fix：整体优化单点认证逻辑

zkqy-common/src/main/java/com/zkqy/common/enums/sso/ErrorCodeEnum.java

@@ -13,7 +13,8 @@ public enum  ErrorCodeEnum {
     ,EXPIRED_TOKEN("expired_token","请求的Access Token或Refresh Token已过期。")
     ,REDIRECT_URI_MISMATCH("redirect_uri_mismatch","请求的redirect_uri所在的域名与开发者注册应用时所填写的域名不匹配。")
     ,INVALID_REDIRECT_URI("invalid_redirect_uri","请求的回调URL不在白名单中。")
-    ,UNKNOWN_ERROR("unknown_error","程序发生未知异常，请联系管理员解决。");
+    ,UNKNOWN_ERROR("unknown_error","程序发生未知异常，请联系管理员解决。")
+    ,ACCESS_ERROR("access_error","token无效");
 
     /**
      * 错误码

zkqy-framework/src/main/java/com/zkqy/framework/config/SecurityConfig.java

@@ -113,7 +113,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                 .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
                 // 单点授权
-                .antMatchers("/oauth2/**", "/Oauth2Login/**","/oauth/callback","/authorize").permitAll()
+                .antMatchers("/oauth2/**", "/Oauth2Login/**", "/oauth/callback", "/authorize").permitAll()
 
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()

zkqy-framework/src/main/java/com/zkqy/framework/sso_oauth2/controller/OauthController.java

@@ -8,6 +8,7 @@ import com.zkqy.common.enums.sso.ErrorCodeEnum;
 import com.zkqy.common.enums.sso.ExpireEnum;
 import com.zkqy.common.enums.sso.GrantTypeEnum;
 import com.zkqy.common.utils.StringUtils;
+import com.zkqy.common.utils.sso.Constants;
 import com.zkqy.common.utils.sso.DateUtils;
 import com.zkqy.framework.security.context.AuthenticationContextHolder;
 import com.zkqy.system.domain.sso.AuthAccessToken;
@@ -59,7 +60,7 @@ public class OauthController {
     private String REDIRECT_URL;
 
     /**
-     * 获取Authorization Code
+     * 获取Authorization Code 系统登录使用
      */
     @PostMapping("/authorize")
     @ResponseBody
@@ -72,9 +73,8 @@ public class OauthController {
         String verifyKey =
                 CacheConstants.CAPTCHA_CODE_KEY + StringUtils.nvl(uuid, "");
         String captcha = redisCache.getCacheObject(verifyKey);
-        if (captcha == null || !captcha.equals(code))
-//        if (false)
-        {
+//        if (captcha == null || !captcha.equals(code))
+        if (false) {
             return AjaxResult.warn("验证码错误");
         } else {
             redisCache.deleteObject(verifyKey);
@@ -108,7 +108,7 @@ public class OauthController {
         if (StringUtils.isNoneBlank(status)) {
             params = params + "&status=" + status;
         }
-        // request.getSession().setAttribute(Constants.SESSION_USER, sysUser);
+//        request.getSession().setAttribute(Constants.SESSION_USER, sysUser);
         // 存放redis用户信息数据
         redisCache.setCacheObject(authorizationCode, sysUser);
         return AjaxResult.success(authorizationCode, params);
@@ -122,6 +122,7 @@ public class OauthController {
     public String getAuthorize(HttpServletRequest request) {
         String key = request.getParameter("key");
         String tenantCode = request.getParameter("tenantCode");
+        Object user = request.getParameter(Constants.SESSION_USER);
         if (key != null && !key.isEmpty()) {
             SysUser sysUser = redisService.get(key);
             String clientIdStr = request.getParameter("client_id");
@@ -154,8 +155,6 @@ public class OauthController {
         String clientIdStr = request.getParameter("client_id");
         String clientSecret = request.getParameter("client_secret");
         String redirectUri = request.getParameter("redirect_uri");
-        System.out.println(grantType);
-        System.out.println(GrantTypeEnum.AUTHORIZATION_CODE.getType());
         //校验授权方式
         if (!GrantTypeEnum.AUTHORIZATION_CODE.getType().equals(grantType)) {
             this.generateErrorResponse(result, ErrorCodeEnum.UNSUPPORTED_GRANT_TYPE);
@@ -308,7 +307,7 @@ public class OauthController {
             result.put("user_info", sysUser);
             return result;
         } catch (Exception e) {
-            this.generateErrorResponse(result, ErrorCodeEnum.UNKNOWN_ERROR);
+            this.generateErrorResponse(result, ErrorCodeEnum.ACCESS_ERROR);
             return result;
         }
     }

zkqy-framework/src/main/java/com/zkqy/framework/sso_oauth2/controller/ThirdPartLoginController.java

@@ -103,8 +103,11 @@ public class ThirdPartLoginController {
 
     @ResponseBody
     @GetMapping("/authorize")
-    public AjaxResult authorize() {
-        return AjaxResult.success("认证中心", URL + "/oauth2/authorize?" + "response_type=code" + "&client_id=toolmes" + "&scope=openid" + "&redirect_uri=" + CALLBACK);
+    public AjaxResult authorize(String tenantCode) {
+        if (tenantCode != null) {
+            return AjaxResult.success("认证中心", URL + "/authorize?" + "response_type=code" + "&client_id=toolmes" + "&scope=openid" + "&redirect_uri=" + CALLBACK + "&tenantCode=" + tenantCode);
+        }
+        return AjaxResult.success("认证中心", URL + "/authorize?" + "response_type=code" + "&client_id=toolmes" + "&scope=openid" + "&redirect_uri=" + CALLBACK);
     }
 }
 

zkqy-ui/src/api/login.js

@@ -102,7 +102,7 @@ export function loginBySso(data) {
       isToken: false
     },
     method: 'get',
-    // params: data
+
   })
 }
 
@@ -114,6 +114,7 @@ export function authorize(data) {
       isToken: false
     },
     method: 'get',
+    params: data
   })
 }
 

zkqy-ui/src/views/loading.vue

@@ -135,7 +135,7 @@ export default {
     },
     async authorizeHandler() {
       try {
-        let res = await authorize();
+        let res = await authorize({tenantCode: this.$route.query.tenantCode});
         console.log(res);
         if (res.code == 200) {
           window.location.href = res.data;
@@ -148,8 +148,6 @@ export default {
   },
 
   mounted() {
-    // this.getConfig("kjjt01");
-    // return;
     if (this.$route.query.bWVz) {
       this.initUserInfo();
     }

zkqy-ui/src/views/login.vue

@@ -282,7 +282,7 @@ export default {
             Cookies.remove("rememberMe");
           }
           let form = {
-            uri: "?client_id=mestool&scope=basic&response_type=code&state=AB1357&redirect_uri=http://127.0.0.1:8066/oauth/callback",
+            uri: "?client_id=mestool&scope=basic&response_type=code&state=AB1357&redirect_uri=http://192.168.110.59:8066/oauth/callback",
             ...this.loginForm,
             tenantID: this.tenantId,
           };