micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'feature/SUPPORT-8427_new' into feature/SUPPORT-8474_id_ervu

Browse source
This commit is contained in:
Eduard Tihomirov 2024-09-06 10:37:39 +03:00
commit 3f91857a16
17 changed files with 70 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/src/main/java/ervu/service/fileupload/EmployeeInfoKafkaMessageService.java
View file

@ -32,6 +32,7 @@ public class EmployeeInfoKafkaMessageService {
);
}
//TODO: refactor SUPPORT-8381
private OrgInfo getOrgInfo() {
// OrganizationModel organizationModel = ulDataService.getOrganizationModel();
// return new OrgInfo(

2
backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java
View file

@ -10,6 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import ru.micord.ervu.security.webbpm.jwt.filter.JwtAuthenticationFilter;
import ru.micord.ervu.security.webbpm.jwt.UnauthorizedEntryPoint;
@Configuration
@EnableWebSecurity

23
backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
View file

@ -36,6 +36,15 @@ public class EsiaConfig {
@Value("${esia-uri.logout:#{null}}")
private String logoutUrl;
@Value("${client-cert-hash:#{null}}")
private String clientCertHash;
@Value("${esia.request-timeout:60}")
private long requestTimeout;
@Value("${esia.connection-timeout:30}")
private long connectionTimeout;
public String getEsiaCodeUri() {
return esiaCodePath;
}
@ -44,11 +53,11 @@ public class EsiaConfig {
return esiaTokenPath;
}
public String getEsiaOrgScope() {
public String getEsiaOrgScopes() {
return esiaOrgScopes;
}
public String getEsiaScope() {
public String getEsiaScopes() {
return esiaScopes;
}
@ -71,4 +80,14 @@ public class EsiaConfig {
public String getLogoutUrl() {
return logoutUrl;
}
public String getClientCertHash() {return clientCertHash;}
public long getRequestTimeout() {
return requestTimeout;
}
public long getConnectionTimeout() {
return connectionTimeout;
}
}

2
backend/src/main/java/ru/micord/ervu/security/esia/model/OrgInfoModel.java
View file

@ -1,7 +1,5 @@
package ru.micord.ervu.security.esia.model;
import java.util.Arrays;
import ru.cg.webbpm.modules.webkit.annotations.Model;
/**

34
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -30,8 +30,8 @@ import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import ru.micord.ervu.security.JwtTokenService;
import ru.micord.ervu.security.Token;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
import ru.micord.ervu.security.webbpm.jwt.model.Token;
/**
* @author Eduard Tihomirov
@ -39,8 +39,6 @@ import ru.micord.ervu.security.Token;
@Service
public class EsiaAuthService {
private final static String CLIENT_CERTIFICATE_HASH = "04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD";
@Autowired
private ObjectMapper objectMapper;
@ -63,8 +61,8 @@ public class EsiaAuthService {
String redirectUrl = esiaConfig.getRedirectUrl();
String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A")
.replaceAll("/", "%2F");
String scope = esiaConfig.getEsiaScope();
String scopeOrg = esiaConfig.getEsiaOrgScope();
String scope = esiaConfig.getEsiaScopes();
String scopeOrg = esiaConfig.getEsiaOrgScopes();
Map<String, String> parameters = new LinkedHashMap<String, String>();
parameters.put("client_id", clientId);
@ -91,7 +89,7 @@ public class EsiaAuthService {
"response_type", responseType,
"redirect_uri", redirectUrlEncoded,
"obj_type", "B L F A",
"client_certificate_hash", CLIENT_CERTIFICATE_HASH);
"client_certificate_hash", esiaConfig.getClientCertHash());
return makeRequest(url, params);
}
@ -137,8 +135,8 @@ public class EsiaAuthService {
String timestamp = dt.format(formatter);
String state = UUID.randomUUID().toString();
String redirectUrl = esiaConfig.getRedirectUrl();
String scope = esiaConfig.getEsiaScope();
String scopeOrg = esiaConfig.getEsiaOrgScope();
String scope = esiaConfig.getEsiaScopes();
String scopeOrg = esiaConfig.getEsiaOrgScopes();
Map<String, String> parameters = new LinkedHashMap<String, String>();
parameters.put("client_id", clientId);
@ -162,15 +160,15 @@ public class EsiaAuthService {
.setParameter("scope_org", scopeOrg)
.setParameter("timestamp", timestamp)
.setParameter("token_type", "Bearer")
.setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH)
.setParameter("client_certificate_hash", esiaConfig.getClientCertHash())
.toFormUrlencodedString();
HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl))
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(postBody))
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> postResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(postReq, HttpResponse.BodyHandlers.ofString());
String responseString = postResp.body();
@ -226,8 +224,8 @@ public class EsiaAuthService {
String timestamp = dt.format(formatter);
String state = UUID.randomUUID().toString();
String redirectUrl = esiaConfig.getRedirectUrl();
String scope = esiaConfig.getEsiaScope();
String scopeOrg = esiaConfig.getEsiaOrgScope();
String scope = esiaConfig.getEsiaScopes();
String scopeOrg = esiaConfig.getEsiaOrgScopes();
Map<String, String> parameters = new LinkedHashMap<String, String>();
parameters.put("client_id", clientId);
@ -251,15 +249,15 @@ public class EsiaAuthService {
.setParameter("scope_org", scopeOrg)
.setParameter("timestamp", timestamp)
.setParameter("token_type", "Bearer")
.setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH)
.setParameter("client_certificate_hash", esiaConfig.getClientCertHash())
.toFormUrlencodedString();
HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl))
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(postBody))
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> postResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(postReq, HttpResponse.BodyHandlers.ofString());
String responseString = postResp.body();
@ -306,7 +304,7 @@ public class EsiaAuthService {
.POST(HttpRequest.BodyPublishers.ofString(requestBody, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(request, HttpResponse.BodyHandlers.ofString());
errorHandler(response);

1
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaDataService.java
View file

@ -4,7 +4,6 @@ import java.util.Arrays;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import esia.model.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import ru.micord.ervu.security.esia.model.*;

29
backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java
View file

@ -12,7 +12,6 @@ import java.util.Optional;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import ru.micord.ervu.security.esia.config.EsiaConfig;
import esia.model.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Service;
@ -51,10 +50,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -92,10 +91,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -114,10 +113,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -154,10 +153,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -169,10 +168,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getRespBrhs = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReqBrhs, HttpResponse.BodyHandlers.ofString());
errorHandler(getRespBrhs);
@ -204,10 +203,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -235,10 +234,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);

2
backend/src/main/java/ru/micord/ervu/security/JwtAuthentication.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt;
import java.util.Collection;

4
backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationProvider.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt;
import io.jsonwebtoken.ExpiredJwtException;
import org.springframework.beans.factory.annotation.Autowired;
@ -9,6 +9,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import ru.micord.ervu.security.webbpm.jwt.model.Token;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
@Component
public class JwtAuthenticationProvider implements AuthenticationProvider {

2
backend/src/main/java/ru/micord/ervu/security/UnauthorizedEntryPoint.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UnauthorizedEntryPoint.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;

3
backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationFilter.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt.filter;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
@ -16,6 +16,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
/**
* @author Flyur Karimov

2
backend/src/main/java/ru/micord/ervu/security/Token.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt.model;
import java.util.Date;

3
backend/src/main/java/ru/micord/ervu/security/JwtTokenService.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt.service;
import java.lang.invoke.MethodHandles;
import java.util.Base64;
@ -13,6 +13,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import ru.micord.ervu.security.webbpm.jwt.model.Token;
import ru.cg.webbpm.modules.resources.api.ResourceMetadataUtils;

1
config/patches/default.cli
View file

@ -49,3 +49,4 @@ xa-data-source add \
/system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/")
/system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
/system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout")
/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")

1
config/standalone/dev/standalone.xml
View file

@ -75,6 +75,7 @@
<property name="esia-redirect-url" value="https://lkrp.micord.ru"/>
<property name="sign-url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>
<property name="sesia-uri.logout" value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout"/>
<property name="client-cert-hash" value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"/>
</system-properties>
<management>
<audit-log>

72
frontend/src/ts/esia/OrgDataRoot.ts
View file

@ -1,7 +1,7 @@
import {AnalyticalScope, Behavior, Container, ControlWithValue} from "@webbpm/base-package";
import {HttpClient} from "@angular/common/http";
import {OrgData} from "./OrgData";
import {OrgInfoModel} from "../generated/esia/model/OrgInfoModel";
import {OrgInfoModel} from "../generated/ru/micord/ervu/security/esia/model/OrgInfoModel";
import {CookieService} from "ngx-cookie";
@AnalyticalScope(Container)
@ -23,77 +23,9 @@ export class OrgDataRoot extends Behavior{
return;
}
for (let orgData of orgScripts) {
if (orgData.dataId == 'empFullname') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.empFullname)
}
else if (orgData.dataId == 'fullName') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.fullName)
}
else if (orgData.dataId == 'shortName') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.shortName)
}
else if (orgData.dataId == 'olgAddress') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.olgAddress)
}
else if (orgData.dataId == 'opsAddress') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.opsAddress)
}
else if (orgData.dataId == 'chiefFullname') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.chiefFullname)
}
else if (orgData.dataId == 'chiefPosition') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.chiefPosition)
}
else if (orgData.dataId == 'ogrn') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.ogrn)
}
else if (orgData.dataId == 'kpp') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.kpp)
}
else if (orgData.dataId == 'inn') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.inn)
}
else if (orgData.dataId == 'empPosition') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.empPosition)
}
else if (orgData.dataId == 'mobile') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.mobile)
}
else if (orgData.dataId == 'email') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.email)
}
else if (orgData.dataId == 'userRoles') {
let control: ControlWithValue = orgData.getScriptInObject(orgData.getObjectId(),
'component.ControlWithValue');
control.setValue(orgInfoModel.userRoles)
}
control.setValue(orgInfoModel[orgData.dataId]);
}
});
}

3
frontend/src/ts/modules/app/app-routing.module.ts
View file

@ -2,12 +2,13 @@ import {NgModule} from "@angular/core";
import {RouterModule, Routes} from "@angular/router";
import {AccessDeniedComponent} from "./component/access-denied.component";
import {AuthGuard} from "../security/guard/auth.guard";
import {ConfirmExitGuard} from "@webbpm/base-package";
const appRoutes: Routes = [
{
path: 'access-denied',
component: AccessDeniedComponent,
canActivate: [AuthGuard],
canActivate: [ConfirmExitGuard],
},
{
path: 'mydata',