...

examcloud-core-basic-api-provider/src/main/java/cn/com/qmth/examcloud/core/basic/api/controller/AuthController.java

@@ -62,10 +62,10 @@ public class AuthController extends ControllerSupport {
 
 	@ApiOperation(value = "第三方机构接入", notes = "")
 	@PostMapping("/thirdPartyAccess")
-	public User thirdPartyAccess(@RequestParam Long orgId, @RequestParam String userId,
+	public User thirdPartyAccess(@RequestParam Long orgId, @RequestParam String loginName,
 			@RequestParam String appId, @RequestParam String timestamp,
 			@RequestParam String token) {
-		return authService.thirdPartyAccess(orgId, userId, appId, timestamp, token);
+		return authService.thirdPartyAccess(orgId, loginName, appId, timestamp, token);
 	}
 
 }

examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/ThirdPartyAccessDao.java → examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/ThirdPartyAccessRepo.java

@@ -3,10 +3,10 @@ package cn.com.qmth.examcloud.core.basic.dao;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.repository.query.QueryByExampleExecutor;
 
-import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccess;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessEntity;
 import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessPK;
 
-public interface ThirdPartyAccessDao
-		extends JpaRepository<ThirdPartyAccess, ThirdPartyAccessPK>, QueryByExampleExecutor<ThirdPartyAccess> {
+public interface ThirdPartyAccessRepo
+		extends JpaRepository<ThirdPartyAccessEntity, ThirdPartyAccessPK>, QueryByExampleExecutor<ThirdPartyAccessEntity> {
 
 }

examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/entity/ThirdPartyAccess.java → examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/entity/ThirdPartyAccessEntity.java

@@ -1,12 +1,12 @@
 package cn.com.qmth.examcloud.core.basic.dao.entity;
 
-import java.io.Serializable;
-
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.IdClass;
 import javax.persistence.Table;
 
+import cn.com.qmth.examcloud.commons.web.jpa.JpaEntity;
+
 /**
  * 第三方接入信息
  * 
@@ -15,8 +15,8 @@ import javax.persistence.Table;
  */
 @Entity
 @IdClass(ThirdPartyAccessPK.class)
-@Table(name = "ecs_core_third_party_access")
-public class ThirdPartyAccess implements Serializable {
+@Table(name = "EC_B_THIRD_PARTY_ACCESS")
+public class ThirdPartyAccessEntity extends JpaEntity {
 
 	private static final long serialVersionUID = -4967242922242580681L;
 

examcloud-core-basic-service/src/main/java/cn/com/qmth/examcloud/core/basic/service/impl/AuthServiceImpl.java

@@ -2,12 +2,14 @@ package cn.com.qmth.examcloud.core.basic.service.impl;
 
 import java.util.Date;
 import java.util.List;
+import java.util.Locale;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import com.esotericsoftware.minlog.Log;
 import com.google.common.collect.Lists;
 
 import cn.com.qmth.examcloud.commons.base.exception.StatusException;
@@ -26,11 +28,11 @@ import cn.com.qmth.examcloud.core.basic.base.enums.UserType;
 import cn.com.qmth.examcloud.core.basic.dao.OrgRepo;
 import cn.com.qmth.examcloud.core.basic.dao.RoleRepo;
 import cn.com.qmth.examcloud.core.basic.dao.StudentRepo;
-import cn.com.qmth.examcloud.core.basic.dao.ThirdPartyAccessDao;
+import cn.com.qmth.examcloud.core.basic.dao.ThirdPartyAccessRepo;
 import cn.com.qmth.examcloud.core.basic.dao.UserRepo;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Org;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Student;
-import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccess;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessEntity;
 import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessPK;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserEntity;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserRole;
@@ -67,7 +69,7 @@ public class AuthServiceImpl implements AuthService {
 	StudentRepo studentRepo;
 
 	@Autowired
-	ThirdPartyAccessDao thirdPartyAccessDao;
+	ThirdPartyAccessRepo thirdPartyAccessRepo;
 
 	@Override
 	public User login(LoginInfo loginInfo) {
@@ -204,7 +206,7 @@ public class AuthServiceImpl implements AuthService {
 			throw new StatusException("B-001002", "机构不存在");
 		}
 
-		ThirdPartyAccess thirdPartyAccess = thirdPartyAccessDao
+		ThirdPartyAccessEntity thirdPartyAccess = thirdPartyAccessRepo
 				.findOne(new ThirdPartyAccessPK(rootOrgId, appId));
 
 		if (null == thirdPartyAccess) {
@@ -218,8 +220,9 @@ public class AuthServiceImpl implements AuthService {
 			throw new StatusException("B-001202", "timestamp错误");
 		}
 
-		if (Math.abs(System.currentTimeMillis() - timestampLong) > thirdPartyAccess
-				.getTimeRange()) {
+		long currentTimeMillis = System.currentTimeMillis();
+		Log.debug("currentTimeMillis = " + currentTimeMillis);
+		if (Math.abs(currentTimeMillis - timestampLong) > thirdPartyAccess.getTimeRange()) {
 			throw new StatusException("B-001203", "timestamp超出时间差范围");
 		}
 
@@ -228,7 +231,7 @@ public class AuthServiceImpl implements AuthService {
 		byte[] bytes = SHA256.encode(joinStr);
 		String hexAscii = ByteUtil.toHexAscii(bytes);
 
-		if (!hexAscii.equals(token)) {
+		if (!hexAscii.toLowerCase(Locale.US).equals(token.toLowerCase(Locale.US))) {
 			throw new StatusException("B-001204", "token校验失败");
 		}
 
@@ -238,7 +241,7 @@ public class AuthServiceImpl implements AuthService {
 		}
 
 		User user = new User();
-
+		user.setUserType(UserType.COMMON.getCode());
 		user.setUserId(userEntity.getId());
 		user.setDisplayName(userEntity.getLoginName());
 		user.setRootOrgId(userEntity.getRootOrgId());

examcloud-core-basic-service/src/main/java/cn/com/qmth/examcloud/core/basic/service/impl/UserServiceImpl.java

@@ -32,7 +32,7 @@ import cn.com.qmth.examcloud.commons.web.security.enums.RoleMeta;
 import cn.com.qmth.examcloud.core.basic.base.enums.AccountType;
 import cn.com.qmth.examcloud.core.basic.dao.OrgRepo;
 import cn.com.qmth.examcloud.core.basic.dao.StudentRepo;
-import cn.com.qmth.examcloud.core.basic.dao.ThirdPartyAccessDao;
+import cn.com.qmth.examcloud.core.basic.dao.ThirdPartyAccessRepo;
 import cn.com.qmth.examcloud.core.basic.dao.UserLoginRepo;
 import cn.com.qmth.examcloud.core.basic.dao.UserOpsLogRepo;
 import cn.com.qmth.examcloud.core.basic.dao.UserRepo;
@@ -40,7 +40,7 @@ import cn.com.qmth.examcloud.core.basic.dao.UserRoleRepo;
 import cn.com.qmth.examcloud.core.basic.dao.constants.Consts;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Org;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Student;
-import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccess;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessEntity;
 import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessPK;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserEntity;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserLogin;
@@ -82,7 +82,7 @@ public class UserServiceImpl  implements UserService{
     UserOpsLogRepo userOpsLogRepo;
     
     @Autowired
-    ThirdPartyAccessDao thirdPartyAccessDao;
+    ThirdPartyAccessRepo thirdPartyAccessDao;
 
     RedisTemplate redisTemplate;
     
@@ -314,7 +314,7 @@ public class UserServiceImpl  implements UserService{
 	@Deprecated
 	public UserInfo thirdPartyAccess(long orgId, String userid, String appid, String timestamp, String token)
 			throws Exception {
-		ThirdPartyAccess thirdPartyAccess = thirdPartyAccessDao.findOne(new ThirdPartyAccessPK(orgId, appid));
+		ThirdPartyAccessEntity thirdPartyAccess = thirdPartyAccessDao.findOne(new ThirdPartyAccessPK(orgId, appid));
 
 		if (null == thirdPartyAccess) {
 			throw new RuntimeException("第三方系统接入信息未配置!");

examcloud-core-basic-starter/src/main/resources/security-exclusions.conf

@@ -1,5 +1,6 @@
 regexp:.*login.*
 regexp:.*\[getLoginUser\].*
+ [${app.api.root}/auth][/thirdPartyAccess][POST]
  
 [${app.api.root}/org][/download][GET]
 [${app.api.root}/course][/download][GET]