互联网医院I健康授权认证

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/WlyyTokenGranter.java

@@ -88,6 +88,14 @@ public class WlyyTokenGranter implements TokenGranter {
                        requestFactory,
                        userDetailsService
                ));
        tokenGranters.put(IhealthDoctorOwnerCodeTokenGranter.GRANT_TYPE,
                new IhealthDoctorOwnerCodeTokenGranter(
                        authenticationManager,
                        tokenServices,
                        clientDetailsService,
                        requestFactory,
                        userDetailsService
                ));
    }
    public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
@@ -388,6 +396,54 @@ public class WlyyTokenGranter implements TokenGranter {
            if (!userDetails.isAccountNonLocked()) {
                throw new InvalidGrantException("User account is locked");
            }
//            parameters.put("password",userDetails.getPassword());
            Authentication userAuth = new UsernamePasswordAuthenticationToken(username,userDetails.getPassword(),  this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
            ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
            OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
            return new OAuth2Authentication(storedOAuth2Request, userAuth);
        }
    }
    public static class IhealthDoctorOwnerCodeTokenGranter extends AbstractTokenGranter {
        private static final String GRANT_TYPE = "ihealthDcotor";
        private final AuthenticationManager authenticationManager;
        private final UserDetailsService userDetailsService;
        private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
        public IhealthDoctorOwnerCodeTokenGranter(AuthenticationManager authenticationManager,
                                            AuthorizationServerTokenServices tokenServices,
                                            ClientDetailsService clientDetailsService,
                                            OAuth2RequestFactory requestFactory,
                                            UserDetailsService userDetailsService) {
            this(authenticationManager, tokenServices, clientDetailsService, requestFactory, userDetailsService, GRANT_TYPE);
        }
        protected IhealthDoctorOwnerCodeTokenGranter(AuthenticationManager authenticationManager,
                                               AuthorizationServerTokenServices tokenServices,
                                               ClientDetailsService clientDetailsService,
                                               OAuth2RequestFactory requestFactory,
                                               UserDetailsService userDetailsService,
                                               String grantType) {
            super(tokenServices, clientDetailsService, requestFactory, grantType);
            this.authenticationManager = authenticationManager;
            this.userDetailsService = userDetailsService;
        }
        @Override
        protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
            Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
            String username = parameters.get("username");
            SaltUser userDetails = (SaltUser)userDetailsService.loadUserByUsername(username);
            if (!userDetails.isEnabled()) {
                throw new InvalidGrantException("User is disabled");
            }
            if (!userDetails.isAccountNonLocked()) {
                throw new InvalidGrantException("User account is locked");
            }
//            parameters.put("password",userDetails.getPassword());
            Authentication userAuth = new UsernamePasswordAuthenticationToken(username,userDetails.getPassword(),  this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
            ((AbstractAuthenticationToken) userAuth).setDetails(parameters);

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

@@ -6,6 +6,7 @@ import com.yihu.jw.entity.base.login.BaseLoginLogDO;
import com.yihu.jw.entity.base.patient.BasePatientDO;
import com.yihu.jw.entity.ylzinfo.OauthYlzConfigDO;
import com.yihu.jw.restmodel.ResultStatus;
import com.yihu.jw.restmodel.web.Envelop;
import com.yihu.jw.restmodel.web.ObjEnvelop;
import com.yihu.jw.security.core.userdetails.jdbc.WlyyUserDetailsService;
import com.yihu.jw.security.dao.OauthKeypairDao;
@@ -633,7 +634,7 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
    }
    @RequestMapping(value = "/oauth/getHwlyyDecrypt", method = RequestMethod.POST)
    public ObjEnvelop getHwlyyDecrypt(String openid,String idcard,String wechatId){
    public ObjEnvelop getHwlyyDecrypt(String openid,String idcard,String wechatId,String code){
        Map<String,Object> rs = new HashedMap();
        try{
            OauthKeypairDO keypairDO = oauthKeypairDao.findByCode("hwlyyKey");
@@ -644,6 +645,14 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
            }else {
                rs.put("idcard",idcard);
            }
            //解析code
            if(org.apache.commons.lang3.StringUtils.isNotBlank(code)){
                rs.put("code",com.yihu.jw.security.utils.RSAUtils.decryptBase64(code, keyPair));
            }else {
                rs.put("code",code);
            }
            //解密wechatId
            if(org.apache.commons.lang3.StringUtils.isNotBlank(wechatId)){
                String wxid =com.yihu.jw.security.utils.RSAUtils.decryptBase64(wechatId, keyPair);
@@ -748,22 +757,29 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        if (StringUtils.isEmpty(code)) {
            throw new InvalidRequestException("doctor is null");
        }
        KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
        String doctorCode = com.yihu.jw.security.utils.RSAUtils.decryptBase64(code, keyPair);
        JSONObject map = oauthWlyyConfigService.checkWlyyDoctor(doctorCode);
//        KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
//        String doctorCode = com.yihu.jw.security.utils.RSAUtils.decryptBase64(code, keyPair);
        JSONObject map = null;
        try{
            map= oauthWlyyConfigService.checkWlyyDoctor(code);
        }catch (Exception e){
            logger.error(e);
            return ObjEnvelop.getError("授权失败");
        }
        String authCode = map.getString("authCode");
        if(!"1".equals(authCode)){
            return ObjEnvelop.getSuccess("error",map);
            map.remove("doctor");
            return ObjEnvelop.getError("授权失败");
        }
        ClientDetails authenticatedClient = clientDetailsService.loadClientByClientId(client_id);
        JSONObject doctor = map.getJSONObject("doctor");
        Map<String, String> parameters = new HashedMap();
        parameters.put("login_type","2");
        parameters.put("username",doctor.getString("idcard"));
        parameters.put("grant_type", "ihealthCode");
        parameters.put("grant_type", "ihealthDcotor");
        TokenRequest tokenRequest = oAuth2RequestFactory.createTokenRequest(parameters, authenticatedClient);
        if (authenticatedClient != null) {

server/svr-authentication/src/main/java/com/yihu/jw/security/service/OauthWlyyConfigService.java

@@ -12,6 +12,7 @@ import com.yihu.jw.security.dao.doctor.BaseDoctorRoleDao;
import com.yihu.jw.security.utils.HttpClientUtil;
import com.yihu.utils.security.MD5;
import org.apache.commons.collections.map.HashedMap;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.NameValuePair;
import org.apache.http.message.BasicNameValuePair;
import org.slf4j.Logger;
@@ -42,9 +43,9 @@ public class OauthWlyyConfigService {
    @Autowired
    private BaseDoctorRoleDao baseDoctorRoleDao;
    public JSONObject checkWlyyDoctor(String code){
    public JSONObject checkWlyyDoctor(String code)throws Exception{
        OauthWlyyConfigDO oauthWlyyConfigDO = oauthWlyyConfigDao.findOne("wlyyConfig");
        OauthWlyyConfigDO oauthWlyyConfigDO = oauthWlyyConfigDao.findOne("test");
        //token获取accesstoken
        List<NameValuePair> params = new ArrayList<>();
        params.add(new BasicNameValuePair("appid", oauthWlyyConfigDO.getAppId()));
@@ -60,7 +61,7 @@ public class OauthWlyyConfigService {
            //设置入参
            List<NameValuePair> p = new ArrayList<>();
            p.add(new BasicNameValuePair("doctor", oauthWlyyConfigDO.getAppId()));
            p.add(new BasicNameValuePair("doctor", code));
            //设置头部
            token = rsjson.getJSONObject("result").getString("accesstoken");
@@ -74,11 +75,18 @@ public class OauthWlyyConfigService {
            logger.info("checkWlyyDoctor doctorInfo ："+s.toString());
            if(s == 200){
                JSONObject data = rsjson.getJSONObject("data");
                JSONObject data = auth.getJSONObject("data");
                String authCode =  data.getString("authCode");
                if("1".equals(authCode)){
                    JSONObject doctorJson = data.getJSONObject("doctor");
                    String idcard = doctorJson.getString("idcard");
                    if(StringUtils.isBlank(idcard)){
                        data.put("authCode","-3");
                        data.put("mes","I健康账户信息不完整,授权失败");
                        return data;
                    }
                    BaseDoctorDO doctorDO = baseDoctorDao.findByIdcard(idcard);
                    if(doctorDO!=null){
                        return data;
@@ -99,7 +107,7 @@ public class OauthWlyyConfigService {
                        //认证信息设置
                        String salt = randomString(5);
                        String pw = idcard.substring(idcard.length()-6);
                        MD5.md5Hex(pw + "{" + salt + "}");
                        doctor.setPassword(MD5.md5Hex(pw + "{" + salt + "}"));
                        doctor.setDel("1");
                        doctor.setEnabled(1);
                        doctor.setLocked(0);