From 23f937de7378d94c74e81e6f0ef1d6a1e0f1fa0e Mon Sep 17 00:00:00 2001
From: Tomas <tomasysh@gmail.com>
Date: 星期五, 01 九月 2023 13:37:45 +0800
Subject: [PATCH] Merge branch '滲透' of https://dev.pollex.com.tw:8443/r/pcalife/PAM into 滲透
---
pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java | 126 ++++++++++++++++++++++++++----------------
1 files changed, 78 insertions(+), 48 deletions(-)
diff --git a/pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java b/pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java
index 07691a3..29f0bc6 100644
--- a/pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java
+++ b/pamapi/src/main/java/com/pollex/pam/web/rest/TestLoginResource.java
@@ -1,36 +1,45 @@
package com.pollex.pam.web.rest;
import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.security.jwt.JWTFilter;
import com.pollex.pam.security.jwt.TokenProvider;
-import com.pollex.pam.security.token.EServiceAuthenticationToken;
-import com.pollex.pam.security.token.OtpAuthenticationToken;
-import com.pollex.pam.service.LoginService;
import com.pollex.pam.service.OtpWebService;
-import com.pollex.pam.service.dto.OtpResponseDTO;
-import com.pollex.pam.web.rest.vm.OtpAccount;
+import com.pollex.pam.business.service.dto.EServiceResponse;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
+import org.springframework.http.*;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
-import javax.xml.rpc.ServiceException;
-import java.rmi.RemoteException;
+import javax.net.ssl.SSLContext;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.UUID;
+
+// todo嚗����login�靘蹂蝙��get��撘�嚗��歇��OtpResource��ServiceResource嚗蜓閬�����
+@Deprecated
@RestController
@RequestMapping("/api/testLogin")
public class TestLoginResource {
private final static Logger log = LoggerFactory.getLogger(TestLoginResource.class);
-
- @Autowired
- LoginService loginService;
@Autowired
ApplicationProperties applicationProperty;
@@ -45,45 +54,66 @@
TokenProvider tokenProvider;
@GetMapping("/bySMS")
- public ResponseEntity<OtpResponseDTO> sendOtpBySMS(@RequestParam("phone") String phone) throws ServiceException, RemoteException {
- otpWebService.sendByPhone(phone);
- return new ResponseEntity<>(HttpStatus.OK);
+ public ResponseEntity<OtpResponseDTO> sendOtpBySMS(@RequestParam("phone") String phone) {
+ final OtpResponseDTO otpResponseDTO = otpWebService.sendByPhone(phone);
+ return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK);
}
@GetMapping("/byEmail")
- public ResponseEntity<OtpResponseDTO> sendOtpByEmail(@RequestParam("email") String email) throws RemoteException, ServiceException {
- otpWebService.sendByEmail(email);
- return new ResponseEntity<>(HttpStatus.OK);
+ public ResponseEntity<OtpResponseDTO> sendOtpByEmail(@RequestParam("email") String email) {
+ final OtpResponseDTO otpResponseDTO = otpWebService.sendByEmail(email);
+ return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK);
}
@GetMapping("/verifyOtp")
- public ResponseEntity<UserJWTController.JWTToken> verifyOtp(@RequestParam("account") String account, @RequestParam("indexKey") String indexKey, @RequestParam("otpCode") String otpCode) throws ServiceException, RemoteException {
- OtpAccount otpAccount = new OtpAccount(account, indexKey);
- OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(
- otpAccount,
- otpCode
- );
-
- Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
- SecurityContextHolder.getContext().setAuthentication(authenticationToken);
- String jwt = tokenProvider.createToken(authentication, false);
- HttpHeaders httpHeaders = new HttpHeaders();
- httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
- return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
+ public ResponseEntity<OtpResponseDTO> verifyOtp(@RequestParam("account") String account, @RequestParam("indexKey") String indexKey, @RequestParam("otpCode") String otpCode) {
+ final OtpResponseDTO otpResponseDTO = otpWebService.verifyOTP(indexKey, otpCode);
+ return new ResponseEntity<>(otpResponseDTO, HttpStatus.OK);
}
- @GetMapping("/byEService")
- public ResponseEntity<UserJWTController.JWTToken> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
- EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken(
- account,
- password
- );
+// @GetMapping("/byEService")
+// public ResponseEntity<EServiceResponse> loginByEService(@RequestParam("account") String account, @RequestParam("password") String password) throws Exception {
+// RestTemplate restTemplate = getTrustAllRestTemplate();
+// settingMessageConvertesToSpecifyType(restTemplate, MediaType.ALL);
+//
+// String urlTemplate = UriComponentsBuilder.fromHttpUrl(applicationProperty.geteServiceLoginUrl())
+// .queryParam("func", applicationProperty.geteServiceLoginFunc())
+// .queryParam("id", account)
+// .queryParam("pin", password)
+// .queryParam("pwd", password)
+// .queryParam("sys", applicationProperty.geteServiceLoginSys())
+// .queryParam("transactionId", UUID.randomUUID().toString())
+// .encode().toUriString();
+//
+// log.debug("http get loginByEService, url = {}", urlTemplate);
+//
+// HttpHeaders headers = new HttpHeaders();
+// headers.setContentType(MediaType.APPLICATION_JSON);
+//
+// HttpEntity<String> entity = new HttpEntity<>(headers);
+// return restTemplate.exchange(urlTemplate, HttpMethod.GET, entity, EServiceResponse.class);
+// }
- Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
- SecurityContextHolder.getContext().setAuthentication(authenticationToken);
- String jwt = tokenProvider.createToken(authentication, false);
- HttpHeaders httpHeaders = new HttpHeaders();
- httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt);
- return new ResponseEntity<>(new UserJWTController.JWTToken(jwt), httpHeaders, HttpStatus.OK);
- }
+// private void settingMessageConvertesToSpecifyType(RestTemplate restTemplate, MediaType mediaType) {
+// List<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
+// MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
+// converter.setSupportedMediaTypes(Collections.singletonList(mediaType));
+// messageConverters.add(converter);
+// restTemplate.setMessageConverters(messageConverters);
+// }
+
+// private RestTemplate getTrustAllRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
+// SSLContext sslContext = SSLContexts.custom()
+// .loadTrustMaterial(null, (X509Certificate[] x509Certs, String s) -> true)
+// .build();
+// SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
+// CloseableHttpClient httpClient = HttpClients.custom()
+// .setSSLSocketFactory(csf)
+// .build();
+// HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+// requestFactory.setHttpClient(httpClient);
+// requestFactory.setConnectTimeout(300000);
+// requestFactory.setReadTimeout(300000);
+// return new RestTemplate(requestFactory);
+// }
}
--
Gitblit v1.8.0