From 710a3bec179d44d634f2dcdd4abe767d749530ba Mon Sep 17 00:00:00 2001 From: efren <79289982@qq.com> Date: Wed, 18 Jun 2025 20:23:17 +0800 Subject: [PATCH] IAM --- .../ebtp/extend/iam/client/IamClient.java | 3 + .../controller/IamDepartmentController.java | 6 +- .../iam/controller/IamUserController.java | 32 ++++++++- .../iam/entity/data/IamApiDepartment.java | 27 +++++-- .../extend/iam/entity/data/IamApiUser.java | 72 +++++++++++++++---- .../ebtp/extend/iam/entity/data/IamUser.java | 6 ++ .../extend/iam/service/IamUserService.java | 15 ++++ .../iam/service/impl/IamUserServiceImpl.java | 25 +++++++ 8 files changed, 161 insertions(+), 25 deletions(-) diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/client/IamClient.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/client/IamClient.java index 8f39f60..5891de2 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/client/IamClient.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/client/IamClient.java @@ -18,7 +18,10 @@ public interface IamClient { * (获取code)oauth2认证接口-未认证跳转统一认证前端,已认证则发放code * @param request 获取授权请求参数 * @return + * -- 下面是文档的 * {"statusCodeValue":0,"msg":null,"data":"http://10.11.4.13:9999/#/digital?code=501679ca-f036-4ed1-9414-585315d8627d"} + * -- 下面是实际的 + * {"statusCodeValue":1004,"msg":"Need Login","data":null} */ @GetMapping("/sign/authz/oauth/v20/authorize") IamAuthResponseDTO authorize(@SpringQueryMap IamAuthRequestDTO request); diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamDepartmentController.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamDepartmentController.java index b8f5605..896b4b9 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamDepartmentController.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamDepartmentController.java @@ -92,10 +92,10 @@ public class IamDepartmentController { @ApiOperation("新增组织架构接口") @PostMapping("/department") public IamApiResponseDTO saveDepartment(@RequestBody IamApiDepartment iamApiDepartment){ - log.debug("saveUser请求参数:{}", iamApiDepartment); + log.debug("saveDepartment请求参数:{}", iamApiDepartment); Boolean saveResult = iamDepartmentService.save(iamApiDepartment); - log.debug("saveUser返回结果:{}, {}", saveResult, iamApiDepartment); - return IamApiResponseDTO.success(iamApiDepartment.getId()); + log.debug("saveDepartment返回结果:{}, {}", saveResult, iamApiDepartment); + return IamApiResponseDTO.success(iamApiDepartment.getOrgCode()); } /** diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamUserController.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamUserController.java index c87ed16..d298320 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamUserController.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/controller/IamUserController.java @@ -31,6 +31,21 @@ public class IamUserController { @Resource private IamUserService iamUserService; + /** + * 授权接口,获取 access_token + * 请求方式:POST + * 请求地址:/iam/api/access_token + * 请求体:{"appId":"xxx", "appSecret":"xxx"} + * 返回:{"errorCode":0, "accessToken":"xxxxx", "expiresInMS":7200000} + */ + @PostMapping("/access_token") + @ApiOperation("获取access_token") + public java.util.Map getAccessToken(@RequestBody java.util.Map body) { + String appId = body.get("appId"); + String appSecret = body.get("appSecret"); + return iamUserService.generateAccessToken(appId, appSecret); + } + /** * 获取人员列表接口 * 请求方式:GET @@ -62,7 +77,17 @@ public class IamUserController { */ @ApiOperation("获取人员列表接口") @GetMapping("/users") - public IamApiResponseDTO> getUsers(IamApiRequestDTO userRequestDTO){ + public IamApiResponseDTO getUsers( + IamApiRequestDTO userRequestDTO, + @RequestHeader(value = "Authorization", required = false) String authorization) { + // 鉴权校验 +// if (authorization == null || !authorization.startsWith("Bearer ")) { +// return IamApiResponseDTO.fail(401, "Missing or invalid Authorization header"); +// } +// String token = authorization.substring(7); +// if (!iamUserService.validateAccessToken(token)) { +// return IamApiResponseDTO.fail(401, "Invalid or expired token"); +// } log.debug("users请求参数:{}", userRequestDTO); IPage page = iamUserService.getUsers(userRequestDTO); List users = page.getRecords(); @@ -99,7 +124,7 @@ public class IamUserController { log.debug("saveUser请求参数:{}", iamApiUser); Boolean saveResult = iamUserService.save(iamApiUser); log.debug("saveUser返回结果:{}, {}", saveResult, iamApiUser); - return IamApiResponseDTO.success(iamApiUser.getId()); + return IamApiResponseDTO.success(iamApiUser.getEmployeeNo()); } /** @@ -125,7 +150,7 @@ public class IamUserController { @PutMapping("/user/{id}") public IamApiResponseDTO updateUser(@PathVariable("id") String id, @RequestBody IamApiUser iamApiUser) { log.debug("updateUser请求参数:id={}, user={}", id, iamApiUser); - iamApiUser.setId(id); + iamApiUser.setEmployeeNo(id); boolean updateResult = iamUserService.updateById(iamApiUser); log.debug("updateUser返回结果:{}", updateResult); return IamApiResponseDTO.success(); @@ -152,4 +177,5 @@ public class IamUserController { return IamApiResponseDTO.success(); } + } \ No newline at end of file diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiDepartment.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiDepartment.java index 355dd1d..8798964 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiDepartment.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiDepartment.java @@ -30,14 +30,27 @@ import java.util.Date; @ApiModel(value = "IamApiDepartment对象", description = "组织架构基本信息表") public class IamApiDepartment { - @TableId(value = "id", type = IdType.ASSIGN_UUID) - private String id; - private String name; - private String parentId; // 上级组织架构的ID - private String status; // 标识组织架构的停启用 - + /** 组织编码 */ + @TableId(value = "org_code", type = IdType.INPUT) + private String orgCode; + /** 组织名称描述 */ + private String orgName; + /** 集团法人编码 */ + private String groupLegalPersonCode; + /** 上级组织编码 */ + private String parentOrgCode; + /** 上级组织名称描述 */ + private String parentOrgName; + /** 组织单位类型 */ + private String orgUnitType; + /** 最新更新日期 */ + private Date lastUpdateDate; + /** 开始日期 */ + private Date startDate; + /** 结束日期 */ + private Date endDate; /** 创建时间 */ private Date createTime; /** 修改时间 */ private Date updateTime; -} +} \ No newline at end of file diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiUser.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiUser.java index ce4339e..74bfb5c 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiUser.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamApiUser.java @@ -17,22 +17,70 @@ import java.util.Date; @TableName(value = "iam_api_user", autoResultMap = true) @ApiModel(value = "IamApiUser对象", description = "人员基本信息表") public class IamApiUser { - /** 用户ID */ - @TableId(value = "id", type = IdType.ASSIGN_UUID) - private String id; - /** 用户名 */ + /** HR员工编号 */ + @TableId(value = "employee_no", type = IdType.INPUT) + private String employeeNo; + /** 员工姓名(中国和外国不同) */ private String name; - /** 邮箱 */ - private String email; - /** 手机号 */ + /** 员工状态(在职、离职、退休等) */ + private String employeeStatusDesc; + /** HR组织机构单位一级编码 */ + private String companyName; + /** 员工所属职位编码 */ + private String positionCode; + /** 员工所属职位描述 */ + private String positionName; + /** 员工所属部门编码(最小组织) */ + private String departmentCode; + /** 性别描述(男、女) */ + private String gender; + /** 出生日期 */ + private Date birthDate; + /** 国籍描述 */ + private String nationality; + /** 民族描述 */ + private String ethnicGroup; + /** 身份证号码 */ + private String idCardNo; + /** 政治面貌描述 */ + private String politicalStatus; + /** 学位描述 */ + private String highestDegree; + /** 学历描述 */ + private String highestEducation; + /** 联系电话(座机) */ + private String workPhone; + /** 员工手机号码 */ private String mobile; - /** 所在组织架构的ID */ - private String departmentId; - /** 标识人员的停启用 */ - private String status; + /** 员工电子邮箱地址 */ + private String email; + /** 是否是船员(船员是 其他否) */ + private String isCrew; + /** 员工类型描述(合同、劳务派遣、协议制等) */ + private String employeeGroup; + /** 入职日期 */ + private Date entryDate; + /** 离职日期 */ + private Date leaveDate; + /** 员工SAP用户名 */ + private String sapUsername; + /** 人事范围中的国家描述 */ + private String country; + /** 人事范围中的地区描述 */ + private String region; + /** 最新组织分配的日期 */ + private Date lastPositionDate; + /** 最新专业技术资格名称 */ + private String professionalQualificationName; + /** 最细执业资格小类名称 */ + private String qualificationSubtype; + /** 最高学历专业名称 */ + private String majorName; + /** 简历信息数据 */ + private String workExperience; /** 创建时间 */ private Date createTime; /** 修改时间 */ private Date updateTime; -} +} \ No newline at end of file diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamUser.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamUser.java index 7b43b17..9dfded8 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamUser.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/entity/data/IamUser.java @@ -20,6 +20,10 @@ public class IamUser implements Serializable { private Integer gender; /** 展示名称 */ private String displayName; + /** 部门ID */ + private String departmentId; + /** 手机号 */ + private String mobile; /** 创建日期 */ private String createdate; /** 职务 */ @@ -42,6 +46,8 @@ public class IamUser implements Serializable { private String department; /** 用户名(登录名) */ private String user; + /** 邮箱 */ + private String email; /** 用户名(登录名,冗余) */ private String username; } \ No newline at end of file diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/IamUserService.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/IamUserService.java index 2d196a1..803f7ea 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/IamUserService.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/IamUserService.java @@ -10,4 +10,19 @@ import java.util.List; public interface IamUserService extends IBaseService { IPage getUsers(IamApiRequestDTO iamUserRequestDTO); + + /** + * 生成 accessToken + * @param appId 应用ID + * @param appSecret 应用密钥 + * @return accessToken 及有效期 + */ + java.util.Map generateAccessToken(String appId, String appSecret); + + /** + * 校验 accessToken 是否有效 + * @param token token字符串 + * @return 有效返回true,无效返回false + */ + boolean validateAccessToken(String token); } diff --git a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/impl/IamUserServiceImpl.java b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/impl/IamUserServiceImpl.java index 2a54a6a..7441596 100644 --- a/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/impl/IamUserServiceImpl.java +++ b/src/main/java/com/chinaunicom/mall/ebtp/extend/iam/service/impl/IamUserServiceImpl.java @@ -34,4 +34,29 @@ public class IamUserServiceImpl extends ServiceImpl i } return iamUserMapper.selectPage(page, queryWrapper); } + + @Override + public java.util.Map generateAccessToken(String appId, String appSecret) { + // 简单示例:实际生产环境请替换为安全的校验和token生成逻辑 + java.util.Map result = new java.util.HashMap<>(); + // 假设appId/appSecret校验通过 + if ("8f1b3c2d4e5f6a7b8c9d0e1f2a3b4c5d".equals(appId) && "QwErTyUiOp1234567890ZxCvBnMqWeRtY=".equals(appSecret)) { + String token = java.util.UUID.randomUUID().toString().replaceAll("-", ""); + long expiresInMS = 2 * 60 * 60 * 1000L; // 2小时 + result.put("errorCode", 0); + result.put("accessToken", token); + result.put("expiresInMS", expiresInMS); + } else { + result.put("errorCode", 1); + result.put("errorMsg", "appId or appSecret invalid"); + } + return result; + } + + @Override + public boolean validateAccessToken(String token) { + // 简单实现:实际应结合缓存/数据库和过期时间校验 + // 这里只做演示,假设所有生成的token都有效 + return token != null && token.length() == 32; + } } \ No newline at end of file