IAM

2025-06-18 20:49:02 +08:00
parent 98b3b29c24
commit ce3b06b657
6 changed files with 215 additions and 0 deletions
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/client/IamFeignClient.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/client/IamFeignClient.java
@ -0,0 +1,43 @@
+package com.chinaunicom.mall.ebtp.common.auth.iam.client;
+
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamAuth;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamToken;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamTokenRequest;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamUser;
+import com.chinaunicom.mall.ebtp.common.base.entity.BaseResponse;
+import com.chinaunicom.mall.ebtp.common.bizmessage.fallback.BizMessageClientFallback;
+import com.chinaunicom.mall.ebtp.common.constant.ServiceNameConstants;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@FeignClient(name = ServiceNameConstants.EXTEND_SERVICE, fallback = BizMessageClientFallback.class)
+public interface IamFeignClient {
+
+    /**
+     * IAM单点登陆 - (获取code)oauth2认证接口-未认证跳转统一认证前端，已认证则发放code
+     * @param auth 获取授权请求参数
+     * @return IAM授权响应
+     * data：
+     * 如果未登陆，返回登陆地址http.......
+     * 如果已登陆，返回code
+     */
+    @PostMapping(value = "/iam/auth/authorize")
+    BaseResponse<String> authorize(IamAuth auth);
+
+    /**
+     * IAM单点登陆 - code换token
+     * @param token 获取iamToken
+     * @return iamToken
+     */
+    @GetMapping("/iam/auth/getTokenByCode")
+    BaseResponse<IamToken> getTokenByCode(IamTokenRequest token);
+
+    /**
+     * IAM单点登陆 - 获取用户信息接口
+     * @return iam用户信息
+     */
+    @GetMapping("/iam/auth/getUser")
+    BaseResponse<IamUser> getUser(@RequestParam("token") String token);
+}
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamAuth.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamAuth.java
@ -0,0 +1,12 @@
+package com.chinaunicom.mall.ebtp.common.auth.iam.entity;
+
+import lombok.Data;
+
+@Data
+public class IamAuth {
+    private String client_id;
+    private String response_type = "code";
+    private String redirect_uri;
+    private String approval_prompt = "auto";
+    private String approved = "true";
+}
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamToken.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamToken.java
@ -0,0 +1,20 @@
+package com.chinaunicom.mall.ebtp.common.auth.iam.entity;
+
+import lombok.Data;
+
+/**
+ * IAM单点登陆Token令牌实体类
+ */
+@Data
+public class IamToken {
+    // 访问令牌
+    private String access_token;
+    // 刷新令牌
+    private String refresh_token;
+    // 令牌类型
+    private String token_type;
+    // 过期时间（秒）
+    private Integer expires_in;
+    // 授权范围
+    private String scope;
+}
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamTokenRequest.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamTokenRequest.java
@ -0,0 +1,30 @@
+package com.chinaunicom.mall.ebtp.common.auth.iam.entity;
+
+import lombok.Data;
+
+/**
+ * 获取IAM token的请求实体
+ */
+@Data
+public class IamTokenRequest {
+    /**
+     * 固定值 authorization_code
+     */
+    private String grant_type;
+    /**
+     * 跳转Url带的code参数
+     */
+    private String code;
+    /**
+     * 跳转地址
+     */
+    private String redirect_uri;
+    /**
+     * 应用id
+     */
+    private String client_id;
+    /**
+     * 应用密钥
+     */
+    private String client_secret;
+}
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamUser.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/entity/IamUser.java
@ -0,0 +1,53 @@
+package com.chinaunicom.mall.ebtp.common.auth.iam.entity;
+
+import io.swagger.annotations.ApiModel;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import java.io.Serializable;
+
+/**
+ * IAM单点登录用户信息实体
+ */
+@Data
+@Accessors(chain = true)
+@ApiModel(value = "IamUser对象", description = "人员基本信息表")
+public class IamUser implements Serializable {
+    private static final long serialVersionUID = 1L;
+    /** 生日 */
+    private String birthday;
+    /** 性别 */
+    private Integer gender;
+    /** 展示名称 */
+    private String displayName;
+    /** 部门ID */
+    private String departmentId;
+    /** 手机号 */
+    private String mobile;
+    /** 创建日期 */
+    private String createdate;
+    /** 职务 */
+    private String title;
+    /** 用户唯一标识 */
+    private String userId;
+    /** 在线票据 */
+//    private String online_ticket;
+    /** 工号 */
+    private String employeeNumber;
+    /** 真实姓名 */
+    private String realname;
+    /** 机构ID */
+    private String institution;
+    /** 随机ID */
+    private String randomId;
+    /** 所在省市/州 */
+    private String state;
+    /** 部门名称 */
+    private String department;
+    /** 用户名（登录名） */
+    private String user;
+    /** 邮箱 */
+    private String email;
+    /** 用户名（登录名，冗余） */
+    private String username;
+}
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/fallback/IamFeignClientFallback.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/auth/iam/fallback/IamFeignClientFallback.java
@ -0,0 +1,57 @@
+package com.chinaunicom.mall.ebtp.common.auth.iam.fallback;
+
+import com.chinaunicom.mall.ebtp.common.auth.iam.client.IamFeignClient;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamAuth;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamToken;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamTokenRequest;
+import com.chinaunicom.mall.ebtp.common.auth.iam.entity.IamUser;
+import com.chinaunicom.mall.ebtp.common.base.entity.BaseResponse;
+import org.springframework.stereotype.Component;
+
+@Component
+public class IamFeignClientFallback implements IamFeignClient {
+
+
+    @Override
+    public BaseResponse<String> authorize(IamAuth auth) {
+        return BaseResponse.success("mock_code_501679ca-f036-4ed1-9414-585315d8627d");
+//        return new BaseResponse<>();
+    }
+
+    @Override
+    public BaseResponse<IamToken> getTokenByCode(IamTokenRequest token) {
+        IamToken iamToken = new IamToken();
+        iamToken.setAccess_token("mock_token_efc3ae0f-7a66-40aa-916b-010d83bf46fb");
+        iamToken.setRefresh_token("mock_refresh_token_efc3ae0f-7a66-40aa-916b-010d83bf46fb");
+        iamToken.setScope("read all");
+        iamToken.setToken_type("Bearer");
+        iamToken.setExpires_in(7200);
+        return BaseResponse.success(iamToken);
+//        return new BaseResponse<>();
+    }
+
+    @Override
+    public BaseResponse<IamUser> getUser(String token) {
+        IamUser iamUser = new IamUser();
+        iamUser.setBirthday(null);
+        iamUser.setGender(1);
+        iamUser.setDisplayName("系统管理员");
+        iamUser.setDepartmentId("105");
+        iamUser.setMobile("15618726256");
+        iamUser.setCreatedate("2014-01-21 00:00:00");
+        iamUser.setTitle("系统管理员");
+        iamUser.setUserId("1");
+//        iamUser.setOnline_ticket("1008090077147955200");
+        iamUser.setEmployeeNumber("30025000");
+        iamUser.setRealname("系统管理员");
+        iamUser.setInstitution("1");
+        iamUser.setRandomId("e8c1657d-c08a-485c-9267-459a63319b57");
+        iamUser.setState("北京");
+        iamUser.setDepartment("科技部");
+        iamUser.setUser("admin");
+        iamUser.setEmail("shimingxy@qq.com");
+        iamUser.setUsername("admin");
+        return BaseResponse.success(iamUser);
+//        return new BaseResponse<>();
+    }
+}