ埛淇℃伅澶辫触鎴栫敤鎴峰悕涓虹┖");
+        }
+
+        return userInfo;
+    }
+
+    /**
      * 鍒涘缓鏈湴浼氳瘽
      */
     private String createLocalSession(SSOUserInfo userInfo) {

--
Gitblit v1.9.3