2026-01-30 统一身份认证

0422da67 · wangjian · 794b2c11 · 0422da67 · 0422da67 · 0422da67
Commit 0422da67 authored Jan 30, 2026 by wangjian
21 changed files
--- a/qianhe-admin/pom.xml
+++ b/qianhe-admin/pom.xml
@@ -68,6 +68,14 @@
            <version>3.8.5</version>
        </dependency>
+        <!--统一认证-->
+        <!--统一身份认证-->
+        <dependency>
+            <groupId>com.qianhe</groupId>
+            <artifactId>siam-am-agent-simple</artifactId>
+            <version>3.3</version>
+        </dependency>
    </dependencies>
    <build>

--- a/qianhe-admin/src/main/java/com/qianhe/web/controller/config/SPConfig.java
+++ b/qianhe-admin/src/main/java/com/qianhe/web/controller/config/SPConfig.java
+package com.qianhe.web.controller.config;
+import com.sinopec.siam.agent.web.AccessEnforcer;
+import com.sinopec.siam.agent.web.SAMLProfileFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.boot.web.servlet.ServletContextInitializer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import javax.servlet.DispatcherType;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import java.util.HashMap;
+import java.util.Map;
+//*
+//* @Title: 统一认证配置管理
+//* @author wamgqi
+//* @date 2022年07月26
+@Configuration
+public class SPConfig {
+	@Bean
+	public ServletContextInitializer initializer() {
+	    return new ServletContextInitializer() {
+	        @Override
+	        public void onStartup(ServletContext servletContext) throws ServletException {
+	            servletContext.setInitParameter("spSimpleConfigFile", "classpath:/conf/sp-simple-config.properties");
+	        }
+	    };
+	}
+	@Bean
+	public FilterRegistrationBean<SAMLProfileFilter> registerSPFilter() {
+		FilterRegistrationBean<SAMLProfileFilter> bean = new FilterRegistrationBean<>();
+		System.err.println("FilterRegistrationBean");
+        System.err.println("开始注册SAMLProfileFilter");
+		bean.setDispatcherTypes(DispatcherType.REQUEST);
+		bean.setFilter(new SAMLProfileFilter());
+		bean.addUrlPatterns("/SSO/*");
+		bean.setName("SAMLProfileFilter");
+		bean.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
+        Map<String, String> initParameters = new HashMap<String, String>();
+        bean.setInitParameters(initParameters);
+		return bean;
+	}
+	@Bean
+	public FilterRegistrationBean<AccessEnforcer> registerMergeFilter() {
+		FilterRegistrationBean<AccessEnforcer> bean = new FilterRegistrationBean<>();
+		System.err.println("AccessEnforcer");
+        System.err.println("开始注册AccessEnforcer");
+		bean.setDispatcherTypes(DispatcherType.REQUEST);
+		bean.setFilter(new AccessEnforcer());
+		bean.addUrlPatterns("/siamlogin");
+		bean.setName("AccessEnforcerAuthen");
+		bean.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
+        Map<String, String> initParameters = new HashMap<String, String>();
+        initParameters.put("noFilterURLs", "/favicon.ico;/ruoyi.png;/html/*;/css/*;/docs/*;/fonts/*;/img/*;/ajax/*;/js/*;/zhimin/*;/captcha/captchaImage;;/common/*;/SSO/**;/profile/upload/*;/register/;/login;/loginauth;/noaccess;/api/**");
+        bean.setInitParameters(initParameters);
+		return bean;
+	}
+}
--- a/qianhe-admin/src/main/java/com/qianhe/web/controller/system/SiamloginController.java
+++ b/qianhe-admin/src/main/java/com/qianhe/web/controller/system/SiamloginController.java
--- a/qianhe-admin/src/main/java/com/sinopec/siam/conf/mq-Log4j.properties
+++ b/qianhe-admin/src/main/java/com/sinopec/siam/conf/mq-Log4j.properties
+#\u56DE\u6EDA\u65E5\u5FD7\u914D\u7F6E
+#\u65B9\u5F0F1\uFF1A\u6BCF\u65E5\u751F\u6210\u4E00\u4E2A\u6587\u4EF6
+#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
+log4j.rootLogger=DEBUG,C3
+#\u65B9\u5F0F2\uFF1A\u6309\u6587\u4EF6\u5927\u5C0F\u4E2A\u6570\u4FDD\u7559\u6700\u65B0\u9650\u5B9A\u65E5\u5FD7\u6587\u4EF6
+#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
+#log4j.rootLogger=DEBUG,R
+### \u5E94\u7528\u4E8E\u63A7\u5236\u53F0 
+log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender 
+log4j.appender.A1.Threshold=DEBUG
+log4j.appender.A1.Target=System.out 
+log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout 
+log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+#log4j.appender.A1.logfile.File=d:/siamlogs/a.log
+#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n 
+#\u5E94\u7528\u4E8E\u6587\u4EF6 
+#log4j.appender.B2=org.apache.log4j.FileAppender 
+#log4j.appender.B2.Threshold=WARN
+#log4j.appender.B2.File=logs/hrcpom_ERROR.log 
+#log4j.appender.B2.Append=false 
+#log4j.appender.B2.layout=org.apache.log4j.PatternLayout 
+#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n
+#\u5468\u671F\u6027\u751F\u6210\u65E5\u5FD7
+#\u6BCF\u5929\u4EA7\u751F\u4E00\u4E2A\u65E5\u5FD7\u6587\u4EF6
+# 						1)'.'yyyy-MM: \u6BCF\u6708
+#                     2)'.'yyyy-ww: \u6BCF\u5468 
+#                     3)'.'yyyy-MM-dd: \u6BCF\u5929
+#                     4)'.'yyyy-MM-dd-a: \u6BCF\u5929\u4E24\u6B21
+#                     5)'.'yyyy-MM-dd-HH: \u6BCF\u5C0F\u65F6
+#                     6)'.'yyyy-MM-dd-HH-mm: \u6BCF\u5206\u949F
+org.apache.log4j.DailyRollingFileAppender
+log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender 
+log4j.appender.C3.Threshold=DEBUG  
+#log4j.appender.C3.File=logs/server1/sipc_sso.log
+log4j.appender.C3.File=D:/logs/mq.log
+log4j.appender.C3.Encoding=utf-8
+log4j.appender.C3.DatePattern='.'yyyy-MM-dd
+log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout   
+log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+# \u5E94\u7528\u4E8E\u6587\u4EF6\u56DE\u6EDA 
+log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender 
+log4j.appender.R.Threshold=DEBUG
+log4j.appender.R.File=${catalina.home}/logs/saml_authR.log
+log4j.appender.R.Append=true 
+#\u6587\u4EF6\u5927\u5C0F\u6309\u60C5\u51B5\u8BBE\u7F6E
+log4j.appender.R.MaxFileSize=100MB
+#\u4FDD\u7559\u6587\u4EF6\u4E2A\u6570\u6309\u60C5\u51B5\u914D\u7F6E
+log4j.appender.R.MaxBackupIndex=10
+log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout 
+log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
--- a/qianhe-admin/src/main/java/com/sinopec/siam/conf/mq.siam.sinopec.com.jks
+++ b/qianhe-admin/src/main/java/com/sinopec/siam/conf/mq.siam.sinopec.com.jks
--- a/qianhe-admin/src/main/java/com/sinopec/siam/conf/mq4siam.properties
+++ b/qianhe-admin/src/main/java/com/sinopec/siam/conf/mq4siam.properties
+#è¯·æ±æ¶æ¯éåURL
+receive.msg.url.base=https://mqs.uat.siam.sinopec.com/siam-provisioning-receive/ReceiveServlets
+#è¯ä¹¦åºè·¯å¾
+receive.msg.url.keystore.path=/com/sinopec/siam/conf/mq.siam.sinopec.com.jks
+receive.msg.url.keystore.pwd=fdR96f3lyHRRjLaNnhEbhA==
+#éåå(æ³¨ååç±ç»ä¸èº«ä»½åé¦)
+receive.msg.url.param.queuename=dqwl_7683
+#ç¨æ·å(æ³¨ååç±ç»ä¸èº«ä»½åé¦)
+receive.msg.url.param.username=dqwl_7683
+#å¯ç (æ³¨ååç±ç»ä¸èº«ä»½åé¦,éè¦å°ææéè¿helpç½ç«DESå å¯åä½¿ç¨)
+receive.msg.url.param.pwd=/1g3mHyhzoDDpacxLcIr1g==
+#æ¯æ¬¡æ¹éä¸æäºä»¶çæ°ç®
+receive.msg.url.param.size=10
+#è°åº¦æ§è¡æ¶é´é´éï¼åä½ï¼æ¯«ç§
+timer.interval=1000
+#è°åº¦éè¯æ¶é´é´éï¼åä½ï¼æ¯«ç§
+timer.retry=1000
+#é¾æ¥æå¼è¶æ¶æ¶é´ï¼åä½ï¼æ¯«ç§
+receive.msg.url.param.connecttimeout=2000
+#é¾æ¥è¯»åè¶æ¶æ¶é´ï¼åä½ï¼æ¯«ç§
+receive.msg.url.param.readtimeout=2000
+sinopec.siam.version= V3.4
+sinopec.siam.releasedate= 2024-08-29
--- a/qianhe-admin/src/main/java/com/sinopec/siam/provisioning/filter/InitFilter.java
+++ b/qianhe-admin/src/main/java/com/sinopec/siam/provisioning/filter/InitFilter.java
+//package com.sinopec.siam.provisioning.filter;
+//
+//import java.io.IOException;
+//
+//import javax.servlet.Filter;
+//import javax.servlet.FilterChain;
+//import javax.servlet.FilterConfig;
+//import javax.servlet.ServletException;
+//import javax.servlet.ServletRequest;
+//import javax.servlet.ServletResponse;
+//
+//import com.sinopec.siam.provisioning.handle.SimpleProvisioningEventListener;
+//import com.sinopec.siam.provisioning.timer.ProvisioningEventSubscriberTimer;
+//import com.sinopec.siam.apache.log4j.Logger;
+//
+//public class InitFilter implements Filter{
+//	/** Class logger. */
+//    private final Logger log = Logger.getLogger(InitFilter.class);
+//	public void init(FilterConfig filterConfig) throws ServletException {
+//		// TODO Auto-generated method stub
+//		log.info("================>[Filter]准备开始接收消息");
+//		ProvisioningEventSubscriberTimer provisioningEventSubscriberTimer=ProvisioningEventSubscriberTimer.getInstance(new SimpleProvisioningEventListener());
+//		try{
+//			provisioningEventSubscriberTimer.start();
+//			log.info("================>[Filter]自动开始接收消息.");
+//		}catch(IllegalThreadStateException e){
+//		}
+//	}
+//
+//	public void doFilter(ServletRequest request, ServletResponse response,
+//			FilterChain chain) throws IOException, ServletException {
+//		// TODO Auto-generated method stub
+//
+//	}
+//
+//	public void destroy() {
+//		// TODO Auto-generated method stub
+//
+//	}
+//
+//}
--- a/qianhe-admin/src/main/java/com/sinopec/siam/provisioning/handle/SimpleProvisioningEventListener.java
+++ b/qianhe-admin/src/main/java/com/sinopec/siam/provisioning/handle/SimpleProvisioningEventListener.java
--- a/qianhe-admin/src/main/resources/certs/slyt.sp.siam.sinopec.com.jks
+++ b/qianhe-admin/src/main/resources/certs/slyt.sp.siam.sinopec.com.jks
--- a/qianhe-admin/src/main/resources/certs/test.app.siam.sinopec.com.jks
+++ b/qianhe-admin/src/main/resources/certs/test.app.siam.sinopec.com.jks
--- a/qianhe-admin/src/main/resources/conf/sp-saml-Log4j-cs.properties
+++ b/qianhe-admin/src/main/resources/conf/sp-saml-Log4j-cs.properties
+#\u56DE\u6EDA\u65E5\u5FD7\u914D\u7F6E
+#\u65B9\u5F0F1\uFF1A\u6BCF\u65E5\u751F\u6210\u4E00\u4E2A\u6587\u4EF6
+#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
+log4j.rootLogger=DEBUG,C3
+log4j.formatMsgNoLookups=true
+#\u65B9\u5F0F2\uFF1A\u6309\u6587\u4EF6\u5927\u5C0F\u4E2A\u6570\u4FDD\u7559\u6700\u65B0\u9650\u5B9A\u65E5\u5FD7\u6587\u4EF6
+#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
+#log4j.rootLogger=DEBUG,R
+### \u5E94\u7528\u4E8E\u63A7\u5236\u53F0
+log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender 
+log4j.appender.A1.Threshold=DEBUG
+log4j.appender.A1.Target=System.out 
+log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout 
+log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+#log4j.appender.A1.logfile.File=d:/siamlogs/a.log
+#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n
+#\u5E94\u7528\u4E8E\u6587\u4EF6
+#log4j.appender.B2=com.sinopec.siam.apache.log4j.FileAppender
+#log4j.appender.B2.Threshold=WARN
+#log4j.appender.B2.File=logs/hrcpom_ERROR.log
+#log4j.appender.B2.Append=false
+#log4j.appender.B2.layout=com.sinopec.siam.apache.log4j.PatternLayout
+#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n
+#\u5468\u671F\u6027\u751F\u6210\u65E5\u5FD7
+#\u6BCF\u5929\u4EA7\u751F\u4E00\u4E2A\u65E5\u5FD7\u6587\u4EF6
+# 						1)'.'yyyy-MM: \u6BCF\u6708
+#                     2)'.'yyyy-ww: \u6BCF\u5468
+#                     3)'.'yyyy-MM-dd: \u6BCF\u5929
+#                     4)'.'yyyy-MM-dd-a: \u6BCF\u5929\u4E24\u6B21
+#                     5)'.'yyyy-MM-dd-HH: \u6BCF\u5C0F\u65F6
+#                     6)'.'yyyy-MM-dd-HH-mm: \u6BCF\u5206\u949F
+#com.sinopec.siam.apache.log4j.DailyRollingFileAppender
+log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender 
+log4j.appender.C3.Threshold=DEBUG  
+#log4j.appender.C3.File=logs/server1/sipc_sso.log
+log4j.appender.C3.Encoding=utf-8
+log4j.appender.C3.File=D:/home/logs/saml_auth.log
+log4j.appender.C3.DatePattern='.'yyyy-MM-dd
+log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout   
+log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+log4j.logger.com.sinopec.siam.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider=DEBUG,C4
+log4j.appender.C4=com.sinopec.siam.apache.log4j.DailyRollingFileAppender 
+#log4j.appender.C3.File=logs/server1/sipc_sso.log
+log4j.appender.C4.Encoding=utf-8
+log4j.appender.C4.File=D:/home/logs/metadata_down.log
+log4j.appender.C4.DatePattern='.'yyyy-MM-dd
+log4j.appender.C4.layout=com.sinopec.siam.apache.log4j.PatternLayout   
+log4j.appender.C4.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+#timer_metadata.log
+# \u5E94\u7528\u4E8E\u6587\u4EF6\u56DE\u6EDA
+log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender 
+log4j.appender.R.Threshold=DEBUG
+log4j.appender.R.File=D:/home/logs/saml_authR.log
+log4j.appender.R.Append=true 
+#\u6587\u4EF6\u5927\u5C0F\u6309\u60C5\u51B5\u8BBE\u7F6E
+log4j.appender.R.MaxFileSize=100MB
+#\u4FDD\u7559\u6587\u4EF6\u4E2A\u6570\u6309\u60C5\u51B5\u914D\u7F6E
+log4j.appender.R.MaxBackupIndex=10
+log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout 
+log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
--- a/qianhe-admin/src/main/resources/conf/sp-saml-Log4j.properties
+++ b/qianhe-admin/src/main/resources/conf/sp-saml-Log4j.properties
+#\u56DE\u6EDA\u65E5\u5FD7\u914D\u7F6E
+#\u65B9\u5F0F1\uFF1A\u6BCF\u65E5\u751F\u6210\u4E00\u4E2A\u6587\u4EF6
+#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
+log4j.rootLogger=DEBUG,C3
+log4j.formatMsgNoLookups=true
+#\u65B9\u5F0F2\uFF1A\u6309\u6587\u4EF6\u5927\u5C0F\u4E2A\u6570\u4FDD\u7559\u6700\u65B0\u9650\u5B9A\u65E5\u5FD7\u6587\u4EF6
+#DEBUG,INFO,ERROR,\u5EFA\u8BAE\u5207\u6362\u751F\u4EA7\u540E\u4F7F\u7528INFO\u6216ERROR
+#log4j.rootLogger=DEBUG,R
+### \u5E94\u7528\u4E8E\u63A7\u5236\u53F0
+log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender 
+log4j.appender.A1.Threshold=DEBUG
+log4j.appender.A1.Target=System.out 
+log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout 
+log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+#log4j.appender.A1.logfile.File=d:/siamlogs/a.log
+#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n
+#\u5E94\u7528\u4E8E\u6587\u4EF6
+#log4j.appender.B2=com.sinopec.siam.apache.log4j.FileAppender
+#log4j.appender.B2.Threshold=WARN
+#log4j.appender.B2.File=logs/hrcpom_ERROR.log
+#log4j.appender.B2.Append=false
+#log4j.appender.B2.layout=com.sinopec.siam.apache.log4j.PatternLayout
+#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n
+#\u5468\u671F\u6027\u751F\u6210\u65E5\u5FD7
+#\u6BCF\u5929\u4EA7\u751F\u4E00\u4E2A\u65E5\u5FD7\u6587\u4EF6
+# 						1)'.'yyyy-MM: \u6BCF\u6708
+#                     2)'.'yyyy-ww: \u6BCF\u5468
+#                     3)'.'yyyy-MM-dd: \u6BCF\u5929
+#                     4)'.'yyyy-MM-dd-a: \u6BCF\u5929\u4E24\u6B21
+#                     5)'.'yyyy-MM-dd-HH: \u6BCF\u5C0F\u65F6
+#                     6)'.'yyyy-MM-dd-HH-mm: \u6BCF\u5206\u949F
+#com.sinopec.siam.apache.log4j.DailyRollingFileAppender
+log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender 
+log4j.appender.C3.Threshold=DEBUG  
+#log4j.appender.C3.File=logs/server1/sipc_sso.log
+log4j.appender.C3.Encoding=utf-8
+log4j.appender.C3.File=E:/home/ruoyi/samlogs/saml_auth.log
+log4j.appender.C3.DatePattern='.'yyyy-MM-dd
+log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout   
+log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+log4j.logger.com.sinopec.siam.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider=DEBUG,C4
+log4j.appender.C4=com.sinopec.siam.apache.log4j.DailyRollingFileAppender 
+#log4j.appender.C3.File=logs/server1/sipc_sso.log
+log4j.appender.C4.Encoding=utf-8
+log4j.appender.C4.File=E:/home/ruoyi/samlogs/metadata_down.log
+log4j.appender.C4.DatePattern='.'yyyy-MM-dd
+log4j.appender.C4.layout=com.sinopec.siam.apache.log4j.PatternLayout   
+log4j.appender.C4.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
+#timer_metadata.log
+# \u5E94\u7528\u4E8E\u6587\u4EF6\u56DE\u6EDA
+log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender 
+log4j.appender.R.Threshold=DEBUG
+log4j.appender.R.File=E:/home/ruoyi/samlogs/saml_authR.log
+log4j.appender.R.Append=true 
+#\u6587\u4EF6\u5927\u5C0F\u6309\u60C5\u51B5\u8BBE\u7F6E
+log4j.appender.R.MaxFileSize=100MB
+#\u4FDD\u7559\u6587\u4EF6\u4E2A\u6570\u6309\u60C5\u51B5\u914D\u7F6E
+log4j.appender.R.MaxBackupIndex=10
+log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout 
+log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c[%M][line\:%L] %m%n
--- a/qianhe-admin/src/main/resources/conf/sp-simple-config-cs.properties
+++ b/qianhe-admin/src/main/resources/conf/sp-simple-config-cs.properties
+##
+# config of SP
+##
+#默认认证方式（根据实际情况配置）
+sp.auth.method.default=TAMUsernamePassword
+#获取 sp、 idp的 metadata 文件地址（根据实际情况配置）
+sp.metadata.ts.download.url=https://ts.uat.siam.sinopec.com
+#SP应用节点ID（根据实际情况配置）
+#sp.metadata.url.entityId=https://test.java.sinopec.com:9443
+sp.metadata.url.entityId=https://10.249.139.249:249
+ts.metadata.download.auto=true
+#应用code,中文需要ASCII转码（根据实际情况配置）
+#sp.login.tsysAccount=\u793A\u4F8B
+sp.login.tsysAccount=\u5730\u7403\u7269\u7406\u8282\u70B9\u6570\u636E\u5904\u7406\u4E0E\u8D28\u63A7\u7CFB\u7EDF
+#证书路径（根据实际情况配置，集成环境测试使用示例包中的配置）
+#sp.credential.keyStorePath=classpath:/certs/jd.osgc.sinopec.com_keystore.jks
+sp.credential.keyStorePath=classpath:/certs/test.uat.siam.sinopec.com.jks
+#sp.credential.keyStorePath=classpath:/certs/test.app.siam.sinopec.com.jks
+#证书库密码（根据实际情况配置,需help网站DES加密，集成环境测试使用示例包中的配置）
+sp.credential.keyStorePassword=6ArCSisuIHxnzcT+/S8hHg==
+#sp.credential.keyStorePassword=EplfHHTwI1liIfhgOTQYpQ==
+# 证书密码（根据实际情况配置，需help网站DES加密，集成环境测试使用示例包中的配置）
+sp.credential.keyPassword=6ArCSisuIHxnzcT+/S8hHg==
+#sp.credential.keyPassword=EplfHHTwI1liIfhgOTQYpQ==
+#证书别名（根据实际情况配置，集成环境测试使用示例包中的配置）
+sp.credential.keyAlias=test.uat.siam.sinopec.com
+#sp.credential.keyAlias=test.app.siam.sinopec.com
+#sp.credential.keyAlias=jd.osgc.sinopec.com
+#IDP应用节点ID（根据实际情况配置）
+sp.saml2.idp.entityId=https://auth.uat.siam.sinopec.com/idp
+#metadata请求超时时间，单位毫秒（根据实际情况配置）
+ts.metadata.requestTimeout=30000
+#ts下载是否为https 
+ts.metadata.disregardSSLCertificate=true
+#metadata是否自动下载 true:自动下载，false:使用本地文件，需要手工考入
+#metadata最小自动更新时间，单位毫秒（根据实际情况配置）默认10天 不能超过23天
+ts.metadata.minRefreshDelay=864000000
+#metadata最大自动更新时间，单位毫秒（根据实际情况配置）默认15天不能超过23天
+ts.metadata.maxRefreshDelay=1296000000
+# SP Key Store Type: jks
+sp.credential.keyStoreType=jks
+#saml返回报文和本地校验安全区间，单位秒
+siam.reponse.safe.time.range=600
+#使用本地会话测试 true
+session.local=true
+#siam.sp.proxy.web.urls:应用服务器url列表
+#F5/nginx 负载代理时使用如下配置 flag=true
+#配置示例:siam.sp.proxy.web.urls=[http://java.uat.sinopec.com:8081/sp/SSO/SAML2/POST],[https://eai.siam.sinopec.com:8080],[https://cheng.siam.sinopec.com:8080]
+#配置示例:siam.sp.proxy.load.url=https://java.uat.sinopec.com:8443/proxy_path
+#配置示例:siam.sp.proxy.flag=true
+#siam.sp.proxy.web.urls=
+#siam.sp.proxy.web.urls=[http://java.uat.sinopec.com/SSO/SAML2/POST]
+#siam.sp.proxy.load.url=http://10.249.139.249:8089/siamlogin
+#siam.sp.proxy.load.url=
+#siam.sp.proxy.flag=false
+siam.sp.proxy.web.urls=[https://10.249.139.249:249/SSO/SAML2/POST],[https://10.249.139.249:249/SSO/SAML2/POST],[http://10.249.139.249:249/SSO/SAML2/POST]
+siam.sp.proxy.load.url=https://10.249.139.249:249/prod-api
+#siam.sp.proxy.load.url=https://10.249.139.249:249
+siam.sp.proxy.flag=true
+#------------------------------------------------------------------------------------
+#
+# SAML SP JSP Error Handler
+#
+sp.jsp.error.handler.path=/error.jsp
+#------------------------------------------------------------------------------------
+#
+# SSO Login Path
+#
+#
+#SSO global logout after the redirec to login
+#
+sp.saml2.slo.redirectToLogin=true
+sp.saml2.slo.requestPaths=/SSO/SLO/Redirect
+#------------------
+#sp.ParserPool
+# xml解析池 默认不变
+sp.ParserPool.maxPoolSize=100
+sp.ParserPool.coalescing=true
+sp.ParserPool.ignoreComments=true
+sp.ParserPool.ignoreElementContentWhitespace=true
+sp.ParserPool.namespaceAware=true
+#sp.metadata.ts.download.url+sp.metadata.url+sp.metadata.url.entityId拼接成metadata下载地址
+#sp.metadata.backUpPath、idp.metadata.backUpPath为metadata下载后的存放路径
+sp.metadata.url=/ts/services/restful/topology/publisher/getEntityDescriptorByEntityID?entityID=
+sp.metadata.backUpPath=classpath:sp-metadata.xml
+idp.metadata.url=/ts/services/restful/topology/publisher/getIdPEntitiesDescriptor
+idp.metadata.backUpPath=classpath:idp-metadata-all.xml
+#------------------------------------------------------------------------------------
+#
+# SAML SP Local Logout parameter
+#
+sp.saml2.self.LLO.I18N.path=com.sinopec.siam.agent.messages.messages
+sp.saml2.self.LLO.image.path=/images/login/success1.jpg
+#------------------------------------------------------------------------------------
+#
+# Theme Of IdP Login Page 
+#
+sp.saml2.idp.themeOfIdPLoginPage=default
+# authentication level config file
+sp.auth.method.level.file=classpath:/com/sinopec/siam/agent/web/siam-sp-authen-level.xml
+#版本信息
+sinopec.siam.version=3.6
+sinopec.siam.releasedate=2023-10-10
\ No newline at end of file
--- a/qianhe-admin/src/main/resources/conf/sp-simple-config.properties
+++ b/qianhe-admin/src/main/resources/conf/sp-simple-config.properties
+##
+# config of SP
+##
+#\u9ED8\u8BA4\u8BA4\u8BC1\u65B9\u5F0F\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
+sp.auth.method.default=TAMUsernamePassword
+#\u83B7\u53D6 sp\u3001 idp\u7684 metadata \u6587\u4EF6\u5730\u5740\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
+#sp.metadata.ts.download.url=https://ts.uat.siam.sinopec.com
+sp.metadata.ts.download.url=https://ts.siam.sinopec.com
+#SP\u5E94\u7528\u8282\u70B9ID\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
+#sp.metadata.url.entityId=https://test.java.sinopec.com:9443
+sp.metadata.url.entityId=http://ydsj.slof.com:9034
+ts.metadata.download.auto=true
+#\u5E94\u7528code,\u4E2D\u6587\u9700\u8981ASCII\u8F6C\u7801\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
+#sp.login.tsysAccount=\u793A\u4F8B
+sp.login.tsysAccount=\u80DC\u5229\u6CB9\u7530\u57FA\u7840\u5DE5\u4F5C\u7BA1\u7406\u7CFB\u7EDF
+#\u8BC1\u4E66\u8DEF\u5F84\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
+sp.credential.keyStorePath=classpath:/certs/slyt.sp.siam.sinopec.com.jks
+#sp.credential.keyStorePath=classpath:/certs/test.uat.siam.sinopec.com.jks
+#sp.credential.keyStorePath=classpath:/certs/test.app.siam.sinopec.com.jks
+#\u8BC1\u4E66\u5E93\u5BC6\u7801\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E,\u9700help\u7F51\u7AD9DES\u52A0\u5BC6\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
+#sp.credential.keyStorePassword=6ArCSisuIHxnzcT+/S8hHg==
+sp.credential.keyStorePassword=p0294sZW1VM=
+# \u8BC1\u4E66\u5BC6\u7801\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF0C\u9700help\u7F51\u7AD9DES\u52A0\u5BC6\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
+#sp.credential.keyPassword=6ArCSisuIHxnzcT+/S8hHg==
+sp.credential.keyPassword=p0294sZW1VM=
+#\u8BC1\u4E66\u522B\u540D\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF0C\u96C6\u6210\u73AF\u5883\u6D4B\u8BD5\u4F7F\u7528\u793A\u4F8B\u5305\u4E2D\u7684\u914D\u7F6E\uFF09
+#sp.credential.keyAlias=test.uat.siam.sinopec.com
+sp.credential.keyAlias=slyt.sp.siam.sinopec.com
+#IDP\u5E94\u7528\u8282\u70B9ID\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
+sp.saml2.idp.entityId=https://auth.siam.sinopec.com/idp
+#metadata\u8BF7\u6C42\u8D85\u65F6\u65F6\u95F4\uFF0C\u5355\u4F4D\u6BEB\u79D2\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09
+ts.metadata.requestTimeout=30000
+#ts\u4E0B\u8F7D\u662F\u5426\u4E3Ahttps
+ts.metadata.disregardSSLCertificate=true
+#metadata\u662F\u5426\u81EA\u52A8\u4E0B\u8F7D true:\u81EA\u52A8\u4E0B\u8F7D\uFF0Cfalse:\u4F7F\u7528\u672C\u5730\u6587\u4EF6\uFF0C\u9700\u8981\u624B\u5DE5\u8003\u5165
+#metadata\u6700\u5C0F\u81EA\u52A8\u66F4\u65B0\u65F6\u95F4\uFF0C\u5355\u4F4D\u6BEB\u79D2\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09\u9ED8\u8BA410\u5929 \u4E0D\u80FD\u8D85\u8FC723\u5929
+ts.metadata.minRefreshDelay=864000000
+#metadata\u6700\u5927\u81EA\u52A8\u66F4\u65B0\u65F6\u95F4\uFF0C\u5355\u4F4D\u6BEB\u79D2\uFF08\u6839\u636E\u5B9E\u9645\u60C5\u51B5\u914D\u7F6E\uFF09\u9ED8\u8BA415\u5929\u4E0D\u80FD\u8D85\u8FC723\u5929
+ts.metadata.maxRefreshDelay=1296000000
+# SP Key Store Type: jks
+sp.credential.keyStoreType=jks
+#saml\u8FD4\u56DE\u62A5\u6587\u548C\u672C\u5730\u6821\u9A8C\u5B89\u5168\u533A\u95F4\uFF0C\u5355\u4F4D\u79D2
+siam.reponse.safe.time.range=600
+#\u4F7F\u7528\u672C\u5730\u4F1A\u8BDD\u6D4B\u8BD5 true
+session.local=true
+#siam.sp.proxy.web.urls:\u5E94\u7528\u670D\u52A1\u5668url\u5217\u8868
+#F5/nginx \u8D1F\u8F7D\u4EE3\u7406\u65F6\u4F7F\u7528\u5982\u4E0B\u914D\u7F6E flag=true
+#\u914D\u7F6E\u793A\u4F8B:siam.sp.proxy.web.urls=[http://java.uat.sinopec.com:8081/sp/SSO/SAML2/POST],[https://eai.siam.sinopec.com:8080],[https://cheng.siam.sinopec.com:8080]
+#\u914D\u7F6E\u793A\u4F8B:siam.sp.proxy.load.url=https://java.uat.sinopec.com:8443/proxy_path
+#\u914D\u7F6E\u793A\u4F8B:siam.sp.proxy.flag=true
+#siam.sp.proxy.web.urls=
+#siam.sp.proxy.web.urls=[http://java.uat.sinopec.com/SSO/SAML2/POST]
+#siam.sp.proxy.load.url=http://10.249.139.249:8089/siamlogin
+#siam.sp.proxy.load.url=
+#siam.sp.proxy.flag=false
+siam.sp.proxy.web.urls=[http://ydsj.slof.com:9034/prod-api/sianlogin],[http://ydsj.slof.com:9034/SSO/SAML2/POST],[https://10.66.1.17:9034/SSO/SAML2/POST],[http://ydsj.slof.com:9034/SSO/SAML2/POST],[http://127.0.0.1:9034/SSO/SAML2/POST]
+siam.sp.proxy.load.url=http://ydsj.slof.com:9034/prod-api
+siam.sp.proxy.flag=true
+#------------------------------------------------------------------------------------
+#
+# SAML SP JSP Error Handler
+#
+sp.jsp.error.handler.path=/error.jsp
+#------------------------------------------------------------------------------------
+#
+# SSO Login Path
+#
+#
+#SSO global logout after the redirec to login
+#
+sp.saml2.slo.redirectToLogin=true
+sp.saml2.slo.requestPaths=/SSO/SLO/Redirect
+#------------------
+#sp.ParserPool
+# xml\u89E3\u6790\u6C60 \u9ED8\u8BA4\u4E0D\u53D8
+sp.ParserPool.maxPoolSize=100
+sp.ParserPool.coalescing=true
+sp.ParserPool.ignoreComments=true
+sp.ParserPool.ignoreElementContentWhitespace=true
+sp.ParserPool.namespaceAware=true
+#sp.metadata.ts.download.url+sp.metadata.url+sp.metadata.url.entityId\u62FC\u63A5\u6210metadata\u4E0B\u8F7D\u5730\u5740
+#sp.metadata.backUpPath\u3001idp.metadata.backUpPath\u4E3Ametadata\u4E0B\u8F7D\u540E\u7684\u5B58\u653E\u8DEF\u5F84
+sp.metadata.url=/ts/services/restful/topology/publisher/getEntityDescriptorByEntityID?entityID=
+#sp.metadata.backUpPath=classpath:sp-metadata.xml
+sp.metadata.backUpPath=E:/home/ruoyi/samlogs/sp-metadata.xml
+idp.metadata.url=/ts/services/restful/topology/publisher/getIdPEntitiesDescriptor
+#idp.metadata.backUpPath=classpath:idp-metadata-all.xml
+idp.metadata.backUpPath=E:/home/ruoyi/samlogs/idp-metadata-all.xml
+#------------------------------------------------------------------------------------
+#
+# SAML SP Local Logout parameter
+#
+sp.saml2.self.LLO.I18N.path=com.sinopec.siam.agent.messages.messages
+sp.saml2.self.LLO.image.path=/images/login/success1.jpg
+#------------------------------------------------------------------------------------
+#
+# Theme Of IdP Login Page
+#
+sp.saml2.idp.themeOfIdPLoginPage=default
+# authentication level config file
+sp.auth.method.level.file=classpath:/com/sinopec/siam/agent/web/siam-sp-authen-level.xml
+#\u7248\u672C\u4FE1\u606F
+sinopec.siam.version=3.6
+sinopec.siam.releasedate=2023-10-10
--- a/qianhe-admin/src/main/resources/siam-am-agent-simple-3.2.RELEASE.jar
+++ b/qianhe-admin/src/main/resources/siam-am-agent-simple-3.2.RELEASE.jar
--- a/qianhe-admin/src/main/resources/siam-am-agent-simple-3.3.RELEASE.jar
+++ b/qianhe-admin/src/main/resources/siam-am-agent-simple-3.3.RELEASE.jar
--- a/qianhe-admin/src/main/resources/siam-provisioning-subscriber-clients-3.3.RELEASE.jar
+++ b/qianhe-admin/src/main/resources/siam-provisioning-subscriber-clients-3.3.RELEASE.jar
--- a/qianhe-framework/src/main/java/com/qianhe/framework/config/SecurityConfig.java
+++ b/qianhe-framework/src/main/java/com/qianhe/framework/config/SecurityConfig.java
@@ -106,12 +106,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                .headers().cacheControl().disable().and()
                // 认证失败处理类
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
-                // 基于token，所以不需要session
+                // 基于token，所以不需要sessionF
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
                .antMatchers("/login", "/register", "/captchaImage").permitAll()
+                .antMatchers("/**/siamlogin*").permitAll()
+                .antMatchers("/**/error").permitAll()
+                .antMatchers("/siamlogin", "/noaccess", "/SSO/**", "/siamlogin/**", "/**/siamlogin").permitAll()
                .antMatchers("/system/sy/**").permitAll()
                // 静态资源，可匿名访问
                .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()

--- a/qianhe-framework/src/main/java/com/qianhe/framework/web/service/SysLoginService.java
+++ b/qianhe-framework/src/main/java/com/qianhe/framework/web/service/SysLoginService.java
@@ -101,6 +101,45 @@ public class SysLoginService
        return tokenService.createToken(loginUser);
    }
+    public String loginSam(String username, String password)
+    {
+        // 验证码校验
+//        validateCaptcha(username, code, uuid);
+        // 登录前置校验
+        loginPreCheck(username, password);
+        // 用户验证
+        Authentication authentication = null;
+        try
+        {
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
+            AuthenticationContextHolder.setContext(authenticationToken);
+            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
+            authentication = authenticationManager.authenticate(authenticationToken);
+        }
+        catch (Exception e)
+        {
+            if (e instanceof BadCredentialsException)
+            {
+                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
+                throw new UserPasswordNotMatchException();
+            }
+            else
+            {
+                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
+                throw new ServiceException(e.getMessage());
+            }
+        }
+        finally
+        {
+            AuthenticationContextHolder.clearContext();
+        }
+        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
+        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
+        recordLoginInfo(loginUser.getUserId());
+        // 生成token
+        return tokenService.createToken(loginUser);
+    }
    /**
     * 校验验证码
     *

--- a/qianhe-system/src/main/java/com/qianhe/system/mapper/SysUserMapper.java
+++ b/qianhe-system/src/main/java/com/qianhe/system/mapper/SysUserMapper.java
 package com.qianhe.system.mapper;
 import java.util.List;
+import java.util.Map;
 import org.apache.ibatis.annotations.Param;
 import com.qianhe.common.core.domain.entity.SysUser;
@@ -124,4 +126,7 @@ public interface SysUserMapper
     * @return 结果
     */
    public SysUser checkEmailUnique(String email);
+    public String selectUserBySiam(Map map);
 }
--- a/qianhe-system/src/main/resources/mapper/system/SysUserMapper.xml
+++ b/qianhe-system/src/main/resources/mapper/system/SysUserMapper.xml
@@ -222,4 +222,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        </foreach>
 	</delete>
+    <select id="selectUserBySiam" parameterType="java.util.Map" resultType="String">
+        SELECT user_name FROM sys_user where (user_name =#{uid} or user_name = #{adAccountName} ) and del_flag = '0' limit 1
+    </select>
 </mapper>