package com.pollex.pam.web.rest;
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.pollex.pam.config.ApplicationProperties;
|
import com.pollex.pam.security.jwt.JWTFilter;
|
import com.pollex.pam.security.jwt.TokenProvider;
|
import com.pollex.pam.security.token.EServiceAuthenticationToken;
|
import com.pollex.pam.security.token.OtpAuthenticationToken;
|
import com.pollex.pam.service.LoginService;
|
import com.pollex.pam.service.OtpWebService;
|
import com.pollex.pam.service.dto.EServiceRequest;
|
import com.pollex.pam.service.dto.EServiceResponse;
|
import com.pollex.pam.service.dto.OtpResponseDTO;
|
import com.pollex.pam.web.rest.vm.OtpAccount;
|
import org.apache.http.conn.ssl.NoopHostnameVerifier;
|
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.ssl.SSLContexts;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.http.*;
|
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
import org.springframework.http.converter.HttpMessageConverter;
|
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.client.RestTemplate;
|
import tw.com.softleader.otp.ws.OtpWebServicePortBindingStub;
|
|
import javax.net.ssl.SSLContext;
|
import javax.xml.rpc.ServiceException;
|
import java.rmi.RemoteException;
|
import java.security.KeyManagementException;
|
import java.security.KeyStoreException;
|
import java.security.NoSuchAlgorithmException;
|
import java.security.cert.X509Certificate;
|
import java.util.ArrayList;
|
import java.util.Collections;
|
import java.util.List;
|
|
|
// todo,僅為初期接login方便使用而用get的方式登入,目前已拆出OtpResource與EServiceResource,主要是用這兩個做登入
|
@Deprecated
|
@RestController
|
@RequestMapping("/api/testLogin")
|
public class TestLoginResource {
|
|
private final static Logger log = LoggerFactory.getLogger(TestLoginResource.class);
|
|
@Autowired
|
LoginService loginService;
|
|
@Autowired
|
ApplicationProperties applicationProperty;
|
|
@Autowired
|
OtpWebService otpWebService;
|
|
@Autowired
|
AuthenticationManagerBuilder authenticationManagerBuilder;
|
|
@Autowired
|
TokenProvider tokenProvider;
|
|
@GetMapping("/bySMS")
|
public ResponseEntity<OtpResponseDTO> sendOtpBySMS(@RequestParam("phone") String phone) throws ServiceException, RemoteException {
|
final OtpResponseDTO otpResponseDTO = otpWebService.sendByPhone(phone);
|
return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK);
|
}
|
|
@GetMapping("/byEmail")
|
public ResponseEntity<OtpResponseDTO> sendOtpByEmail(@RequestParam("email") String email) throws RemoteException, ServiceException {
|
final OtpResponseDTO otpResponseDTO = otpWebService.sendByEmail(email);
|
return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK);
|
}
|
|
@GetMapping("/verifyOtp")
|
public ResponseEntity<OtpResponseDTO> verifyOtp(@RequestParam("account") String account, @RequestParam("indexKey") String indexKey, @RequestParam("otpCode") String otpCode) throws ServiceException, RemoteException {
|
OtpWebServicePortBindingStub stub = otpWebService.getOtpWebServicePortBindingStub();
|
log.info("call OtpService verifyOTP, systemType = {}, service password = {}, indexKey = {}, paxxword = {}",
|
applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), indexKey, otpCode);
|
|
String[] result =
|
stub.verifyOtp(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), indexKey, otpCode);
|
|
return new ResponseEntity<>(new OtpResponseDTO(result), HttpStatus.OK);
|
}
|
|
@GetMapping("/byEService")
|
public ResponseEntity<EServiceResponse> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
|
EServiceRequest dto = new EServiceRequest();
|
dto.setFunc("ValidateUserLogin");
|
dto.setId(account);
|
dto.setPin(password);
|
dto.setPwd(password);
|
dto.setSys("epos");
|
|
String dtoJson = new ObjectMapper().writeValueAsString(dto);
|
|
RestTemplate restTemplate = getTrustAllRestTemplate();
|
settingMessageConvertesToSpecifyType(restTemplate, MediaType.ALL);
|
|
HttpHeaders headers = new HttpHeaders();
|
headers.setContentType(MediaType.APPLICATION_JSON);
|
|
HttpEntity<String> entity = new HttpEntity<>(dtoJson, headers);
|
return restTemplate.exchange(applicationProperty.geteServiceLoginUrl(), HttpMethod.POST, entity, EServiceResponse.class);
|
}
|
|
private void settingMessageConvertesToSpecifyType(RestTemplate restTemplate, MediaType mediaType) {
|
List<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
|
MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
|
converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
|
messageConverters.add(converter);
|
restTemplate.setMessageConverters(messageConverters);
|
}
|
|
private RestTemplate getTrustAllRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
|
SSLContext sslContext = SSLContexts.custom()
|
.loadTrustMaterial(null, (X509Certificate[] x509Certs, String s) -> true)
|
.build();
|
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
|
CloseableHttpClient httpClient = HttpClients.custom()
|
.setSSLSocketFactory(csf)
|
.build();
|
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
|
requestFactory.setHttpClient(httpClient);
|
requestFactory.setConnectTimeout(300000);
|
requestFactory.setReadTimeout(300000);
|
return new RestTemplate(requestFactory);
|
}
|
}
|
