#1.26移动许可微服务化

https://github.com/apereo/java-cas-client




https://www.yht7.com/news/105961

1.接口

MobileResource
1.	trials 查询所有 m_mobile_trial 表
2.	trial  插入单个信息 ，返回新增后信息 m_mobile_trial表（数据库没有，则往数据库新增：参数不能保证正确，乱写也会插入数据库），

3.	isUUIDExist 根据uuid查信息，返回状态码（不返回信息） m_activate 表 
4.	bindPhoneNumber 手机不能绑过，账号不能绑过其他手机号 m_activate 表
select id,snId,telephone from m_activate where id = "D4D72-E9CAB-59410-68B52-FFED2"

5.	query 查询	根据序列id查询模块 企管数据库
6.	activation 激活
	1. 先query查企管数据库
	2. 根据serialId查m_serial_number 表，没有则新增
	select * from m_serial_number where sn = "D4D72-E9CAB-59410-68B52-FFED1"
	3. 修改企管数据库，返回1为成功
	4. 新增m_activate表
	select id,snId,telephone from m_activate where id = "D4D72-E9CAB-59410-68B52-FFED2"
	
	1d538172f35f44f7870e05a52bad4f5e
	{
    "data": "UserSerialID=\nModules=32\nVersion=900\nStartDate=20210201\nExpiredDate=21001231\nDeviceIDType=UUID\n#D4D72-E9CAB-59410-68B52-FFED2#\n575E5F304A198B37112A9606D1599CD8",
    "code": 200
}
7.	recycleLicense 归还
	1.	根据telephone或uuid查询m_mobile_trial表 一条信息
	2.	根据 查询m_serial_number 一条信息
	select id,snId,telephone from m_activate where id = "D4D72-E9CAB-59410-68B52-FFED2"

###1.application.yml配置说明

    #是否启用单点登出，默认true

cas.single-logout.enabled

# 认证url，默认 /*

cas.authentication-url-patterns

# 校验url，默认 /*

cas.validation-url-patterns

# 对url 进行包装，之后就可在request中获取到用户信息，默认/*

cas.request-wrapper-url-patterns

# 当前线程中哪些url可以获取到用户信息

cas.assertion-thread-local-url-patterns

cas.gateway

#在验证ticket成功后会生成一个Assertion对象，如果useSession为true，则会将该对象存放到Session中。

cas.use-session

# 验证之后是否重定向到service, 表示是否验证通过后重新跳转到该URL，但是不带参数ticket，默认为true。

cas.redirect-after-validation

cas.allowed-proxy-chains

cas.proxy-callback-url

cas.proxy-receptor-url

cas.accept-any-proxy

server.context-parameters.renew

管理接口：
1.	querysn.json 复合查询m_serial_number表
2.	queryactivate.json 复合查询m_activate表
3.	activation.json uuid删除m_activate表信息
4.	querycontract.json 根据id查询m_serial_number，再根据snid查询企管数据

问题：

1.	appkey 前端url地址传过来，是否会被拦截，造成appkey泄露
2.	接口的version，未被用到  √ 后期考虑version做判断或记录日志
3.	bindPhoneNumber的流程，查了3次数据库   √  逻辑少了个判断 （只能绑定，不能换绑）
4.	对前端传的参数格式校验
5.  uuid是自增id 查询效率低
6.	归还接口可以手机或uuid  	后端逻辑复杂，不便于扩展  改为mybatis多条件
7.	
springboot改造
1.	依赖管理
2.	配置文件
3.	加日志
4.	自定义注解+aop 拦截来校验appkey和前端参数   减少查询数据库次数
5.	管理页面-安全框架

问题3：
//TODO 逻辑有问题，只修改2次数据库即可
        // 需要查询一下手机是否绑定过，绑定了的不能再次绑定
        Mactivate mactivate = mactivateDao.selectMactivateFromTelephone(mobileParam.getPhoneNumber());
        if (mactivate != null) {
            return LicenseResult.builder().code(MobileResourceConfig.PHONENUMBER_LIMIT).build();
        }
        // 绑定手机
        mactivate = Mactivate.builder().id(mobileParam.getUUID()).telephone(mobileParam.getPhoneNumber()).build();
        int updateResult = mactivateDao.updateMactivate(mactivate);
        int code = updateResult<=0?MobileResourceConfig.NO_UUID:MobileResourceConfig.SUCCEED;
        return LicenseResult.builder().code(code).build();

2.管理接口

需要登录，登录后要管理员账号才能获得
1.	spring security 也有认证 授权
2.	管理接口 以前是jeysey自定义的注解解析
	@JsonQueryStringParam("searchParam") MserialNumberSearchParameter param
	searchParam: {"orderBy":"TIME","orderType":"DESC","currentPage":1,"pageSize":10}
	searchParam=%7B%22orderBy%22%3A%22TIME%22%2C%22orderType%22%3A%22DESC%22%2C%22currentPage%22%3A1%2C%22pageSize%22%3A10%7D

searchParam={"orderBy":"TIME","orderType":"DESC","currentPage":1,"pageSize":10}
前端：
IMobileLicenseManageResource.js

http://127.0.0.1:8081/api/manager/cloud/mobile/querycontract.json?snId=1d538172f35f44f7870e05a52bad4f5e

https://itest.supermapol.com/api/web/v1/ilicense/mobile/trials?appKey=5202cac5de6a48f88dbb6dd4d7d9dbfa&page=1&pageCount=10


http://127.0.0.1:8099/api/manager/cloud/mobile/querysn.json

https://itest.supermapol.com/api/manager/cloud/mobile/querycontract.json?snId=afdc75b293224e98b2cd08034a70a704&

http://127.0.0.1:8081/api/manager/cloud/mobile/querysn.json

http://127.0.0.1:8081/api/manager/cloud/mobile/querysn.json?sEcho=1&iColumns=4&sColumns=%2C%2C%2C&iDisplayStart=0&iDisplayLength=10&mDataProp_0=0&sSearch_0=&bRegex_0=false&bSearchable_0=true&bSortable_0=false&mDataProp_1=0&sSearch_1=&bRegex_1=false&bSearchable_1=true&bSortable_1=false&mDataProp_2=0&sSearch_2=&bRegex_2=false&bSearchable_2=true&bSortable_2=false&mDataProp_3=0&sSearch_3=&bRegex_3=false&bSearchable_3=true&bSortable_3=true&sSearch=&bRegex=false&iSortCol_0=3&sSortDir_0=desc&iSortingCols=1&searchParam=%7B%22orderBy%22%3A%22TIME%22%2C%22orderType%22%3A%22DESC%22%2C%22currentPage%22%3A1%2C%22pageSize%22%3A10%7D&_=1613702178151

_________________________________
http://127.0.0.1:8081/api/manager/cloud/mobile/querysn.json?searchParam={%22orderBy%22:%22TIME%22,%22orderType%22:%22DESC%22,%22currentPage%22:1,%22pageSize%22:10}

http://127.0.0.1:8081/api/manager/cloud/mobile/querysn.json?searchParam=%7B%22orderBy%22%3A%22TIME%22%2C%22orderType%22%3A%22DESC%22%2C%22currentPage%22%3A1%2C%22pageSize%22%3A10%7D

3.security

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

4.配置文件

${MOBILELICENSE_DATABASE_URL}	39.100.90.131
${MOBILELICENSE_DATABASE_PORT}	8306
${MOBILELICENSE_DATABASE:ilicense}	ilicense
${MOBILELICENSE_DATABASE_USERNAME}	root
${MOBILELICENSE_DATABASE_PASSWORD}	123456

${WEB_SERVICE_USERNAME}	GISlab
${WEB_SERVICE_PASSWORD}	C?oHlNUxXYd%mI8
${WEB_SERVICE_END_POINT_URL}	https://lic.supermap.com.cn/CloudService/CloudL.asmx
${MOBILELICENSE_APPKEY}	5202cac5de6a48f88dbb6dd4d7d9dbfa
${PORTAL_ADMINISTRATORS_USERID}	324366

${MOBILELICENSE_CAS_CLIENT_HOST_URL}	127.0.0.1:8081
${MOBILELICENSE_SSO_SERVER_URL}	https://sso.supermap.com/v101/cas


${MOBILELICENSE_LOGGING_LEVEL_TRIALLICENSE} info
${MOBILELICENSE_LOGGING_LEVEL_CAS_CLIENT} info


itest:
MOBILELICENSE_DATABASE_URL	192.168.252.97
MOBILELICENSE_DATABASE_PORT	3306
MOBILELICENSE_DATABASE:ilicense	ilicense
MOBILELICENSE_DATABASE_USERNAME	root
MOBILELICENSE_DATABASE_PASSWORD	supermapol123
WEB_SERVICE_USERNAME	GISlab
WEB_SERVICE_PASSWORD	C?oHlNUxXYd%mI8
WEB_SERVICE_END_POINT_URL	https://lic.supermap.com.cn/CloudService/CloudL.asmx
MOBILELICENSE_APPKEY	5202cac5de6a48f88dbb6dd4d7d9dbfa
PORTAL_ADMINISTRATORS_USERID	324366
MOBILELICENSE_CAS_CLIENT_HOST_URL	https://itest.supermapol.com
MOBILELICENSE_SSO_SERVER_URL	https://sso.supermap.com/v101/cas
MOBILELICENSE_LOGGING_LEVEL_TRIALLICENSE info
MOBILELICENSE_LOGGING_LEVEL_CAS_CLIENT info

#数据库
spring:
  datasource:
    url: jdbc:mysql://39.100.90.131:8306/ilicense?characterEncoding=utf8&useSSL=false
    username: root
    password: 123456

mobile:
  license:
    web-service:
      username: GISlab
      password: C?oHlNUxXYd%mI8
      license-end-point: https://lic.supermap.com.cn/CloudService/CloudL.asmx
    appKey: 5202cac5de6a48f88dbb6dd4d7d9dbfa
  administrators:
    userId: 324366

cas:
  #客户端访问地址;有nginx，则为nginx的port
  client-host-url: 127.0.0.1:8030
  #cas服务端的登录地址
  server-login-url: https://sso.supermap.com/v101/cas/login
  #cas服务端的地址
  server-url-prefix: https://sso.supermap.com/v101/cas

#日志
logging:
  level:
    com.isupermap.cloudmanagement.mobilelicense: info
    org.jasig.cas.client: info

nginx:

#重构移动许可管理
        location /api/manager/cloud/mobile{
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Connection "";
            proxy_pass http://127.0.0.1:8081;
        }

        #重构移动许可客户端
        location /api/web/v1/ilicense/mobile{
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Connection "";
            proxy_pass http://127.0.0.1:8081;
        }