发改委跳转逻辑变更

projects-service/src/main/java/com/rtrh/projects/modules/account/service/CommUserService.java

@@ -23,6 +23,8 @@ public interface CommUserService {
 	CommUser updateCommUser(CommUser commUser);
 	CommUser updateLoginName(CommUser commUser)  throws UsernameExistException;
 	void updatePassword(String id, String password);
+
+	String entryptPassword(String pwd, String salt);
 	List<CommUser> listCommUser(String loginname, int enabled, int locked, Date beginCreateDate, Date endCreateDate, Order order);
 	Page pageQueryCommUser(Page page, String loginname, int enabled, int locked, Date beginCreateDate, Date endCreateDate, Order order);
 

projects-service/src/main/java/com/rtrh/projects/modules/account/service/impl/CommUserServiceImpl.java

@@ -187,6 +187,13 @@ public class CommUserServiceImpl implements CommUserService {
 		commUser.setPassword(Encodes.encodeHex(hashPassword));
 	}
 
+	@Override
+	public String entryptPassword(String pwd, String salt) {
+		byte[] hashPassword = Digests.sha1(pwd.getBytes(),
+				Encodes.decodeHex(salt), SecurityStaticValue.HASH_INTERATIONS);
+		return Encodes.encodeHex(hashPassword);
+	}
+
 	@Override
 	public CommUser updateLoginName(CommUser commUser) throws UsernameExistException {
 		if(null == commUser || StringUtil.isEmpty(commUser.getId())) {

projects-service/src/main/java/com/rtrh/projects/modules/policy/service/impl/PolicyDocumentColumnServiceImpl.java

@@ -1,14 +1,5 @@
 package com.rtrh.projects.modules.policy.service.impl;
 
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.stream.Collectors;
-
-import org.hibernate.criterion.*;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
 import com.rtrh.common.util.Identities;
 import com.rtrh.common.util.StringUtil;
 import com.rtrh.core.repository.Page;
@@ -18,6 +9,14 @@ import com.rtrh.projects.modules.policy.po.PolicyDocumentColumn;
 import com.rtrh.projects.modules.policy.service.PolicyDocumentColumnService;
 import com.rtrh.projects.modules.policy.vo.PolicyDocumentColumnQueryVO;
 import com.rtrh.projects.modules.system.vo.LoginUserVO;
+import org.hibernate.criterion.*;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Collectors;
 
 @Service
 public class PolicyDocumentColumnServiceImpl implements PolicyDocumentColumnService {

projects/src/main/java/com/rtrh/projects/web/controller/passport/api/LoginApiController.java

@@ -1,32 +1,32 @@
 package com.rtrh.projects.web.controller.passport.api;
 
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.DisabledAccountException;
-import org.apache.shiro.authc.IncorrectCredentialsException;
-import org.apache.shiro.authc.LockedAccountException;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.subject.Subject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
+import cn.hutool.http.HttpUtil;
 import com.rtrh.core.vo.Message;
+import com.rtrh.projects.modules.account.po.CommUser;
 import com.rtrh.projects.modules.account.service.CommLoginService;
+import com.rtrh.projects.modules.account.service.CommUserService;
+import com.rtrh.projects.modules.account.service.impl.CommUserChecker;
 import com.rtrh.projects.vo.passport.DoLoginVO;
 import com.rtrh.projects.web.controller.BaseController;
+import com.rtrh.projects.web.util.JwtUtil;
 import com.rtrh.projects.web.util.RemoteUtil;
 import com.team.security.MCSessionDAO;
 import com.team.security.UserToken;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.*;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.ServletRequestUtils;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.support.RequestContextUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
 
 @RestController
 @RequestMapping("api")
@@ -36,6 +36,8 @@ public class LoginApiController extends BaseController {
 	private MCSessionDAO sessionDAO;
 	@Autowired
 	private CommLoginService commLoginService;
+	@Autowired
+	private CommUserService commUserService;
 
 	public static final Map<Object, Session> user_session = new HashMap<>();
 
@@ -66,9 +68,6 @@ public class LoginApiController extends BaseController {
 
 	/**
 	 * 登录
-	 * @param loginName
-	 * @param pwd
-	 * @param code
 	 * @param request
 	 * @param response
 	 * @return
@@ -88,6 +87,39 @@ public class LoginApiController extends BaseController {
 		return message;
 	}
 
+	/**
+	 * 跳转登录
+	 * @param token
+	 * @return
+	 */
+	@PostMapping("jumpLogin")
+	public Message jumpLogin(@RequestParam String token) {
+		Message message = new Message();
+		try {
+			//对token进行解密得到用户名
+			String username = JwtUtil.validateToken(token);
+			//查询发改委数据库中是否存在该用户
+			CommUser commUser = commUserService.findCommUserByFgwLoginName(username);
+			if(null == commUser){
+				message.addError("用户不存在");
+				return message;
+			}
+			if(CommUserChecker.isDisabledUser(commUser)){
+				message.addError("用户被锁定");
+				return message;
+			}
+			UserToken shiroUserToken = new UserToken(commUser.getLoginname(), commUser.getPassword(), RemoteUtil.getIpAddress(request));
+			shiroUserToken.setRememberMe(true);
+			shiroUserToken.setLoginAction("jump");
+			loginMethod(request, response, shiroUserToken, message);
+
+		} catch (Exception e) {
+			logger.error("", e);
+			message.addError("跳转异常");
+		}
+		return message;
+	}
+
 
 	private void loginMethod(HttpServletRequest request, HttpServletResponse response, UserToken token, Message message){
 		Subject currentUser = SecurityUtils.getSubject();

projects/src/main/java/com/rtrh/projects/web/controller/passport/api/SwitchApiController.java

@@ -2,24 +2,29 @@ package com.rtrh.projects.web.controller.passport.api;
 
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
+import com.rtrh.core.vo.Message;
 import com.rtrh.projects.outapi.result.JsonResult;
+import com.rtrh.projects.outapi.result.ResultCode;
 import com.rtrh.projects.web.controller.BaseController;
 import com.rtrh.projects.web.util.JwtUtil;
 import com.team.security.TeamShiroUser;
+import org.apache.http.Header;
 import org.apache.http.HttpEntity;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.util.EntityUtils;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Map;
 import java.util.ResourceBundle;
 
 @RestController
-@RequestMapping("api/app/switch")
+@RequestMapping("api/switch")
 public class SwitchApiController extends BaseController {
 
     /**
@@ -29,7 +34,9 @@ public class SwitchApiController extends BaseController {
      * @return
      */
     @PostMapping("/toFgw")
-    public Object switchToFgw(@RequestBody Map<String, Object> params) {
+    public JsonResult switchToFgw(@RequestBody Map<String, Object> params, HttpServletResponse httpServletResponse) {
+        JsonResult result = new JsonResult();
+        result.setCode(ResultCode.SYSTEM_ERROR); // 默认异常，避免中间错误
         // 获取当前用户信息
         TeamShiroUser curUser = getCurUser();
         // 使用jwt生成token
@@ -42,13 +49,13 @@ public class SwitchApiController extends BaseController {
         String inUrl = resourceBundle.getString("app.fgw.in.url");
         // 拼接 B 系统的 URL
         // 获取B系统的登录token
-        String targetUrl = inUrl+"/outApi/auth/fgwLogin?token=" + token;
+        String targetUrl = inUrl+"/api/jumpLogin?token=" + token;
 
         // 创建一个HttpClient实例
         // 创建一个HttpClient实例
         try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
             // 创建一个HttpGet请求
-            HttpGet request = new HttpGet(targetUrl);
+            HttpPost request = new HttpPost(targetUrl);
             // 发送请求并获取响应
             try (CloseableHttpResponse response = httpClient.execute(request)) {
                 // 获取响应实体
@@ -56,11 +63,18 @@ public class SwitchApiController extends BaseController {
                 // 如果响应实体不为空，则输出响应内容
                 if (entity != null) {
                     String responseBody = EntityUtils.toString(entity);
-                    System.out.println("Response body: " + responseBody);
-                    JsonResult result = JSONObject.parseObject(responseBody, JsonResult.class);
-                    if(result.getCode()==200){
+                    Header[] allHeaders = response.getAllHeaders();
+                    for(Header header : allHeaders) {
+                        httpServletResponse.addHeader(header.getName(), header.getValue());
+                    }
+                    Message responseResult = JSONObject.parseObject(responseBody, Message.class);
+                    if(responseResult.isSuccess()){
+                        result.setCode(ResultCode.SUCCESS);
                         String outUrl = resourceBundle.getString("app.fgw.out.url");
-                        result.setMsg(outUrl);
+                        result.setData("jumpUrl", outUrl);
+                    } else {
+                        result.setCode(ResultCode.SYSTEM_ERROR);
+                        result.setMsg(responseResult.getMessage());
                     }
                     return result;
                 }
@@ -68,7 +82,7 @@ public class SwitchApiController extends BaseController {
         } catch (IOException e) {
             e.printStackTrace();
         }
-        return null;
+        return result;
     }
 
 }

projects/src/main/java/com/rtrh/projects/web/security/URLIntercepter.java

@@ -32,7 +32,7 @@ public class URLIntercepter extends HandlerInterceptorAdapter {
 	private boolean allowVisit(HttpServletRequest request, HttpServletResponse response) {
 		// 拦截未登录的url
 		handleCrossDomain(request, response);
-		String rex = "(policy/document/(columnDocument_*|detail_*|downDock_*))|(pdfHtml)|(backpassword)|(division)|(common)|(static&(!statics))|(junit/virfy)|(register)|(login)|(admin(?!Index))|(register)|(logout)|(\\.css)|(\\.js)|(\\.png)|(\\.gif)|(\\.jpg)|(\\.bmp)|(\\.xls)|(subject/apply/*)";
+		String rex = "(policy/document/(columnDocument_*|detail_*|downDock_*))|(pdfHtml)|(backpassword)|(division)|(common)|(static&(!statics))|(junit/virfy)|(register)|(login)|(gxjLogin)|(admin(?!Index))|(register)|(logout)|(\\.css)|(\\.js)|(\\.png)|(\\.gif)|(\\.jpg)|(\\.bmp)|(\\.xls)|(subject/apply/*)";
 		String outApi = "outApi";
 		Pattern sinaPatten = Pattern.compile(rex, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);
 		Pattern outApiPatten = Pattern.compile(outApi, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL);

projects/src/main/java/com/team/security/ShiroDbRealm.java

@@ -1,11 +1,16 @@
 package com.team.security;
 
 import java.io.Serializable;
+import java.security.MessageDigest;
 import java.util.List;
 import java.util.Locale;
+import java.util.Objects;
 
 import javax.annotation.PostConstruct;
 
+import cn.hutool.core.util.ByteUtil;
+import cn.hutool.core.util.CharUtil;
+import com.rtrh.common.util.Digests;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -92,10 +97,17 @@ public class ShiroDbRealm extends AuthorizingRealm implements Serializable {
 		
 		TeamShiroUser teamShiroUser = new TeamShiroUser(commUser, personInfo, locale);
 		byte[] salt = Encodes.decodeHex(commUser.getSalt());
+
+		if(Objects.equals(token.getLoginAction(), "jump") && Objects.equals(String.valueOf(token.getPassword()), commUser.getPassword())) {
+			// 传入密码和加密后密码一致，则可验证通过
+			String newPwd = commUserService.entryptPassword(commUser.getPassword(), commUser.getSalt());
+			return new TeamAuthenticationInfo(teamShiroUser, newPwd, ByteSource.Util.bytes(salt), getName());
+		}
+
 		return new TeamAuthenticationInfo(teamShiroUser, commUser.getPassword(), ByteSource.Util.bytes(salt), getName());
 	}
 
-	
+
 	@PostConstruct
 	public void initCredentialsMatcher() {
 		

projects/src/main/resources/security/applicationContext-shiro.xml

@@ -22,7 +22,7 @@
 
 	<bean id="sharesession" class="org.apache.shiro.web.servlet.SimpleCookie">
 		<!-- cookie的name,对应的默认是 JSESSIONID -->
-		<constructor-arg name="name" value="SHAREJSESSIONID_PROJECTS" />
+		<constructor-arg name="name" value="SHAREJSESSIONID_PROJECTS_G" />
 		<!-- jsessionId的path为 / 用于多个系统共享jsessionId -->
 		<property name="path" value="/" />
 		<property name="httpOnly" value="true" />

projects/src/main/webapp/vmodules/top.jsp

@@ -136,14 +136,16 @@
                 window.parent.postMessage({collapse: this.collapse}, "*");
             },
             changeSystem() {
-                App.postJson("/api/app/switch/toFgw", {type:'0'}, function (res) {
+                App.postJson("/api/switch/toFgw", {type:'0'}, function (res) {
                     console.log(res);
                     if(res.code ===200){
-                        var targetUrl = res.msg+"/index";
-                        var cookiesToSend = "rememberMe="+res.data.token;
+                        var targetUrl = res.data.jumpUrl + "/index";
+                        // var cookiesToSend = "rememberMe="+res.data.token;
                         // 将需要携带的cookie通过URL参数的形式附加到目标URL上
-                        targetUrl += "?cookies=" + encodeURIComponent(cookiesToSend);
+                        // targetUrl += "?cookies=" + encodeURIComponent(cookiesToSend);
                         window.location.href = targetUrl;
+                    } else {
+                        App.msg.error(res.msg);
                     }
                 });
             },

projects/src/main/webapp/vmodules/top_old.jsp

@@ -128,14 +128,16 @@
                 window.parent.postMessage({collapse: this.collapse}, "*");
             },
             changeSystem() {
-                App.postJson("/api/app/switch/toFgw", {type:'0'}, function (res) {
+                App.postJson("/api/switch/toFgw", {type:'0'}, function (res) {
                     console.log(res);
                     if(res.code ===200){
-                        var targetUrl = res.msg+"/index";
-                        var cookiesToSend = "rememberMe="+res.data.token;
+                        var targetUrl = res.data.jumpUrl + "/index";
+                        // var cookiesToSend = "rememberMe="+res.data.token;
                         // 将需要携带的cookie通过URL参数的形式附加到目标URL上
-                        targetUrl += "?cookies=" + encodeURIComponent(cookiesToSend);
+                        // targetUrl += "?cookies=" + encodeURIComponent(cookiesToSend);
                         window.location.href = targetUrl;
+                    } else {
+                        App.msg.error(res.msg);
                     }
                 });
             }