From 3a3b5bc665f526269bd622a70812bead173fbdf2 Mon Sep 17 00:00:00 2001
From: cuilei <ray_tsu1@163.com>
Date: 星期五, 18 七月 2025 15:59:02 +0800
Subject: [PATCH] 企业微信H5登录改回静默授权方式
---
lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java | 170 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 166 insertions(+), 4 deletions(-)
diff --git a/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java b/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java
index 9e8a0f6..56e10d5 100644
--- a/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java
+++ b/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java
@@ -9,6 +9,7 @@
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.request.AuthRequest;
import me.zhyd.oauth.utils.AuthStateUtils;
+import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.util.JwtUtil;
@@ -16,6 +17,7 @@
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.RestUtil;
import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.shiro.JwtToken;
import org.jeecg.config.thirdapp.ThirdAppConfig;
import org.jeecg.config.thirdapp.ThirdAppTypeItemVo;
import org.jeecg.modules.base.service.BaseCommonService;
@@ -64,6 +66,9 @@
@Autowired
private ThirdAppDingtalkServiceImpl thirdAppDingtalkService;
+ /**token鏈夋晥鏃堕棿锛岀洰鍓嶇幇鍦鸿姹備紒涓氬井淇℃湁鏁堟椂闂�*/
+ public static final long EXPIRE_TIME = 30L * 24 * 60 * 60 * 1000;
+
@RequestMapping("/render/{source}")
public void render(@PathVariable("source") String source, HttpServletResponse response) throws IOException {
log.info("绗笁鏂圭櫥褰曡繘鍏ender锛�" + source);
@@ -108,6 +113,9 @@
String sysUserId = user.getSysUserId();
SysUser sysUser = sysUserService.getById(sysUserId);
String token = saveToken(sysUser);
+ // 浣跨敤token杩涜Shiro鐧诲綍
+ JwtToken jwtToken = new JwtToken(token);
+ SecurityUtils.getSubject().login(jwtToken); // 姝よ浠g爜浼氳Е鍙慠ealm鐨勮璇佹柟娉曪紝灏嗙敤鎴蜂俊鎭瓨鍏hiro鐨勪細璇�
modelMap.addAttribute("token", token);
}else{
modelMap.addAttribute("token", "缁戝畾鎵嬫満鍙�,"+""+uuid);
@@ -198,7 +206,7 @@
String token = JwtUtil.sign(user.getUsername(), user.getPassword());
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
// 璁剧疆瓒呮椂鏃堕棿
- redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
+ redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, EXPIRE_TIME / 1000);
return token;
}
@@ -303,15 +311,17 @@
// 浼佷笟鐨凜orpID
builder.append("?appid=").append(config.getClientId());
// 鎺堟潈鍚庨噸瀹氬悜鐨勫洖璋冮摼鎺ュ湴鍧�锛岃浣跨敤urlencode瀵归摼鎺ヨ繘琛屽鐞�
- String redirectUri = RestUtil.getBaseUrl() + "/sys/thirdLogin/oauth2/wechat_enterprise/callback";
+ String redirectUri ="https://fastwoke.cn:8087/jeecg-boot/sys/thirdLogin/oauth2/wechat_enterprise/callback";
builder.append("&redirect_uri=").append(URLEncoder.encode(redirectUri, "UTF-8"));
// 杩斿洖绫诲瀷锛屾鏃跺浐瀹氫负锛歝ode
builder.append("&response_type=code");
// 搴旂敤鎺堟潈浣滅敤鍩熴��
// snsapi_base锛氶潤榛樻巿鏉冿紝鍙幏鍙栨垚鍛樼殑鐨勫熀纭�淇℃伅锛圲serId涓嶥eviceId锛夛紱
- builder.append("&scope=snsapi_base");
+ builder.append("&scope=snsapi_base");//闈欓粯鎺堟潈
+ //builder.append("&scope=snsapi_privateinfo"); // 鎵嬪姩鎺堟潈浣滅敤鍩�
// 閲嶅畾鍚戝悗浼氬甫涓妔tate鍙傛暟锛岄暱搴︿笉鍙秴杩�128涓瓧鑺�
builder.append("&state=").append(state);
+ //builder.append("&agentid=").append(config.getAgentId()); // 琛ュ厖AgentID锛堟墜鍔ㄦ巿鏉冩椂闇�瑕侊級
// 缁堢浣跨敤姝ゅ弬鏁板垽鏂槸鍚﹂渶瑕佸甫涓婅韩浠戒俊鎭�
builder.append("#wechat_redirect");
url = builder.toString();
@@ -368,6 +378,10 @@
SysUser loginUser;
if (ThirdAppConfig.WECHAT_ENTERPRISE.equalsIgnoreCase(source)) {
log.info("銆愪紒涓氬井淇°�慜Auth2鐧诲綍杩涘叆callback锛歝ode=" + code + ", state=" + state);
+ if (code == null) {
+ log.info("鐢ㄦ埛鍙栨秷浜嗕紒涓氬井淇℃巿鏉�");
+ return "鐢ㄦ埛鍙栨秷浜嗘巿鏉�";
+ }
loginUser = thirdAppWechatEnterpriseService.oauth2Login(code);
if (loginUser == null) {
return "鐧诲綍澶辫触";
@@ -394,7 +408,10 @@
}
String token = saveToken(loginUser);
- state += "/oauth2-app/login?oauth2LoginToken=" + URLEncoder.encode(token, "UTF-8");
+ // ============ 鏂板 Shiro 鐧诲綍閫昏緫 ============
+ JwtToken jwtToken = new JwtToken(token);
+ SecurityUtils.getSubject().login(jwtToken);
+ state += "/h5/oauth2-app/login?oauth2LoginToken=" + URLEncoder.encode(token, "UTF-8");
//update-begin---author:wangshuai ---date:20220613 for锛歔issues/I5BOUF]oauth2 閽夐拤鏃犳硶鐧诲綍------------
state += "&thirdType=" + source;
//state += "&thirdType=" + "wechat_enterprise";
@@ -418,4 +435,149 @@
}
}
+ //浼佷笟寰俊閫傞厤鎵嬪姩鎺堟潈鎺ュ彛璋冩暣
+ ///**
+ // * 浼佷笟寰俊/閽夐拤 OAuth2鐧诲綍鍥炶皟
+ // *
+ // * @param code
+ // * @param state
+ // * @param response
+ // * @return
+ // */
+ //@ResponseBody
+ //@GetMapping("/oauth2/{source}/callback")
+ //public String oauth2LoginCallback(
+ // @PathVariable("source") String source,
+ // // 浼佷笟寰俊杩斿洖鐨刢ode
+ // @RequestParam(value = "code", required = false) String code,
+ // // 閽夐拤杩斿洖鐨刢ode
+ // @RequestParam(value = "authCode", required = false) String authCode,
+ // @RequestParam("state") String state,
+ // @RequestParam(value = "is_reject", required = false) String isReject,
+ // HttpServletResponse response) {
+ // SysUser loginUser;
+ // if (ThirdAppConfig.WECHAT_ENTERPRISE.equalsIgnoreCase(source)) {
+ // log.info("銆愪紒涓氬井淇°�慜Auth2鐧诲綍杩涘叆callback锛歝ode=" + code + ", state=" + state);
+ // // 1. 鍒ゅ畾鐢ㄦ埛鎷掔粷鎺堟潈鐨�3绉嶅満鏅細
+ // // - 鍦烘櫙1锛歩s_reject=true锛堜紒涓氬井淇℃槑纭爣璇嗘嫆缁濓級
+ // // - 鍦烘櫙2锛歝ode涓簄ull锛堟湭杩斿洖鏈夋晥鎺堟潈鍑瘉锛�
+ // // - 鍦烘櫙3锛歝ode瀛樺湪浣嗘棤鏁堬紙璋冪敤API澶辫触锛�
+ // boolean isUserReject = "true".equals(isReject) || code == null;
+ // if (isUserReject) {
+ // log.info("鐢ㄦ埛鏄庣‘鎷掔粷浼佷笟寰俊鎺堟潈锛坕s_reject={}, code={}", isReject, code);
+ // // 鏋勯�犲惈error=access_denied鐨勯噸瀹氬悜鍦板潃锛屽墠绔嵁姝よ瘑鍒�
+ // String errorRedirect = buildErrorRedirect(state, "access_denied");
+ // try {
+ // response.sendRedirect(errorRedirect);
+ // return "鐢ㄦ埛鎷掔粷鎺堟潈锛屽凡閲嶅畾鍚�";
+ // } catch (IOException e) {
+ // log.error("鎷掔粷鎺堟潈閲嶅畾鍚戝け璐�", e);
+ // return "閲嶅畾鍚戝け璐�";
+ // }
+ // }
+ //
+ // // 2. 灏濊瘯鐢╟ode鑾峰彇鐢ㄦ埛淇℃伅锛坈ode瀛樺湪浣嗗彲鑳芥棤鏁堬級
+ // loginUser = thirdAppWechatEnterpriseService.oauth2Login(code);
+ // if (loginUser == null) {
+ // log.info("浼佷笟寰俊鎺堟潈澶辫触锛坈ode鏃犳晥锛�");
+ // String errorRedirect = buildErrorRedirect(state, "invalid_code");
+ // try {
+ // response.sendRedirect(errorRedirect);
+ // return "鎺堟潈澶辫触锛屽凡閲嶅畾鍚�";
+ // } catch (IOException e) {
+ // log.error("鎺堟潈澶辫触閲嶅畾鍚戝け璐�", e);
+ // return "閲嶅畾鍚戝け璐�";
+ // }
+ // }
+ // loginUser = thirdAppWechatEnterpriseService.oauth2Login(code);
+ // if (loginUser == null) {
+ // return "鐧诲綍澶辫触";
+ // }
+ // } else if (ThirdAppConfig.DINGTALK.equalsIgnoreCase(source)) {
+ // log.info("銆愰拤閽夈�慜Auth2鐧诲綍杩涘叆callback锛歛uthCode=" + authCode + ", state=" + state);
+ // loginUser = thirdAppDingtalkService.oauth2Login(authCode);
+ // if (loginUser == null) {
+ // return "鐧诲綍澶辫触";
+ // }
+ // } else {
+ // return "涓嶆敮鎸佺殑source";
+ // }
+ // try {
+ //
+ // //update-begin-author:taoyan date:2022-6-30 for: 宸ヤ綔娴佸彂閫佹秷鎭� 鐐瑰嚮娑堟伅閾炬帴璺宠浆鍔炵悊椤甸潰
+ // String redirect = "";
+ // if (state.indexOf("?") > 0) {
+ // String[] arr = state.split("\\?");
+ // state = arr[0];
+ // if(arr.length>1){
+ // redirect = arr[1];
+ // }
+ // }
+ //
+ // String token = saveToken(loginUser);
+ // // ============ 鏂板 Shiro 鐧诲綍閫昏緫 ============
+ // JwtToken jwtToken = new JwtToken(token);
+ // SecurityUtils.getSubject().login(jwtToken);
+ // state += "/h5/oauth2-app/login?oauth2LoginToken=" + URLEncoder.encode(token, "UTF-8");
+ // //update-begin---author:wangshuai ---date:20220613 for锛歔issues/I5BOUF]oauth2 閽夐拤鏃犳硶鐧诲綍------------
+ // state += "&thirdType=" + source;
+ // //state += "&thirdType=" + "wechat_enterprise";
+ // if (redirect != null && redirect.length() > 0) {
+ // state += "&" + redirect;
+ // }
+ // //update-end-author:taoyan date:2022-6-30 for: 宸ヤ綔娴佸彂閫佹秷鎭� 鐐瑰嚮娑堟伅閾炬帴璺宠浆鍔炵悊椤甸潰
+ //
+ // //update-end---author:wangshuai ---date:20220613 for锛歔issues/I5BOUF]oauth2 閽夐拤鏃犳硶鐧诲綍------------
+ // log.info("OAuth2鐧诲綍閲嶅畾鍚戝湴鍧�: " + state);
+ // try {
+ // response.sendRedirect(state);
+ // return "ok";
+ // } catch (IOException e) {
+ // e.printStackTrace();
+ // return "閲嶅畾鍚戝け璐�";
+ // }
+ // } catch (UnsupportedEncodingException e) {
+ // e.printStackTrace();
+ // return "瑙g爜澶辫触";
+ // }
+ //}
+ //
+ ///**
+ // * 鏋勯�犱紒涓氬井淇℃巿鏉冩嫆缁濇椂鐨勯敊璇噸瀹氬悜鍦板潃
+ // * 閫傞厤瑙勫垯锛歴tate鍙傛暟闀垮害鈮�128瀛楄妭锛屼繚鐣欏師濮嬩笟鍔″弬鏁帮紝闄勫姞error鏍囪瘑
+ // */
+ //private String buildErrorRedirect(String originalState, String errorCode) {
+ // // 1. 鎷嗗垎鍘熷state涓殑鍩虹璺緞鍜屼笟鍔″弬鏁帮紙閬垮厤鐮村潖鍘熸湁state缁撴瀯锛�
+ // String baseState = originalState;
+ // String businessParams = "";
+ // if (originalState.contains("?")) {
+ // String[] stateParts = originalState.split("\\?", 2); // 鍙媶鍒嗘垚涓ら儴鍒�
+ // baseState = stateParts[0]; // 鍩虹璺緞锛堝https://fastwoke.cn:8087锛�
+ // businessParams = stateParts[1]; // 鍘熷涓氬姟鍙傛暟锛堝redirect=xxx锛�
+ // }
+ //
+ // // 2. 鏋勯�犻敊璇弬鏁帮紙error=xxx锛夛紝骞舵嫾鎺ュ師濮嬩笟鍔″弬鏁�
+ // StringBuilder errorParams = new StringBuilder();
+ // errorParams.append("error=").append(errorCode); // 鏍稿績閿欒鏍囪瘑
+ // if (!businessParams.isEmpty()) {
+ // errorParams.append("&").append(businessParams); // 闄勫姞鍘熷涓氬姟鍙傛暟
+ // }
+ //
+ // // 3. 鎷兼帴瀹屾暣鐨勯噸瀹氬悜鍦板潃锛堟牸寮忥細baseState/h5/oauth2-app/login?errorParams锛�
+ // // 娉ㄦ剰锛氫紒涓氬井淇¤姹傞噸瀹氬悜鍦板潃闇�涓庢巿鏉冮摼鎺ヤ腑鐨剅edirect_uri鍩熷悕涓�鑷�
+ // StringBuilder errorRedirect = new StringBuilder(baseState);
+ // errorRedirect.append("/h5/oauth2-app/login?").append(errorParams);
+ //
+ // // 4. 鏍¢獙state闀垮害锛堜紒涓氬井淇¢檺鍒垛墹128瀛楄妭锛夛紝瓒呴暱鏃舵埅鏂潪鍏抽敭鍙傛暟
+ // String redirectUrl = errorRedirect.toString();
+ // if (redirectUrl.getBytes().length > 128) {
+ // log.warn("閿欒閲嶅畾鍚戝湴鍧�瓒呴暱锛屾埅鏂鐞�: {}", redirectUrl);
+ // // 鍙繚鐣欏熀纭�璺緞鍜宔rror鍙傛暟锛岃垗寮冨叾浠栦笟鍔″弬鏁�
+ // redirectUrl = baseState + "/h5/oauth2-app/login?error=" + errorCode;
+ // }
+ //
+ // log.info("浼佷笟寰俊鎷掔粷鎺堟潈閲嶅畾鍚戝湴鍧�: {}", redirectUrl);
+ // return redirectUrl;
+ //}
+
}
\ No newline at end of file
--
Gitblit v1.9.3