pcalife/PAM.git - dev.pollex.com.tw

[update] 因EService回覆content-type為空，導致轉換錯誤，現已修正，順便設定log儲存的位置

wayne

2021-11-23 14201c5bc86b6ed1a97fcb5d61fabd04c9a8a68b

[update] 因EService回覆content-type為空，導致轉換錯誤，現已修正，順便設定log儲存的位置

修改4個檔案

	pamapi/src/main/java/com/pollex/pam/security/provider/EServiceAuthenticationProvider.java	16 ●●●●● 修補檔 \| 檢視 \| 原始 \| 究查 \| 歷程
	pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java	75 ●●●●● 修補檔 \| 檢視 \| 原始 \| 究查 \| 歷程
	pamapi/src/main/resources/config/application-sit.yml	2 ●●●●● 修補檔 \| 檢視 \| 原始 \| 究查 \| 歷程
	pamapi/src/main/resources/logback-spring.xml	21 ●●●●● 修補檔 \| 檢視 \| 原始 \| 究查 \| 歷程

 pamapi/src/main/java/com/pollex/pam/security/provider/EServiceAuthenticationProvider.java

@@ -17,6 +17,8 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.*;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -32,10 +34,7 @@
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;

@Component
public class EServiceAuthenticationProvider {
@@ -98,6 +97,7 @@
        String dtoJson = new ObjectMapper().writeValueAsString(dto);

        RestTemplate restTemplate = getTrustAllRestTemplate();
        settingMessageConvertesToSpecifyType(restTemplate, MediaType.ALL);

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_JSON);
@@ -120,4 +120,12 @@
        requestFactory.setReadTimeout(300000);
        return new RestTemplate(requestFactory);
    }

    private void settingMessageConvertesToSpecifyType(RestTemplate restTemplate, MediaType mediaType) {
        List<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
        MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
        converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
        messageConverters.add(converter);
        restTemplate.setMessageConverters(messageConverters);
    }
}

 pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java

@@ -1,5 +1,6 @@
package com.pollex.pam.web.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.pollex.pam.config.ApplicationProperties;
import com.pollex.pam.security.jwt.JWTFilter;
import com.pollex.pam.security.jwt.TokenProvider;
@@ -7,22 +8,39 @@
import com.pollex.pam.security.token.OtpAuthenticationToken;
import com.pollex.pam.service.LoginService;
import com.pollex.pam.service.OtpWebService;
import com.pollex.pam.service.dto.EServiceRequest;
import com.pollex.pam.service.dto.EServiceResponse;
import com.pollex.pam.service.dto.OtpResponseDTO;
import com.pollex.pam.web.rest.vm.OtpAccount;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.*;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;
import tw.com.softleader.otp.ws.OtpWebServicePortBindingStub;

import javax.net.ssl.SSLContext;
import javax.xml.rpc.ServiceException;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;


// todo，僅為初期接login方便使用而用get的方式登入，目前已拆出OtpResource與EServiceResource，主要是用這兩個做登入
@@ -73,17 +91,46 @@
    }

    @GetMapping("/byEService")
    public ResponseEntity<UserJWTController.JWTToken> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
        EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
            account,
            password
        );
    public ResponseEntity<EServiceResponse> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
        EServiceRequest dto = new EServiceRequest();
        dto.setFunc("ValidateUserLogin");
        dto.setId(account);
        dto.setPin(password);
        dto.setPwd(password);
        dto.setSys("epos");

        Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        String jwt = tokenProvider.createToken(authentication, false);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
        return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
        String dtoJson = new ObjectMapper().writeValueAsString(dto);

        RestTemplate restTemplate = getTrustAllRestTemplate();
        settingMessageConvertesToSpecifyType(restTemplate, MediaType.ALL);

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_JSON);

        HttpEntity<String> entity = new HttpEntity<>(dtoJson, headers);
        return restTemplate.exchange(applicationProperty.geteServiceLoginUrl(), HttpMethod.POST, entity, EServiceResponse.class);
    }

    private void settingMessageConvertesToSpecifyType(RestTemplate restTemplate, MediaType mediaType) {
        List<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
        MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
        converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
        messageConverters.add(converter);
        restTemplate.setMessageConverters(messageConverters);
    }

    private RestTemplate getTrustAllRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = SSLContexts.custom()
            .loadTrustMaterial(null, (X509Certificate[] x509Certs, String s) -> true)
            .build();
        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
        CloseableHttpClient httpClient = HttpClients.custom()
            .setSSLSocketFactory(csf)
            .build();
        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpClient);
        requestFactory.setConnectTimeout(300000);
        requestFactory.setReadTimeout(300000);
        return new RestTemplate(requestFactory);
    }
}

 pamapi/src/main/resources/config/application-sit.yml

@@ -115,4 +115,4 @@
  otp-web-service-url: https://vtwlifeopensyssit.pru.intranet.asia:443/pcalife-otp/ws/otpWebService
  otp-web-service-password: es20!%Pass
  otp-web-service-system-type: epos
  e-service-login-url: https://ssotwsit.eservice.pcalife.com.tw/sso/acctValidate
  e-service-login-url: https://eserviceuat.pcalife.com.tw/sso/chatbotValidate

 pamapi/src/main/resources/logback-spring.xml

@@ -4,6 +4,27 @@
<configuration scan="true">
    <include resource="org/springframework/boot/logging/logback/base.xml"/>

    <property name="logback.dir" value="/appublic/applications/pamapi"/>

    <springProfile name="sit,uat,prod">
        <appender name="logToFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
            <File>${logback.dir}/pamapi_server.log</File>
            <rollingPolicy  class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
                <FileNamePattern>${logback.dir}/log.%d{yyyy-MM-dd}.zip</FileNamePattern>
                <maxHistory>180</maxHistory>
                <totalSizeCap>2GB</totalSizeCap>
            </rollingPolicy>
            <encoder>
                <charset>UTF-8</charset>
                <pattern>%d [%thread] %-5level %logger{36} %line - %msg%n</pattern>
            </encoder>
        </appender>

        <root level="DEBUG">
            <appender-ref ref="logToFile" />
        </root>
    </springProfile>

<!-- The FILE and ASYNC appenders are here as examples for a production configuration -->
<!--
    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">

			@@ -17,6 +17,8 @@
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.http.*;
			import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
			import org.springframework.http.converter.HttpMessageConverter;
			import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
			import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
			import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			import org.springframework.security.core.Authentication;
			@@ -32,10 +34,7 @@
			import java.security.KeyStoreException;
			import java.security.NoSuchAlgorithmException;
			import java.security.cert.X509Certificate;
			import java.util.Arrays;
			import java.util.HashMap;
			import java.util.List;
			import java.util.Map;
			import java.util.*;

			@Component
			public class EServiceAuthenticationProvider {
			@@ -98,6 +97,7 @@
			String dtoJson = new ObjectMapper().writeValueAsString(dto);

			RestTemplate restTemplate = getTrustAllRestTemplate();
			settingMessageConvertesToSpecifyType(restTemplate, MediaType.ALL);

			HttpHeaders headers = new HttpHeaders();
			headers.setContentType(MediaType.APPLICATION_JSON);
			@@ -120,4 +120,12 @@
			requestFactory.setReadTimeout(300000);
			return new RestTemplate(requestFactory);
			}

			private void settingMessageConvertesToSpecifyType(RestTemplate restTemplate, MediaType mediaType) {
			List<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
			MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
			converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
			messageConverters.add(converter);
			restTemplate.setMessageConverters(messageConverters);
			}
			}

			@@ -1,5 +1,6 @@
			package com.pollex.pam.web.rest;

			import com.fasterxml.jackson.databind.ObjectMapper;
			import com.pollex.pam.config.ApplicationProperties;
			import com.pollex.pam.security.jwt.JWTFilter;
			import com.pollex.pam.security.jwt.TokenProvider;
			@@ -7,22 +8,39 @@
			import com.pollex.pam.security.token.OtpAuthenticationToken;
			import com.pollex.pam.service.LoginService;
			import com.pollex.pam.service.OtpWebService;
			import com.pollex.pam.service.dto.EServiceRequest;
			import com.pollex.pam.service.dto.EServiceResponse;
			import com.pollex.pam.service.dto.OtpResponseDTO;
			import com.pollex.pam.web.rest.vm.OtpAccount;
			import org.apache.http.conn.ssl.NoopHostnameVerifier;
			import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
			import org.apache.http.impl.client.CloseableHttpClient;
			import org.apache.http.impl.client.HttpClients;
			import org.apache.http.ssl.SSLContexts;
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.http.HttpHeaders;
			import org.springframework.http.HttpStatus;
			import org.springframework.http.ResponseEntity;
			import org.springframework.http.*;
			import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
			import org.springframework.http.converter.HttpMessageConverter;
			import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.core.Authentication;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.web.bind.annotation.*;
			import org.springframework.web.client.RestTemplate;
			import tw.com.softleader.otp.ws.OtpWebServicePortBindingStub;

			import javax.net.ssl.SSLContext;
			import javax.xml.rpc.ServiceException;
			import java.rmi.RemoteException;
			import java.security.KeyManagementException;
			import java.security.KeyStoreException;
			import java.security.NoSuchAlgorithmException;
			import java.security.cert.X509Certificate;
			import java.util.ArrayList;
			import java.util.Collections;
			import java.util.List;


			// todo，僅為初期接login方便使用而用get的方式登入，目前已拆出OtpResource與EServiceResource，主要是用這兩個做登入
			@@ -73,17 +91,46 @@
			}

			@GetMapping("/byEService")
			public ResponseEntity<UserJWTController.JWTToken> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
			EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
			account,
			password
			);
			public ResponseEntity<EServiceResponse> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
			EServiceRequest dto = new EServiceRequest();
			dto.setFunc("ValidateUserLogin");
			dto.setId(account);
			dto.setPin(password);
			dto.setPwd(password);
			dto.setSys("epos");

			Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
			SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			String jwt = tokenProvider.createToken(authentication, false);
			HttpHeaders httpHeaders = new HttpHeaders();
			httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
			return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
			String dtoJson = new ObjectMapper().writeValueAsString(dto);

			RestTemplate restTemplate = getTrustAllRestTemplate();
			settingMessageConvertesToSpecifyType(restTemplate, MediaType.ALL);

			HttpHeaders headers = new HttpHeaders();
			headers.setContentType(MediaType.APPLICATION_JSON);

			HttpEntity<String> entity = new HttpEntity<>(dtoJson, headers);
			return restTemplate.exchange(applicationProperty.geteServiceLoginUrl(), HttpMethod.POST, entity, EServiceResponse.class);
			}

			private void settingMessageConvertesToSpecifyType(RestTemplate restTemplate, MediaType mediaType) {
			List<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
			MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
			converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
			messageConverters.add(converter);
			restTemplate.setMessageConverters(messageConverters);
			}

			private RestTemplate getTrustAllRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
			SSLContext sslContext = SSLContexts.custom()
			.loadTrustMaterial(null, (X509Certificate[] x509Certs, String s) -> true)
			.build();
			SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
			CloseableHttpClient httpClient = HttpClients.custom()
			.setSSLSocketFactory(csf)
			.build();
			HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
			requestFactory.setHttpClient(httpClient);
			requestFactory.setConnectTimeout(300000);
			requestFactory.setReadTimeout(300000);
			return new RestTemplate(requestFactory);
			}
			}

			@@ -115,4 +115,4 @@
			otp-web-service-url: https://vtwlifeopensyssit.pru.intranet.asia:443/pcalife-otp/ws/otpWebService
			otp-web-service-password: es20!%Pass
			otp-web-service-system-type: epos
			e-service-login-url: https://ssotwsit.eservice.pcalife.com.tw/sso/acctValidate
			e-service-login-url: https://eserviceuat.pcalife.com.tw/sso/chatbotValidate

			@@ -4,6 +4,27 @@
			<configuration scan="true">
			<include resource="org/springframework/boot/logging/logback/base.xml"/>

			<property name="logback.dir" value="/appublic/applications/pamapi"/>

			<springProfile name="sit,uat,prod">
			<appender name="logToFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
			<File>${logback.dir}/pamapi_server.log</File>
			<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
			<FileNamePattern>${logback.dir}/log.%d{yyyy-MM-dd}.zip</FileNamePattern>
			<maxHistory>180</maxHistory>
			<totalSizeCap>2GB</totalSizeCap>
			</rollingPolicy>
			<encoder>
			<charset>UTF-8</charset>
			<pattern>%d [%thread] %-5level %logger{36} %line - %msg%n</pattern>
			</encoder>
			</appender>

			<root level="DEBUG">
			<appender-ref ref="logToFile" />
			</root>
			</springProfile>

			<!-- The FILE and ASYNC appenders are here as examples for a production configuration -->
			<!--
			<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">