liuchang/mall-ebtp-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

外部系统详情页鉴权功能修改:

Browse Source 
1. 外部页面在params参数中传输userId
2. 页面调用接口前,获取userId,拼接_当前系统时间放入请求头 xxxxx_2025-01-01 00:00:00
3. 每个接口请求头加密传递userId: 密文
This commit is contained in:
efren
2025-08-08 09:17:48 +08:00
parent fb2efa6aa0
commit 536c6a5438
1 changed files with 94 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java
View File

@ -1,16 +1,32 @@
package com.chinaunicom.mall.ebtp.common.base.service.impl;
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.RSAcheck;
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.CurrentRoleHolder;
import com.chinaunicom.mall.ebtp.common.base.client.SystemClient;
import com.chinaunicom.mall.ebtp.common.base.entity.BaseCacheUser;
import com.chinaunicom.mall.ebtp.common.base.entity.BaseResponse;
import com.chinaunicom.mall.ebtp.common.base.entity.SysUser;
import com.chinaunicom.mall.ebtp.common.base.service.IBaseCacheUserService;
import com.chinaunicom.mall.ebtp.common.exception.common.CommonExceptionEnum;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.BearerTokenHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REDIS_USER_KEY;
/**
@ -28,28 +44,96 @@ public class BaseCacheUserServiceImpl implements IBaseCacheUserService {
@Qualifier("userinfoRedisTemplate")
private RedisTemplate<String, Object> redisTemplate;
@Value("${login.captcha.privateKey}")
private String privateKey;
@Autowired
private SystemClient systemClient;
@Override
public BaseCacheUser getCacheUser() {
try {
String token = BearerTokenHolder.getToken();
if (token == null || token.isEmpty()) {
log.warn("未获取到token");
return null;
BaseCacheUser cacheUser = null;
if (StringUtils.hasText(token)) {
Object o = redisTemplate.opsForValue().get(REDIS_USER_KEY + token);
if (o instanceof BaseCacheUser) {
cacheUser = (BaseCacheUser) o;
}
}
Object o = redisTemplate.opsForValue().get(REDIS_USER_KEY + token);
if (o instanceof BaseCacheUser) {
BaseCacheUser cacheUser = (BaseCacheUser) o;
// 添加当前用户角色
// 如果Token没有传递或获取不到尝试从请求头获取userId字段来获取用户信息流程/IOA等需要挂载外部页面的鉴权外部页面的前端将userId拼接_时间加密放到请求头传递
if (cacheUser == null) {
// token为空或redis未找到尝试从请求参数code解密userId
ServletRequestAttributes attrs = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (attrs != null) {
String userId = attrs.getRequest().getHeader("userId");
String cap = this.decrypt(userId);
String[] caps = cap.split("_");
if (caps.length != 2) {
log.warn("解密后的userId格式不正确userId:{}", userId);
return null;
}
userId = caps[0];
cacheUser = getCacheUserByUserId(userId);
} else {
log.warn("无法获取ServletRequestAttributes");
}
}
if (cacheUser != null) {
cacheUser.setCurrentRoleCode(CurrentRoleHolder.getRole());
return cacheUser;
} else {
log.warn("redis中未找到用户信息token:{}", token);
return null;
}
return null;
} catch (Exception e) {
log.error("获取缓存用户信息异常", e);
return null;
}
}
/**
* 通过userId远程获取用户并封装为BaseCacheUser
*/
private BaseCacheUser getCacheUserByUserId(String userId) {
BaseResponse<SysUser> resp = systemClient.getUser(userId);
if (resp != null && resp.isSuccess() && resp.getData() != null) {
SysUser user = resp.getData();
BaseCacheUser cacheUser = new BaseCacheUser();
cacheUser.setUserId(user.getUserId());
cacheUser.setFullName(user.getName());
cacheUser.setLoginName(user.getEmployeeNumber());
cacheUser.setMobilePhone(user.getMobile());
cacheUser.setOfficePhone(user.getOfficePhone());
cacheUser.setSex(user.getSex() != null ? user.getSex().toString() : null);
cacheUser.setEmployeeNumber(user.getEmployeeNumber());
cacheUser.setEmailAddress(user.getEmail());
cacheUser.setUserType("0");
// cacheUser.setDeptId(orgId);
// cacheUser.setDeptName(sysOrg.getOrgName());
// cacheUser.setOrganizationId(sysOrg.getCuCompanyNumber());
// cacheUser.setOrganizationName(sysOrg.getCuCompanyName());
// cacheUser.setOrganizationFullId(sysOrg.getOrgFullId());
// cacheUser.setOrganizationFullName(sysOrg.getOrgFullName());
// BeanUtils.copyProperties(sysUser, cacheUser);
return cacheUser;
} else {
log.warn("systemClient未获取到用户信息userId:{}", userId);
return null;
}
}
private String decrypt(String value){
String val = "";
System.out.println("\r解密前文字\r\n" + value);
try {
byte[] encodedData = RSAcheck.decryptBASE64(value);
byte[] decodedData = RSAcheck.decryptByPrivateKey(encodedData, privateKey);
val = new String(decodedData);
System.out.println("解密后文字:\r\n" + val);
}catch (Exception e){
log.error("解密失败 异常!",e);
CommonExceptionEnum.FRAME_EXCEPTION_COMMON_DATA_OTHER_ERROR.customValidName("解密失败",true);
}
return val;
}
}