刘琛运的技术文档

Appearance

7.27 sso修改昵称时同步更新portal

portal接口

https://itest.supermapol.com/web/mycontent/account/nickname.json
https://itest.supermapol.com/web/mycontent/account/mailbox.json

filder


https://itest.supermapol.com/web/mycontent/account/mailbox.json

Host: itest.supermapol.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
Accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://itest.supermapol.com/my-account/account
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: language=zh; JSESSIONID=7558578F9ED462EB9E5DA1521023E3F89-n1; JSESSIONID=54939A2D5A5D94CEEECDBED3527C63E32-n1; Hm_lvt_0117cd7e7bf092f2162903096b3c2586=1626855637,1627370226,1627370461,1627370572; Hm_lpvt_0117cd7e7bf092f2162903096b3c2586=1627370579; JSESSIONID=5373C83E2A9CA7E231CB3692ED88AFBB-n1
Content-Length: 16


121qweaa1@qq.com

生成token

https://itest.supermapol.com/services/security/tokens.json       post


{
  "username":"324366",
  "password":"abcdefgh",
  "expiration":315360000000
}
54iZIctNGHR1hMCod3qxEfy9sVz38z97oz4y3gDFi22Rg_WlQKS152XgAk0oKcNytbQLOFK59kh_5aL1mSt8ZhbVjQP-G9qOCvmoO7m95K0.

54iZIctNGHR1hMCod3qxEf205WsH36xUAnN1BcfD28ZUjjuIwKnEX-F-76GYwJoPCAXvG-i0d3uPZ_7DdnP61CfNqjDjcXy28iev9swgU-4.

10年: ("expiration":315360000000)


我的
{
  "username":"592862",
  "password":"abcdefgh",
  "expiration":180000
}

0-n6UutH6A63cQcsvE9hZLV4ThJ0qKcHm_1Kf01SkOLIiGNOIjaY-a5duLxIKrsjwG84754h7b7Pa5blUWIsWSXKPQd-m0sFITkiEPZAK4M.


Abcdefgh7
1. portal现有接口不适用,需要在portal扩展相似接口。原因:
portal接口需要获取当前”登录用户“,区别在前端调用portal接口变为sso后端调用,后端调用需要token

2. 接口冗余:扩展接口与portal现有接口功能一样

3. 修改数据库原子性问题: sso服务,同步修改portal数据库和sso数据库,无法保证一致性,有潜在的bug,场景:
	portal修改成功,sso修改失败,最终显示失败,但刷新主站发现已修改,原因是portal是成功修改了
	
4. 服务之间增加了耦合: sso服务和portl服务之间增加了耦合

5. 访问portal接口流程复杂:访问portal接口需要2步 :1.先向portal获取token, 2.带着token才能访问portal接口

好处:
1.	修改了sso的昵称或邮箱,刷新主站也能及时修改

有些账号生成token有问题

593892
select * from users where nickname = 'itest3'
select * from user_infos where name = '593892'


select * from users where nickname = 'itest222222'
select * from user_infos where nickname = 'itest222222'
select *,count(nickname) from user_infos group by nickname having count(*) > 1

https://itest.supermapol.com/web/mycontent/account/nickname.json?token={"succeed":false,"error":{"code":400,"errorMsg":"用户名或密码错误。"}}

593892
593059 2  1606196518358

593801之前可以
593802之后不行


944964

$shiro1$SHA-256$500000$DY4EWvA9Wr0/NS6RNhBSjQ==$ZAHrS/mNa/IiuefjvvnrNaMM1hg5GFGKZQbN5OxySYY=
$shiro1$SHA-256$500000$IdpLSTILrgQRUfxh8+S8Ww==$DuauaTz/Wj5yui/6ljzv4nIx3UrQoAdevL9XtwGSyug=

##token生成的原因

593801 之前用 abcdefgh
593801 之后用 Abcdefgh7
配置新密码那个

bj本地 

1 之前用 abcdefgh
1 之后用 Abcdefgh7

itest:593801
zhuzhan:978789

select * from user_infos where nickname = 'online_wzj'

昵称已被注册问题解决

{
    "succeed": false,
    "error": {
        "code": 400,
        "errorMsg": "昵称已被注册。"
    }
}

原因:
user_infos表 nickname字段和传入的nickname相同,不能被修改

修改:
如果是ol环境,不校验数据库
private void b(String string) {
        if (!SupermapOnlineUtil.isSuperMapOL() && this.iportalSecurityComponent.isNicknameRegistered(string)) {
                    throw new HttpException(Status.CLIENT_ERROR_BAD_REQUEST, a.getMessage((Enum)IPortalResource.IPORTALUSERSRESOURCE_NICKNAME_ALREADY_EXIST, new Object[0]));
                }
            }
!SupermapOnlineUtil.isSuperMapOL()  如果是ol,条件就跳过
昵称已被注册。
修改portal接口,如果是ol,就不校验

测试账号
593855 18215540952 123456
post:   https://itest.supermapol.com/services/security/tokens.json
{
  "username":"593855",
  "password":"Abcdefgh7",
  "expiration":315360000000
}


UMDuDIhIaIs8sLjqU5Uy2bk0cJNdp2y6uR7FLMKo2qMR_w27PnDOyu-Q0w93VHU6Hwwg22lTQ6bVAKUfzks9137ha2USvV7bg07jntVgoLY.

https://itest.supermapol.com/web/mycontent/account/nickname.json?token=O-YiWUHcJ45wc4e6OerXrNZv_00DmcCEhzOOm0CpTAKO6Y3lbF_GnaZ0Hi9DXPDbwtAd7M54fv_W34yFnprds23MUlxr3jy4P9oo4aMwCnc.
body:
online_wzj

watch com.supermap.icloud.cas.client.service.AccountManagerService nickNameModify '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

jad com.supermap.iportal.web.rest.resources.impl.MyAccountResource

watch com.supermap.iportal.web.rest.resources.impl.MyAccountResource b '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

watch com.supermap.iportal.web.rest.resources.impl.MyAccountResource updateNickname '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'



————————————————————————
判断是ol环境后,不会执行到此
watch com.supermap.iportal.web.components.impl.IportalSecurityComponentImpl isNicknameRegistered '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

不能修改邮箱为空

修改portal接口,如果是ol,就不校验

portal登录失效后自动登录

arthos

portal拿的旧的登录信息,数据库数据已经为最新,结果一对比不同,旧的重新覆盖新的数据库数据

_____________________________________________________________________-
watch com.supermap.icloud.security.ICloudCasRealm doGetAuthenticationInfo '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

watch com.supermap.icloud.security.ICloudCasFilter doUpdateUserInfo '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

并不是这两个
———————————————————————————————————————————————————————————————————————————

watch com.supermap.iportal.web.components.impl.ICloudCasUserComponentImpl updateOnlineUserInfo '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

watch com.supermap.online.security.pac4j.core.PopupClosedCallbackLogic saveUserProfile '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

watch com.supermap.online.security.pac4j.core.PopupClosedCallbackLogic saveUserProfile '{params,params[2].getAttributes()}' -v -n 5 -x 3 '1==1'


watch org.pac4j.core.engine.DefaultCallbackLogic perform '{params}' -v -n 5 -x 3 '1==1'

watch com.supermap.iportal.web.components.impl.ICloudCasUserComponentImpl getUserInfoFromCas '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

http://127.0.0.1:8080/cas/ua/getinfo?userId=1缓存问题

watch com.supermap.icloud.dao.ICloudUserManager getICloudUserById '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

watch com.supermap.icloud.cas.services.UserService updateUserNames '{params,returnObj,throwExp}' -v -n 5 -x 3 '1==1'

ognl '@com.runoqd.itc.quartz.utils.SpringApplicationContextHolder@getSpringBean("iCloudUserManager").cachedUserMap'


uid
user uid: 1 enter cachedUserMap

username
user username: 666666 no enter cachedUserMap锛宔nter database query
user username: 666666 database query null

更新缓存
updateCachedUserById type NICKNAME uid 1 newInfoMap {newNickname=666666, realName=wlwl, phoneNumber=11111111111, company=222222, userId=1, email=1210737588@qq.com}

流程

ICloudUserResource.java  /online接口
内部会访问 https://sso.supermap.com/cas/ua/getinfo?(userId/email/nickname/tel)=   获取最新的

取登录信息
CasUserComponent.parseCasAttributes()两个方法

icloudusercom.casGetUserInfoServerUrl = https://ssocdtest.supermap.com/cas/ua/getinfo