Skip to content

Q
qianhe-ydsj
Commit 0422da67 by wangjian
Options

2026-01-30 统一身份认证

parent 794b2c11
Showing with 1344 additions and 1 deletions
qianhe-admin/pom.xml
...@@ -68,6 +68,14 @@ ...@@ -68,6 +68,14 @@
<version>3.8.5</version> <version>3.8.5</version>
</dependency> </dependency>
<!--统一认证-->
<!--统一身份认证-->
<dependency>
<groupId>com.qianhe</groupId>
<artifactId>siam-am-agent-simple</artifactId>
<version>3.3</version>
</dependency>
</dependencies> </dependencies>
<build> <build>
......
qianhe-admin/src/main/java/com/qianhe/web/controller/config/SPConfig.java 0 → 100644
package com.qianhe.web.controller.config;
import com.sinopec.siam.agent.web.AccessEnforcer;
import com.sinopec.siam.agent.web.SAMLProfileFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletContextInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.DispatcherType;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import java.util.HashMap;
import java.util.Map;
//*
//* @Title: 统一认证配置管理
//* @author wamgqi
//* @date 2022年07月26
@Configuration
public class SPConfig {
@Bean
public ServletContextInitializer initializer() {
return new ServletContextInitializer() {
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
servletContext.setInitParameter("spSimpleConfigFile", "classpath:/conf/sp-simple-config.properties");
}
};
}
@Bean
public FilterRegistrationBean<SAMLProfileFilter> registerSPFilter() {
FilterRegistrationBean<SAMLProfileFilter> bean = new FilterRegistrationBean<>();
System.err.println("FilterRegistrationBean");
System.err.println("开始注册SAMLProfileFilter");
bean.setDispatcherTypes(DispatcherType.REQUEST);
bean.setFilter(new SAMLProfileFilter());
bean.addUrlPatterns("/SSO/*");
bean.setName("SAMLProfileFilter");
bean.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
Map<String, String> initParameters = new HashMap<String, String>();
bean.setInitParameters(initParameters);
return bean;
}
@Bean
public FilterRegistrationBean<AccessEnforcer> registerMergeFilter() {
FilterRegistrationBean<AccessEnforcer> bean = new FilterRegistrationBean<>();
System.err.println("AccessEnforcer");
System.err.println("开始注册AccessEnforcer");
bean.setDispatcherTypes(DispatcherType.REQUEST);
bean.setFilter(new AccessEnforcer());
bean.addUrlPatterns("/siamlogin");
bean.setName("AccessEnforcerAuthen");
bean.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("noFilterURLs", "/favicon.ico;/ruoyi.png;/html/*;/css/*;/docs/*;/fonts/*;/img/*;/ajax/*;/js/*;/zhimin/*;/captcha/captchaImage;;/common/*;/SSO/**;/profile/upload/*;/register/;/login;/loginauth;/noaccess;/api/**");
bean.setInitParameters(initParameters);
return bean;
}
}
qianhe-admin/src/main/java/com/qianhe/web/controller/system/SiamloginController.java 0 → 100644
package com.qianhe.web.controller.system;
import cn.hutool.http.HttpRequest;
import com.alibaba.fastjson2.JSONArray;
import com.alibaba.fastjson2.JSONObject;
import com.qianhe.common.constant.Constants;
import com.qianhe.common.core.domain.AjaxResult;
import com.qianhe.framework.web.service.SysLoginService;
import com.qianhe.system.mapper.SysUserMapper;
import com.qianhe.system.service.ISysUserService;
import com.sinopec.siam.agent.common.ContextHolder;
import com.sinopec.siam.agent.common.SSOPrincipal;
import com.sinopec.siam.agent.common.SamlSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
/**
* 统一认证登录
*
*/
@Controller
public class SiamloginController {
// private static final String VUEHOST = "https://jd.osgc.sinopec.com:249";
private static final String VUEHOST = "http://ydsj.slof.com:9034";
@Autowired
private SysUserMapper userMapper;
@Autowired
private ISysUserService userService;
@Autowired
private SysLoginService loginService;
@RequestMapping("/siamlogin")
public String login() {
System.out.println("1.1.0:");
SamlSession SamlSession = ContextHolder.getContext();
System.out.println("1.1.0:SamlSession"+SamlSession);
System.out.println("1.1.0:SamlSession"+SamlSession);
SSOPrincipal ssoPrincipal = ((SSOPrincipal)SamlSession.getAttribute(SSOPrincipal.NAME_OF_SESSION_ATTR));
System.out.println("1.1.0:ssoPrincipal"+ssoPrincipal);
String tzlx = "0"; // 0跳转到无权限界面 1跳转到首页
System.out.println("1.1.1:tzlx"+tzlx);
String JwtToken =null;
if(null !=ssoPrincipal){
// String[] appAcount = ssoPrincipal.getAppAccount();
// System.out.println("\n 1.1.1_2 :tzlx"+appAcount);
// //应用账号(getappaccount)是否为空
// if(appAcount != null && appAcount.length > 0) {
// //应用账号(getappaccount)是否是本应用
// if (Arrays.binarySearch(appAcount, "地球物理节点数据处理与质控系统") > 0) {
String uid = ssoPrincipal.getUid();
System.out.println("1.1.2:uid"+uid);
String adAccountName = ssoPrincipal.getSingleValue("ADAccountName");
System.out.println("1.1.3:adAccountName"+adAccountName);
Map map = new HashMap();
map.put("uid", uid);//不带后缀 sl-npp
map.put("adAccountName", adAccountName);//带后缀 sl-npp.osgc
// JwtToken = loginService.loginSam("admin","ydzk@#2024");
// tzlx="1";
if (null !=uid) {
//查询当前账号是否存在于本系统库
String login_name = userMapper.selectUserBySiam(map);
System.out.println("1.1.4:login_name"+login_name);
if(null!=login_name&&!"".equals(login_name)){
//伪登录
JwtToken = loginService.loginSam(login_name,"gfjsmm3@5");
tzlx="1";
}
}
// }
// }
}
System.out.println(tzlx);
if(tzlx.equals("0")){
return "redirect:"+VUEHOST+"/noaccess";
//无权限
}else {
return "redirect:"+VUEHOST+"/remotelogin?token="+JwtToken;
}
}
// @GetMapping("/jwtLogin")
// @ResponseBody
// public AjaxResult jwtLogin(JwtLoginInfo jwtLoginInfo, HttpServletRequest request) {
// //获取ip
// String xfHeader = request.getHeader("X-Forwarded-For");
// if (xfHeader == null) {
// xfHeader = request.getHeader("X-Real-IP");
// }
// String ip="";
// if(xfHeader!=null){
// // 通常情况下,"X-Forwarded-For" 头字段可能包含多个IP地址,
// // 第一个IP地址是客户端的真实IP地址
// String[] xfAddr = xfHeader.split(",");
// ip=xfAddr[0].trim();
// }else {
// ip="10.249.139.249";
// }
// String username = jwtLoginInfo.getUsername();
// System.out.println("=====username"+username);
// String password = jwtLoginInfo.getPassword();
//// password ="pcitc@#2020";
// System.out.println("=====password"+password);
// //加密链接账号和密码
// String ljzhEncoded = base64("dqwl_7683_01", "encoded");
// //加密用户名
// String userNameEncoded = base64(username, "encoded");
//
// System.out.println("=====userNameEncoded"+userNameEncoded);
// //加密密码
// String pwEncoded = base64(password, "encoded");
// System.out.println("=====pwEncoded"+pwEncoded);
// //测试
//// String ceurl="https://jwt2.uat.siam.sinopec.com/jwt2/jwtauth";
// // HashMap<String, Object> paramMap = new HashMap<>();
//// paramMap.put("username", userNameEncoded);
//// paramMap.put("password", pwEncoded);
//// paramMap.put("appId", "7683");
//// paramMap.put("clientIp", ip);
//// paramMap.put("isencryption", "1");
//// System.out.println("===url"+ceurl);
//// System.out.println("===paramMap"+paramMap.toString());
// //正式
// String url="https://jwt.siam.sinopec.com/jwt2/jwtauth";
// HashMap<String, Object> paramMap = new HashMap<>();
// paramMap.put("username", userNameEncoded);
// paramMap.put("password", pwEncoded);
// paramMap.put("appId", "203935");
// paramMap.put("clientIp", ip);
// paramMap.put("isencryption", "1");
// System.out.println("===url"+url);
// System.out.println("===paramMap"+paramMap.toString());
// //链式构建请求
// String result2 = HttpRequest.post(url)
// .header("Content-Type", "application/x-www-form-urlencoded")
// .header("Authorization", "Bearer ZHF3bF8yMDM5MzVfMDE=:SlRXY21fOHczaHI=")
// .form(paramMap)//表单内容
// .timeout(20000)//超时,毫秒
// .execute().body();
//
// System.out.println("=========请求结果"+result2);
// JSONObject object = JSONObject.parseObject(result2);
// System.out.println("=========转换结果"+object);
// String result = object.get("result").toString();
//
// if(result.equals("1")){
// String jwttoken = object.get("jwttoken").toString();
// System.out.println("======jwttoken"+jwttoken);
// String[] chunks = jwttoken.split("\\.");
// Base64.Decoder decoder = Base64.getUrlDecoder();
//// String header = new String(decoder.decode(chunks[0]));
// String payload = new String(decoder.decode(chunks[1]));
// System.out.println("payload======"+payload);
// JSONObject objectinfo = JSONObject.parseObject(payload);
// System.out.println("======objectinfo"+objectinfo);
// String uid = objectinfo.get("uid").toString();
// System.out.println("======uid"+uid);
// JSONArray accountidArr = objectinfo.getJSONArray("accountid");
// String accountid="";
// if(accountidArr.size()>0){
// accountid=accountidArr.get(0).toString();
// }else{
// return AjaxResult.error("您无权限访问系统,请联系管理员!");
// }
// System.out.println("======accountid"+accountidArr);
// Map map = new HashMap();
// map.put("uid", uid);//不带后缀 sl-npp
// map.put("adAccountName", accountid);//带后缀 sl-npp.osgc
// String login_name = userMapper.selectUserBySiam(map);
// System.out.println("1.1.4:login_name"+login_name);
// if(null!=login_name&&!"".equals(login_name)){
// //伪登录
// String JwtToken = loginService.loginSam(login_name,"ydzk@#2024");
// AjaxResult ajax = AjaxResult.success();
// ajax.put(Constants.TOKEN, JwtToken);
// return ajax;
// }else {
// return AjaxResult.error("未在系统内查询到相关账号,请联系管理员!");
// }
//
// }else {
// return AjaxResult.error(object.get("message").toString());
// }
//
// }
//
//
// public static void main(String[] args) {
//// String token="eyJ0eXBlIjoiSldUIiwiYWxnIjoiSFMyNTYifQ.eyJ1aWQiOiJuaWVzaHNoMjYiLCJvdSI6IuaWsOS4muWKoeS6i-S4mumDqCIsInNwb3JnbmFtZXBhdGgiOiIv5Lit5Zu955-z5YyWL-efs-ayueW3peeoi-WFrOWPuC_lnLDnkIPniannkIblhazlj7gv5Y2O5YyX5YiG5YWs5Y-4L-aWsOS4muWKoeS6i-S4mumDqC8iLCJjbiI6IuiBguaymeaymSIsImFwcGFjY291bnQiOltdLCJhY2NvdW50aWQiOltdLCJlbXBsb3llZW51bWJlciI6IjAwMjg3NzU1Iiwic2FtbGlkcHRva2VuIjoiTVRBdU1qUTVMakV6T1M0eU5EayUzRCU3Q05UYzFZbVE0TlRaa05UUXlPVFE0WlRKbE9UVXpNVFpqT1RReE9XVTNabUkwTVdJMlltVTBZMlptTjJJeU9XUTJNRFUyTXpVek16QXhNRGMxWVRrME1BJTNEJTNEJTdDeFNxNjhYR1I1aXJZdkhDZHZCaUtlJTJCOWl5b3MlM0QiLCJpc3MiOiJTSUFNIiwic3ViIjoibmllc2hzaDI2IiwiYXVkIjoiNzY4MyIsImlhdCI6MTczODgxMjUwNSwiZXhwIjoxNzM4ODQxMzA1LCJqdGkiOiI4MjM1NTIifQ.MGnRqv3iHWndlTGNyi-GwrCh_tWUOy2wNmMEWF_9KXk";
//// String split = ss.substring(ss.indexOf(".")+1,ss.lastIndexOf("."));
//// System.out.println("======split"+split);
//// Base64.Decoder decoder = Base64.getDecoder();
//// byte[] decodedBytes = decoder.decode(split);
//// String decodedString = new String(decodedBytes, StandardCharsets.UTF_8);
//// String[] chunks = token.split("\\.");
//// Base64.Decoder decoder = Base64.getUrlDecoder();
////
//// String header = new String(decoder.decode(chunks[0]));
//// String payload = new String(decoder.decode(chunks[1]));
//// System.out.println(header);
//// System.out.println(payload);
//// JSONObject objectinfo = JSONObject.parseObject(payload);
//// System.out.println("======objectinfo"+objectinfo);
//// String uid = objectinfo.get("uid").toString();
//// System.out.println("======uid"+uid);
//// JSONArray accountid = objectinfo.getJSONArray("accountid");
//// accountid.get(0);
//// System.out.println("======accountid"+accountid);
//
//// 输出解码后的字符串
//
////设置需要解析的jwt
//// String s = base64("dqwl_203935_01", "encoded");
//// System.out.println(s);
////
//// String s1 = base64("JTWcm_8w3hr", "encoded");
//// System.out.println(s1);
// }
// public String base64(String str, String flag) {
// byte[] bytes = str.getBytes();
// if (flag.equals("encoded")) {
// //Base64 加密
// String encoded = Base64.getEncoder().encodeToString(bytes);
//// System.out.println("Base 64 加密后:" + encoded);
// return encoded;
// }
// if (flag.equals("decoded")) {
// byte[] decoded = Base64.getDecoder().decode(str);
//
// String decodeStr = new String(decoded);
//// System.out.println("Base 64 解密后:" + decodeStr);
// return decodeStr;
// }
// return str;
// }
}
qianhe-admin/src/main/java/com/sinopec/siam/conf/mq-Log4j.properties 0 → 100644
#\u56DE\u6EDA\u65E5\u5FD7\u914D\u7F6E
#\u65B9\u5F0F1\uFF1A\u6BCF\u65E5\u751F\u6210\u4E00\u4E2A\u6587\u4EF6
#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
log4j.rootLogger=DEBUG,C3
#\u65B9\u5F0F2\uFF1A\u6309\u6587\u4EF6\u5927\u5C0F\u4E2A\u6570\u4FDD\u7559\u6700\u65B0\u9650\u5B9A\u65E5\u5FD7\u6587\u4EF6
#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
#log4j.rootLogger=DEBUG,R
### \u5E94\u7528\u4E8E\u63A7\u5236\u53F0
log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender
log4j.appender.A1.Threshold=DEBUG
log4j.appender.A1.Target=System.out
log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
#log4j.appender.A1.logfile.File=d:/siamlogs/a.log
#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n
#\u5E94\u7528\u4E8E\u6587\u4EF6
#log4j.appender.B2=org.apache.log4j.FileAppender
#log4j.appender.B2.Threshold=WARN
#log4j.appender.B2.File=logs/hrcpom_ERROR.log
#log4j.appender.B2.Append=false
#log4j.appender.B2.layout=org.apache.log4j.PatternLayout
#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n
#\u5468\u671F\u6027\u751F\u6210\u65E5\u5FD7
#\u6BCF\u5929\u4EA7\u751F\u4E00\u4E2A\u65E5\u5FD7\u6587\u4EF6
# 1)'.'yyyy-MM: \u6BCF\u6708
# 2)'.'yyyy-ww: \u6BCF\u5468
# 3)'.'yyyy-MM-dd: \u6BCF\u5929
# 4)'.'yyyy-MM-dd-a: \u6BCF\u5929\u4E24\u6B21
# 5)'.'yyyy-MM-dd-HH: \u6BCF\u5C0F\u65F6
# 6)'.'yyyy-MM-dd-HH-mm: \u6BCF\u5206\u949F
org.apache.log4j.DailyRollingFileAppender
log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender
log4j.appender.C3.Threshold=DEBUG
#log4j.appender.C3.File=logs/server1/sipc_sso.log
log4j.appender.C3.File=D:/logs/mq.log
log4j.appender.C3.Encoding=utf-8
log4j.appender.C3.DatePattern='.'yyyy-MM-dd
log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
# \u5E94\u7528\u4E8E\u6587\u4EF6\u56DE\u6EDA
log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender
log4j.appender.R.Threshold=DEBUG
log4j.appender.R.File=${catalina.home}/logs/saml_authR.log
log4j.appender.R.Append=true
#\u6587\u4EF6\u5927\u5C0F\u6309\u60C5\u51B5\u8BBE\u7F6E
log4j.appender.R.MaxFileSize=100MB
#\u4FDD\u7559\u6587\u4EF6\u4E2A\u6570\u6309\u60C5\u51B5\u914D\u7F6E
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
qianhe-admin/src/main/java/com/sinopec/siam/conf/mq4siam.properties 0 → 100644
#请求消息队列URL
receive.msg.url.base=https://mqs.uat.siam.sinopec.com/siam-provisioning-receive/ReceiveServlets
#证书库路径
receive.msg.url.keystore.path=/com/sinopec/siam/conf/mq.siam.sinopec.com.jks
receive.msg.url.keystore.pwd=fdR96f3lyHRRjLaNnhEbhA==
#队列名(注册后由统一身份反馈)
receive.msg.url.param.queuename=dqwl_7683
#用户名(注册后由统一身份反馈)
receive.msg.url.param.username=dqwl_7683
#密码(注册后由统一身份反馈,需要将明文通过help网站DES加密后使用)
receive.msg.url.param.pwd=/1g3mHyhzoDDpacxLcIr1g==
#每次批量下拉事件的数目
receive.msg.url.param.size=10
#调度执行时间间隔,单位:毫秒
timer.interval=1000
#调度重试时间间隔,单位:毫秒
timer.retry=1000
#链接打开超时时间,单位:毫秒
receive.msg.url.param.connecttimeout=2000
#链接读取超时时间,单位:毫秒
receive.msg.url.param.readtimeout=2000
sinopec.siam.version= V3.4
sinopec.siam.releasedate= 2024-08-29
qianhe-admin/src/main/java/com/sinopec/siam/provisioning/filter/InitFilter.java 0 → 100644
//package com.sinopec.siam.provisioning.filter;
//
//import java.io.IOException;
//
//import javax.servlet.Filter;
//import javax.servlet.FilterChain;
//import javax.servlet.FilterConfig;
//import javax.servlet.ServletException;
//import javax.servlet.ServletRequest;
//import javax.servlet.ServletResponse;
//
//import com.sinopec.siam.provisioning.handle.SimpleProvisioningEventListener;
//import com.sinopec.siam.provisioning.timer.ProvisioningEventSubscriberTimer;
//import com.sinopec.siam.apache.log4j.Logger;
//
//public class InitFilter implements Filter{
// /** Class logger. */
// private final Logger log = Logger.getLogger(InitFilter.class);
// public void init(FilterConfig filterConfig) throws ServletException {
// // TODO Auto-generated method stub
// log.info("================>[Filter]准备开始接收消息");
// ProvisioningEventSubscriberTimer provisioningEventSubscriberTimer=ProvisioningEventSubscriberTimer.getInstance(new SimpleProvisioningEventListener());
// try{
// provisioningEventSubscriberTimer.start();
// log.info("================>[Filter]自动开始接收消息.");
// }catch(IllegalThreadStateException e){
// }
// }
//
// public void doFilter(ServletRequest request, ServletResponse response,
// FilterChain chain) throws IOException, ServletException {
// // TODO Auto-generated method stub
//
// }
//
// public void destroy() {
// // TODO Auto-generated method stub
//
// }
//
//}
qianhe-admin/src/main/java/com/sinopec/siam/provisioning/handle/SimpleProvisioningEventListener.java 0 → 100644
///**
// *
// */
//package com.sinopec.siam.provisioning.handle;
//
//import java.text.SimpleDateFormat;
//import java.util.List;
//
//import com.sinopec.siam.apache.log4j.Logger;
//import com.sinopec.siam.provisioning.entity.Attribute;
//import com.sinopec.siam.provisioning.entity.EventType;
//import com.sinopec.siam.provisioning.entity.ProvisioningEvent;
//import com.sinopec.siam.provisioning.entity.ProvisioningEvents;
//import com.sinopec.siam.provisioning.entity.TargetEntity;
//import com.sinopec.siam.provisioning.entity.TargetSubject;
//import com.sinopec.siam.provisioning.listener.ProvisioningEventListener;
//import com.sinopec.siam.provisioning.timer.ProvisioningEventSubscriberTimer;
//import com.ruoyi.common.core.domain.entity.SysDept;
//import com.ruoyi.common.core.domain.entity.SysUser;
//
///**
// * 默认监听事件处理实现类<br>
// * 接口默认将事件XML转换成ProvisioningEvent对象。
// *
// * @author zhaodonglu
// * @since 2012-7-23 下午2:00:17
// */
//public class SimpleProvisioningEventListener implements ProvisioningEventListener {
//
// private static Logger log = Logger.getLogger(SimpleProvisioningEventListener.class);
//
//// @Autowired
//// private ISysUserService userService;
//// @Autowired
//// private ISysDeptService deptService;
//
//
// /**
// *
// */
// public SimpleProvisioningEventListener() {
// super();
// }
//
// public void process(ProvisioningEvents events) {
//
// // TODO Auto-generated method stub
// List<ProvisioningEvent> list = events.getEvent();
// log.info("list.size===================" + list.size());
// System.out.println("list.size===================" + list.size());
// for (int i = 0; i < list.size(); i++) {
// ProvisioningEvent event = new ProvisioningEvent();
// event = list.get(i);
// SimpleDateFormat time = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
// log.info("监听到事件内容如下:");
// log.info("事件流水号:" + event.getEventId());
// if (event.getOccuredTimestamp() == null) {
// log.info("事件发生时间:null");
// } else {
// log.info("事件发生时间:" + time.format(event.getOccuredTimestamp().getTime()));
// }
// log.info("事件类型:" + event.getEventType());
//
// /**
// * 应用账号创建
// */
// if (EventType.ACCOUNT_CREATED.equals(event.getEventType())) {
//
// String account_uid = "";//应用账号
// String uid = "";//用户账号
// String app_name = "";//应用名称
// String cn = "";//姓名
// String ou = "";//部门
// String employeenumber = "";//员工编码
//
// TargetEntity applicationEntity = event.getApplication();
// if (applicationEntity != null) {
// TargetSubject applicationSubject = applicationEntity.getSubject();
// app_name = applicationSubject.getSubject();
// log.info("应用系统:" + app_name);
// }
//
// TargetEntity personEntity = event.getPerson();
// if (personEntity != null) {
// TargetSubject personSubject = personEntity.getSubject();
// uid = personSubject.getSubject();
// log.info("用户账号:" + uid);
// }
//
// TargetEntity targetEntity = event.getTargetEntity();
// if (targetEntity != null) {
// TargetSubject targetSubject = targetEntity.getSubject();
// account_uid = targetSubject.getSubject();
// log.info("应用账号:" + account_uid);
// log.info("应用账号属性集合:");
// List<Attribute> attributes = targetEntity.getAttributes();
// for (Attribute attribute : attributes) {
// if (attribute.getName().equals("cn")) {
// cn = (String) attribute.getValues().get(0);
// log.info("姓名:" + cn);
// }
// if (attribute.getName().equals("employeenumber")) {
// employeenumber = (String) attribute.getValues().get(0);
// log.info("员工编码:" + employeenumber);
// }
// if (attribute.getName().equals("ou")) {
// ou = (String) attribute.getValues().get(0);
// log.info("部门:" + ou);
// }
// }
// // log.info(attribute);
// // 其他属性取值,自己编写代码
// }
//
// //新建账号
// SysUser u = new SysUser();
// u.setLoginName(uid);
// u.setUserName(cn);
// u.setDeptName(ou);
//// userService.insertUser(u);
//
// }
// /**
// * 应用账号修改
// */
// if (EventType.ACCOUNT_MODIFIED.equals(event.getEventType())) {
//
// String account_uid = "";//应用账号
// String uid = "";//用户账号
// String app_name = "";//应用名称
// String cn = "";//姓名
// String ou = "";//部门
// String employeenumber = "";//员工编码
//
// TargetEntity applicationEntity = event.getApplication();
// if (applicationEntity != null) {
// TargetSubject applicationSubject = applicationEntity.getSubject();
// app_name = applicationSubject.getSubject();
// log.info("应用系统:" + app_name);
// }
//
// TargetEntity personEntity = event.getPerson();
// if (personEntity != null) {
// TargetSubject personSubject = personEntity.getSubject();
// uid = personSubject.getSubject();
// log.info("用户账号:" + uid);
// }
// TargetEntity targetEntity = event.getTargetEntity();
// if (targetEntity != null) {
// TargetSubject targetSubject = targetEntity.getSubject();
// account_uid = targetSubject.getSubject();
// log.info("应用账号:" + account_uid);
// log.info("应用账号属性集合:");
// List<Attribute> attributes = targetEntity.getAttributes();
// for (Attribute attribute : attributes) {
// if (attribute.getName().equals("cn")) {
// cn = (String) attribute.getValues().get(0);
// log.info("姓名:" + cn);
// }
// if (attribute.getName().equals("employeenumber")) {
// employeenumber = (String) attribute.getValues().get(0);
// log.info("员工编码:" + employeenumber);
// }
// if (attribute.getName().equals("ou")) {
// ou = (String) attribute.getValues().get(0);
// log.info("部门:" + ou);
// }
// }
// // log.info(attribute);
// // 其他属性取值,自己编写代码
// }
//
// //修改账号
// SysUser u = new SysUser();
// u.setLoginName(uid);
// u.setUserName(cn);
// u.setDeptName(ou);
//// userService.updateUser(u);
// }
// /**
// * 应用账号禁用
// */
// if (EventType.ACCOUNT_DISABLED.equals(event.getEventType())) {
//
// String account_uid = "";//应用账号
// String uid = "";//用户账号
// String app_name = "";//应用名称
//
// TargetEntity applicationEntity = event.getApplication();
// if (applicationEntity != null) {
// TargetSubject applicationSubject = applicationEntity.getSubject();
// app_name = applicationSubject.getSubject();
// log.info("应用系统:" + app_name);
// }
// TargetEntity personEntity = event.getPerson();
// if (personEntity != null) {
// TargetSubject personSubject = personEntity.getSubject();
// uid = personSubject.getSubject();
// log.info("用户账号:" + uid);
// }
// TargetEntity targetEntity = event.getTargetEntity();
// if (targetEntity != null) {
// TargetSubject targetSubject = targetEntity.getSubject();
// account_uid = targetSubject.getSubject();
// log.info("应用账号:" + account_uid);
// }
// //禁用账号
// SysUser u = new SysUser();
// u.setLoginName(uid);
// u.setDelFlag("2");
//// userService.updateUser(u);
//
// }
// /**
// * 应用账号启用
// */
// if (EventType.ACCOUNT_ENABLED.equals(event.getEventType())) {
//
// String account_uid = "";//应用账号
// String uid = "";//用户账号
// String app_name = "";//应用名称
//
// TargetEntity applicationEntity = event.getApplication();
// if (applicationEntity != null) {
// TargetSubject applicationSubject = applicationEntity.getSubject();
// app_name = applicationSubject.getSubject();
// log.info("应用系统:" + app_name);
// }
// TargetEntity personEntity = event.getPerson();
// if (personEntity != null) {
// TargetSubject personSubject = personEntity.getSubject();
// uid = personSubject.getSubject();
// log.info("用户账号:" + uid);
// }
// TargetEntity targetEntity = event.getTargetEntity();
// if (targetEntity != null) {
// TargetSubject targetSubject = targetEntity.getSubject();
// account_uid = targetSubject.getSubject();
// log.info("应用账号:" + account_uid);
// }
// //启用账号
// SysUser u = new SysUser();
// u.setLoginName(uid);
// u.setDelFlag("0");
//// userService.updateUser(u);
// }
// /**
// * 应用账号删除
// */
// if (EventType.ACCOUNT_DELETED.equals(event.getEventType())) {
//
// String account_uid = "";//应用账号
// String uid = "";//用户账号
// String app_name = "";//应用名称
//
// TargetEntity applicationEntity = event.getApplication();
// if (applicationEntity != null) {
// TargetSubject applicationSubject = applicationEntity.getSubject();
// app_name = applicationSubject.getSubject();
// log.info("应用系统:" + app_name);
// }
// TargetEntity personEntity = event.getPerson();
// if (personEntity != null) {
// TargetSubject personSubject = personEntity.getSubject();
// uid = personSubject.getSubject();
// log.info("用户账号:" + uid);
// }
// TargetEntity targetEntity = event.getTargetEntity();
// if (targetEntity != null) {
// TargetSubject targetSubject = targetEntity.getSubject();
// account_uid = targetSubject.getSubject();
// log.info("应用账号:" + account_uid);
// }
// //删除账号
// SysUser u = new SysUser();
// u.setLoginName(uid);
// u.setDelFlag("-1");
//// userService.updateUser(u);
// }
// /**
// * 组织机构创建
// */
// if (EventType.ORGUNIT_CREATED.equals(event.getEventType())) {
//
// String ou = "";//组织编码
// String cn = "";//组织名称
// String spOrgLevel = "";//组织层级
// String spSupervisoryDepartment = "";//组织上级编码
// String spOuType = "";//组织类型,0:HR机构,1:非HR机构
//
// TargetEntity originalEntity = event.getTargetEntity();
// if (originalEntity != null) {
// TargetSubject originalSubject = originalEntity.getSubject();
// ou= originalSubject.getSubject();
// log.info("组织编码:" + ou);
// List<Attribute> originalAttributes = originalEntity.getAttributes();
// log.info("组织机构属性集合:");
// for (Attribute attribute : originalAttributes) {
// if(attribute.getName().equals("cn")){
// cn = (String) attribute.getValues().get(0);
// log.info("组织名称:"+cn);
// }
// if(attribute.getName().equals("spOrgLevel")){
// spOrgLevel = (String) attribute.getValues().get(0);
// log.info("组织层级:"+spOrgLevel);
// }
// if(attribute.getName().equals("spSupervisoryDepartment")){
// spSupervisoryDepartment = (String) attribute.getValues().get(0);
// log.info("组织上级编码:"+spSupervisoryDepartment);
// }
// if(attribute.getName().equals("spOuType")){
// spOuType = (String) attribute.getValues().get(0);
// log.info("组织类型:"+spOuType);
// }
//
// //log.info(attribute);
// // 其他属性取值,自己编写代码
// }
// //添加
// SysDept d = new SysDept();
// d.setOuid(ou);
// d.setDeptName(cn);
// d.setParentName(spSupervisoryDepartment);
// d.setStatus("0");
//// deptService.insertDept(d);
// }
// }
// /**
// * 组织机构修改
// */
// if (EventType.ORGUNIT_MODIFIED.equals(event.getEventType())) {
//
// String ou = "";//组织编码
// String cn = "";//组织名称
// String spOrgLevel = "";//组织层级
// String spSupervisoryDepartment = "";//组织上级编码
// String spOuType = "";//组织类型,0:HR机构,1:非HR机构
//
// TargetEntity originalEntity = event.getTargetEntity();
// if (originalEntity != null) {
// TargetSubject originalSubject = originalEntity.getSubject();
// ou = originalSubject.getSubject();
// log.info("组织编码:" + ou);
// List<Attribute> originalAttributes = originalEntity.getAttributes();
// log.info("组织机构属性集合:");
// for (Attribute attribute : originalAttributes) {
// if(attribute.getName().equals("cn")){
// cn = (String) attribute.getValues().get(0);
// log.info("组织名称:"+cn);
// }
// if(attribute.getName().equals("spOrgLevel")){
// spOrgLevel = (String) attribute.getValues().get(0);
// log.info("组织层级:"+spOrgLevel);
// }
// if(attribute.getName().equals("spSupervisoryDepartment")){
// spSupervisoryDepartment = (String) attribute.getValues().get(0);
// log.info("组织上级编码:"+spSupervisoryDepartment);
// }
// if(attribute.getName().equals("spOuType")){
// spOuType = (String) attribute.getValues().get(0);
// log.info("组织类型:"+spOuType);
// }
//
// //log.info(attribute);
// // 其他属性取值,自己编写代码
// }
// //修改
// SysDept d = new SysDept();
// d.setOuid(ou);
// d.setDeptName(cn);
// d.setParentName(spSupervisoryDepartment);
//// deptService.updateDept(d);
// }
// }
// /**
// * 组织机构删除
// */
// if (EventType.ORGUNIT_DELETED.equals(event.getEventType())) {
//
// String ou = "";//组织编码
// String cn = "";//组织名称
// String spOrgLevel = "";//组织层级
// String spSupervisoryDepartment = "";//组织上级编码
// String spOuType = "";//组织类型,0:HR机构,1:非HR机构
//
// TargetEntity originalEntity = event.getTargetEntity();
// if (originalEntity != null) {
// TargetSubject originalSubject = originalEntity.getSubject();
// ou = originalSubject.getSubject();
// log.info("组织编码:" + ou);
// List<Attribute> originalAttributes = originalEntity.getAttributes();
// log.info("组织机构属性集合:");
// for (Attribute attribute : originalAttributes) {
// if(attribute.getName().equals("cn")){
// cn = (String) attribute.getValues().get(0);
// log.info("组织名称:"+cn);
// }
// if(attribute.getName().equals("spOrgLevel")){
// spOrgLevel = (String) attribute.getValues().get(0);
// log.info("组织层级:"+spOrgLevel);
// }
// if(attribute.getName().equals("spSupervisoryDepartment")){
// spSupervisoryDepartment = (String) attribute.getValues().get(0);
// log.info("组织上级编码:"+spSupervisoryDepartment);
// }
// if(attribute.getName().equals("spOuType")){
// spOuType = (String) attribute.getValues().get(0);
// log.info("组织类型:"+spOuType);
// }
//
// //log.info(attribute);
// // 其他属性取值,自己编写代码
// }
// //删除
// SysDept d = new SysDept();
// d.setOuid(ou);
// d.setStatus("-1");
//// deptService.updateDept(d);
// }
// }
// }
// }
//
// public static void main(String[] args) {
// ProvisioningEventSubscriberTimer provisioningEventSubscriberTimer = ProvisioningEventSubscriberTimer
// .getInstance(new SimpleProvisioningEventListener());
// try {
// provisioningEventSubscriberTimer.start();
// } catch (IllegalThreadStateException e) {
// }
// }
//
//}
qianhe-admin/src/main/resources/conf/sp-saml-Log4j-cs.properties 0 → 100644
#\u56DE\u6EDA\u65E5\u5FD7\u914D\u7F6E
#\u65B9\u5F0F1\uFF1A\u6BCF\u65E5\u751F\u6210\u4E00\u4E2A\u6587\u4EF6
#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
log4j.rootLogger=DEBUG,C3
log4j.formatMsgNoLookups=true
#\u65B9\u5F0F2\uFF1A\u6309\u6587\u4EF6\u5927\u5C0F\u4E2A\u6570\u4FDD\u7559\u6700\u65B0\u9650\u5B9A\u65E5\u5FD7\u6587\u4EF6
#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
#log4j.rootLogger=DEBUG,R
### \u5E94\u7528\u4E8E\u63A7\u5236\u53F0
log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender
log4j.appender.A1.Threshold=DEBUG
log4j.appender.A1.Target=System.out
log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
#log4j.appender.A1.logfile.File=d:/siamlogs/a.log
#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n
#\u5E94\u7528\u4E8E\u6587\u4EF6
#log4j.appender.B2=com.sinopec.siam.apache.log4j.FileAppender
#log4j.appender.B2.Threshold=WARN
#log4j.appender.B2.File=logs/hrcpom_ERROR.log
#log4j.appender.B2.Append=false
#log4j.appender.B2.layout=com.sinopec.siam.apache.log4j.PatternLayout
#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n
#\u5468\u671F\u6027\u751F\u6210\u65E5\u5FD7
#\u6BCF\u5929\u4EA7\u751F\u4E00\u4E2A\u65E5\u5FD7\u6587\u4EF6
# 1)'.'yyyy-MM: \u6BCF\u6708
# 2)'.'yyyy-ww: \u6BCF\u5468
# 3)'.'yyyy-MM-dd: \u6BCF\u5929
# 4)'.'yyyy-MM-dd-a: \u6BCF\u5929\u4E24\u6B21
# 5)'.'yyyy-MM-dd-HH: \u6BCF\u5C0F\u65F6
# 6)'.'yyyy-MM-dd-HH-mm: \u6BCF\u5206\u949F
#com.sinopec.siam.apache.log4j.DailyRollingFileAppender
log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender
log4j.appender.C3.Threshold=DEBUG
#log4j.appender.C3.File=logs/server1/sipc_sso.log
log4j.appender.C3.Encoding=utf-8
log4j.appender.C3.File=D:/home/logs/saml_auth.log
log4j.appender.C3.DatePattern='.'yyyy-MM-dd
log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
log4j.logger.com.sinopec.siam.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider=DEBUG,C4
log4j.appender.C4=com.sinopec.siam.apache.log4j.DailyRollingFileAppender
#log4j.appender.C3.File=logs/server1/sipc_sso.log
log4j.appender.C4.Encoding=utf-8
log4j.appender.C4.File=D:/home/logs/metadata_down.log
log4j.appender.C4.DatePattern='.'yyyy-MM-dd
log4j.appender.C4.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.C4.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
#timer_metadata.log
# \u5E94\u7528\u4E8E\u6587\u4EF6\u56DE\u6EDA
log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender
log4j.appender.R.Threshold=DEBUG
log4j.appender.R.File=D:/home/logs/saml_authR.log
log4j.appender.R.Append=true
#\u6587\u4EF6\u5927\u5C0F\u6309\u60C5\u51B5\u8BBE\u7F6E
log4j.appender.R.MaxFileSize=100MB
#\u4FDD\u7559\u6587\u4EF6\u4E2A\u6570\u6309\u60C5\u51B5\u914D\u7F6E
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
qianhe-admin/src/main/resources/conf/sp-saml-Log4j.properties 0 → 100644
#\u56DE\u6EDA\u65E5\u5FD7\u914D\u7F6E
#\u65B9\u5F0F1\uFF1A\u6BCF\u65E5\u751F\u6210\u4E00\u4E2A\u6587\u4EF6
#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
log4j.rootLogger=DEBUG,C3
log4j.formatMsgNoLookups=true
#\u65B9\u5F0F2\uFF1A\u6309\u6587\u4EF6\u5927\u5C0F\u4E2A\u6570\u4FDD\u7559\u6700\u65B0\u9650\u5B9A\u65E5\u5FD7\u6587\u4EF6
#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
#log4j.rootLogger=DEBUG,R
### \u5E94\u7528\u4E8E\u63A7\u5236\u53F0
log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender
log4j.appender.A1.Threshold=DEBUG
log4j.appender.A1.Target=System.out
log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
#log4j.appender.A1.logfile.File=d:/siamlogs/a.log
#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n
#\u5E94\u7528\u4E8E\u6587\u4EF6
#log4j.appender.B2=com.sinopec.siam.apache.log4j.FileAppender
#log4j.appender.B2.Threshold=WARN
#log4j.appender.B2.File=logs/hrcpom_ERROR.log
#log4j.appender.B2.Append=false
#log4j.appender.B2.layout=com.sinopec.siam.apache.log4j.PatternLayout
#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n
#\u5468\u671F\u6027\u751F\u6210\u65E5\u5FD7
#\u6BCF\u5929\u4EA7\u751F\u4E00\u4E2A\u65E5\u5FD7\u6587\u4EF6
# 1)'.'yyyy-MM: \u6BCF\u6708
# 2)'.'yyyy-ww: \u6BCF\u5468
# 3)'.'yyyy-MM-dd: \u6BCF\u5929
# 4)'.'yyyy-MM-dd-a: \u6BCF\u5929\u4E24\u6B21
# 5)'.'yyyy-MM-dd-HH: \u6BCF\u5C0F\u65F6
# 6)'.'yyyy-MM-dd-HH-mm: \u6BCF\u5206\u949F
#com.sinopec.siam.apache.log4j.DailyRollingFileAppender
log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender
log4j.appender.C3.Threshold=DEBUG
#log4j.appender.C3.File=logs/server1/sipc_sso.log
log4j.appender.C3.Encoding=utf-8
log4j.appender.C3.File=E:/home/ruoyi/samlogs/saml_auth.log
log4j.appender.C3.DatePattern='.'yyyy-MM-dd
log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
log4j.logger.com.sinopec.siam.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider=DEBUG,C4
log4j.appender.C4=com.sinopec.siam.apache.log4j.DailyRollingFileAppender
#log4j.appender.C3.File=logs/server1/sipc_sso.log
log4j.appender.C4.Encoding=utf-8
log4j.appender.C4.File=E:/home/ruoyi/samlogs/metadata_down.log
log4j.appender.C4.DatePattern='.'yyyy-MM-dd
log4j.appender.C4.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.C4.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
#timer_metadata.log
# \u5E94\u7528\u4E8E\u6587\u4EF6\u56DE\u6EDA
log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender
log4j.appender.R.Threshold=DEBUG
log4j.appender.R.File=E:/home/ruoyi/samlogs/saml_authR.log
log4j.appender.R.Append=true
#\u6587\u4EF6\u5927\u5C0F\u6309\u60C5\u51B5\u8BBE\u7F6E
log4j.appender.R.MaxFileSize=100MB
#\u4FDD\u7559\u6587\u4EF6\u4E2A\u6570\u6309\u60C5\u51B5\u914D\u7F6E
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
qianhe-admin/src/main/resources/conf/sp-simple-config-cs.properties 0 → 100644
##
# config of SP
##
#默认认证方式(根据实际情况配置)
sp.auth.method.default=TAMUsernamePassword
#获取 sp、 idp的 metadata 文件地址(根据实际情况配置)
sp.metadata.ts.download.url=https://ts.uat.siam.sinopec.com
#SP应用节点ID(根据实际情况配置)
#sp.metadata.url.entityId=https://test.java.sinopec.com:9443
sp.metadata.url.entityId=https://10.249.139.249:249
ts.metadata.download.auto=true
#应用code,中文需要ASCII转码(根据实际情况配置)
#sp.login.tsysAccount=\u793A\u4F8B
sp.login.tsysAccount=\u5730\u7403\u7269\u7406\u8282\u70B9\u6570\u636E\u5904\u7406\u4E0E\u8D28\u63A7\u7CFB\u7EDF
#证书路径(根据实际情况配置,集成环境测试使用示例包中的配置)
#sp.credential.keyStorePath=classpath:/certs/jd.osgc.sinopec.com_keystore.jks
sp.credential.keyStorePath=classpath:/certs/test.uat.siam.sinopec.com.jks
#sp.credential.keyStorePath=classpath:/certs/test.app.siam.sinopec.com.jks
#证书库密码(根据实际情况配置,需help网站DES加密,集成环境测试使用示例包中的配置)
sp.credential.keyStorePassword=6ArCSisuIHxnzcT+/S8hHg==
#sp.credential.keyStorePassword=EplfHHTwI1liIfhgOTQYpQ==
# 证书密码(根据实际情况配置,需help网站DES加密,集成环境测试使用示例包中的配置)
sp.credential.keyPassword=6ArCSisuIHxnzcT+/S8hHg==
#sp.credential.keyPassword=EplfHHTwI1liIfhgOTQYpQ==
#证书别名(根据实际情况配置,集成环境测试使用示例包中的配置)
sp.credential.keyAlias=test.uat.siam.sinopec.com
#sp.credential.keyAlias=test.app.siam.sinopec.com
#sp.credential.keyAlias=jd.osgc.sinopec.com
#IDP应用节点ID(根据实际情况配置)
sp.saml2.idp.entityId=https://auth.uat.siam.sinopec.com/idp
#metadata请求超时时间,单位毫秒(根据实际情况配置)
ts.metadata.requestTimeout=30000
#ts下载是否为https
ts.metadata.disregardSSLCertificate=true
#metadata是否自动下载 true:自动下载,false:使用本地文件,需要手工考入
#metadata最小自动更新时间,单位毫秒(根据实际情况配置)默认10天 不能超过23天
ts.metadata.minRefreshDelay=864000000
#metadata最大自动更新时间,单位毫秒(根据实际情况配置)默认15天不能超过23天
ts.metadata.maxRefreshDelay=1296000000
# SP Key Store Type: jks
sp.credential.keyStoreType=jks
#saml返回报文和本地校验安全区间,单位秒
siam.reponse.safe.time.range=600
#使用本地会话测试 true
session.local=true
#siam.sp.proxy.web.urls:应用服务器url列表
#F5/nginx 负载代理时使用如下配置 flag=true
#配置示例:siam.sp.proxy.web.urls=[http://java.uat.sinopec.com:8081/sp/SSO/SAML2/POST],[https://eai.siam.sinopec.com:8080],[https://cheng.siam.sinopec.com:8080]
#配置示例:siam.sp.proxy.load.url=https://java.uat.sinopec.com:8443/proxy_path
#配置示例:siam.sp.proxy.flag=true
#siam.sp.proxy.web.urls=
#siam.sp.proxy.web.urls=[http://java.uat.sinopec.com/SSO/SAML2/POST]
#siam.sp.proxy.load.url=http://10.249.139.249:8089/siamlogin
#siam.sp.proxy.load.url=
#siam.sp.proxy.flag=false
siam.sp.proxy.web.urls=[https://10.249.139.249:249/SSO/SAML2/POST],[https://10.249.139.249:249/SSO/SAML2/POST],[http://10.249.139.249:249/SSO/SAML2/POST]
siam.sp.proxy.load.url=https://10.249.139.249:249/prod-api
#siam.sp.proxy.load.url=https://10.249.139.249:249
siam.sp.proxy.flag=true
#------------------------------------------------------------------------------------
#
# SAML SP JSP Error Handler
#
sp.jsp.error.handler.path=/error.jsp
#------------------------------------------------------------------------------------
#
# SSO Login Path
#
#
#SSO global logout after the redirec to login
#
sp.saml2.slo.redirectToLogin=true
sp.saml2.slo.requestPaths=/SSO/SLO/Redirect
#------------------
#sp.ParserPool
# xml解析池 默认不变
sp.ParserPool.maxPoolSize=100
sp.ParserPool.coalescing=true
sp.ParserPool.ignoreComments=true
sp.ParserPool.ignoreElementContentWhitespace=true
sp.ParserPool.namespaceAware=true
#sp.metadata.ts.download.url+sp.metadata.url+sp.metadata.url.entityId拼接成metadata下载地址
#sp.metadata.backUpPath、idp.metadata.backUpPath为metadata下载后的存放路径
sp.metadata.url=/ts/services/restful/topology/publisher/getEntityDescriptorByEntityID?entityID=
sp.metadata.backUpPath=classpath:sp-metadata.xml
idp.metadata.url=/ts/services/restful/topology/publisher/getIdPEntitiesDescriptor
idp.metadata.backUpPath=classpath:idp-metadata-all.xml
#------------------------------------------------------------------------------------
#
# SAML SP Local Logout parameter
#
sp.saml2.self.LLO.I18N.path=com.sinopec.siam.agent.messages.messages
sp.saml2.self.LLO.image.path=/images/login/success1.jpg
#------------------------------------------------------------------------------------
#
# Theme Of IdP Login Page
#
sp.saml2.idp.themeOfIdPLoginPage=default
# authentication level config file
sp.auth.method.level.file=classpath:/com/sinopec/siam/agent/web/siam-sp-authen-level.xml
#版本信息
sinopec.siam.version=3.6
sinopec.siam.releasedate=2023-10-10
\ No newline at end of file
qianhe-admin/src/main/resources/conf/sp-simple-config.properties 0 → 100644
##
# config of SP
##
#\u9ED8\u8BA4\u8BA4\u8BC1\u65B9\u5F0F\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
sp.auth.method.default=TAMUsernamePassword
#\u83B7\u53D6 sp\u3001 idp\u7684 metadata \u6587\u4EF6\u5730\u5740\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
#sp.metadata.ts.download.url=https://ts.uat.siam.sinopec.com
sp.metadata.ts.download.url=https://ts.siam.sinopec.com
#SP\u5E94\u7528\u8282\u70B9ID\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
#sp.metadata.url.entityId=https://test.java.sinopec.com:9443
sp.metadata.url.entityId=http://ydsj.slof.com:9034
ts.metadata.download.auto=true
#\u5E94\u7528code,\u4E2D\u6587\u9700\u8981ASCII\u8F6C\u7801\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
#sp.login.tsysAccount=\u793A\u4F8B
sp.login.tsysAccount=\u80DC\u5229\u6CB9\u7530\u57FA\u7840\u5DE5\u4F5C\u7BA1\u7406\u7CFB\u7EDF
#\u8BC1\u4E66\u8DEF\u5F84\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
sp.credential.keyStorePath=classpath:/certs/slyt.sp.siam.sinopec.com.jks
#sp.credential.keyStorePath=classpath:/certs/test.uat.siam.sinopec.com.jks
#sp.credential.keyStorePath=classpath:/certs/test.app.siam.sinopec.com.jks
#\u8BC1\u4E66\u5E93\u5BC6\u7801\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E,\u9700help\u7F51\u7AD9DES\u52A0\u5BC6\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
#sp.credential.keyStorePassword=6ArCSisuIHxnzcT+/S8hHg==
sp.credential.keyStorePassword=p0294sZW1VM=
# \u8BC1\u4E66\u5BC6\u7801\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF0C\u9700help\u7F51\u7AD9DES\u52A0\u5BC6\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
#sp.credential.keyPassword=6ArCSisuIHxnzcT+/S8hHg==
sp.credential.keyPassword=p0294sZW1VM=
#\u8BC1\u4E66\u522B\u540D\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
#sp.credential.keyAlias=test.uat.siam.sinopec.com
sp.credential.keyAlias=slyt.sp.siam.sinopec.com
#IDP\u5E94\u7528\u8282\u70B9ID\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
sp.saml2.idp.entityId=https://auth.siam.sinopec.com/idp
#metadata\u8BF7\u6C42\u8D85\u65F6\u65F6\u95F4\uFF0C\u5355\u4F4D\u6BEB\u79D2\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
ts.metadata.requestTimeout=30000
#ts\u4E0B\u8F7D\u662F\u5426\u4E3Ahttps
ts.metadata.disregardSSLCertificate=true
#metadata\u662F\u5426\u81EA\u52A8\u4E0B\u8F7D true:\u81EA\u52A8\u4E0B\u8F7D\uFF0Cfalse:\u4F7F\u7528\u672C\u5730\u6587\u4EF6\uFF0C\u9700\u8981\u624B\u5DE5\u8003\u5165
#metadata\u6700\u5C0F\u81EA\u52A8\u66F4\u65B0\u65F6\u95F4\uFF0C\u5355\u4F4D\u6BEB\u79D2\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09\u9ED8\u8BA410\u5929 \u4E0D\u80FD\u8D85\u8FC723\u5929
ts.metadata.minRefreshDelay=864000000
#metadata\u6700\u5927\u81EA\u52A8\u66F4\u65B0\u65F6\u95F4\uFF0C\u5355\u4F4D\u6BEB\u79D2\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09\u9ED8\u8BA415\u5929\u4E0D\u80FD\u8D85\u8FC723\u5929
ts.metadata.maxRefreshDelay=1296000000
# SP Key Store Type: jks
sp.credential.keyStoreType=jks
#saml\u8FD4\u56DE\u62A5\u6587\u548C\u672C\u5730\u6821\u9A8C\u5B89\u5168\u533A\u95F4\uFF0C\u5355\u4F4D\u79D2
siam.reponse.safe.time.range=600
#\u4F7F\u7528\u672C\u5730\u4F1A\u8BDD\u6D4B\u8BD5 true
session.local=true
#siam.sp.proxy.web.urls:\u5E94\u7528\u670D\u52A1\u5668url\u5217\u8868
#F5/nginx \u8D1F\u8F7D\u4EE3\u7406\u65F6\u4F7F\u7528\u5982\u4E0B\u914D\u7F6E flag=true
#\u914D\u7F6E\u793A\u4F8B:siam.sp.proxy.web.urls=[http://java.uat.sinopec.com:8081/sp/SSO/SAML2/POST],[https://eai.siam.sinopec.com:8080],[https://cheng.siam.sinopec.com:8080]
#\u914D\u7F6E\u793A\u4F8B:siam.sp.proxy.load.url=https://java.uat.sinopec.com:8443/proxy_path
#\u914D\u7F6E\u793A\u4F8B:siam.sp.proxy.flag=true
#siam.sp.proxy.web.urls=
#siam.sp.proxy.web.urls=[http://java.uat.sinopec.com/SSO/SAML2/POST]
#siam.sp.proxy.load.url=http://10.249.139.249:8089/siamlogin
#siam.sp.proxy.load.url=
#siam.sp.proxy.flag=false
siam.sp.proxy.web.urls=[http://ydsj.slof.com:9034/prod-api/sianlogin],[http://ydsj.slof.com:9034/SSO/SAML2/POST],[https://10.66.1.17:9034/SSO/SAML2/POST],[http://ydsj.slof.com:9034/SSO/SAML2/POST],[http://127.0.0.1:9034/SSO/SAML2/POST]
siam.sp.proxy.load.url=http://ydsj.slof.com:9034/prod-api
siam.sp.proxy.flag=true
#------------------------------------------------------------------------------------
#
# SAML SP JSP Error Handler
#
sp.jsp.error.handler.path=/error.jsp
#------------------------------------------------------------------------------------
#
# SSO Login Path
#
#
#SSO global logout after the redirec to login
#
sp.saml2.slo.redirectToLogin=true
sp.saml2.slo.requestPaths=/SSO/SLO/Redirect
#------------------
#sp.ParserPool
# xml\u89E3\u6790\u6C60 \u9ED8\u8BA4\u4E0D\u53D8
sp.ParserPool.maxPoolSize=100
sp.ParserPool.coalescing=true
sp.ParserPool.ignoreComments=true
sp.ParserPool.ignoreElementContentWhitespace=true
sp.ParserPool.namespaceAware=true
#sp.metadata.ts.download.url+sp.metadata.url+sp.metadata.url.entityId\u62FC\u63A5\u6210metadata\u4E0B\u8F7D\u5730\u5740
#sp.metadata.backUpPath\u3001idp.metadata.backUpPath\u4E3Ametadata\u4E0B\u8F7D\u540E\u7684\u5B58\u653E\u8DEF\u5F84
sp.metadata.url=/ts/services/restful/topology/publisher/getEntityDescriptorByEntityID?entityID=
#sp.metadata.backUpPath=classpath:sp-metadata.xml
sp.metadata.backUpPath=E:/home/ruoyi/samlogs/sp-metadata.xml
idp.metadata.url=/ts/services/restful/topology/publisher/getIdPEntitiesDescriptor
#idp.metadata.backUpPath=classpath:idp-metadata-all.xml
idp.metadata.backUpPath=E:/home/ruoyi/samlogs/idp-metadata-all.xml
#------------------------------------------------------------------------------------
#
# SAML SP Local Logout parameter
#
sp.saml2.self.LLO.I18N.path=com.sinopec.siam.agent.messages.messages
sp.saml2.self.LLO.image.path=/images/login/success1.jpg
#------------------------------------------------------------------------------------
#
# Theme Of IdP Login Page
#
sp.saml2.idp.themeOfIdPLoginPage=default
# authentication level config file
sp.auth.method.level.file=classpath:/com/sinopec/siam/agent/web/siam-sp-authen-level.xml
#\u7248\u672C\u4FE1\u606F
sinopec.siam.version=3.6
sinopec.siam.releasedate=2023-10-10
qianhe-framework/src/main/java/com/qianhe/framework/config/SecurityConfig.java
...@@ -106,12 +106,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter ...@@ -106,12 +106,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
.headers().cacheControl().disable().and() .headers().cacheControl().disable().and()
// 认证失败处理类 // 认证失败处理类
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// 基于token,所以不需要session // 基于token,所以不需要sessionF
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// 过滤请求 // 过滤请求
.authorizeRequests() .authorizeRequests()
// 对于登录login 注册register 验证码captchaImage 允许匿名访问 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
.antMatchers("/login", "/register", "/captchaImage").permitAll() .antMatchers("/login", "/register", "/captchaImage").permitAll()
.antMatchers("/**/siamlogin*").permitAll()
.antMatchers("/**/error").permitAll()
.antMatchers("/siamlogin", "/noaccess", "/SSO/**", "/siamlogin/**", "/**/siamlogin").permitAll()
.antMatchers("/system/sy/**").permitAll() .antMatchers("/system/sy/**").permitAll()
// 静态资源,可匿名访问 // 静态资源,可匿名访问
.antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll() .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
......
qianhe-framework/src/main/java/com/qianhe/framework/web/service/SysLoginService.java
...@@ -101,6 +101,45 @@ public class SysLoginService ...@@ -101,6 +101,45 @@ public class SysLoginService
return tokenService.createToken(loginUser); return tokenService.createToken(loginUser);
} }
public String loginSam(String username, String password)
{
// 验证码校验
// validateCaptcha(username, code, uuid);
// 登录前置校验
loginPreCheck(username, password);
// 用户验证
Authentication authentication = null;
try
{
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
AuthenticationContextHolder.setContext(authenticationToken);
// 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
authentication = authenticationManager.authenticate(authenticationToken);
}
catch (Exception e)
{
if (e instanceof BadCredentialsException)
{
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
throw new UserPasswordNotMatchException();
}
else
{
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
throw new ServiceException(e.getMessage());
}
}
finally
{
AuthenticationContextHolder.clearContext();
}
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
recordLoginInfo(loginUser.getUserId());
// 生成token
return tokenService.createToken(loginUser);
}
/** /**
* 校验验证码 * 校验验证码
* *
......
qianhe-system/src/main/java/com/qianhe/system/mapper/SysUserMapper.java
package com.qianhe.system.mapper; package com.qianhe.system.mapper;
import java.util.List; import java.util.List;
import java.util.Map;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
import com.qianhe.common.core.domain.entity.SysUser; import com.qianhe.common.core.domain.entity.SysUser;
...@@ -124,4 +126,7 @@ public interface SysUserMapper ...@@ -124,4 +126,7 @@ public interface SysUserMapper
* @return 结果 * @return 结果
*/ */
public SysUser checkEmailUnique(String email); public SysUser checkEmailUnique(String email);
public String selectUserBySiam(Map map);
} }
qianhe-system/src/main/resources/mapper/system/SysUserMapper.xml
...@@ -222,4 +222,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" ...@@ -222,4 +222,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
</foreach> </foreach>
</delete> </delete>
<select id="selectUserBySiam" parameterType="java.util.Map" resultType="String">
SELECT user_name FROM sys_user where (user_name =#{uid} or user_name = #{adAccountName} ) and del_flag = '0' limit 1
</select>
</mapper> </mapper>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment