系统认证相关代码提交

Signed-off-by: TanYibin <5491541@qq.com>

系统认证相关代码提交
Signed-off-by: TanYibin <5491541@qq.com>
谭毅彬
1 parent f6f3c5c4
Showing 15 changed files with 765 additions and 66 deletions
.gitignore
ant-design-vue-jeecg/src/config/router.config.js
ant-design-vue-jeecg/src/permission.js
ant-design-vue-jeecg/src/views/user/Login.vue
ant-design-vue-jeecg/src/views/user/LoginAccount.vue
ant-design-vue-jeecg/src/views/user/modules/SystemTokenForm.vue
ant-design-vue-jeecg/src/views/user/modules/SystemTokenModal.vue
huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/LoginController.java
huaheng-wms-core/src/main/java/org/jeecg/modules/system/model/SystemAuthenticationModel.java
huaheng-wms-core/src/main/java/org/jeecg/utils/HuahengJwtUtil.java
huaheng-wms-core/src/main/java/org/jeecg/utils/support/SystemAuthentication.java
huaheng-wms-core/src/main/java/org/jeecg/utils/support/SystemRSA256Key.java
huaheng-wms-core/src/main/resources/application-dev.yml
huaheng-wms-core/src/main/resources/application-prod.yml
huaheng-wms-core/src/main/resources/application-test.yml
 ## ide
 **/.idea
 *.iml
+*/SystemToken.txt
  
 ## backend
 logs/
@@ -320,6 +320,11 @@ export const constantRouterMap = [
         name: 'alteration',
         component: () => import(/* webpackChunkName: "user" */ '@/views/user/alteration/Alteration')
       },
+      {
+        path: 'systemTokenModal',
+        name: 'systemTokenModal',
+        component: () => import(/* webpackChunkName: "user" */ '@/views/user/modules/SystemTokenModal')
+      },
     ]
   },
  
@@ -9,7 +9,7 @@ import {generateIndexRouter, isOAuth2AppEnv} from &#39;@/utils/util&#39;
  
 NProgress.configure({showSpinner: false}) // NProgress Configuration
  
-const whiteList = ['/user/login', '/user/register', '/user/register-result', '/user/alteration'] // no redirect whitelist
+const whiteList = ['/user/login', '/user/register', '/user/register-result', '/user/alteration','/user/systemTokenModal'] // no redirect whitelist
 whiteList.push(OAUTH2_LOGIN_PAGE_PATH)
  
 router.beforeEach((to, from, next) => {
 <template>
   <div class="main">
     <a-form-model class="user-layout-login" @keyup.enter.native="handleSubmit">
-      <a-tabs :activeKey="customActiveKey" :tabBarStyle="{ textAlign: 'center', borderBottom: 'unset' }"
-              @change="handleTabClick">
+      <a-tabs :activeKey="customActiveKey" :tabBarStyle="{ textAlign: 'center', borderBottom: 'unset' }" @change="handleTabClick">
         <a-tab-pane key="tab1" tab="账号密码登录">
-          <login-account ref="alogin" @validateFail="validateFail" @success="requestSuccess"
-                         @fail="requestFailed"></login-account>
+          <login-account ref="alogin" @validateFail="validateFail" @success="requestSuccess" @fail="requestFailed"></login-account>
         </a-tab-pane>
-
         <!--        <a-tab-pane key="tab2" tab="手机号登录">-->
         <!--          <login-phone ref="plogin" @validateFail="validateFail" @success="requestSuccess" @fail="requestFailed"></login-phone>-->
         <!--        </a-tab-pane>-->
       </a-tabs>
-
       <!--      <a-form-model-item>-->
       <!--        <a-checkbox @change="handleRememberMeChange" default-checked>自动登录</a-checkbox>-->
       <!--        <router-link :to="{ name: 'alteration'}" class="forge-password" style="float: right;">-->
@@ -22,23 +18,18 @@
       <!--          注册账户-->
       <!--        </router-link>-->
       <!--      </a-form-model-item>-->
-
-
       <a-form-item style="margin-top:24px">
-        <a-button size="large" type="primary" htmlType="submit" class="login-button" :loading="loginBtn"
-                  @click.stop.prevent="handleSubmit" :disabled="loginBtn">确定
+        <a-button size="large" type="primary" htmlType="submit" class="login-button" :loading="loginBtn" @click.stop.prevent="handleSubmit" :disabled="loginBtn">确定
         </a-button>
       </a-form-item>
-
     </a-form-model>
-
-    <two-step-captcha v-if="requiredTwoStepCaptcha" :visible="stepCaptchaVisible" @success="stepCaptchaSuccess"
-                      @cancel="stepCaptchaCancel"></two-step-captcha>
+    <two-step-captcha v-if="requiredTwoStepCaptcha" :visible="stepCaptchaVisible" @success="stepCaptchaSuccess" @cancel="stepCaptchaCancel"></two-step-captcha>
     <login-select-tenant ref="loginSelect" @success="loginSelectOk"></login-select-tenant>
     <!--    <third-login ref="thirdLogin"></third-login>-->
   </div>
 </template>
  
+
 <script>
 import Vue from 'vue'
 import {ACCESS_TOKEN, ENCRYPTED_STRING} from '@/store/mutation-types'
@@ -47,7 +38,6 @@ import LoginSelectTenant from &#39;./LoginSelectTenant&#39;
 import TwoStepCaptcha from '@/components/tools/TwoStepCaptcha'
 import {getEncryptedString} from '@/utils/encryption/aesEncrypt'
 import {timeFix} from '@/utils/util'
-
 import LoginAccount from './LoginAccount'
 import LoginPhone from './LoginPhone'
  
@@ -94,8 +84,6 @@ export default {
         }
       })
     },
-
-
     //登录
     handleSubmit() {
       this.loginBtn = true;
@@ -134,15 +122,12 @@ export default {
     },
     //登录成功
     loginSuccess() {
-      this.$router.push({path: "/dashboard/analysis"}).catch(() => {
-        console.log('登录跳转首页出错,这个错误从哪里来的')
-      })
+      this.$router.push({path: "/dashboard/analysis"});
       this.$notification.success({
         message: '欢迎',
         description: `${timeFix()}，欢迎回来`,
       });
     },
-
     stepCaptchaSuccess() {
       this.loginSuccess()
     },
@@ -163,9 +148,7 @@ export default {
         this.encryptedString = encryptedString;
       }
     }
-
   }
-
 }
 </script>
 <style lang="less" scoped>
@@ -213,10 +196,9 @@ export default {
       float: right;
     }
   }
-}
-</style>
-<style>
-.valid-error .ant-select-selection__placeholder {
-  color: #f5222d;
+
+  .valid-error .ant-select-selection__placeholder {
+    color: #f5222d;
+  }
 }
 </style>
 \ No newline at end of file
@@ -31,8 +31,9 @@
 </template>
  
 <script>
-import {getAction} from '@/api/manage'
 import Vue from 'vue'
+import {getAction} from '@/api/manage'
+import SystemTokenModal from './modules/SystemTokenModal'
 import {mapActions} from 'vuex'
 import {getWarehouseByUserCode} from '@/api/api'
  
@@ -140,7 +141,7 @@ export default {
     acceptUsername(username) {
       this.model['username'] = username
     },
-    //账号密码登录
+    // 账号密码登录
     handleLogin(rememberMe) {
       this.validateFields(['username', 'password'], (err) => {
         if (!err) {
@@ -151,21 +152,20 @@ export default {
             checkKey: this.currdatetime,
             remember_me: rememberMe,
           }
-          console.log("登录参数", loginParams)
           this.Login(loginParams).then((res) => {
             this.$emit('success', res.result)
           }).catch((err) => {
             this.$emit('fail', err)
+            if (err.code == 499) {
+              this.$router.push({path: "/user/systemTokenModal"})
+            }
           });
         } else {
           this.$emit('validateFail')
         }
       })
     }
-
-
   }
-
 }
 </script>
  
+<template>
+  <div>
+    <a-form-model ref="form" :model="model" :rules="validatorRules">
+      <a-form-model-item required prop="username">
+        <a-input v-model="model.username" size="large" placeholder="请输入帐户名  / admin" @blur="getWarehouse">
+          <a-icon slot="prefix" type="user" :style="{ color: 'rgba(0,0,0,.25)' }"/>
+        </a-input>
+      </a-form-model-item>
+      <a-form-model-item required prop="password">
+        <a-input v-model="model.password" size="large" type="password" autocomplete="false"
+                 placeholder="请输入密码 / 123456">
+          <a-icon slot="prefix" type="lock" :style="{ color: 'rgba(0,0,0,.25)' }"/>
+        </a-input>
+      </a-form-model-item>
+
+      <a-form-model-item prop="warehouseCode">
+        <a-select
+          show-search
+          placeholder="请选择仓库"
+          option-filter-prop="label"
+          v-model="model.warehouseCode">
+          <a-select-option v-for="item in warehouseList" :key="item.name" :value="item.code">{{
+              item.name
+            }}
+          </a-select-option>
+        </a-select>
+      </a-form-model-item>
+
+    </a-form-model>
+  </div>
+</template>
+
+<script>
+import {getAction} from '@/api/manage'
+import Vue from 'vue'
+import {mapActions} from 'vuex'
+import {getWarehouseByUserCode} from '@/api/api'
+
+export default {
+  name: 'SystemTokenForm',
+  data() {
+    return {
+      requestCodeSuccess: false,
+      randCodeImage: '',
+      currdatetime: '',
+      loginType: 0,
+      warehouseList: {},
+      querySource: {},
+      model: {
+        username: '',
+        password: '',
+        warehouseCode: '',
+        // inputCode: ''
+      },
+      validatorRules: {
+        username: [
+          {required: true, message: '请输入用户名!'},
+          {validator: this.handleUsernameOrEmail}
+        ],
+        password: [{
+          required: true, message: '请输入密码!', validator: 'click'
+        }],
+        warehouseCode: [{
+          required: true, message: '请选择仓库!', trigger: "change" , validator: 'click'
+        }],
+      }
+    }
+  },
+  created() {
+    this.handleChangeCheckCode();
+    this.getWarehouse();
+  },
+
+  methods: {
+    ...mapActions(['Login']),
+    /**刷新验证码*/
+    handleChangeCheckCode() {
+      this.currdatetime = new Date().getTime();
+      // this.model.inputCode = ''
+      getAction(`/sys/randomImage/${this.currdatetime}`).then(res => {
+        if (res.success) {
+          this.randCodeImage = res.result
+          this.requestCodeSuccess = true
+        } else {
+          this.$message.error(res.message)
+          this.requestCodeSuccess = false
+        }
+      }).catch(() => {
+        this.requestCodeSuccess = false
+      })
+    },
+
+    getWarehouse() {
+      const that = this;
+      this.querySource.username = that.model.username;
+      let obj = getWarehouseByUserCode(that.querySource);
+      obj.then((res) => {
+        that.warehouseList = res.result;
+        if (this.warehouseList != null) {
+          this.model.warehouseCode = this.warehouseList[0].code;
+        }
+      })
+    },
+
+    // 判断登录类型
+    handleUsernameOrEmail(rule, value, callback) {
+      const regex = /^([a-zA-Z0-9_-])+@([a-zA-Z0-9_-])+((\.[a-zA-Z0-9_-]{2,3}){1,2})$/;
+      if (regex.test(value)) {
+        this.loginType = 0
+      } else {
+        this.loginType = 1
+      }
+      callback()
+    },
+    /**
+     * 验证字段
+     * @param arr
+     * @param callback
+     */
+    validateFields(arr, callback) {
+      let promiseArray = []
+      for (let item of arr) {
+        let p = new Promise((resolve, reject) => {
+          this.$refs['form'].validateField(item, (err) => {
+            if (!err) {
+              resolve();
+            } else {
+              reject(err);
+            }
+          })
+        });
+        promiseArray.push(p)
+      }
+      Promise.all(promiseArray).then(() => {
+        callback()
+      }).catch(err => {
+        callback(err)
+      })
+    },
+    acceptUsername(username) {
+      this.model['username'] = username
+    },
+    // 账号密码登录
+    handleLogin(rememberMe) {
+      this.validateFields(['username', 'password'], (err) => {
+        if (!err) {
+          let loginParams = {
+            username: this.model.username,
+            password: this.model.password,
+            warehouseCode: this.model.warehouseCode,
+            checkKey: this.currdatetime,
+            remember_me: rememberMe,
+          }
+          this.Login(loginParams).then((res) => {
+            this.$emit('success', res.result)
+          }).catch((err) => {
+            console.log(">>>>>>>>>err.message：", err.message)
+            this.$emit('fail', err)
+            this.$router.push({path: "/user/systemTokenModal"}).catch(() => {
+
+            })
+          });
+        } else {
+          this.$emit('validateFail')
+        }
+      })
+    }
+  }
+}
+</script>
+
+<style scoped>
+
+</style>
 \ No newline at end of file
+<template>
+  <div class="main">
+    <a-form-model class="user-layout-login" @keyup.enter.native="handleSubmit">
+      <a-tabs :activeKey="customActiveKey" :tabBarStyle="{ textAlign: 'center', borderBottom: 'unset' }" @change="handleTabClick">
+        <a-tab-pane key="tab1" tab="授权 TOKEN">
+          <!-- <login-account ref="alogin" @validateFail="validateFail" @success="requestSuccess" @fail="requestFailed"></login-account> -->
+        </a-tab-pane>
+               <!-- <a-tab-pane key="tab2" tab="手机号登录">
+                 <login-phone ref="plogin" @validateFail="validateFail" @success="requestSuccess" @fail="requestFailed"></login-phone>
+               </a-tab-pane> -->
+      </a-tabs>
+      <a-form-model-item>
+        <a-input size="large" v-model="model.password" autocomplete="false" placeholder="请输入授权 TOKEN"/>
+      </a-form-model-item>
+      <a-form-item style="margin-top:24px">
+        <a-button size="large" type="primary" htmlType="submit" class="login-button" :loading="loginBtn" @click.stop.prevent="handleSubmit" :disabled="loginBtn">确定
+        </a-button>
+      </a-form-item>
+    </a-form-model>
+    <two-step-captcha v-if="requiredTwoStepCaptcha" :visible="stepCaptchaVisible" @success="stepCaptchaSuccess" @cancel="stepCaptchaCancel"></two-step-captcha>
+    <!-- <login-select-tenant ref="loginSelect" @success="loginSelectOk"></login-select-tenant> -->
+    <!--    <third-login ref="thirdLogin"></third-login>-->
+  </div>
+</template>
+
+
+<script>
+import Vue from 'vue'
+import {ACCESS_TOKEN, ENCRYPTED_STRING} from '@/store/mutation-types'
+import TwoStepCaptcha from '@/components/tools/TwoStepCaptcha'
+import {getEncryptedString} from '@/utils/encryption/aesEncrypt'
+import {timeFix} from '@/utils/util'
+import SystemTokenForm from './SystemTokenForm'
+
+export default {
+  components: {
+    TwoStepCaptcha,
+    SystemTokenForm
+  },
+  data() {
+    return {
+      customActiveKey: 'tab1',
+      rememberMe: true,
+      loginBtn: false,
+      requiredTwoStepCaptcha: false,
+      stepCaptchaVisible: false,
+      querySource: {},
+      encryptedString: {
+        key: "",
+        iv: "",
+      },
+      model: {
+        password: ''
+      },
+    }
+  },
+  created() {
+    Vue.ls.remove(ACCESS_TOKEN)
+    this.getRouterData();
+    this.rememberMe = true
+  },
+  methods: {
+    handleTabClick(key) {
+      this.customActiveKey = key
+    },
+    handleRememberMeChange(e) {
+      this.rememberMe = e.target.checked
+    },
+    /**跳转到登录页面的参数-账号获取*/
+    getRouterData() {
+      this.$nextTick(() => {
+        let temp = this.$route.params.username || this.$route.query.username || ''
+        if (temp) {
+          this.$refs.alogin.acceptUsername(temp)
+        }
+      })
+    },
+    //登录
+    handleSubmit() {
+      this.loginBtn = true;
+      console.log('handleSubmit start')
+      this.handleLogin(this.rememberMe)
+    },
+    // 校验失败
+    validateFail() {
+      this.loginBtn = false;
+    },
+    // 登录后台成功
+    requestSuccess(loginResult) {
+      this.$refs.loginSelect.show(loginResult)
+    },
+    //登录后台失败
+    requestFailed(err) {
+      let description = ((err.response || {}).data || {}).message || err.message || "请求出现错误，请稍后再试"
+      this.$notification['error']({
+        message: '登录失败',
+        description: description,
+        duration: 4,
+      });
+      //账户密码登录错误后更新验证码
+      if (this.customActiveKey === 'tab1' && description.indexOf('密码错误') > 0) {
+        this.$refs.alogin.handleChangeCheckCode()
+      }
+      this.loginBtn = false;
+    },
+    loginSelectOk() {
+      this.loginSuccess()
+    },
+    //登录成功
+    loginSuccess() {
+      this.$router.push({path: "/dashboard/analysis"});
+      this.$notification.success({
+        message: '欢迎',
+        description: `${timeFix()}，欢迎回来`,
+      });
+    },
+    insertTokenSuccess() {
+      this.$router.push({path: "/user/login"});
+      this.$notification.success({
+        message: '验证成功，请重新登录',
+        // description: `${timeFix()}，欢迎回来`,
+      });
+    },
+    insertTokenError() {
+      this.$notification.error({
+        message: '验证失败，请重新输入',
+        // description: `${timeFix()}，欢迎回来`,
+      });
+      this.loginBtn = false;
+    },
+    stepCaptchaSuccess() {
+      this.loginSuccess()
+    },
+    stepCaptchaCancel() {
+      this.Logout().then(() => {
+        this.loginBtn = false
+        this.stepCaptchaVisible = false
+      })
+    },
+    //获取密码加密规则
+    getEncrypte() {
+      var encryptedString = Vue.ls.get(ENCRYPTED_STRING);
+      if (encryptedString == null) {
+        getEncryptedString().then((data) => {
+          this.encryptedString = data
+        });
+      } else {
+        this.encryptedString = encryptedString;
+      }
+    },
+    handleLogin(rememberMe) {
+      console.log('handleLogin start')
+      let loginParams = {
+        password: this.model.password,
+      }
+      // this.insertTokenSuccess();
+      this.insertTokenError();
+      // this.loginSelectOk();
+      // this.Login(loginParams).then((res) => {
+      //   this.$emit('success', res.result)
+      // }).catch((err) => {
+      //   this.$emit('fail', err)
+      // });
+    }
+  }
+}
+</script>
+<style lang="less" scoped>
+.user-layout-login {
+  label {
+    font-size: 14px;
+  }
+
+  .getCaptcha {
+    display: block;
+    width: 100%;
+    height: 40px;
+  }
+
+  .forge-password {
+    font-size: 14px;
+  }
+
+  button.login-button {
+    padding: 0 15px;
+    font-size: 16px;
+    height: 40px;
+    width: 100%;
+  }
+
+  .user-login-other {
+    text-align: left;
+    margin-top: 24px;
+    line-height: 22px;
+
+    .item-icon {
+      font-size: 24px;
+      color: rgba(0, 0, 0, .2);
+      margin-left: 16px;
+      vertical-align: middle;
+      cursor: pointer;
+      transition: color .3s;
+
+      &:hover {
+        color: #1890ff;
+      }
+    }
+
+    .register {
+      float: right;
+    }
+  }
+
+  .valid-error .ant-select-selection__placeholder {
+    color: #f5222d;
+  }
+}
+</style>
 \ No newline at end of file
 package org.jeecg.modules.system.controller;
  
-import cn.hutool.core.util.RandomUtil;
-import com.alibaba.fastjson.JSONObject;
-import com.aliyuncs.exceptions.ClientException;
-import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
-import com.baomidou.mybatisplus.core.toolkit.IdWorker;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import lombok.extern.slf4j.Slf4j;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.shiro.SecurityUtils;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.api.ISysBaseAPI;
 import org.jeecg.common.system.util.JwtUtil;
-import org.jeecg.utils.HuahengJwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
-import org.jeecg.common.util.*;
+import org.jeecg.common.util.DySmsEnum;
+import org.jeecg.common.util.DySmsHelper;
+import org.jeecg.common.util.MD5Util;
+import org.jeecg.common.util.PasswordUtil;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.common.util.encryption.EncryptedString;
 import org.jeecg.modules.base.service.BaseCommonService;
-import org.jeecg.modules.message.websocket.WebSocket;
 import org.jeecg.modules.system.entity.SysDepart;
 import org.jeecg.modules.system.entity.SysTenant;
 import org.jeecg.modules.system.entity.SysUser;
 import org.jeecg.modules.system.model.SysLoginModel;
-import org.jeecg.modules.system.service.*;
+import org.jeecg.modules.system.model.SystemAuthenticationModel;
+import org.jeecg.modules.system.service.ISysDepartService;
+import org.jeecg.modules.system.service.ISysDictService;
+import org.jeecg.modules.system.service.ISysLogService;
+import org.jeecg.modules.system.service.ISysTenantService;
+import org.jeecg.modules.system.service.ISysUserService;
 import org.jeecg.modules.system.util.RandImageUtil;
+import org.jeecg.utils.HuahengJwtUtil;
 import org.jeecg.utils.StringUtils;
+import org.jeecg.utils.support.ApiAuthentication;
+import org.jeecg.utils.support.SystemRSA256Key;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.ResourceLoader;
 import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.util.FileCopyUtils;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
  
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.*;
+import com.alibaba.fastjson.JSONObject;
+import com.aliyuncs.exceptions.ClientException;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTVerificationException;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.toolkit.IdWorker;
+
+import cn.hutool.core.util.RandomUtil;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
  
 /**
  * @Author scott
@@ -48,26 +87,34 @@ import java.util.*;
 public class LoginController {
     @Autowired
     private ISysUserService sysUserService;
+
     @Autowired
     private ISysBaseAPI sysBaseAPI;
+
     @Autowired
     private ISysLogService logService;
+
     @Autowired
     private RedisUtil redisUtil;
+
     @Autowired
     private ISysDepartService sysDepartService;
+
     @Autowired
     private ISysTenantService sysTenantService;
+
     @Autowired
     public RedisTemplate<String, ?> redisTemplate;
+
     @Autowired
     private ISysDictService sysDictService;
+
     @Autowired
     private BaseCommonService baseCommonService;
  
     @ApiOperation("登录接口")
     @RequestMapping(value = "/login", method = RequestMethod.POST)
-    public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel) {
+    public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel) throws IOException {
         Result<JSONObject> result = new Result<JSONObject>();
         String username = sysLoginModel.getUsername();
         String password = sysLoginModel.getPassword();
@@ -104,7 +151,6 @@ public class LoginController {
         if (!result.isSuccess()) {
             return result;
         }
-
         // 2. 校验用户名或密码是否正确
         String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
         String syspassword = sysUser.getPassword();
@@ -116,6 +162,10 @@ public class LoginController {
             result.error500("请选择仓库编码");
             return result;
         }
+//        result = HuahengJwtUtil.checkSystemToken();
+//        if (!result.isSuccess()) {
+//            return result;
+//        }
         // 用户登录信息
         result = userInfo(sysUser, warehouseCode);
         // update-begin--Author:liusq Date:20210126 for：登录成功，删除redis中的验证码
@@ -128,6 +178,46 @@ public class LoginController {
         return result;
     }
  
+    @ApiOperation("系统认证API")
+    @RequestMapping(value = "/systemAuthentication", method = RequestMethod.POST)
+    public Result<JSONObject> systemAuthentication(@RequestBody SystemAuthenticationModel systemAuthenticationModel) throws IOException {
+        Result<JSONObject> result = new Result<JSONObject>();
+        if (StringUtils.isEmpty(systemAuthenticationModel.getToken())) {
+            result.error500("请输入TOKEN");
+            return result;
+        }
+        FileOutputStream outputStream = null;
+        try {
+            Algorithm algorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey());
+            JWTVerifier verifier =
+                JWT.require(algorithm).withClaim("operator", HuahengJwtUtil.HUAHENG_SYSTEM_ID).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build();
+            DecodedJWT jwt = verifier.verify(systemAuthenticationModel.getToken());
+            new ApiAuthentication.ApiAuthenticationBuild().operator(jwt.getClaim("operator").asString()).audience(jwt.getAudience().get(0)).issuer(jwt.getIssuer())
+                .issuedAt(jwt.getIssuedAt()).expireDateTime(jwt.getExpiresAt()).bulid();
+
+            String path = System.getProperties().getProperty("user.dir") + "\\SystemToken.txt";
+            File file = new File(path);
+            outputStream = new FileOutputStream(file, false);
+            FileCopyUtils.copy(systemAuthenticationModel.getToken().getBytes(), outputStream);
+
+        } catch (JWTVerificationException e) {
+            log.error(e.getMessage());
+            result.error500("认证失败");
+            return result;
+        } finally {
+            if (outputStream != null) {
+                outputStream.close();
+            }
+        }
+        result.setMessage("认证成功");
+        return result;
+    }
+
+    @Bean
+    public ResourceLoader createResourceLoader() {
+        return new DefaultResourceLoader();
+    }
+
     /**
      * 【vue3专用】获取用户信息
      */
@@ -654,7 +744,7 @@ public class LoginController {
             return Result.error("用户名不能为空");
         }
     }
-    
+
     /**
      * 获取当前用户的可用仓库列表
      */
@@ -678,7 +768,7 @@ public class LoginController {
         }
         return result;
     }
-    
+
     @RequestMapping(value = "/selectUserWarehouse", method = RequestMethod.PUT)
     public Result<JSONObject> selectUserWarehouses(HttpServletRequest request, @RequestBody Map<String, String> params) {
         Result<JSONObject> result = new Result<JSONObject>();
+package org.jeecg.modules.system.model;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * 系统认证对象
+ * @Author scott
+ * @since  2019-01-18
+ */
+@Data
+@ApiModel(value = "系统认证对象", description = "系统认证对象")
+public class SystemAuthenticationModel {
+
+    @ApiModelProperty(value = "TOKEN")
+    private String token;
+
+}
 package org.jeecg.utils;
  
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.Field;
 import java.util.Arrays;
 import java.util.Date;
@@ -8,19 +12,25 @@ import java.util.UUID;
  
 import javax.servlet.http.HttpServletRequest;
  
+import org.apache.commons.io.IOUtils;
 import org.apache.shiro.SecurityUtils;
+import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.utils.support.ApiAuthentication;
 import org.jeecg.utils.support.RSA256Key;
+import org.jeecg.utils.support.SystemAuthentication;
+import org.jeecg.utils.support.SystemRSA256Key;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
  
+import com.alibaba.fastjson.JSONObject;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
+import com.auth0.jwt.exceptions.TokenExpiredException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
@@ -134,7 +144,7 @@ public class HuahengJwtUtil {
             lambdaQueryWrapper.apply("warehouse_code = {0}", warehouseCode);
         }
     }
-    
+
     public static <T> void setWarehouseCode(QueryWrapper<T> queryWrapper, Class<T> clazz, HttpServletRequest request) {
         List<String> roles = HuahengJwtUtil.getRolesByToken(request);
         String warehouseCode = HuahengJwtUtil.getWarehouseCodeByToken(request);
@@ -200,8 +210,7 @@ public class HuahengJwtUtil {
      * @return
      */
     public static String sign(ApiAuthentication apiAuthentication) {
-        RSA256Key rsa256Key = new RSA256Key(); // 获取公钥/私钥
-        Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey());
+        Algorithm algorithm = Algorithm.RSA256(new RSA256Key().getPublicKey(), new RSA256Key().getPrivateKey());
         return JWT.create().withClaim("operator", apiAuthentication.getOperator()) // 创建Token 操作人
             .withAudience(apiAuthentication.getAudience()) // Token 使用方
             .withIssuer(apiAuthentication.getIssuer()) // Token 发布者
@@ -210,6 +219,16 @@ public class HuahengJwtUtil {
             .withJWTId(UUID.randomUUID().toString()).sign(algorithm);
     }
  
+    public static String sign(SystemAuthentication systemAuthentication) {
+        Algorithm algorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey());
+        return JWT.create().withClaim("operator", systemAuthentication.getOperator()) // 创建Token 操作人
+            .withAudience(systemAuthentication.getAudience()) // Token 使用方
+            .withIssuer(systemAuthentication.getIssuer()) // Token 发布者
+            .withIssuedAt(DateUtil.date()) // 生成签名时间
+            .withExpiresAt(systemAuthentication.getExpireDateTime()) // 过期时间
+            .withJWTId(UUID.randomUUID().toString()).sign(algorithm);
+    }
+
     public static String getAudienceByToken(String token) {
         RSA256Key rsa256Key = new RSA256Key(); // 获取公钥/私钥
         Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey());
@@ -245,6 +264,37 @@ public class HuahengJwtUtil {
         }
     }
  
+    public static Result<JSONObject> checkSystemToken() throws IOException {
+        Result<JSONObject> result = new Result<JSONObject>();
+        InputStream inputStream = null;
+        try {
+            String path = System.getProperties().getProperty("user.dir") + "\\SystemToken.txt";
+            File file = new File(path);
+            inputStream = new FileInputStream(file);
+            String systemToken = IOUtils.toString(inputStream, "utf-8");
+
+            Algorithm algorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey());
+            JWTVerifier verifier =
+                JWT.require(algorithm).withClaim("operator", HuahengJwtUtil.HUAHENG_SYSTEM_ID).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build();
+            DecodedJWT jwt = verifier.verify(systemToken);
+            new ApiAuthentication.ApiAuthenticationBuild().operator(jwt.getClaim("operator").asString()).audience(jwt.getAudience().get(0)).issuer(jwt.getIssuer())
+                .issuedAt(jwt.getIssuedAt()).expireDateTime(jwt.getExpiresAt()).bulid();
+        } catch (TokenExpiredException e) {
+            result.setSuccess(false);
+            result.setCode(499);
+            result.setMessage("系统授权期限已过期");
+        } catch (Exception e) {
+            result.setSuccess(false);
+            result.setCode(499);
+            result.setMessage("系统授权TOKEN无效");
+        } finally {
+            if (inputStream != null) {
+                inputStream.close();
+            }
+        }
+        return result;
+    }
+
     /**
      * 生成第三方系统HTTP访问TOKEN
      * @author               TanYibin
@@ -253,6 +303,9 @@ public class HuahengJwtUtil {
      * @throws     Exception
      */
     public static void main(String[] args) throws Exception {
+
+        System.out.println("-------------------------------------API TOKEN-------------------------------------");
+        // 生成API TOKEN
         ApiAuthentication apiAuthentication = new ApiAuthentication();
         // 生成TOKEN必填参数
         apiAuthentication.setOperator("youjie"); // Token提供方
@@ -260,19 +313,41 @@ public class HuahengJwtUtil {
         apiAuthentication.setExpireDateTime(DateUtil.parse("2099-12-31 23:59:59", DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间
  
         String tokenString = sign(apiAuthentication);
-        System.out.println("HuahengJwtUtil.sign(apiAuthentication) Token:" + tokenString);
+        System.out.println("API Token:\r\n" + tokenString);
  
-        RSA256Key rsa256Key = new RSA256Key(); // 获取公钥/私钥
-        Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey());
+        Algorithm algorithm = Algorithm.RSA256(new RSA256Key().getPublicKey(), new RSA256Key().getPrivateKey());
         // Reusable verifier instance 可复用的验证实例
         JWTVerifier verifier = JWT.require(algorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build();
         DecodedJWT jwt = verifier.verify(tokenString);
         System.out.println();
         System.out.println("jwt.getId():" + jwt.getId());
         System.out.println("jwt.getClaim(operator):" + jwt.getClaim("operator").asString());
-        System.out.println("jwt.getAudience():" + Arrays.toString(jwt.getAudience().toArray()));
         System.out.println("jwt.getIssuer():" + jwt.getIssuer());
+        System.out.println("jwt.getAudience():" + Arrays.toString(jwt.getAudience().toArray()));
         System.out.println("jwt.getIssuedAt():" + DateUtil.format(jwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN));
         System.out.println("jwt.getExpiresAt():" + DateUtil.format(jwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN));
+
+        System.out.println("-------------------------------------系统激活码TOKEN-------------------------------------");
+        // 生成系统激活码TOKEN
+        SystemAuthentication systemAuthentication = new SystemAuthentication();
+        // 生成TOKEN必填参数
+        systemAuthentication.setAudience("湘潭崇德"); // Token使用方
+        systemAuthentication.setExpireDateTime(DateUtil.parse("2099-12-31 23:59:59", DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间
+
+        String systemTokenString = sign(systemAuthentication);
+        System.out.println("System Token:\r\n" + systemTokenString);
+
+        Algorithm systemAlgorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey());
+        // Reusable verifier instance 可复用的验证实例
+        JWTVerifier systemVerifier = JWT.require(systemAlgorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build();
+        DecodedJWT systemJwt = systemVerifier.verify(systemTokenString);
+        System.out.println();
+        System.out.println("systemJwt.getId():" + systemJwt.getId());
+        System.out.println("systemJwt.getClaim(operator):" + systemJwt.getClaim("operator").asString());
+        System.out.println("systemJwt.getIssuer():" + systemJwt.getIssuer());
+        System.out.println("systemJwt.getAudience():" + Arrays.toString(systemJwt.getAudience().toArray()));
+        System.out.println("systemJwt.getIssuedAt():" + DateUtil.format(systemJwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN));
+        System.out.println("systemJwt.getExpiresAt():" + DateUtil.format(systemJwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN));
+
     }
 }
+package org.jeecg.utils.support;
+
+import java.util.Date;
+
+import org.jeecg.utils.HuahengJwtUtil;
+
+import cn.hutool.core.date.DatePattern;
+import cn.hutool.core.date.DateUtil;
+import lombok.Data;
+
+/**
+ * 系统认证Token对象
+ * @author     TanYibin
+ * @createDate 2023年2月14日
+ */
+@Data
+public class SystemAuthentication {
+
+    private static final ThreadLocal<SystemAuthentication> REQUEST_HEADER_CONTEXT_THREAD_LOCAL = new ThreadLocal<>();
+
+    /** Token提供方 */
+    private String operator = HuahengJwtUtil.HUAHENG_SYSTEM_ID;
+
+    /** Token使用方 */
+    private String audience = "Unknown"; // 观众，相当于接受者
+
+    /** Token签发方（WMS） */
+    private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID;
+
+    /** Token签发时间 */
+    private Date issuedAt;
+
+    /** Token失效时间 */
+    private Date expireDateTime;
+
+    public SystemAuthentication() {}
+
+    public static SystemAuthentication getInstance() {
+        return REQUEST_HEADER_CONTEXT_THREAD_LOCAL.get();
+    }
+
+    public void setContext(SystemAuthentication context) {
+        REQUEST_HEADER_CONTEXT_THREAD_LOCAL.set(context);
+    }
+
+    public static void clean() {
+        REQUEST_HEADER_CONTEXT_THREAD_LOCAL.remove();
+    }
+
+    private SystemAuthentication(SystemAuthenticationBuild systemAuthenticationBuild) {
+        this.operator = systemAuthenticationBuild.operator;
+        this.audience = systemAuthenticationBuild.audience;
+        this.issuer = systemAuthenticationBuild.issuer;
+        this.issuedAt = systemAuthenticationBuild.issuedAt;
+        this.expireDateTime = systemAuthenticationBuild.expireDateTime;
+        setContext(this);
+    }
+
+    public static class SystemAuthenticationBuild {
+
+        /** Token提供方 */
+        private String operator;
+
+        /** Token使用方 */
+        private String audience; // 观众，相当于接受者
+
+        /** Token签发方（WMS） */
+        private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID;
+        
+        /** Token签发时间 */
+        private Date issuedAt;
+
+        /** Token失效时间 */
+        private Date expireDateTime;
+
+        public SystemAuthenticationBuild operator(String operator) {
+            this.operator = operator;
+            return this;
+        }
+
+        public SystemAuthenticationBuild audience(String audience) {
+            this.audience = audience;
+            return this;
+        }
+
+        public SystemAuthenticationBuild issuer(String issuer) {
+            this.issuer = issuer;
+            return this;
+        }
+
+        public SystemAuthenticationBuild issuedAt(Date issuedAt) {
+            this.issuedAt = issuedAt;
+            return this;
+        }
+        
+        public SystemAuthenticationBuild expireDateTime(Date expireDateTime) {
+            this.expireDateTime = expireDateTime;
+            return this;
+        }
+
+        public SystemAuthentication bulid() {
+            return new SystemAuthentication(this);
+        }
+    }
+
+}
+package org.jeecg.utils.support;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import org.jeecg.utils.SecretKeyUtils;
+import org.springframework.stereotype.Component;
+
+import lombok.Data;
+
+@Data
+@Component
+public class SystemRSA256Key {
+
+    /** 第三方HTTP访问 公钥 */
+    private RSAPublicKey publicKey =
+        (RSAPublicKey)SecretKeyUtils.getPublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdEKYyMFZJpE0t+37vOhMRJ0AV2JQRP9k0qAn5wHejNl7a12mrQSYPi"
+            + "riOEvR9wlQJBDy/cakSbN7G1s4jVyVv/9RTl7RMMzNlh3q6yspHR2CNE2aAsAxJx2xDyJb7Yq3xAbdfVMCjkufbonhMm2i21oaS5p9vLWHRMoEODbIFBwIDAQAB");
+
+    /** 第三方HTTP访问 私钥 */
+    private RSAPrivateKey privateKey =
+        (RSAPrivateKey)SecretKeyUtils.getPrivateKey("MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJ0QpjIwVkmkTS37fu86ExEnQBXYlBE/2TSoCfnAd6M"
+            + "2XtrXaatBJg+KuI4S9H3CVAkEPL9xqRJs3sbWziNXJW//1FOXtEwzM2WHerrKykdHYI0TZoCwDEnHbEPIlvtirfEBt19UwKOS59uieEybaLbWhpLmn28tYdEygQ4NsgUH"
+            + "AgMBAAECgYEAiVzaPOKRVG5hIWnmJYqAymutXG3BcSSJ7cdYkhiFiTQv2Oyz+ZZMlyMXLQne0W122TvfdP8OgpK8cuHB/p5kmhzkuVQqIE+AYVK3qb+8k46SiltcTWB36"
+            + "I5CiJyVVJB3Wl5X/YzAMkuo+rS9Nn6CMiOpwUM/HxYR4TqX/Xz/LeECQQD2CjXCg32IPGTCiBVgHlyGkSHAbwxPj4zN0H4AAdtayplka2rGOXws7jSfWxrWWxzA0HlGq7"
+            + "bMmIyY2AkAH/kTAkEAo2xdSdJLdCGlKD3uS1MOKsf7nkJmC4eBuN3dDH/3gMTVIeeMsvwAPKws6L6P9bd3uG8h+0fXFYx5OyBhmAKWvQJATNKNTKnf1Vz+HRt+iR+Rxla"
+            + "kkkBaOLFaxpy16uypgCTIVmmP0kr6sdDCz4sTyyBxzuaJJ37QOfvb0pGJ5ecVzwJAY7OmCnapH/Wy3CVEb2IBf6o4YWoi9Z+7TbzVsl2T81SiryekGEJUJq/oSiqQi5le"
+            + "CgCLG9HNb9Ee2Sq9P888hQJAY3paj/+a7Wjx5WhVBLxfzHKIcZ9tCgi5sOneCEKaV1eIGhOrWFcnBqc7VNYIatnRWwJccpzRUwWXmtr9Q8mWpA==");
+}
@@ -208,7 +208,7 @@ jeecg:
     #webapp文件路径
     webapp: ./webapp
   shiro:
-    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
+    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**,/sys/systemAuthentication
   #阿里云oss存储和大鱼短信秘钥配置
   oss:
     accessKey: ??
@@ -208,7 +208,7 @@ jeecg:
     #webapp文件路径
     webapp: ./webapp
   shiro:
-    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
+    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**,/sys/systemAuthentication
   #阿里云oss存储和大鱼短信秘钥配置
   oss:
     accessKey: ??
@@ -209,7 +209,7 @@ jeecg:
     #webapp文件路径
     webapp: ./webapp
   shiro:
-    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**
+    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/category/**,/visual/**,/map/**,/jmreport/bigscreen2/**,/sys/getWarehouseByUserCode,/api/**,/sys/cas/client/validateLogin,/sys/common/static/**,/sys/systemAuthentication
   #阿里云oss存储和大鱼短信秘钥配置
   oss:
     accessKey: ??