深圳地铁新增oauth单点功能

src/main/java/com/keymobile/login/LoginApplication.java

@@ -13,7 +13,7 @@ import org.springframework.context.annotation.ComponentScan;
 public class LoginApplication {
 
     public static void main(String[] args) {
-        System.setProperty("org.apache.commons.ssl.trustStorePassword", "123456");
+        System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
         SpringApplication.run(LoginApplication.class, args);
     }
 

src/main/java/com/keymobile/login/api/Constants.java

@@ -8,8 +8,8 @@ public class Constants {
     public static final String Session_Roles = "roles";
     public static final String Session_Lang = "lang";
     public static final String JWT_ACCESS_TOKEN = "access_token";
-    public static final String JWT_TOKEN_TYPE = "Bearer";
-    public static final String JWT_ID_TOKEN = "id_token";
+    public static final String JWT_REFRESH_TOKEN = "refresh_token";
+//    public static final String JWT_ID_TOKEN = "id_token";
     public static final String JWT_EXPIRES_IN = "expires_in";
 
     public static final String OAUTH_AUTHORIZE_CODE_PARAM = "code";

src/main/java/com/keymobile/login/api/LoginManagement.java

@@ -6,9 +6,11 @@ import com.auth0.jwt.interfaces.DecodedJWT;
 import com.keymobile.auth.common.security.CustomizedUserDetailService;
 import com.keymobile.login.oauth2.Oauth2Properties;
 import com.keymobile.login.service.AuthService;
+import com.keymobile.login.util.Utils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.configurationprocessor.json.JSONObject;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -69,9 +71,7 @@ public class LoginManagement {
         HttpSession session = request.getSession();
         Object lang = session.getAttribute(Constants.Session_Lang);
         Object access_token = session.getAttribute("access_token");
-        Object id_token = session.getAttribute("id_token");
         rs.put("access_token", access_token);
-        rs.put("id_token", id_token);
         rs.put(Constants.Session_Lang, lang != null ? lang.toString() : "cn");
         return rs;
     }
@@ -90,7 +90,7 @@ public class LoginManagement {
     @GetMapping("/oauth/login")
     public void login(HttpServletResponse response) throws IOException {
         String successAuthorizeUri = getAuthorizeFullUri();
-        log.info("adfsLoginUri is {}", successAuthorizeUri);
+        log.info("OauthLoginUri is {}", successAuthorizeUri);
         response.sendRedirect(successAuthorizeUri);
 //        return successAuthorizeUri;
     }
@@ -100,35 +100,32 @@ public class LoginManagement {
         String clientId = oauth2Properties.getClientId();
         String redirectUri = oauth2Properties.getPostLoginRedirectUri();
         String response_type = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE;
-        String response_mode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE;
         String state = Constants.OAUTH_AUTHORIZE_STATE;
-        String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s",
-                authorizeUri, clientId, redirectUri, response_type, state, response_mode);
+        String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s",
+                authorizeUri, clientId, redirectUri, response_type, state);
         return authorizeFullUri;
     }
 
 
     @GetMapping("/oauth/logout")
-    public String logout(HttpServletRequest request){
+    public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException {
         String loginOutUri = oauth2Properties.getAuthorizationLoginOutUri();
         HttpSession session = request.getSession();
-        String id_token = "";
-        if (session != null) {
-            id_token = (String)session.getAttribute(Constants.JWT_ID_TOKEN);
-            id_token = id_token == null ? "" : id_token;
-        }
-        String postLogoutRedirectUri = oauth2Properties.getPostLogoutRedirectUri();
-        String adfsLoginOutUri = String.format("%s?client_id=%s&id_token_hint=%s&post_logout_redirect_uri=%s",
-                loginOutUri, oauth2Properties.getClientId(), id_token, postLogoutRedirectUri);
-        log.info("adfsLoginOutUri url is {}", adfsLoginOutUri);
-        return adfsLoginOutUri;
+
+        String authorizeUri = oauth2Properties.getAuthorizationLoginOutUri();
+        String clientId = oauth2Properties.getClientId();
+        String redirectUri = oauth2Properties.getPostLogoutRedirectUri();
+        String oauthLoginOutUri = String.format("%s?redirctToUrl=%s&redirectToLogin=true&entityId=%s",
+                authorizeUri, redirectUri, clientId);
+        log.info("OauthLoginOutUri url is {}", oauthLoginOutUri);
+        response.sendRedirect(oauthLoginOutUri);
     }
 
-    @RequestMapping("/login")
+    @RequestMapping("/ssologin")
     public void login(HttpServletRequest request, HttpServletResponse response) throws IOException {
         String code = request.getParameter(Constants.OAUTH_AUTHORIZE_CODE_PARAM);
         String state = request.getParameter(Constants.OAUTH_AUTHORIZE_STATE_PARAM);
-        log.info("adfs回调携带参数----- code {} , state {} ", code, state);
+        log.info("Oauth回调携带参数----- code {} , state {} ", code, state);
         Map<String, String> userDetailByTokenInfo = getUserDetailByTokenInfo(code, state, request);
         List<Map<String, Object>> matchUser = authService.getUserByName(userDetailByTokenInfo.get("unique_name"));
         if (null == matchUser || matchUser.isEmpty()) {
@@ -159,26 +156,32 @@ public class LoginManagement {
                 map.add("redirect_uri", oauth2Properties.getPostLoginRedirectUri());
                 map.add("grant_type", Constants.OAUTH_AUTHORIZE_GRANT_TYPE);
 
-                log.info("adfs 获取token的url is {}, 参数为 {}", oauth2Properties.getAccessTokenUri(), map);
-                Map<String, String> resp = restTemplate.postForObject(oauth2Properties.getAccessTokenUri(), map, Map.class);
+                log.info("Oauth 获取token的url is {}, 参数为 {}", oauth2Properties.getAccessTokenUri(), map);
+//                Map<String, String> resp = restTemplate.postForObject(oauth2Properties.getAccessTokenUri(), map, Map.class);
+                String getTokenUri = String.format("%s?client_id=%s&grant_type=%s&code=%s&client_secret=%s",
+                        oauth2Properties.getAccessTokenUri(), oauth2Properties.getClientId(), Constants.OAUTH_AUTHORIZE_GRANT_TYPE, code, oauth2Properties.getClientSecret());
+                String resp = Utils.doHttpsPost(getTokenUri,null);
+                JSONObject jo = new JSONObject(resp);
+                log.info("Oauth 获取token的信息 is {}", resp);
 
-                Object access_token = resp.get("access_token");
-                Object id_token = resp.get("id_token");
-                Object expires_in = resp.get("expires_in");
-                Object token_type = resp.get("token_tpye");
                 HttpSession session = request.getSession();
-                session.setAttribute(Constants.JWT_ACCESS_TOKEN, access_token);
-                session.setAttribute(Constants.JWT_ID_TOKEN, id_token);
-                session.setAttribute(Constants.JWT_EXPIRES_IN, expires_in);
-                session.setAttribute(Constants.JWT_TOKEN_TYPE, token_type);
-
-                log.info("从 adfs中获取到的 access_token is {}", access_token);
-                log.info("从 adfs中获取到的 id_token is {}", id_token);
-                return exactUserInfoFromToken((String)id_token);
-            }
-            throw new RuntimeException("adfs获取token的参数code或者state为空！");
+                session.setAttribute(Constants.JWT_ACCESS_TOKEN, jo.get("access_token"));
+
+                String getUserInfoUri = String.format("%s?client_id=%s&access_token=%s",
+                        oauth2Properties.getUserInfoUri(), oauth2Properties.getClientId(), jo.get("access_token"));
+                log.info("Oauth 获取认证用户的url is {}", getUserInfoUri);
+                String userInfo = Utils.doHttpsGet(getUserInfoUri,null);
+                log.info("Oauth 获取认证用户的信息 is {}", userInfo);
+                JSONObject userInfoObject = new JSONObject(userInfo);
+                Map<String, String> userDetailByTokenInfo = new HashMap<>();
+                userDetailByTokenInfo.put("given_name",userInfoObject.get("displayName").toString());
+                userDetailByTokenInfo.put("unique_name",userInfoObject.get("loginName").toString());
+                return userDetailByTokenInfo;
+            }
+            throw new RuntimeException("Oauth获取token的参数code或者state为空！");
         } catch (Exception e) {
-            throw new RuntimeException("adfs 获取token 错误！", e);
+            e.printStackTrace();
+            throw new RuntimeException("Oauth 获取token 错误！", e);
         }
     }
 

src/main/java/com/keymobile/login/conf/LogoutProcessHandler.java

@@ -45,11 +45,11 @@ public class LogoutProcessHandler implements LogoutHandler {
     public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
         Map<String, Object> params = new HashMap<>();
         HttpSession session = request.getSession();
-        if (session != null) {
-            String id_token = (String)session.getAttribute(Constants.JWT_ID_TOKEN);
-            if (null != id_token)
-            params.put("id_token_hint", id_token);
-        }
+//        if (session != null) {
+//            String id_token = (String)session.getAttribute(Constants.JWT_ID_TOKEN);
+//            if (null != id_token)
+//            params.put("id_token_hint", id_token);
+//        }
         String adfsLoginOutUri = oauth2Properties.getAuthorizationLoginOutUri();
         params.put("client_id", oauth2Properties.getClientId());
         log.info("loginOutADFS url is {} ", adfsLoginOutUri);

src/main/java/com/keymobile/login/conf/RESTAuthenticationSuccessHandler.java

 package com.keymobile.login.conf;
 
+import com.keymobile.login.logging.LogConstants;
+import com.keymobile.login.logging.LogManager;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -24,6 +26,8 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
         clearAuthenticationAttributes(request);
         String returnStatus = "ok";
         //check if allow root login
+        String log = "登录成功。";
+        LogManager.logInfo(LogConstants.CTX_API, log);
         
         UserDetails userDetails = (UserDetails) authentication.getPrincipal();
         String userNameWithIdAttached = userDetails.getUsername();

src/main/java/com/keymobile/login/conf/RESTLogoutSuccessHandler.java

 package com.keymobile.login.conf;
 
+import com.keymobile.login.logging.LogConstants;
+import com.keymobile.login.logging.LogManager;
 import com.keymobile.login.oauth2.Oauth2Properties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -22,9 +24,11 @@ public class RESTLogoutSuccessHandler implements LogoutSuccessHandler {
     public void onLogoutSuccess(HttpServletRequest request,
                                 HttpServletResponse response, Authentication authentication)
             throws IOException, ServletException {
-        response.sendRedirect(oauth2Properties.getAuthorizeFullUri());
-//        response.setStatus(HttpStatus.OK.value());
-//        response.getWriter().flush();
+//        response.sendRedirect(oauth2Properties.getAuthorizeLogoutUri());
+        String log = "退出成功。";
+        LogManager.logInfo(LogConstants.CTX_API, log);
+        response.setStatus(HttpStatus.OK.value());
+        response.getWriter().flush();
     }
 
 }

src/main/java/com/keymobile/login/conf/SecurityConfig.java

@@ -55,7 +55,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 //        http.authorizeRequests().anyRequest().authenticated();
         http
                 .authorizeRequests()
-                .antMatchers("/login", "/error", "/signin", "/signout", "/oauth/**").permitAll()
+                .antMatchers("/login", "/ssologin", "/error", "/signin", "/signout", "/oauth/**").permitAll()
                 .anyRequest().authenticated();
 
         http.csrf().disable();

src/main/java/com/keymobile/login/logging/LogConstants.java

 package com.keymobile.login.logging;
 
 public interface LogConstants {
+    public static final String CTX_API = "sso.API";
 
 }

src/main/java/com/keymobile/login/oauth2/AccessTokenInterceptor.java

@@ -83,12 +83,12 @@ public class AccessTokenInterceptor implements HandlerInterceptor {
                     Map<String, String> resp = restTemplate.postForObject(oauth2Properties.getAccessTokenUri(), map, Map.class);
 
                     Object access_token = resp.get("access_token");
-                    Object id_token = resp.get("id_token");
+//                    Object id_token = resp.get("id_token");
                     Object expires_in = resp.get("expires_in");
-                    Object token_type = resp.get("token_tpye");
+                    Object refresh_token = resp.get("refresh_token");
 
                     System.out.println("获取到token......" + access_token);
-                    System.out.println("获取到id_token......" + id_token);
+//                    System.out.println("获取到id_token......" + id_token);
 
                     String username = exactUserInfoFromToken((String)access_token);
                     userDetails = userDetailService.loadUserByUsername(username);
@@ -101,9 +101,9 @@ public class AccessTokenInterceptor implements HandlerInterceptor {
                     SecurityContextHolder.getContext().setAuthentication(authentication);
                     HttpSession session = request.getSession(true);
                     session.setAttribute(Constants.JWT_ACCESS_TOKEN, access_token);
-                    session.setAttribute(Constants.JWT_ID_TOKEN, id_token);
+//                    session.setAttribute(Constants.JWT_ID_TOKEN, id_token);
                     session.setAttribute(Constants.JWT_EXPIRES_IN, expires_in);
-                    session.setAttribute(Constants.JWT_TOKEN_TYPE, token_type);
+                    session.setAttribute(Constants.JWT_REFRESH_TOKEN, refresh_token);
                     session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
                 }
             }

src/main/java/com/keymobile/login/oauth2/Oauth2Properties.java

@@ -23,6 +23,8 @@ public class Oauth2Properties {
 
     private String accessTokenUri;
 
+    private String userInfoUri;
+
     private String authorizationLoginOutUri;
 
     public void setPostLogoutRedirectUri(String postLogoutRedirectUri) {
@@ -97,16 +99,21 @@ public class Oauth2Properties {
         this.userAuthorizationUri = userAuthorizationUri;
     }
 
-    public String getAuthorizeFullUri() {
-        String authorizeUri = getUserAuthorizationUri();
+    public String getUserInfoUri() {
+        return userInfoUri;
+    }
+
+    public void setUserInfoUri(String userInfoUri) {
+        this.userInfoUri = userInfoUri;
+    }
+
+    public String getAuthorizeLogoutUri() {
+        String authorizeUri = getAuthorizationLoginOutUri();
         String clientId = getClientId();
-        String redirectUri = getPostLoginRedirectUri();
-        String response_type = Constants.OAUTH_AUTHORIZE_RESPONSE_TYPE;
-        String response_mode = Constants.OAUTH_AUTHORIZE_RESPONSE_MODE;
-        String state = Constants.OAUTH_AUTHORIZE_STATE;
-        String authorizeFullUri = String.format("%s?client_id=%s&redirect_uri=%s&response_type=%s&state=%s&response_model=%s",
-                authorizeUri, clientId, redirectUri, response_type, state, response_mode);
-        return authorizeFullUri;
+        String redirectUri = getPostLogoutRedirectUri();
+        String logoutUri = String.format("%s?redirctToUrl=%s&redirectToLogin=true&entityId=%s",
+                authorizeUri, redirectUri, clientId);
+        return logoutUri;
     }
 
 }

src/main/java/com/keymobile/login/util/Utils.java

+package com.keymobile.login.util;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.ssl.SSLContexts;
+import org.apache.http.util.EntityUtils;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.*;
+import java.util.Map.Entry;
+
+public class Utils {
+
+    public static String doHttpsPost(String url, Map<String, Object> paramMap) {
+        CloseableHttpClient httpClient = null;
+        CloseableHttpResponse httpResponse = null;
+        String result = "";
+//        httpClient = HttpClients.createDefault();
+        try {
+            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
+                    SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),
+                    NoopHostnameVerifier.INSTANCE
+            );
+
+            httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
+        }catch (Exception e){
+            e.printStackTrace();
+        }
+
+        HttpPost httpPost = new HttpPost(url);
+        RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(10000)// 设置连接主机服务超时时间
+                .setConnectionRequestTimeout(10000)// 设置连接请求超时时间
+                .setSocketTimeout(20000)// 设置读取数据连接超时时间
+                .build();
+        httpPost.setConfig(requestConfig);
+        httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded;charset=gbk");
+        if (null != paramMap && paramMap.size() > 0) {
+            List<NameValuePair> nvps = new ArrayList<NameValuePair>();
+            Set<Entry<String, Object>> entrySet = paramMap.entrySet();
+            Iterator<Entry<String, Object>> iterator = entrySet.iterator();
+            while (iterator.hasNext()) {
+                Entry<String, Object> mapEntry = iterator.next();
+                nvps.add(new BasicNameValuePair(mapEntry.getKey(), mapEntry.getValue().toString()));
+            }
+            try {
+                httpPost.setEntity(new UrlEncodedFormEntity(nvps, "GBK"));
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+            }
+        }
+        try {
+            httpResponse = httpClient.execute(httpPost);
+            HttpEntity entity = httpResponse.getEntity();
+            result = EntityUtils.toString(entity);
+        } catch (ClientProtocolException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        } finally {
+            if (null != httpResponse) {
+                try {
+                    httpResponse.close();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+            if (null != httpClient) {
+                try {
+                    httpClient.close();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        return result;
+    }
+
+    public static String doHttpsGet(String url, Map<String, Object> paramMap) {
+        CloseableHttpClient httpClient = null;
+        CloseableHttpResponse httpResponse = null;
+        String result = "";
+//        httpClient = HttpClients.createDefault();
+        try {
+            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
+                    SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),
+                    NoopHostnameVerifier.INSTANCE
+            );
+
+            httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
+        }catch (Exception e){
+            e.printStackTrace();
+        }
+
+        HttpGet httpget = new HttpGet(url);
+        RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(10000)// 设置连接主机服务超时时间
+                .setConnectionRequestTimeout(10000)// 设置连接请求超时时间
+                .setSocketTimeout(20000)// 设置读取数据连接超时时间
+                .build();
+        httpget.setConfig(requestConfig);
+        httpget.addHeader("Content-Type", "application/x-www-form-urlencoded;charset=gbk");
+//        if (null != paramMap && paramMap.size() > 0) {
+//            List<NameValuePair> nvps = new ArrayList<NameValuePair>();
+//            Set<Entry<String, Object>> entrySet = paramMap.entrySet();
+//            Iterator<Entry<String, Object>> iterator = entrySet.iterator();
+//            while (iterator.hasNext()) {
+//                Entry<String, Object> mapEntry = iterator.next();
+//                nvps.add(new BasicNameValuePair(mapEntry.getKey(), mapEntry.getValue().toString()));
+//            }
+//            try {
+//                httpget.setEntity(new UrlEncodedFormEntity(nvps, "GBK"));
+//            } catch (UnsupportedEncodingException e) {
+//                e.printStackTrace();
+//            }
+//        }
+        try {
+            httpResponse = httpClient.execute(httpget);
+            HttpEntity entity = httpResponse.getEntity();
+            result = EntityUtils.toString(entity);
+        } catch (ClientProtocolException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        } finally {
+            if (null != httpResponse) {
+                try {
+                    httpResponse.close();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+            if (null != httpClient) {
+                try {
+                    httpClient.close();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        return result;
+    }
+
+}

src/main/resources/application-local.yml

 server:
-  port: 8082
-#  ssl:
-#    key-store: classpath:javaboy.p12
-#    key-alias: tomcathttps
-#    key-store-password: 123456
-#  context-path: auth
+  port: 8764
 
 spring:
-  application:
-    name: auth
   session:
     store-type: redis
     redis:
-      namespace: szse
+      namespace: prod
   redis:
-    host: localhost
+    host: 10.37.54.154
     port: 6379
-    #password: dataSharing
+    password: iszmc
   datasource:
-    url: jdbc:mysql://localhost:3306/p0?autoReconnect=true&useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai
-    username: root
-    password: dataSharing
-    driver-class-name: com.mysql.cj.jdbc.Driver
+    driver-class-name: com.mysql.jdbc.Driver
+    url: jdbc:mysql://10.37.54.155:3306/iszmcdb?autoReconnect=true
+    username: iszmc
+    password: iszmc@2022DB
   servlet:
     multipart:
       max-file-size: 100Mb
       max-request-size: 100Mb
 
+ribbon:
+  ReadTimeout: 60000
+  ConnectTimeout: 60000
+  OkToRetryOnAllOperations: true
+  MaxAutoRetries: 3
+
+
+
 eureka:
   client:
     registerWithEureka: true
     region: default
     registryFetchIntervalSeconds: 5
     serviceUrl:
-      defaultZone: http://localhost:8081/eureka/
+      defaultZone: http://10.37.54.154:8081/eureka/
     enabled: true
 
 redirect-url:
   system-management: http://localhost:8764/swagger-ui.html
 
-#80600793 H?hVm0jn
-#80600745 Wenhua@015
-
-#security:
-#  oauth2:
-#    client:
-#      client-id: javaboy
-#      client-secret: 123
-#      access-token-uri: http://localhost:1111/oauth/token     #获取token地址
-#      user-authorization-uri: http://localhost:1111/oauth/authorize  #认证地址
-#      redirect-uri: http://localhost:8089/api/auth/login #系统首页登录地址
-#      authorization-success-redirect-uri: http://localhost:8089/center-home/menu/index #认证成功后跳转地址
-#      authorization-login-out-uri: http://localhost:1111/signout
-
-#security:
-#  oauth2:
-#    client:
-#      pre-established-redirect-uri: http://localhost:8082/login
-#      registered-redirect-uri: http://localhost:8082/login
-#      use-current-uri: false
-#      client-id: cfe5edd2-c5cb-422b-86e3-adf50d42d9e6
-#      client-secret:
-#      access-token-uri: https://adfsforms.mindray.com/adfs/oauth2/token            #获取token地址
-#      user-authorization-uri: https://adfsforms.mindray.com/adfs/oauth2/authorize  #认证地址
-#    resource:
-#      user-info-uri: https://adfsforms.mindray.com/adfs/oauth2/token    #获取当前用户信息地址
 
 security:
+  authUser: root
+  authPwd: pwd
+  permit: true
+  allowRootLogin: true
   oauth2:
     client:
-      client-id: cfe5edd2-c5cb-422b-86e3-adf50d42d9e6
-      client-secret:
-      access-token-uri: https://adfsforms.mindray.com/adfs/oauth2/token     #获取token地址
-      user-authorization-uri: https://adfsforms.mindray.com/adfs/oauth2/authorize   #认证地址
-      authorization-success-redirect-uri: http://localhost:8089/center-home/menu/index #认证成功后跳转地址
-      authorization-login-out-uri: https://adfsforms.mindray.com/adfs/oauth2/logout
-      post-login-redirect-uri: http://localhost:8089/api/auth/login #adfs登录后回调系统的登录接口
-      post-logout-redirect_uri: http://localhost:8089/api/auth/signout #adfs退出后回调系统的注销接口
+      client-id: sjzcmugl
+      client-secret: 2f7bd6ba00c54e61bcef7c694c1d4de1
+      user-authorization-uri: https://idmuat.szmc.com.cn/idp/oauth2/authorize   #认证地址
+      access-token-uri: https://idmuat.szmc.com.cn/idp/oauth2/getToken     #获取token地址
+      user-info-uri: https://idmuat.szmc.com.cn/idp/oauth2/getUserInfo     #获取认证用户地址
+      authorization-login-out-uri: https://idmuat.szmc.com.cn/idp/profile/OAUTH2/Redirect/GLO
+      authorization-success-redirect-uri: http://10.37.54.154:8080/center-home/menu/index #认证成功后跳转地址
+      post-login-redirect-uri: http://10.37.54.154:8080/api/auth/ssologin #登录后回调系统的登录接口
+      post-logout-redirect_uri: http://10.37.54.154:8080/center-home/view/login #退出后回调系统的注销接口
+
 feign:
   authUser: root
   authPwd: pwd
+  client:
+    config:
+      default:
+        connectTimeout: 60000
+        ReadTimeout: 60000
+
 
 
 

src/main/resources/logback-custom.xml

@@ -2,6 +2,7 @@
 <configuration>
     <springProperty name="spring.redis.host" source="spring.redis.host"/>
     <springProperty name="spring.redis.port" source="spring.redis.port"/>
+    <springProperty name="spring.redis.password" source="spring.redis.password"/>
 
     <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
         <encoder>
@@ -12,10 +13,19 @@
     <appender name="logstash" class="com.cwbase.logback.RedisAppender">
         <host>${spring.redis.host}</host>
         <port>${spring.redis.port}</port>
+        <password>${spring.redis.password}</password>
         <key>logstash</key>
+        <additionalField>
+            <key>user</key>
+            <value>@{user}</value>
+        </additionalField>
+        <additionalField>
+            <key>session</key>
+            <value>@{session}</value>
+        </additionalField>
     </appender>
 
-    <logger name="dataModeler.AUDIT">
+    <logger name="sso.API">
         <appender-ref ref="logstash" />
     </logger>