chore: AbstractConceptualization CAS Authorized Services

kicc-auth/pom.xml

@@ -24,21 +24,11 @@
 			<groupId>com.alibaba.cloud</groupId>
 			<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
 		</dependency>
-		<!--断路器依赖-->
-		<dependency>
-			<groupId>com.cloud</groupId>
-			<artifactId>kicc-common-feign</artifactId>
-		</dependency>
 		<!--system api模块-->
 		<dependency>
 			<groupId>com.cloud</groupId>
 			<artifactId>kicc-system-api</artifactId>
 		</dependency>
-		<!--数据服务核心包-->
-		<dependency>
-			<groupId>com.cloud</groupId>
-			<artifactId>kicc-common-data</artifactId>
-		</dependency>
 		<!--security安全工具类-->
 		<dependency>
 			<groupId>com.cloud</groupId>

kicc-auth/src/main/java/com/cloud/kicc/auth/provider/UserProviderImpl.java

@@ -0,0 +1,50 @@
+package com.cloud.kicc.auth.provider;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteAppService;
+import com.cloud.kicc.system.api.feign.RemoteSsoUserService;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteSsoUserService remoteSsoUserService;
+    private final RemoteUserService remoteUserService;
+    private final RemoteAppService remoteAppService;
+
+    @Override
+    public SsoUser selectByUserName(String userName) {
+        R<SsoUser> result = remoteSsoUserService.selectByUserName(userName);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public SsoUser selectByPhone(String phone) {
+        R<SsoUser> result = remoteAppService.selectByPhone(phone);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}

kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/config/JacksonAutoConfiguration.java

@@ -5,7 +5,6 @@ import com.cloud.kicc.common.core.jackson.KiccJavaTimeModule;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
@@ -24,7 +23,6 @@ import java.util.TimeZone;
  * @Author: wangxiang4
  * @Date: 2022/2/18
  */
-@EnableAutoConfiguration
 @Configuration(proxyBeanMethods = false)
 @ConditionalOnClass(ObjectMapper.class)
 @AutoConfigureBefore(org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration.class)

kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/constant/SecurityConstants.java

@@ -1,7 +1,5 @@
 package com.cloud.kicc.common.core.constant;
 
-import com.cloud.kicc.common.core.enums.CasSystemEnum;
-
 /**
  *<p>
  * 安全常量

kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/enums/CasSystemEnum.java

@@ -1,43 +0,0 @@
-package com.cloud.kicc.common.core.enums;
-
-import lombok.Getter;
-import lombok.RequiredArgsConstructor;
-
-/**
- *<p>
- * cas系统枚举
- *</p>
- *
- * @Author: wangxiang4
- * @Since: 2023/8/16
- */
-@Getter
-@RequiredArgsConstructor
-public enum CasSystemEnum {
-
-	/**
-	 * sso认证系统
-	 */
-	KICC("KICC", "主kicc系统"),
-
-	/**
-	 * 子系统1
-	 */
-	KICS("KICS", "子系统1"),
-
-	/**
-	 * 子系统2
-	 */
-	KLAB("KLAB", "子系统2");
-
-	/**
-	 * 名称
-	 */
-	private final String name;
-
-	/**
-	 * 描述
-	 */
-	private final String description;
-
-}

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/CasUser.java

@@ -1,6 +1,5 @@
 package com.cloud.kicc.common.data.entity;
 
-import com.cloud.kicc.common.core.enums.CasSystemEnum;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
@@ -84,7 +83,7 @@ public class CasUser extends User {
 	private String tenantId;
 
 	/** sso扩展信息 */
-	private Map<CasSystemEnum, String> exPrincipals = new ConcurrentHashMap<>(3);
+	private Map<String, String> exPrincipals = new ConcurrentHashMap<>(3);
 
 
 	public CasUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/KiccUser.java

@@ -97,8 +97,8 @@ public class KiccUser extends CasUser {
                     @JsonProperty("credentialsNonExpired") boolean credentialsNonExpired,
                     @JsonProperty("accountNonLocked") boolean accountNonLocked,
                     @JsonProperty("authorities") List<SimpleGrantedAuthority> authorities) {
-		super(ObjectUtil.defaultIfNull(username, SecurityConstants.MOCK_USERNAME),
-              ObjectUtil.defaultIfNull(password, SecurityConstants.MOCK_PASSWORD),
+		super(ObjectUtil.defaultIfBlank(username, SecurityConstants.MOCK_USERNAME),
+              ObjectUtil.defaultIfBlank(password, SecurityConstants.MOCK_PASSWORD),
               enabled,
               accountNonExpired,
               credentialsNonExpired,

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/SsoUser.java

@@ -1,4 +1,4 @@
-package com.cloud.kicc.system.api.entity;
+package com.cloud.kicc.common.data.entity;
 
 import com.baomidou.mybatisplus.annotation.TableField;
 import com.baomidou.mybatisplus.annotation.TableName;

kicc-common/kicc-common-feign/pom.xml

@@ -46,8 +46,8 @@
 		</dependency>
 		<!--oauth server 依赖-->
 		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-core</artifactId>
+			<groupId>org.springframework.security.oauth.boot</groupId>
+			<artifactId>spring-security-oauth2-autoconfigure</artifactId>
 		</dependency>
 	</dependencies>
 </project>

kicc-common/kicc-common-feign/src/main/java/com/cloud/kicc/common/feign/annotation/EnableKiccFeignClients.java

@@ -1,6 +1,7 @@
 package com.cloud.kicc.common.feign.annotation;
 
 import com.cloud.kicc.common.feign.config.FeignErrorDecoder;
+import com.cloud.kicc.common.feign.config.KiccFeignClientConfiguration;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.cloud.openfeign.FeignClientsConfiguration;
 import org.springframework.cloud.openfeign.KiccFeignClientsRegistrar;
@@ -20,7 +21,7 @@ import java.lang.annotation.*;
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 @EnableFeignClients
-@Import(KiccFeignClientsRegistrar.class)
+@Import({ KiccFeignClientsRegistrar.class, KiccFeignClientConfiguration.class })
 public @interface EnableKiccFeignClients {
 
 	/**

kicc-common/kicc-common-feign/src/main/java/com/cloud/kicc/common/feign/config/KiccFeignClientConfiguration.java

@@ -1,4 +1,4 @@
-package com.cloud.kicc.common.security.feign;
+package com.cloud.kicc.common.feign.config;
 
 import feign.RequestInterceptor;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;

kicc-common/kicc-common-feign/src/main/java/com/cloud/kicc/common/feign/config/KiccFeignClientInterceptor.java

@@ -1,4 +1,4 @@
-package com.cloud.kicc.common.security.feign;
+package com.cloud.kicc.common.feign.config;
 
 import cn.hutool.core.collection.CollUtil;
 import com.cloud.kicc.common.core.constant.SecurityConstants;

kicc-common/kicc-common-job/src/main/java/com/cloud/kicc/common/job/XxlJobAutoConfiguration.java

@@ -3,7 +3,6 @@ package com.cloud.kicc.common.job;
 import com.cloud.kicc.common.job.properties.XxlExecutorProperties;
 import com.cloud.kicc.common.job.properties.XxlJobProperties;
 import com.xxl.job.core.executor.impl.XxlJobSpringExecutor;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.cloud.client.discovery.DiscoveryClient;
 import org.springframework.context.annotation.Bean;
@@ -22,7 +21,6 @@ import java.util.stream.Collectors;
  * @Date: 2022/2/19
  */
 @Configuration(proxyBeanMethods = false)
-@EnableAutoConfiguration
 @EnableConfigurationProperties(XxlJobProperties.class)
 public class XxlJobAutoConfiguration {
 

kicc-common/kicc-common-security/pom.xml

@@ -15,20 +15,20 @@
 
 	<!--考虑这个作为一个单模块使用,目前依赖了工具类核心包与system接口模块,后续引入依赖需要注意低耦合-->
 	<dependencies>
-		<!--工具类核心包-->
-		<dependency>
-			<groupId>com.cloud</groupId>
-			<artifactId>kicc-common-core</artifactId>
-		</dependency>
 		<!--安全模块-->
 		<dependency>
 			<groupId>org.springframework.security.oauth.boot</groupId>
 			<artifactId>spring-security-oauth2-autoconfigure</artifactId>
 		</dependency>
-		<!--system API-->
+		<!--aop切面-->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-aop</artifactId>
+		</dependency>
+		<!--数据服务核心包-->
 		<dependency>
 			<groupId>com.cloud</groupId>
-			<artifactId>kicc-system-api</artifactId>
+			<artifactId>kicc-common-data</artifactId>
 		</dependency>
 	</dependencies>
 </project>

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/annotation/EnableKiccResourceServer.java

@@ -3,7 +3,6 @@ package com.cloud.kicc.common.security.annotation;
 import com.cloud.kicc.common.security.config.ResourceServerAutoConfiguration;
 import com.cloud.kicc.common.security.config.ResourceServerTokenRelayAutoConfiguration;
 import com.cloud.kicc.common.security.exp.KiccSecurityBeanDefinitionRegistrar;
-import com.cloud.kicc.common.security.feign.KiccFeignClientConfiguration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@@ -25,8 +24,9 @@ import java.lang.annotation.*;
 @Target({ ElementType.TYPE })
 @Retention(RetentionPolicy.RUNTIME)
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-@Import({ ResourceServerAutoConfiguration.class, KiccSecurityBeanDefinitionRegistrar.class,
-		ResourceServerTokenRelayAutoConfiguration.class, KiccFeignClientConfiguration.class })
+@Import({ ResourceServerAutoConfiguration.class,
+		  KiccSecurityBeanDefinitionRegistrar.class,
+		  ResourceServerTokenRelayAutoConfiguration.class })
 public @interface EnableKiccResourceServer {
 
 }

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/config/Oauth2SecurityAutoConfiguration.java

@@ -0,0 +1,21 @@
+package com.cloud.kicc.common.security.config;
+
+import com.cloud.kicc.common.security.properties.CasProperties;
+import com.cloud.kicc.common.security.xss.XssFilterAutoConfiguration;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+
+/**
+ *<p>
+ * OAUTH2 配置
+ *</p>
+ *
+ * @Author: wangxiang4
+ * @Since: 2023/9/16
+ */
+@Configuration(proxyBeanMethods = false)
+@Import({ XssFilterAutoConfiguration.class, SecurityMessageSourceConfiguration.class})
+@EnableConfigurationProperties(CasProperties.class)
+public class Oauth2SecurityAutoConfiguration {
+}

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/config/ResourceServerAutoConfiguration.java

@@ -1,11 +1,12 @@
 package com.cloud.kicc.common.security.config;
 
+import com.cloud.kicc.common.security.exp.KiccLocalResourceServerTokenServices;
+import com.cloud.kicc.common.security.exp.PermissionService;
 import com.cloud.kicc.common.security.exp.PermitAllUrlProperties;
 import com.cloud.kicc.common.security.exp.ResourceAuthExceptionEntryPoint;
 import com.cloud.kicc.common.security.override.KiccBearerTokenExtractor;
-import com.cloud.kicc.common.security.exp.KiccLocalResourceServerTokenServices;
-import com.cloud.kicc.common.security.exp.PermissionService;
-import com.cloud.kicc.system.api.feign.RemoteUserService;
+import com.cloud.kicc.common.security.properties.CasProperties;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
@@ -45,8 +46,8 @@ public class ResourceServerAutoConfiguration {
 	/** 扩展资源服务器令牌服务 */
 	@Bean
 	@Primary
-	public ResourceServerTokenServices resourceServerTokenServices(TokenStore tokenStore, RemoteUserService remoteUserService) {
-		return new KiccLocalResourceServerTokenServices(tokenStore, remoteUserService);
+	public ResourceServerTokenServices resourceServerTokenServices() {
+		return new KiccLocalResourceServerTokenServices();
 	}
 
 }

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/config/TokenStoreAutoConfiguration.java

@@ -3,6 +3,7 @@ package com.cloud.kicc.common.security.config;
 import com.cloud.kicc.common.core.constant.CacheConstants;
 import com.cloud.kicc.common.security.override.KiccRedisTokenStore;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.security.oauth2.provider.token.TokenStore;
 

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/exp/KiccLocalResourceServerTokenServices.java

@@ -1,23 +1,27 @@
 package com.cloud.kicc.common.security.exp;
 
+import cn.hutool.core.util.ClassUtil;
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.ReflectUtil;
 import cn.hutool.json.JSONUtil;
-import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
-import com.cloud.kicc.common.core.enums.CasSystemEnum;
 import com.cloud.kicc.common.core.jackson.KiccJavaTimeModule;
 import com.cloud.kicc.common.data.entity.CasUser;
-import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.exception.UnConfiguredUserDataException;
 import com.cloud.kicc.common.security.override.jackson2.SimpleGrantedAuthorityMixin;
-import com.cloud.kicc.system.api.feign.RemoteUserService;
+import com.cloud.kicc.common.security.properties.CasProperties;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.netty.util.internal.StringUtil;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
@@ -27,6 +31,7 @@ import org.springframework.security.oauth2.provider.token.ResourceServerTokenSer
 import org.springframework.security.oauth2.provider.token.TokenStore;
 
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -41,9 +46,14 @@ import java.util.stream.Collectors;
 @RequiredArgsConstructor
 public class KiccLocalResourceServerTokenServices implements ResourceServerTokenServices {
 
-	private final TokenStore tokenStore;
+	@Autowired
+	private TokenStore tokenStore;
 
-	private final RemoteUserService remoteUserService;
+	@Autowired
+	private UserProviderTemplate userProviderTemplate;
+
+	@Autowired
+	private CasProperties casProperties;
 
 	@Override
 	@SneakyThrows
@@ -61,40 +71,41 @@ public class KiccLocalResourceServerTokenServices implements ResourceServerToken
 		CasUser casUser = (CasUser) oAuth2Authentication.getPrincipal();
 
 		// 设置SSO子系统扩展用户信息
-		if (casUser.getExPrincipals().get(CasSystemEnum.KICC) == null) {
-			R<KiccUser> result = remoteUserService.selectByCasUserId(casUser.getId());
-			if (result.getCode() != R.SUCCESS) {
+		if (casUser.getExPrincipals().get(casProperties.getIdentity()) == null) {
+			Object user = userProviderTemplate.selectByCasUserId(casUser.getId());
+			if (ObjectUtil.isEmpty(user)) {
 				throw new UnConfiguredUserDataException("System user not found Contact your system administrator for configuration!", null);
 			}
 
-			KiccUser user = result.getData();
-			List<SimpleGrantedAuthority> authorities = Arrays.stream(user.getPermissions())
+			String[] permissions = (String[])ReflectUtil.getMethodByName(user.getClass(), "getPermissions").invoke(user);
+			List<SimpleGrantedAuthority> authorities = Arrays.stream(permissions)
 					.map(SimpleGrantedAuthority::new)
 					.collect(Collectors.toList());
-			KiccUser kiccUser = new KiccUser(
+			Object exUser = ReflectUtil.newInstance(ClassUtil.loadClass(casProperties.getUserClass()),
 				casUser.getUsername(),
-					casUser.getPassword(),
+				StringUtil.EMPTY_STRING,
 				casUser.isEnabled(),
 				casUser.isAccountNonExpired(),
 				casUser.isCredentialsNonExpired(),
 				casUser.isAccountNonLocked(),
 				authorities
 			);
-			BeanUtils.copyProperties(user, kiccUser);
-			casUser.getExPrincipals().put(CasSystemEnum.KICC, new ObjectMapper()
+			BeanUtils.copyProperties(user, exUser);
+			casUser.getExPrincipals().put(casProperties.getIdentity(), new ObjectMapper()
 					.registerModule(new KiccJavaTimeModule())
 					.setSerializationInclusion(JsonInclude.Include.NON_NULL)
-					.writeValueAsString(kiccUser));
+					.writeValueAsString(exUser));
 			tokenStore.storeAccessToken(tokenStore.getAccessToken(oAuth2Authentication), oAuth2Authentication);
 		}
 
 		// 覆盖casUser核心authorities
-		String str = casUser.getExPrincipals().get(CasSystemEnum.KICC);
+		String str = casUser.getExPrincipals().get(casProperties.getIdentity());
 		if (!JSONUtil.isJson(str)) throw new UnConfiguredUserDataException("ExPrincipals not json strings!");
-		KiccUser kiccUser = new ObjectMapper()
+		Object exUser = new ObjectMapper()
 				.registerModule(new KiccJavaTimeModule())
 				.addMixIn(SimpleGrantedAuthority.class, SimpleGrantedAuthorityMixin.class)
-				.readValue(str, KiccUser.class);
+				.readValue(str, Class.forName(casProperties.getUserClass()));
+		Collection<? extends GrantedAuthority> authorities = (Collection<? extends GrantedAuthority>)ReflectUtil.getMethodByName(exUser.getClass(), "getAuthorities").invoke(exUser);
 		CasUser exCasUser = new CasUser(
 				casUser.getUsername(),
 				SecurityConstants.MOCK_PASSWORD,
@@ -102,7 +113,7 @@ public class KiccLocalResourceServerTokenServices implements ResourceServerToken
 				casUser.isAccountNonExpired(),
 				casUser.isCredentialsNonExpired(),
 				casUser.isAccountNonLocked(),
-				kiccUser.getAuthorities());
+				authorities);
 		BeanUtils.copyProperties(casUser, exCasUser);
 
 		// 每次请求前都预先加载用户名密码身份验证令牌

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/properties/CasProperties.java

@@ -0,0 +1,23 @@
+package com.cloud.kicc.common.security.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+
+/**
+ *<p>
+ * Central Authentication Service configuration
+ *</p>
+ *
+ * @Author: wangxiang4
+ * @Since: 2023/9/16
+ */
+@Data
+@ConfigurationProperties(prefix = "security.cas")
+public class CasProperties {
+
+	private String userClass = "com.cloud.kicc.common.data.entity.KiccUser";
+
+	private String identity = "KICC";
+
+}

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/KiccUserDetailsService.java

@@ -1,12 +1,12 @@
 package com.cloud.kicc.common.security.service;
 
+import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
-import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.CommonConstants;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
 import com.cloud.kicc.common.data.entity.CasUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import com.cloud.kicc.common.security.exception.SecurityCheckedException;
-import com.cloud.kicc.system.api.entity.SsoUser;
 import lombok.SneakyThrows;
 import org.springframework.core.Ordered;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -43,17 +43,15 @@ public interface KiccUserDetailsService extends UserDetailsService, Ordered {
 
 	/**
 	 * 构建userDetails
-	 * @param result 用户信息
+	 * @param user 用户信息
 	 * @return UserDetails
 	 */
 	@SneakyThrows
-	default UserDetails getUserDetails(R<SsoUser> result) {
-		// 验证请求是否成功
-		if (result.getCode() != R.SUCCESS) {
-			throw new SecurityCheckedException(result.getMsg());
+	default UserDetails getUserDetails(SsoUser user) {
+		if (ObjectUtil.isEmpty(user)) {
+			throw new SecurityCheckedException("SSO User not found, Try again after registration.");
 		}
 
-		SsoUser user = result.getData();
         // 构造security用户
 		return new CasUser(
 				user.getUserName(),

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/impl/KiccAppUserDetailsServiceImpl.java

@@ -1,11 +1,10 @@
 package com.cloud.kicc.common.security.service.impl;
 
-import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
 import com.cloud.kicc.common.data.entity.CasUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import com.cloud.kicc.common.security.service.KiccUserDetailsService;
-import com.cloud.kicc.system.api.entity.SsoUser;
-import com.cloud.kicc.system.api.feign.RemoteAppService;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -23,7 +22,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 @RequiredArgsConstructor
 public class KiccAppUserDetailsServiceImpl implements KiccUserDetailsService {
 
-	private final RemoteAppService remoteAppService;
+	private final UserProviderTemplate userProviderTemplate;
 
 	/**
 	 * 手机号登录
@@ -32,7 +31,7 @@ public class KiccAppUserDetailsServiceImpl implements KiccUserDetailsService {
 	@Override
 	@SneakyThrows
 	public UserDetails loadUserByUsername(String phone) {
-		R<SsoUser> result = remoteAppService.selectByPhone(phone);
+		SsoUser result = userProviderTemplate.selectByPhone(phone);
         return getUserDetails(result);
 	}
 

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/impl/KiccUserDetailsServiceImpl.java

@@ -1,9 +1,8 @@
 package com.cloud.kicc.common.security.service.impl;
 
-import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import com.cloud.kicc.common.security.service.KiccUserDetailsService;
-import com.cloud.kicc.system.api.entity.SsoUser;
-import com.cloud.kicc.system.api.feign.RemoteSsoUserService;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -16,14 +15,14 @@ import org.springframework.security.core.userdetails.UserDetails;
  *</p>
  *
  * @Author: wangxiang4
- * @Date: 2022/2/17
+ * @Since: 2023/9/16
  */
 @Slf4j
 @Primary
 @RequiredArgsConstructor
 public class KiccUserDetailsServiceImpl implements KiccUserDetailsService {
 
-	private final RemoteSsoUserService remoteSsoUserService;
+	private final UserProviderTemplate userProviderTemplate;
 
 	/**
 	 * 用户名密码登录
@@ -32,7 +31,7 @@ public class KiccUserDetailsServiceImpl implements KiccUserDetailsService {
 	@Override
 	@SneakyThrows
 	public UserDetails loadUserByUsername(String username) {
-		R<SsoUser> result = remoteSsoUserService.selectByUserName(username);
+		SsoUser result = userProviderTemplate.selectByUserName(username);
         return getUserDetails(result);
 	}
 

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/template/UserProviderTemplate.java

@@ -0,0 +1,33 @@
+package com.cloud.kicc.common.security.template;
+
+import com.cloud.kicc.common.data.entity.CasUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
+
+/**
+ *<p>
+ * The user must implement the template
+ * Contains SSO handler related to login
+ *</p>
+ *
+ * @Author: wangxiang4
+ * @Since: 2023/9/16
+ */
+public interface UserProviderTemplate<T extends CasUser> {
+
+    default SsoUser selectByUserName(String userName) {
+        return null;
+    }
+
+    default SsoUser selectByPhone(String phone) {
+        return null;
+    };
+
+    default T selectByCasUserId(String casUserId) {
+        return null;
+    };
+
+    default T selectByUserId(String userid) {
+        return null;
+    };
+
+}

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/util/SecurityUtils.java

@@ -1,18 +1,19 @@
 package com.cloud.kicc.common.security.util;
 
+import cn.hutool.core.util.ClassUtil;
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.ReflectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
-import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.CommonConstants;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
-import com.cloud.kicc.common.core.enums.CasSystemEnum;
-import com.cloud.kicc.common.core.exception.CheckedException;
 import com.cloud.kicc.common.core.jackson.KiccJavaTimeModule;
 import com.cloud.kicc.common.core.util.SpringContextHolderUtil;
 import com.cloud.kicc.common.data.entity.CasUser;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.UnConfiguredUserDataException;
 import com.cloud.kicc.common.security.override.jackson2.SimpleGrantedAuthorityMixin;
-import com.cloud.kicc.system.api.feign.RemoteUserService;
+import com.cloud.kicc.common.security.properties.CasProperties;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.SneakyThrows;
@@ -42,6 +43,8 @@ import java.util.stream.Collectors;
 @UtilityClass
 public class SecurityUtils {
 
+	CasProperties casProperties = SpringContextHolderUtil.getBean(CasProperties.class);
+
 	/**
 	 * 获取Authentication
 	 */
@@ -73,15 +76,15 @@ public class SecurityUtils {
 
 	/**
 	 * 获取完整用户
-	 * @param casSystemEnum SSO系统枚举
+	 * @param identity SSO系统身份
 	 * @param valueType 自定义扩展用户
 	 * @return T
 	 */
 	@SneakyThrows
-	public <T> T getUser(CasSystemEnum casSystemEnum, Class<T> valueType) {
+	public <T extends CasUser> T getUser(String identity, Class<T> valueType) {
 		CasUser casUser = getCasUser();
 		if (casUser == null) return null;
-		String str = casUser.getExPrincipals().get(casSystemEnum);
+		String str = casUser.getExPrincipals().get(identity);
 		if (JSONUtil.isJson(str))
 			return new ObjectMapper()
 					.registerModule(new KiccJavaTimeModule())
@@ -93,8 +96,8 @@ public class SecurityUtils {
 	/**
 	 * 获取SSO扩展用户
 	 */
-	public KiccUser getUser() {
-		return getUser(CasSystemEnum.KICC, KiccUser.class);
+	public <T extends CasUser> T getUser() {
+		return getUser(casProperties.getIdentity(), ClassUtil.loadClass(casProperties.getUserClass()));
 	}
 
 	/**
@@ -120,44 +123,37 @@ public class SecurityUtils {
 	 * @return User 用户对象
 	 */
 	@SneakyThrows
-	public KiccUser openInterfaceTemporaryLoginSession(String userId) {
-		RemoteUserService remoteUserService = SpringContextHolderUtil.getBean(RemoteUserService.class);
-		R<KiccUser> result = remoteUserService.selectByUserId(userId);
-		if (result == null || result.getData() == null) {
-			throw new CheckedException("用户不存在");
+	public <T extends CasUser> T openInterfaceTemporaryLoginSession(String userId) {
+		UserProviderTemplate userProviderTemplate = SpringContextHolderUtil.getBean(UserProviderTemplate.class);
+		Object user = userProviderTemplate.selectByUserId(userId);
+		if (ObjectUtil.isEmpty(user)) {
+			throw new UnConfiguredUserDataException("System user not found Contact your system administrator for configuration!", null);
 		}
-		KiccUser user = result.getData();
-		List<SimpleGrantedAuthority> authorities = Arrays.stream(user.getPermissions())
+
+		String[] permissions = (String[]) ReflectUtil.getMethodByName(user.getClass(), "getPermissions").invoke(user);
+		List<SimpleGrantedAuthority> authorities = Arrays.stream(permissions)
 				.map(SimpleGrantedAuthority::new)
 				.collect(Collectors.toList());
+
+		String username = (String) ReflectUtil.getMethodByName(user.getClass(), "getUsername").invoke(user);
+		String password = (String) ReflectUtil.getMethodByName(user.getClass(), "getPassword").invoke(user);
+		String status = (String) ReflectUtil.getMethodByName(user.getClass(), "getStatus").invoke(user);
+		String[] roleIds = (String[]) ReflectUtil.getMethodByName(user.getClass(), "getRoleIds").invoke(user);
+		String[] tenantIds = (String[]) ReflectUtil.getMethodByName(user.getClass(), "getTenantIds").invoke(user);
+
 		CasUser casUser = new CasUser(
-				user.getUsername(),
-				SecurityConstants.BCRYPT + user.getPassword(),
+				username,
+				SecurityConstants.BCRYPT + password,
 				true,
 				true,
 				true,
-				StrUtil.equals(user.getStatus(), CommonConstants.STATUS_NORMAL),
-				authorities,
-				user.getCasUserId(),
-				user.getNickName(),
-				user.getEmail(),
-				user.getPhone(),
-				user.getSex(),
-				user.getAvatar(),
-				user.getLoginIp(),
-				user.getLoginTime(),
-				user.getSsoStatus(),
-				user.getSsoCreateById(),
-				user.getSsoCreateByName(),
-				user.getSsoCreateTime(),
-				user.getSsoUpdateById(),
-				user.getSsoUpdateByName(),
-				user.getSsoUpdateTime(),
-				user.getRemarks(),
-                String.join(",", user.getRoleIds()),
-				String.join(",", user.getTenantIds())
+				StrUtil.equals(status, CommonConstants.STATUS_NORMAL),
+				authorities
 		);
-		KiccUser kiccUser = new KiccUser(
+		BeanUtils.copyProperties(user, casUser);
+		casUser.setRoleId(String.join(",", roleIds));
+		casUser.setTenantId(String.join(",", tenantIds));
+		Object exUser = ReflectUtil.newInstance(ClassUtil.loadClass(casProperties.getUserClass()),
 				casUser.getUsername(),
 				casUser.getPassword(),
 				casUser.isEnabled(),
@@ -166,15 +162,16 @@ public class SecurityUtils {
 				casUser.isAccountNonLocked(),
 				authorities
 		);
-		BeanUtils.copyProperties(user, kiccUser);
+
+		BeanUtils.copyProperties(user, exUser);
 		// 设置扩展用户数据
-		casUser.getExPrincipals().put(CasSystemEnum.KICC, new ObjectMapper()
+		casUser.getExPrincipals().put(casProperties.getIdentity(), new ObjectMapper()
 		.registerModule(new KiccJavaTimeModule())
 		.setSerializationInclusion(JsonInclude.Include.NON_NULL)
-		.writeValueAsString(kiccUser));
+		.writeValueAsString(exUser));
 		Authentication authentication = new UsernamePasswordAuthenticationToken(casUser, "N/A", casUser.getAuthorities());
 		SecurityContextHolder.getContext().setAuthentication(authentication);
-		return user;
+		return (T) user;
 	}
 
 	public static void main(String[] args) {

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/xss/XssFilterAutoConfiguration.java

@@ -5,6 +5,7 @@ import cn.hutool.core.util.StrUtil;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 
 import javax.servlet.DispatcherType;
 import java.util.HashMap;
@@ -18,6 +19,7 @@ import java.util.Map;
  * @Author: wangxiang4
  * @Date: 2022/2/19
  */
+@Configuration(proxyBeanMethods = false)
 @EnableConfigurationProperties(XssProperties.class)
 public class XssFilterAutoConfiguration {
 

kicc-common/kicc-common-security/src/main/resources/META-INF/spring.factories

@@ -4,6 +4,4 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
   com.cloud.kicc.common.security.service.impl.KiccAppUserDetailsServiceImpl,\
   com.cloud.kicc.common.security.config.TokenStoreAutoConfiguration,\
   com.cloud.kicc.common.security.config.TokenStoreAutoCleanScheduleConfiguration,\
-  com.cloud.kicc.common.security.config.SecurityMessageSourceConfiguration,\
-  com.cloud.kicc.common.security.xss.XssFilterAutoConfiguration
-
+  com.cloud.kicc.common.security.config.Oauth2SecurityAutoConfiguration

kicc-platform/kicc-platform-api/kicc-system-api/src/main/java/com/cloud/kicc/system/api/feign/RemoteAppService.java

@@ -4,8 +4,7 @@ import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.AppConstants;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
 import com.cloud.kicc.common.core.constant.ServiceNameConstants;
-import com.cloud.kicc.common.data.entity.KiccUser;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;

kicc-platform/kicc-platform-api/kicc-system-api/src/main/java/com/cloud/kicc/system/api/feign/RemoteSsoUserService.java

@@ -4,8 +4,7 @@ import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.AppConstants;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
 import com.cloud.kicc.common.core.constant.ServiceNameConstants;
-import com.cloud.kicc.common.data.entity.KiccUser;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushApplicationController.java

@@ -10,6 +10,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.AppConstants;
 import com.cloud.kicc.common.core.exception.CheckedException;
+import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.annotation.Inner;
 import com.cloud.kicc.common.security.util.SecurityUtils;
 import com.cloud.kicc.commonbiz.api.entity.PushApplication;
@@ -69,7 +70,7 @@ public class PushApplicationController {
     @PostMapping("/save")
     public R save(@Valid @RequestBody PushApplication pushApplication) {
         // 企业用户需要验证是否进行企业认证
-        if (StrUtil.equals(SecurityUtils.getUser().getUserType(), UserTypeEnum.ENTERPRISE_USER.getValue()) &&
+        if (StrUtil.equals(SecurityUtils.<KiccUser>getUser().getUserType(), UserTypeEnum.ENTERPRISE_USER.getValue()) &&
                 iPushEnterpriseService.count(Wrappers.<PushEnterprise>lambdaQuery()
                         .eq(PushEnterprise::getStatus, PushAuditStatusEnum.APPROVED.getValue())
                         .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId())) == 0){

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushEnterpriseController.java

@@ -10,6 +10,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.AppConstants;
 import com.cloud.kicc.common.core.exception.CheckedException;
+import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.util.SecurityUtils;
 import com.cloud.kicc.commonbiz.api.entity.PushEnterprise;
 import com.cloud.kicc.commonbiz.api.enums.PushAuditStatusEnum;
@@ -70,7 +71,7 @@ public class PushEnterpriseController {
     @PostMapping("/save")
     public R save(@Valid @RequestBody PushEnterprise pushEnterprise) {
         // 限制只能有企业用户进行认证
-        if (!StrUtil.equals(SecurityUtils.getUser().getUserType(), UserTypeEnum.ENTERPRISE_USER.getValue())) {
+        if (!StrUtil.equals(SecurityUtils.<KiccUser>getUser().getUserType(), UserTypeEnum.ENTERPRISE_USER.getValue())) {
             throw new CheckedException("当前用户不是企业用户请用企业用户登录后重试！");
         }
         if(iPushEnterpriseService.count(Wrappers.<PushEnterprise>lambdaQuery()
@@ -110,7 +111,7 @@ public class PushEnterpriseController {
     public R updateAuditStatus(@PathVariable Integer status) {
         iPushEnterpriseService.update(Wrappers.<PushEnterprise>lambdaUpdate()
                 .set(PushEnterprise::getStatus, status)
-                .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId()));
+                .eq(PushEnterprise::getUserId, SecurityUtils.<KiccUser>getUser().getId()));
         return R.ok();
     }
 

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/service/impl/PushApplicationServiceImpl.java

@@ -9,6 +9,7 @@ import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.cloud.kicc.common.core.exception.CheckedException;
+import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.util.SecurityUtils;
 import com.cloud.kicc.commonbiz.api.entity.*;
 import com.cloud.kicc.commonbiz.api.enums.PushAuditStatusEnum;
@@ -59,11 +60,11 @@ public class PushApplicationServiceImpl extends ServiceImpl<PushApplicationMappe
         }
 
         SecurityUtils.openInterfaceTemporaryLoginSession(pushChatMessage.getUserId());
-        if (!ArrayUtil.contains(new String[]{ UserTypeEnum.ENTERPRISE_USER.getValue(), UserTypeEnum.INTERNAL_USER.getValue() },  SecurityUtils.getUser().getUserType())) {
+        if (!ArrayUtil.contains(new String[]{ UserTypeEnum.ENTERPRISE_USER.getValue(), UserTypeEnum.INTERNAL_USER.getValue() },  SecurityUtils.<KiccUser>getUser().getUserType())) {
             throw new CheckedException("该用户不是企业用户，禁止操作！");
         }
 
-        if (StrUtil.equals(SecurityUtils.getUser().getUserType(),  UserTypeEnum.ENTERPRISE_USER.getValue()) &&
+        if (StrUtil.equals(SecurityUtils.<KiccUser>getUser().getUserType(),  UserTypeEnum.ENTERPRISE_USER.getValue()) &&
                 iPushEnterpriseService.count(Wrappers.<PushEnterprise>lambdaQuery()
                         .eq(PushEnterprise::getStatus, PushAuditStatusEnum.APPROVED.getValue())
                         .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId())) == 0){

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/service/impl/UserProviderTemplateImpl.java

@@ -0,0 +1,35 @@
+package com.cloud.kicc.commonbiz.service.impl;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderTemplateImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteUserService remoteUserService;
+
+    @Override
+    public KiccUser selectByCasUserId(String casUserId) {
+        R<KiccUser> result = remoteUserService.selectByCasUserId(casUserId);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}

kicc-platform/kicc-platform-biz/kicc-monitor-biz/pom.xml

@@ -19,6 +19,11 @@
 			<groupId>com.cloud</groupId>
 			<artifactId>kicc-common-log</artifactId>
 		</dependency>
+		<!--system api模块-->
+		<dependency>
+			<groupId>com.cloud</groupId>
+			<artifactId>kicc-system-api</artifactId>
+		</dependency>
 		<!--安全模块-->
 		<dependency>
 			<groupId>com.cloud</groupId>

kicc-platform/kicc-platform-biz/kicc-monitor-biz/src/main/java/com/cloud/kicc/monitor/service/impl/UserProviderTemplateImpl.java

@@ -0,0 +1,35 @@
+package com.cloud.kicc.monitor.service.impl;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderTemplateImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteUserService remoteUserService;
+
+    @Override
+    public KiccUser selectByCasUserId(String casUserId) {
+        R<KiccUser> result = remoteUserService.selectByCasUserId(casUserId);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}

kicc-platform/kicc-platform-biz/kicc-report-biz/pom.xml

@@ -19,6 +19,11 @@
 			<groupId>com.cloud</groupId>
 			<artifactId>kicc-report-api</artifactId>
 		</dependency>
+		<!--system api模块-->
+		<dependency>
+			<groupId>com.cloud</groupId>
+			<artifactId>kicc-system-api</artifactId>
+		</dependency>
 		<!--安全模块-->
 		<dependency>
 			<groupId>com.cloud</groupId>

kicc-platform/kicc-platform-biz/kicc-report-biz/src/main/java/com/cloud/kicc/report/service/impl/UserProviderTemplateImpl.java

@@ -0,0 +1,35 @@
+package com.cloud.kicc.report.service.impl;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderTemplateImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteUserService remoteUserService;
+
+    @Override
+    public KiccUser selectByCasUserId(String casUserId) {
+        R<KiccUser> result = remoteUserService.selectByCasUserId(casUserId);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/controller/AppController.java

@@ -4,7 +4,7 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.AppConstants;
 import com.cloud.kicc.common.security.annotation.Inner;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import com.cloud.kicc.system.service.AppService;
 import com.cloud.kicc.system.service.ISsoUserService;
 import io.swagger.annotations.Api;

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/controller/SsoUserController.java

@@ -11,7 +11,7 @@ import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.log.annotation.SysLog;
 import com.cloud.kicc.common.security.annotation.Inner;
 import com.cloud.kicc.common.security.util.SecurityUtils;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import com.cloud.kicc.system.api.entity.User;
 import com.cloud.kicc.system.service.ISsoUserService;
 import lombok.RequiredArgsConstructor;

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/controller/UserController.java

@@ -134,7 +134,7 @@ public class UserController {
         if (!ArrayUtil.contains(new String[]{
                 UserTypeEnum.ENTERPRISE_USER.getValue(),
                 UserTypeEnum.INTERNAL_USER.getValue(),
-        }, SecurityUtils.getUser().getUserType())) {
+        }, SecurityUtils.<KiccUser>getUser().getUserType())) {
             List<User> enterpriseUserList = userService.list(Wrappers.<User>lambdaQuery()
                     .in(User::getUserType, UserTypeEnum.INTERNAL_USER.getValue()));
             remotePushConcernFanService.bindConcernEnterpriseUser(user.getId(), enterpriseUserList);

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/mapper/SsoUserMapper.java

@@ -1,8 +1,7 @@
 package com.cloud.kicc.system.mapper;
 
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
-import com.cloud.kicc.common.data.entity.KiccUser;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 
 import java.util.List;
 

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/service/ISsoUserService.java

@@ -2,7 +2,7 @@ package com.cloud.kicc.system.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
 import com.cloud.kicc.common.data.entity.KiccUser;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 
 import java.util.List;
 

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/service/impl/SsoUserServiceImpl.java

@@ -5,7 +5,7 @@ import com.baomidou.dynamic.datasource.annotation.DSTransactional;
 import com.baomidou.dynamic.datasource.toolkit.DynamicDataSourceContextHolder;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.cloud.kicc.common.data.entity.KiccUser;
-import com.cloud.kicc.system.api.entity.SsoUser;
+import com.cloud.kicc.common.data.entity.SsoUser;
 import com.cloud.kicc.system.api.entity.User;
 import com.cloud.kicc.system.mapper.SsoUserMapper;
 import com.cloud.kicc.system.service.ISsoUserService;

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/service/impl/UserProviderTemplateImpl.java

@@ -0,0 +1,35 @@
+package com.cloud.kicc.system.service.impl;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderTemplateImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteUserService remoteUserService;
+
+    @Override
+    public KiccUser selectByCasUserId(String casUserId) {
+        R<KiccUser> result = remoteUserService.selectByCasUserId(casUserId);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}

kicc-platform/kicc-platform-biz/kicc-template-biz/pom.xml

@@ -19,6 +19,11 @@
 			<groupId>com.cloud</groupId>
 			<artifactId>kicc-template-api</artifactId>
 		</dependency>
+		<!--system api模块-->
+		<dependency>
+			<groupId>com.cloud</groupId>
+			<artifactId>kicc-system-api</artifactId>
+		</dependency>
 		<!--安全模块-->
 		<dependency>
 			<groupId>com.cloud</groupId>

kicc-platform/kicc-platform-biz/kicc-template-biz/src/main/java/com/cloud/kicc/template/provide/UserProviderTemplateImpl.java

@@ -0,0 +1,35 @@
+package com.cloud.kicc.template.provide;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderTemplateImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteUserService remoteUserService;
+
+    @Override
+    public KiccUser selectByCasUserId(String casUserId) {
+        R<KiccUser> result = remoteUserService.selectByCasUserId(casUserId);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}

kicc-platform/kicc-platform-biz/kicc-workflow-biz/pom.xml

@@ -19,6 +19,11 @@
 			<groupId>com.cloud</groupId>
 			<artifactId>kicc-workflow-api</artifactId>
 		</dependency>
+		<!--system api模块-->
+		<dependency>
+			<groupId>com.cloud</groupId>
+			<artifactId>kicc-system-api</artifactId>
+		</dependency>
 		<!--安全模块-->
 		<dependency>
 			<groupId>com.cloud</groupId>

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/service/impl/UserProviderTemplateImpl.java

@@ -0,0 +1,35 @@
+package com.cloud.kicc.workflow.service.impl;
+
+import com.cloud.kicc.common.core.api.R;
+import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.security.exception.SecurityCheckedException;
+import com.cloud.kicc.common.security.template.UserProviderTemplate;
+import com.cloud.kicc.system.api.feign.RemoteUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class UserProviderTemplateImpl implements UserProviderTemplate<KiccUser> {
+
+    private final RemoteUserService remoteUserService;
+
+    @Override
+    public KiccUser selectByCasUserId(String casUserId) {
+        R<KiccUser> result = remoteUserService.selectByCasUserId(casUserId);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+    @Override
+    public KiccUser selectByUserId(String userid) {
+        R<KiccUser> result = remoteUserService.selectByUserId(userid);
+        if (result.getCode() != R.SUCCESS) {
+            throw new SecurityCheckedException("Controller invoke failed!");
+        }
+        return result.getData();
+    }
+
+}