From fb1d913c6d84fe89cbde7c242ef7783321dc9aee Mon Sep 17 00:00:00 2001
From: zhuo <2089219845@qq.com>
Date: 星期四, 13 三月 2025 09:24:04 +0800
Subject: [PATCH] 单点登录开发
---
ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java | 163 ++++++++++++++++++++++++++
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java | 36 ++++++
ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoUserInfoModel.java | 40 ++++++
ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoOauthTokenModel.java | 20 +++
ruoyi-common/src/main/java/com/ruoyi/common/config/SsoBean.java | 38 ++++++
ruoyi-admin/src/main/resources/application.yml | 7 +
6 files changed, 300 insertions(+), 4 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
index ae31b90..c620578 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
@@ -2,6 +2,10 @@
import java.util.List;
import java.util.Set;
+import java.util.UUID;
+
+import com.ruoyi.common.annotation.Anonymous;
+import com.ruoyi.common.config.SsoBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@@ -38,6 +42,9 @@
@Autowired
private TokenService tokenService;
+
+ @Autowired
+ private SsoBean ssoBean;
/**
* 鐧诲綍鏂规硶
@@ -94,4 +101,33 @@
List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
return AjaxResult.success(menuService.buildMenus(menus));
}
+
+ /**
+ * 鑾峰彇缁熶竴鐧诲綍骞冲彴鑾峰彇CODE鍦板潃
+ *
+ * @return
+ */
+
+ @Anonymous
+ @GetMapping("/getSsoAuthUrl")
+ public AjaxResult getSsoAuthUrl() {
+ String uuid = UUID.randomUUID().toString();
+ return AjaxResult.success(ssoBean.getUrl() + "/oauth2/auth?response_type=code&scope=openid&client_id=" + ssoBean.getClientId() + "&redirect_uri=" + ssoBean.getCallbackUrl() + "&state=" + uuid);
+ }
+
+ /**
+ * 鍗曠偣鐧诲綍
+ *
+ * @param code 鐧诲綍淇℃伅
+ * @return 缁撴灉
+ */
+ @PostMapping("/loginBySSO")
+ public AjaxResult loginBySSO(String code)
+ {
+ AjaxResult ajax = AjaxResult.success();
+ // 鐢熸垚浠ょ墝
+ String token = loginService.loginBySSO(code);
+ ajax.put(Constants.TOKEN, token);
+ return ajax;
+ }
}
diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 54fd4cb..b6f9251 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -95,4 +95,11 @@
# 鍖归厤閾炬帴
urlPatterns: /system/*,/monitor/*,/tool/*
+#闆嗗洟缁熶竴鐧诲綍娴嬭瘯搴�
+sso:
+ url:
+ clientId:
+ clientSecret:
+ callbackUrl:
+
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/config/SsoBean.java b/ruoyi-common/src/main/java/com/ruoyi/common/config/SsoBean.java
new file mode 100644
index 0000000..5cd4c41
--- /dev/null
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/config/SsoBean.java
@@ -0,0 +1,38 @@
+package com.ruoyi.common.config;
+
+import lombok.Data;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.stereotype.Component;
+
+/**
+ * zhuo
+ */
+
+@Configuration
+@Component
+@ConfigurationProperties(prefix = "sso")
+@Data
+public class SsoBean {
+
+ /**
+ * 鍗曠偣鐧诲綍搴旂敤id
+ */
+ private String clientId;
+
+ /**
+ * 鍗曠偣鐧诲綍搴旂敤绉橀挜
+ */
+ private String clientSecret;
+
+ /**
+ * 鍗曠偣鐧诲綍鏈嶅姟鍦板潃
+ */
+ private String url;
+
+ /**
+ * 鍗曠偣鐧诲綍鍥炶皟鍦板潃
+ */
+ private String callbackUrl;
+}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoOauthTokenModel.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoOauthTokenModel.java
new file mode 100644
index 0000000..f7e69e1
--- /dev/null
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoOauthTokenModel.java
@@ -0,0 +1,20 @@
+package com.ruoyi.framework.model;
+
+import lombok.Data;
+
+/**
+ * zhuo
+ */
+@Data
+public class SsoOauthTokenModel {
+
+ private String access_token;
+
+ private String expires_in;
+
+ private String id_token;
+
+ private String scope;
+
+ private String token_type;
+}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoUserInfoModel.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoUserInfoModel.java
new file mode 100644
index 0000000..e5a50f4
--- /dev/null
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/model/SsoUserInfoModel.java
@@ -0,0 +1,40 @@
+package com.ruoyi.framework.model;
+
+import com.alibaba.fastjson2.annotation.JSONField;
+import lombok.Data;
+
+/**
+ * zhuo
+ */
+@Data
+public class SsoUserInfoModel {
+ private String avatar;
+
+ @JSONField(name="nick_name")
+ private String nickName;
+
+ private String openid;
+
+ @JSONField(name="org_id")
+ private String orgId;
+
+ @JSONField(name="org_name")
+ private String orgName;
+
+ @JSONField(name="org_role")
+ private String orgRole;
+
+ @JSONField(name="phone_number")
+ private String phoneNumber;
+
+ private String sid;
+
+
+ private String sub;
+
+ @JSONField(name="employee_id")
+ private String employeeId;
+
+ @JSONField(name="department_code")
+ private String departmentCode;
+}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
index fe16427..05fbbf4 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
@@ -1,6 +1,28 @@
package com.ruoyi.framework.web.service;
import javax.annotation.Resource;
+import javax.net.ssl.SSLContext;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.PropertyNamingStrategy;
+import com.alibaba.fastjson.parser.ParserConfig;
+import com.ruoyi.common.config.SsoBean;
+import com.ruoyi.framework.model.SsoOauthTokenModel;
+import com.ruoyi.framework.model.SsoUserInfoModel;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpStatus;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.TrustStrategy;
+import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
@@ -29,12 +51,23 @@
import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.ISysUserService;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+
/**
* 鐧诲綍鏍¢獙鏂规硶
- *
+ *
* @author ruoyi
*/
@Component
+@Slf4j
public class SysLoginService
{
@Autowired
@@ -45,16 +78,19 @@
@Autowired
private RedisCache redisCache;
-
+
@Autowired
private ISysUserService userService;
@Autowired
private ISysConfigService configService;
+ @Autowired
+ private SsoBean ssoBean;
+
/**
* 鐧诲綍楠岃瘉
- *
+ *
* @param username 鐢ㄦ埛鍚�
* @param password 瀵嗙爜
* @param code 楠岃瘉鐮�
@@ -102,7 +138,7 @@
/**
* 鏍¢獙楠岃瘉鐮�
- *
+ *
* @param username 鐢ㄦ埛鍚�
* @param code 楠岃瘉鐮�
* @param uuid 鍞竴鏍囪瘑
@@ -178,4 +214,123 @@
sysUser.setLoginDate(DateUtils.getNowDate());
userService.updateUserProfile(sysUser);
}
+
+ /**
+ * 鍗曠偣鐧诲綍
+ * @param code
+ * @return
+ */
+ public String loginBySSO(String code) {
+
+ // 鑾峰彇鍗曠偣鐧诲綍token
+ SsoOauthTokenModel tokenModel = this.getSsoAccessToken(code);
+ if (tokenModel == null) {
+ return null;
+ }
+
+ // 鑾峰彇鍗曠偣鐧诲綍鐢ㄦ埛淇℃伅
+ SsoUserInfoModel userInfo = this.getSsoUserInfo(tokenModel.getAccess_token());
+ if (userInfo == null) {
+ return null;
+ }
+
+ // 鏌ヨ鏈湴鐢ㄦ埛淇℃伅
+
+
+
+ // 鐢熸垚token
+ return tokenService.createToken(null);
+ }
+
+ /**
+ * **** 鑾峰彇鍗曠偣鐧诲綍token ****
+ * @param code
+ * @return
+ */
+ public SsoOauthTokenModel getSsoAccessToken(String code) {
+ List<NameValuePair> list = new LinkedList<>();
+ list.add(new BasicNameValuePair("grant_type", "authorization_code"));
+ list.add(new BasicNameValuePair("code", code));
+ list.add(new BasicNameValuePair("client_id", ssoBean.getClientId()));
+ list.add(new BasicNameValuePair("client_secret", ssoBean.getClientSecret()));
+ list.add(new BasicNameValuePair("redirect_uri", ssoBean.getCallbackUrl()));
+
+ Map<String, String> headers = new HashMap<>();
+ headers.put("Content-Type", "application/x-www-form-urlencoded");
+ headers.put("Accept", "application/json");
+ String result = doPost(ssoBean.getUrl() + "/oauth2/token", headers, list);
+ if (org.apache.commons.lang3.StringUtils.isBlank(result)) {
+ return null;
+ }
+ return JSON.parseObject(result, SsoOauthTokenModel.class);
+ }
+
+ /**
+ * ***鑾峰彇鍗曠偣鐧诲綍鐢ㄦ埛淇℃伅***
+ * @param accessToken
+ * @return
+ */
+ public SsoUserInfoModel getSsoUserInfo(String accessToken) {
+ Map<String, String> headers = new HashMap<>();
+ headers.put("Authorization", "Bearer " + accessToken);
+ String result = doPost(ssoBean.getUrl() + "/userinfo", headers, null);
+ if (org.apache.commons.lang3.StringUtils.isBlank(result)) {
+ return null;
+ }
+ return JSON.parseObject(result, SsoUserInfoModel.class);
+ }
+
+ public static String doPost(String url, Map<String, String> headers, List<NameValuePair> params) {
+ CloseableHttpClient client = createSSLClientDefault();
+ CloseableHttpResponse response = null;
+ try {
+ HttpPost method = new HttpPost(url);
+ headers.forEach(method::setHeader);
+ if (params != null) {
+ method.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
+ }
+
+ response = client.execute(method);
+ if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+ HttpEntity entity = response.getEntity();
+ return EntityUtils.toString(entity);
+ }
+ } catch (Exception e) {
+ log.error("缁熶竴鐧诲綍璇锋眰鍑虹幇寮傚父", e.getMessage());
+ } finally {
+ try {
+ if (client != null) {
+ client.close();
+ }
+ if (response != null) {
+ response.close();
+ }
+ } catch (Exception e) {
+ log.error("缁熶竴鐧诲綍璇锋眰鍑虹幇寮傚父", e.getMessage());
+ }
+ }
+ return null;
+ }
+
+
+ private static CloseableHttpClient createSSLClientDefault() {
+ try {
+ SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
+ //淇′换鎵�鏈�
+ @Override
+ public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+ return true;
+ }
+ }).build();
+ SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
+ return HttpClients.custom().setSSLSocketFactory(sslsf).build();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ }
+ return HttpClients.createDefault();
+ }
}
--
Gitblit v1.9.3