。。。。

examcloud-core-basic-api-provider/src/main/java/cn/com/qmth/examcloud/core/basic/api/controller/AuthController.java

@@ -60,4 +60,12 @@ public class AuthController extends ControllerSupport {
 		return authService.getLoginUser(key, token);
 	}
 
+	@ApiOperation(value = "第三方机构接入", notes = "")
+	@PostMapping("/thirdPartyAccess")
+	public User thirdPartyAccess(@RequestParam long orgId, @RequestParam String userId,
+			@RequestParam String appId, @RequestParam String timestamp,
+			@RequestParam String token) {
+		return authService.thirdPartyAccess(orgId, userId, appId, timestamp, token);
+	}
+
 }

examcloud-core-basic-api-provider/src/main/java/cn/com/qmth/examcloud/core/basic/api/controller/UserController.java

@@ -221,6 +221,7 @@ public class UserController extends ControllerSupport{
 
     @ApiOperation(value = "一般登录", notes = "登录")
     @PostMapping("/login")
+    @Deprecated
     public ResponseEntity login(@RequestParam String loginName,
                                 @RequestParam String password) {
         try {
@@ -233,6 +234,7 @@ public class UserController extends ControllerSupport{
 
     @ApiOperation(value = "二级登录", notes = "二级登录")
     @PostMapping("/login/{orgId}")
+    @Deprecated
     public ResponseEntity login(@PathVariable long orgId,
                                 @RequestParam String loginName,
                                 @RequestParam String password) {
@@ -246,6 +248,7 @@ public class UserController extends ControllerSupport{
     
     @ApiOperation(value = "第三方机构接入", notes = "第三方机构接入")
     @PostMapping("/thirdPartyAccess/{orgId}")
+    @Deprecated
     public ResponseEntity thirdPartyAccess(@PathVariable long orgId,
                                 @RequestParam String userid,
                                 @RequestParam String appid,@RequestParam String timestamp,@RequestParam String token) {

examcloud-core-basic-service/src/main/java/cn/com/qmth/examcloud/core/basic/service/AuthService.java

@@ -1,5 +1,6 @@
 package cn.com.qmth.examcloud.core.basic.service;
 
+import cn.com.qmth.examcloud.commons.base.exception.StatusException;
 import cn.com.qmth.examcloud.commons.web.security.bean.User;
 import cn.com.qmth.examcloud.core.basic.service.bean.LoginInfo;
 
@@ -39,4 +40,19 @@ public interface AuthService {
 	 */
 	User getLoginUser(String key, String token);
 
+	/**
+	 * 第三方登陆名接入
+	 *
+	 * @author WANGWEI
+	 * @param orgId
+	 * @param loginName
+	 * @param appId
+	 * @param timestamp
+	 * @param token
+	 * @return
+	 * @throws StatusException
+	 */
+	User thirdPartyAccess(long orgId, String loginName, String appId, String timestamp,
+			String token) throws StatusException;
+
 }

examcloud-core-basic-service/src/main/java/cn/com/qmth/examcloud/core/basic/service/impl/AuthServiceImpl.java

@@ -11,7 +11,10 @@ import org.springframework.stereotype.Service;
 import com.google.common.collect.Lists;
 
 import cn.com.qmth.examcloud.commons.base.exception.StatusException;
+import cn.com.qmth.examcloud.commons.base.util.ByteUtil;
 import cn.com.qmth.examcloud.commons.base.util.PropertiesUtil;
+import cn.com.qmth.examcloud.commons.base.util.SHA256;
+import cn.com.qmth.examcloud.commons.base.util.StringUtil;
 import cn.com.qmth.examcloud.commons.base.util.UUID;
 import cn.com.qmth.examcloud.commons.web.CommonPropKeys;
 import cn.com.qmth.examcloud.commons.web.redis.RedisClient;
@@ -23,9 +26,12 @@ import cn.com.qmth.examcloud.core.basic.base.enums.UserType;
 import cn.com.qmth.examcloud.core.basic.dao.OrgRepo;
 import cn.com.qmth.examcloud.core.basic.dao.RoleRepo;
 import cn.com.qmth.examcloud.core.basic.dao.StudentRepo;
+import cn.com.qmth.examcloud.core.basic.dao.ThirdPartyAccessDao;
 import cn.com.qmth.examcloud.core.basic.dao.UserRepo;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Org;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Student;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccess;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessPK;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserEntity;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserRole;
 import cn.com.qmth.examcloud.core.basic.service.AuthService;
@@ -60,6 +66,9 @@ public class AuthServiceImpl implements AuthService {
 	@Autowired
 	StudentRepo studentRepo;
 
+	@Autowired
+	ThirdPartyAccessDao thirdPartyAccessDao;
+
 	@Override
 	public User login(LoginInfo loginInfo) {
 
@@ -210,4 +219,43 @@ public class AuthServiceImpl implements AuthService {
 		return user;
 	}
 
+	@Override
+	public User thirdPartyAccess(long orgId, String loginName, String appId, String timestamp,
+			String token) throws StatusException {
+		ThirdPartyAccess thirdPartyAccess = thirdPartyAccessDao
+				.findOne(new ThirdPartyAccessPK(orgId, appId));
+
+		if (null == thirdPartyAccess) {
+			throw new StatusException("B-001201", "第三方系统接入信息未配置");
+		}
+
+		long timestampLong = 0L;
+		try {
+			timestampLong = Long.parseLong(timestamp);
+		} catch (Exception e) {
+			throw new StatusException("B-001202", "timestamp错误");
+		}
+
+		if (Math.abs(System.currentTimeMillis() - timestampLong) > thirdPartyAccess
+				.getTimeRange()) {
+			throw new StatusException("B-001203", "timestamp超出时间差范围");
+		}
+
+		String secretKey = thirdPartyAccess.getSecretKey();
+		String joinStr = StringUtil.join(loginName, orgId, appId, timestamp, secretKey);
+		byte[] bytes = SHA256.encode(joinStr);
+		String hexAscii = ByteUtil.toHexAscii(bytes);
+
+		if (!hexAscii.equals(token)) {
+			throw new StatusException("B-001204", "token校验失败");
+		}
+
+		UserEntity user = userRepo.findByRootOrgIdAndLoginName(orgId, loginName);
+		if (user == null) {
+			throw new StatusException("B-001205", "用户不存在");
+		}
+
+		return null;
+	}
+
 }

examcloud-core-basic-service/src/main/java/cn/com/qmth/examcloud/core/basic/service/impl/UserServiceImpl.java

@@ -311,6 +311,7 @@ public class UserServiceImpl  implements UserService{
 	 * @return
 	 * @throws Exception 
 	 */
+	@Deprecated
 	public UserInfo thirdPartyAccess(long orgId, String userid, String appid, String timestamp, String token)
 			throws Exception {
 		ThirdPartyAccess thirdPartyAccess = thirdPartyAccessDao.findOne(new ThirdPartyAccessPK(orgId, appid));