从外部平台单点登录到准教慧学

准教慧学系统具有基于JWT（Json Web Token）协议的认证登录机制，可实现学校用户从外部平台单点登录到准教慧学系统的效果。 双方平台用户对应机制依赖于第三方关键值映射表，该表需使用对应学校管理员账号维护。 ### 单点请求说明 请求地址：https://${domain}/auth/sso 请求方式：POST 返回格式：JSON 请求参数示例： ``` {     "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyVHlwZSI6Mywia2V5d29yZCI6MTIzNDU2LCJ1c2VyTmFtZSI6Iua1i-ivleiAgeW4iCIsInBhcmFtcyI6eyJyZWRpcmVjdFVybCI6Imh0dHBzOi8vd3d3LmRvbmduaTEwMC5jb20vc3NvLmh0bWwifSwiZXhwIjoxNjM2MDA5MTU3fQ.nvVecdO_Zw-mbBIYYjDZjcIT6VbLD5J6iF7u4jMDTJc",     "clientType": 1, "appId": "123456", "redirectUrl": "https://xxx/", } ``` | 字段名 | 类型 | 是否必填 | 说明 | | ------------ | ------------ | ------------ | ------------ | | token | String | 是 | 请生成加密算法为HS256格式的JWT，具体载体内容请看下表 | | clientType | int | 是 | 客户端类型（1-PC 2-移动 ） | | appId | String | 是 | 由懂你管理员提供 | | redirectUrl | String | 是 | 单点失败后的跳转地址 | ### JWT单点登录技术规格 <table> <tbody> <tr> <th colspan="2">字段名</th> <th>类型</th> <th>是否必填</th> <th>说明</th> </tr> <tr> <td colspan="2">keyword</td> <td>String</td> <td>是</td> <td>对接方提供全局唯一ID</td> </tr> <tr> <td colspan="2">userType</td> <td>int</td> <td>是</td> <td>用户类型（3：老师 4：学生 5：家长）</td> </tr> <tr> <td colspan="2">userName</td> <td>String</td> <td>是</td> <td>用户姓名</td> </tr> <tr> <td colspan="2">schoolName</td> <td>String</td> <td>否</td> <td>学校名称(学生角色必填)</td> </tr> <tr> <td colspan="2">studentNum</td> <td>String</td> <td>否</td> <td>学生学号(学生角色必填)</td> </tr> <tr> <td colspan="2">phone</td> <td>String</td> <td>否</td> <td>手机号(老师和家长选填)</td> </tr> <tr> <td>params</td> <td></td> <td>Map</td> <td>否</td> <td>额外参数</td> </tr> <tr> <td></td> <td>redirectPath</td> <td>String</td> <td>否</td> <td>用于单点成功前端的路由跳转(默认首页)</td> </tr> </tbody> </table> ### JWT代码示例 ``` /** * 创建JWT token * @param id 目前暂时使用userId * @param issuer 目前暂时设置为userName * @param ttlMillis token的存活时间，单位为毫秒 * @return token */ public static Map<String, Object> createJWT(String id, String issuer, Map<String, Object> claims, long ttlMillis) { //The JWT signature algorithm we will be using to sign the token SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); //We will sign our JWT with our ApiKey secret byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("aaa"); Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); //Let's set the JWT Claims JwtBuilder builder = Jwts.builder().setId(id) .setIssuer(issuer) .setClaims(claims) .setIssuedAt(now) .signWith(signatureAlgorithm, signingKey); //if it has been specified, let's add the expiration if (ttlMillis >= 0) { long expMillis = nowMillis + ttlMillis; Date exp = new Date(expMillis); builder.setExpiration(exp); } //Builds the JWT and serializes it to a compact, URL-safe string Map<String, Object> result = new HashMap<>(); result.put("token", builder.compact()); result.put("expires", OpenApiConstants.TOKEN_EXPIRES); return result; } public static void main(String[] args) { Map<String, Object> claims = new HashMap<>(4); claims.put("keyword", "tongan431103199011222568"); claims.put("userType", 3); claims.put("userName", "测试"); Map<String, Object> params = new HashMap<>(); params.put("redirectPath", "/v2/homework/list/homework-list"); claims.put("params", params); Map<String, Object> token = createJWT("1", "测试", claims, 1000 * 7200L); System.out.println("token = " + token); } ```

{
    "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyVHlwZSI6Mywia2V5d29yZCI6MTIzNDU2LCJ1c2VyTmFtZSI6Iua1i-ivleiAgeW4iCIsInBhcmFtcyI6eyJyZWRpcmVjdFVybCI6Imh0dHBzOi8vd3d3LmRvbmduaTEwMC5jb20vc3NvLmh0bWwifSwiZXhwIjoxNjM2MDA5MTU3fQ.nvVecdO_Zw-mbBIYYjDZjcIT6VbLD5J6iF7u4jMDTJc",
    "clientType": 1,
    "appId": "123456",
    "redirectUrl": "https://xxx/",
}

    /**
     * 创建JWT token
     * @param id 目前暂时使用userId
     * @param issuer 目前暂时设置为userName
     * @param ttlMillis token的存活时间，单位为毫秒
     * @return token
     */
    public static Map<String, Object> createJWT(String id, String issuer, Map<String, Object> claims, long ttlMillis) {

        //The JWT signature algorithm we will be using to sign the token
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;

        long nowMillis = System.currentTimeMillis();
        Date now = new Date(nowMillis);

        //We will sign our JWT with our ApiKey secret
        byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("aaa");
        Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());

        //Let's set the JWT Claims
        JwtBuilder builder = Jwts.builder().setId(id)
                .setIssuer(issuer)
                .setClaims(claims)
                .setIssuedAt(now)
                .signWith(signatureAlgorithm, signingKey);

        //if it has been specified, let's add the expiration
        if (ttlMillis >= 0) {
            long expMillis = nowMillis + ttlMillis;
            Date exp = new Date(expMillis);
            builder.setExpiration(exp);
        }

        //Builds the JWT and serializes it to a compact, URL-safe string
        Map<String, Object> result = new HashMap<>();
        result.put("token", builder.compact());
        result.put("expires", OpenApiConstants.TOKEN_EXPIRES);
        return result;
    }

    public static void main(String[] args) {
        Map<String, Object> claims = new HashMap<>(4);
        claims.put("keyword", "tongan431103199011222568");
        claims.put("userType", 3);
        claims.put("userName", "测试");

        Map<String, Object> params = new HashMap<>();
        params.put("redirectPath", "/v2/homework/list/homework-list");
        claims.put("params", params);

        Map<String, Object> token = createJWT("1", "测试", claims, 1000 * 7200L);
        System.out.println("token = " + token);
    }