feat(auth): 添加第三方运营商token认证功能

- 新增JWT工具类用于生成和验证第三方token
- 实现第三方认证过滤器ThirdPartyJwtAuthFilter
- 添加token认证入口点JwtAuthenticationEntryPoint
- 创建query_token接口用于获取认证token
- 配置第三方认证相关的安全过滤链
- 添加JWT依赖库jjwt-api、jjwt-impl、jjwt-jackson
- 新增token验证注解@TokenRequired及切面验证逻辑
- 在application-dev.yml中配置第三方认证白名单路径
- 更新AES加密和HMAC-MD5签名的测试数据

pom.xml

@@ -1,295 +1,312 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <groupId>com.zsElectric</groupId>
-    <artifactId>zsElectric-boot</artifactId>
-    <version>3.3.0</version>
-    <description>基于 Java 17 + SpringBoot 3 + Spring Security 构建的权限管理系统。</description>
-
-    <parent>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.6</version> <!-- lookup parent from repository -->
-        <relativePath/>
-    </parent>
-
-    <properties>
-        <maven.compiler.source>17</maven.compiler.source>
-        <maven.compiler.target>17</maven.compiler.target>
-
-        <hutool.version>5.8.34</hutool.version>
-
-        <mysql-connector-j.version>9.1.0</mysql-connector-j.version>
-        <druid.version>1.2.24</druid.version>
-        <mybatis-plus.version>3.5.5</mybatis-plus.version>
-        <dynamic-datasource.version>4.3.1</dynamic-datasource.version>
-
-        <knife4j.version>4.5.0</knife4j.version>
-
-        <mapstruct.version>1.6.3</mapstruct.version>
-        <lombok-mapstruct-binding.version>0.2.0</lombok-mapstruct-binding.version>
-
-        <xxl-job.version>3.2.0</xxl-job.version>
-
-        <fastexcel.version>1.3.0</fastexcel.version>
-
-        <!-- 对象存储 -->
-        <minio.version>8.5.10</minio.version>
-        <okhttp3.version>4.8.1</okhttp3.version>
-
-        <aliyun-sdk-oss.version>3.16.3</aliyun-sdk-oss.version>
-
-        <!-- redisson 分布式锁 -->
-        <redisson.version>3.51.0</redisson.version>
-
-        <!-- 自动代码生成 -->
-        <mybatis-plus-generator.version>3.5.6</mybatis-plus-generator.version>
-        <velocity.version>2.3</velocity.version>
-
-        <!-- IP 地区转换 -->
-        <ip2region.version>2.7.0</ip2region.version>
-
-        <!-- 阿里云短信 -->
-        <aliyun.java.sdk.core.version>4.7.6</aliyun.java.sdk.core.version>
-        <aliyun.java.sdk.dysmsapi.version>2.2.1</aliyun.java.sdk.dysmsapi.version>
-
-        <!-- 微信 jdk -->
-        <weixin-java.version>4.7.7.B</weixin-java.version>
-        <caffeine.version>2.9.3</caffeine.version>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok</artifactId>
-            <!--编译测试环境，不打包在lib-->
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>com.fasterxml.jackson.datatype</groupId>
-            <artifactId>jackson-datatype-jsr310</artifactId>
-        </dependency>
-
-
-        <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.8.9</version>
-        </dependency>
-
-
-        <dependency>
-            <groupId>cn.hutool</groupId>
-            <artifactId>hutool-all</artifactId>
-            <version>${hutool.version}</version>
-        </dependency>
-
-        <!-- 允许使用Lombok的Java Bean类中使用MapStruct注解 (Lombok 1.18.20+) -->
-        <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok-mapstruct-binding</artifactId>
-            <version>${lombok-mapstruct-binding.version}</version>
-            <scope>provided</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-redis</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-cache</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-aop</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-validation</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-websocket</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-mail</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>com.mysql</groupId>
-            <artifactId>mysql-connector-j</artifactId>
-            <version>${mysql-connector-j.version}</version>
-            <scope>runtime</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>com.alibaba</groupId>
-            <artifactId>druid-spring-boot-starter</artifactId>
-            <version>${druid.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>com.baomidou</groupId>
-            <artifactId>mybatis-plus-spring-boot3-starter</artifactId>
-            <version>${mybatis-plus.version}</version>
-        </dependency>
-
-        <!-- knife4j 接口文档 -->
-        <dependency>
-            <groupId>com.github.xiaoymin</groupId>
-            <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
-            <version>${knife4j.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springdoc</groupId>
-                    <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-            <version>2.8.9</version>
-        </dependency>
-
-        <!-- MapStruct 对象映射 -->
-        <dependency>
-            <groupId>org.mapstruct</groupId>
-            <artifactId>mapstruct</artifactId>
-            <version>${mapstruct.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.mapstruct</groupId>
-            <artifactId>mapstruct-processor</artifactId>
-            <version>${mapstruct.version}</version>
-        </dependency>
-
-        <!-- xxl-job 定时任务 -->
-        <dependency>
-            <groupId>com.xuxueli</groupId>
-            <artifactId>xxl-job-core</artifactId>
-            <version>${xxl-job.version}</version>
-        </dependency>
-
-        <!-- Excel 工具（EasyExcel-PLus ）  -->
-        <dependency>
-            <groupId>cn.idev.excel</groupId>
-            <artifactId>fastexcel</artifactId>
-            <version>${fastexcel.version}</version>
-        </dependency>
-
-        <!-- MinIO 对象存储 -->
-        <dependency>
-            <groupId>io.minio</groupId>
-            <artifactId>minio</artifactId>
-            <version>${minio.version}</version>
-        </dependency>
-
-        <!-- 阿里云 OSS 对象存储 -->
-        <dependency>
-            <groupId>com.aliyun.oss</groupId>
-            <artifactId>aliyun-sdk-oss</artifactId>
-            <version>${aliyun-sdk-oss.version}</version>
-        </dependency>
-
-        <!-- redisson 分布式锁 -->
-        <dependency>
-            <groupId>org.redisson</groupId>
-            <artifactId>redisson-spring-boot-starter</artifactId>
-            <version>${redisson.version}</version>
-        </dependency>
-
-        <!-- mybatis-plus 代码生成器 -->
-        <dependency>
-            <groupId>com.baomidou</groupId>
-            <artifactId>mybatis-plus-generator</artifactId>
-            <version>${mybatis-plus-generator.version}</version>
-        </dependency>
-
-        <!-- velocity 模板引擎(代码生成) -->
-        <dependency>
-            <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity-engine-core</artifactId>
-            <version>${velocity.version}</version>
-        </dependency>
-
-        <!-- IP 转省市区 -->
-        <dependency>
-            <groupId>org.lionsoul</groupId>
-            <artifactId>ip2region</artifactId>
-            <version>${ip2region.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>com.aliyun</groupId>
-            <artifactId>aliyun-java-sdk-core</artifactId>
-            <version>${aliyun.java.sdk.core.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>com.aliyun</groupId>
-            <artifactId>aliyun-java-sdk-dysmsapi</artifactId>
-            <version>${aliyun.java.sdk.dysmsapi.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>com.github.binarywang</groupId>
-            <artifactId>weixin-java-miniapp</artifactId>
-            <version>${weixin-java.version}</version>
-        </dependency>
-
-        <!-- 本地缓存 -->
-        <dependency>
-            <groupId>com.github.ben-manes.caffeine</groupId>
-            <artifactId>caffeine</artifactId>
-            <version>${caffeine.version}</version>
-        </dependency>
-
-        <!-- 动态多数据源 -->
-        <!--<dependency>
-            <groupId>com.baomidou</groupId>
-            <artifactId>dynamic-datasource-spring-boot3-starter</artifactId>
-            <version>${dynamic-datasource.version}</version>
-        </dependency>-->
-
-    </dependencies>
-
-    <build>
-        <finalName>${project.artifactId}</finalName>
-        <plugins>
-            <plugin>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-maven-plugin</artifactId>
-            </plugin>
-        </plugins>
-    </build>
-
-</project>
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.zsElectric</groupId>
+    <artifactId>zsElectric-boot</artifactId>
+    <version>3.3.0</version>
+    <description>基于 Java 17 + SpringBoot 3 + Spring Security 构建的权限管理系统。</description>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.5.6</version> <!-- lookup parent from repository -->
+        <relativePath/>
+    </parent>
+
+    <properties>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
+
+        <hutool.version>5.8.34</hutool.version>
+
+        <mysql-connector-j.version>9.1.0</mysql-connector-j.version>
+        <druid.version>1.2.24</druid.version>
+        <mybatis-plus.version>3.5.5</mybatis-plus.version>
+        <dynamic-datasource.version>4.3.1</dynamic-datasource.version>
+
+        <knife4j.version>4.5.0</knife4j.version>
+
+        <mapstruct.version>1.6.3</mapstruct.version>
+        <lombok-mapstruct-binding.version>0.2.0</lombok-mapstruct-binding.version>
+
+        <xxl-job.version>3.2.0</xxl-job.version>
+
+        <fastexcel.version>1.3.0</fastexcel.version>
+
+        <!-- 对象存储 -->
+        <minio.version>8.5.10</minio.version>
+        <okhttp3.version>4.8.1</okhttp3.version>
+
+        <aliyun-sdk-oss.version>3.16.3</aliyun-sdk-oss.version>
+
+        <!-- redisson 分布式锁 -->
+        <redisson.version>3.51.0</redisson.version>
+
+        <!-- 自动代码生成 -->
+        <mybatis-plus-generator.version>3.5.6</mybatis-plus-generator.version>
+        <velocity.version>2.3</velocity.version>
+
+        <!-- IP 地区转换 -->
+        <ip2region.version>2.7.0</ip2region.version>
+
+        <!-- 阿里云短信 -->
+        <aliyun.java.sdk.core.version>4.7.6</aliyun.java.sdk.core.version>
+        <aliyun.java.sdk.dysmsapi.version>2.2.1</aliyun.java.sdk.dysmsapi.version>
+
+        <!-- 微信 jdk -->
+        <weixin-java.version>4.7.7.B</weixin-java.version>
+        <caffeine.version>2.9.3</caffeine.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <!--编译测试环境，不打包在lib-->
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.11.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.11.5</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.11.5</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.8.9</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>${hutool.version}</version>
+        </dependency>
+
+        <!-- 允许使用Lombok的Java Bean类中使用MapStruct注解 (Lombok 1.18.20+) -->
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok-mapstruct-binding</artifactId>
+            <version>${lombok-mapstruct-binding.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-cache</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-aop</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-websocket</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-mail</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.mysql</groupId>
+            <artifactId>mysql-connector-j</artifactId>
+            <version>${mysql-connector-j.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>druid-spring-boot-starter</artifactId>
+            <version>${druid.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-spring-boot3-starter</artifactId>
+            <version>${mybatis-plus.version}</version>
+        </dependency>
+
+        <!-- knife4j 接口文档 -->
+        <dependency>
+            <groupId>com.github.xiaoymin</groupId>
+            <artifactId>knife4j-openapi3-jakarta-spring-boot-starter</artifactId>
+            <version>${knife4j.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springdoc</groupId>
+                    <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.springdoc</groupId>
+            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+            <version>2.8.9</version>
+        </dependency>
+
+        <!-- MapStruct 对象映射 -->
+        <dependency>
+            <groupId>org.mapstruct</groupId>
+            <artifactId>mapstruct</artifactId>
+            <version>${mapstruct.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.mapstruct</groupId>
+            <artifactId>mapstruct-processor</artifactId>
+            <version>${mapstruct.version}</version>
+        </dependency>
+
+        <!-- xxl-job 定时任务 -->
+        <dependency>
+            <groupId>com.xuxueli</groupId>
+            <artifactId>xxl-job-core</artifactId>
+            <version>${xxl-job.version}</version>
+        </dependency>
+
+        <!-- Excel 工具（EasyExcel-PLus ）  -->
+        <dependency>
+            <groupId>cn.idev.excel</groupId>
+            <artifactId>fastexcel</artifactId>
+            <version>${fastexcel.version}</version>
+        </dependency>
+
+        <!-- MinIO 对象存储 -->
+        <dependency>
+            <groupId>io.minio</groupId>
+            <artifactId>minio</artifactId>
+            <version>${minio.version}</version>
+        </dependency>
+
+        <!-- 阿里云 OSS 对象存储 -->
+        <dependency>
+            <groupId>com.aliyun.oss</groupId>
+            <artifactId>aliyun-sdk-oss</artifactId>
+            <version>${aliyun-sdk-oss.version}</version>
+        </dependency>
+
+        <!-- redisson 分布式锁 -->
+        <dependency>
+            <groupId>org.redisson</groupId>
+            <artifactId>redisson-spring-boot-starter</artifactId>
+            <version>${redisson.version}</version>
+        </dependency>
+
+        <!-- mybatis-plus 代码生成器 -->
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-generator</artifactId>
+            <version>${mybatis-plus-generator.version}</version>
+        </dependency>
+
+        <!-- velocity 模板引擎(代码生成) -->
+        <dependency>
+            <groupId>org.apache.velocity</groupId>
+            <artifactId>velocity-engine-core</artifactId>
+            <version>${velocity.version}</version>
+        </dependency>
+
+        <!-- IP 转省市区 -->
+        <dependency>
+            <groupId>org.lionsoul</groupId>
+            <artifactId>ip2region</artifactId>
+            <version>${ip2region.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.aliyun</groupId>
+            <artifactId>aliyun-java-sdk-core</artifactId>
+            <version>${aliyun.java.sdk.core.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.aliyun</groupId>
+            <artifactId>aliyun-java-sdk-dysmsapi</artifactId>
+            <version>${aliyun.java.sdk.dysmsapi.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.github.binarywang</groupId>
+            <artifactId>weixin-java-miniapp</artifactId>
+            <version>${weixin-java.version}</version>
+        </dependency>
+
+        <!-- 本地缓存 -->
+        <dependency>
+            <groupId>com.github.ben-manes.caffeine</groupId>
+            <artifactId>caffeine</artifactId>
+            <version>${caffeine.version}</version>
+        </dependency>
+
+        <!-- 动态多数据源 -->
+        <!--<dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>dynamic-datasource-spring-boot3-starter</artifactId>
+            <version>${dynamic-datasource.version}</version>
+        </dependency>-->
+
+    </dependencies>
+
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

src/main/java/com/zsElectric/boot/auth/controller/AuthController.java

@@ -94,6 +94,12 @@ public class AuthController {
         return Result.success(token);
     }
 
+    @Operation(summary = "运营商获取token")
+    @PostMapping("/query_token")
+    public Result<AuthenticationToken> loginBy(@RequestBody @Valid WxMiniAppPhoneLoginDTO loginDTO) {
+        AuthenticationToken token = authService.loginByWxMiniAppPhone(loginDTO);
+        return Result.success(token);
+    }
 
     @Operation(summary = "退出登录")
     @DeleteMapping("/logout")

src/main/java/com/zsElectric/boot/auth/controller/ThirdPartyAuthController.java

@@ -0,0 +1,75 @@
+package com.zsElectric.boot.auth.controller;
+
+import com.google.gson.Gson;
+import com.zsElectric.boot.common.constant.ConnectivityConstants;
+import com.zsElectric.boot.common.util.AESCryptoUtils;
+import com.zsElectric.boot.common.util.HmacMD5Util;
+import com.zsElectric.boot.common.util.electric.RequestParmsEntity;
+import com.zsElectric.boot.common.util.electric.RequestParmsEntitys;
+import com.zsElectric.boot.common.util.electric.ResponseParmsEntity;
+import com.zsElectric.boot.common.util.electric.queryToken.*;
+
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/api/third-party")
+public class ThirdPartyAuthController {
+
+
+    @PostMapping("/v1/get")
+    @TokenRequired
+    public String get() {
+        return "get";
+    }
+
+    @PostMapping("/query_token")
+    public ResponseParmsEntity getToken(@RequestBody RequestParmsEntitys request) throws Exception {
+        //todo 验证签名
+        if (!HmacMD5Util.verify(request.getOperatorID() + request.getData() + request.getTimeStamp() + request.getSeq(),
+                ConnectivityConstants.SIG_SECRET, request.getSig())) {
+            return new ResponseParmsEntity()
+                    .setRet(0)
+                    .setMsg("签名验证失败")
+                    .setData("")
+                    .setSig("");
+        }
+        
+        String data = request.getData();
+        String string = AESCryptoUtils.decrypt(data, ConnectivityConstants.DATA_SECRET, ConnectivityConstants.DATA_SECRET_IV);
+        QueryTokenRequestParms queryTokenRequestParms = new Gson().fromJson(string, QueryTokenRequestParms.class);
+        return null;
+    }
+}
+
+
+
+
+
+    
+//    @GetMapping("/token/validate")
+//    public ResponseEntity<?> validateToken(@RequestHeader("Authorization") String authHeader) {
+//        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+//            return ResponseEntity.badRequest()
+//                    .body(ErrorResponse.badRequest("Authorization header格式不正确"));
+//        }
+//
+//        String token = authHeader.substring(7);
+//        boolean isValid = jwtUtil.validateToken(token);
+//
+//        if (!isValid) {
+//            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+//                    .body(ErrorResponse.unauthorized("Token无效或已过期"));
+//        }
+//
+//        String operatorId = jwtUtil.getOperatorIdFromToken(token);
+//        Long remainingTTL = jwtUtil.getRemainingTTL(token);
+//
+//        Map<String, Object> result = new HashMap<>();
+//        result.put("valid", true);
+//        result.put("operatorId", operatorId);
+//        result.put("remainingTTL", remainingTTL);
+//
+//        return null;
+//    }
+    
+

src/main/java/com/zsElectric/boot/auth/service/AuthService.java

@@ -66,6 +66,13 @@ public interface AuthService {
      */
     AuthenticationToken loginByWxMiniAppPhone(WxMiniAppPhoneLoginDTO loginDTO);
 
+    /**
+     * 运营商登录
+     *
+     * @return 访问令牌
+     */
+    AuthenticationToken OperatorLogin(String OperatorID,String OperatorSecret);
+
     /**
      * 发送短信验证码
      *

src/main/java/com/zsElectric/boot/auth/service/impl/AuthServiceImpl.java

@@ -267,4 +267,12 @@ public class AuthServiceImpl implements AuthService {
         return token;
     }
 
+    @Override
+    public AuthenticationToken OperatorLogin(String OperatorID, String OperatorSecret) {
+
+
+
+        return null;
+    }
+
 }

src/main/java/com/zsElectric/boot/charging/service/ChargingBusinessService.java

@@ -3,11 +3,13 @@ package com.zsElectric.boot.charging.service;
 import com.zsElectric.boot.charging.dto.StartChargingRequestDTO;
 import com.zsElectric.boot.charging.dto.StartChargingResponseVO;
 import com.zsElectric.boot.charging.vo.*;
+import com.zsElectric.boot.common.util.electric.ApiToken;
 
 import java.util.List;
 
 public interface ChargingBusinessService {
 
+    public ApiToken queryToken();
     /**
      * <p>查询业务策略信息</p>
      * @author SheepHy

src/main/java/com/zsElectric/boot/common/util/AESCryptoUtils.java

@@ -149,7 +149,7 @@ public class AESCryptoUtils {
 
         try {
             // 测试数据
-            String originalData = "{\"OperatorID\":\"MAA9A6L75\", \"OperatorSecret\":\"yY8GtZrjhHcwptSZ\"}";
+            String originalData = "{\"OperatorID\":\"MA6DP6BE7\", \"OperatorSecret\":\"Sov2Gs590CLUbx4g\"}";
             String key = PLATFORM_DATA_SECRET;   // 16字节密钥
             String iv = PLATFORM_DATA_SECRET_IV;   // 16字节初始化向量
 

src/main/java/com/zsElectric/boot/common/util/HmacMD5Util.java

@@ -211,8 +211,8 @@ public class HmacMD5Util {
     public static void main(String[] args) {
         try {
             // 测试数据
-            String data = "MAA9A6L75Gpw3qXJ39TZp2zcW4wtvpw4Fq9VM8TNmsxe2rGCy8VQ1ln4w4Dblvv3SuuyZkZOK5UmYxZ3UbXs4XSrSkU5gZA==202511190347570001";
-            String key = "iIbnIjG6NzUtwzRA";
+            String data = "MA6DP6BE7Gpw3qXJ39TZp2zcW4wtvp67IVLon1I+IutsQmq67mPt/+W5BJ14Kcc65siGU+sFjLZcHAdWm8nX/d3xLKI3ldA==202511210705520001";
+            String key = "U9xFXjjdYAycq30C";
             
             System.out.println("=== HMAC-MD5签名测试 ===");
             System.out.println("原始数据: " + data);

src/main/java/com/zsElectric/boot/common/util/electric/ElectricTokenManager.java

@@ -165,7 +165,8 @@ public class ElectricTokenManager {
                             ConnectivityConstants.PLATFORM_DATA_SECRET_IV))
                     .setTimeStamp(result.getTimestamp())
                     .setSeq(result.getSequence())
-                    .setSig(HmacMD5Util.genSign(requestParms.getOperatorID(), requestParms.getData(), requestParms.getTimeStamp(), requestParms.getSeq(), ConnectivityConstants.PLATFORM_SIG_SECRET));
+                    .setSig(HmacMD5Util.genSign(requestParms.getOperatorID(), requestParms.getData(), requestParms.getTimeStamp(),
+                            requestParms.getSeq(), ConnectivityConstants.PLATFORM_SIG_SECRET));
 
             JsonObject response = okHttpUtil.doPostForm(ConnectivityConstants.TEST_DOMAIN + ConnectivityConstants.QUERY_TOKEN, BeanUtil.beanToMap(requestParms), null);
 

src/main/java/com/zsElectric/boot/common/util/electric/RequestParmsEntity.java

@@ -1,5 +1,6 @@
 package com.zsElectric.boot.common.util.electric;
 
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import lombok.Data;
 import lombok.experimental.Accessors;
 

src/main/java/com/zsElectric/boot/common/util/electric/RequestParmsEntitys.java

@@ -0,0 +1,83 @@
+package com.zsElectric.boot.common.util.electric;
+
+import lombok.Data;
+import lombok.Getter;
+import lombok.experimental.Accessors;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+@Accessors(chain = true)
+public class RequestParmsEntitys implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 运营商标识
+     */
+    private String OperatorID;
+
+    /**
+     * 加密后的参数
+     */
+    private String Data;
+
+    /**
+     * 时间戳
+     */
+    private String TimeStamp;
+
+    /**
+     * 序列号
+     */
+    private String Seq;
+
+    public String getOperatorID() {
+        return OperatorID;
+    }
+
+    public void setOperatorID(String operatorID) {
+        OperatorID = operatorID;
+    }
+
+    public String getData() {
+        return Data;
+    }
+
+    public void setData(String data) {
+        Data = data;
+    }
+
+    public String getTimeStamp() {
+        return TimeStamp;
+    }
+
+    public void setTimeStamp(String timeStamp) {
+        TimeStamp = timeStamp;
+    }
+
+    public String getSeq() {
+        return Seq;
+    }
+
+    public void setSeq(String seq) {
+        Seq = seq;
+    }
+
+    public String getSig() {
+        return Sig;
+    }
+
+    public void setSig(String sig) {
+        Sig = sig;
+    }
+
+    /**
+     * 签名
+     */
+    private String Sig;
+
+
+
+}

src/main/java/com/zsElectric/boot/common/util/electric/queryToken/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,29 @@
+package com.zsElectric.boot.common.util.electric.queryToken;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        Map<String, Object> error = new HashMap<>();
+        error.put("status", 401);
+        error.put("message", authException.getMessage());
+        error.put("path", request.getRequestURI());
+        new ObjectMapper().writeValue(response.getWriter(), error);
+    }
+}

src/main/java/com/zsElectric/boot/common/util/electric/queryToken/JwtTokenUtil.java

@@ -0,0 +1,157 @@
+package com.zsElectric.boot.common.util.electric.queryToken;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.UnsupportedJwtException;
+import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SignatureException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * JWT Token工具类
+ * 专门用于第三方接口的Token生成和验证
+ */
+@Component
+public class JwtTokenUtil {
+
+    private final SecretKey secretKey;
+    private final Long expireSeconds;
+    private final RedisTemplate<String, Object> redisTemplate;
+    
+    // Redis key前缀
+    private static final String REDIS_TOKEN_PREFIX = "third_party:token:";
+    private static final String REDIS_OPERATOR_TOKENS_PREFIX = "third_party:operator_tokens:";
+
+    public JwtTokenUtil(@Value("${third-party.jwt.secret:vgct1TZ4ZikKjaaeIiq3LUwIvpmcgYa6}") String secret,
+                       @Value("${third-party.jwt.expire:7200}") Long expireSeconds,
+                       RedisTemplate<String, Object> redisTemplate) {
+        // 生成安全的密钥
+        this.secretKey = Keys.hmacShaKeyFor(secret.getBytes());
+        this.expireSeconds = expireSeconds;
+        this.redisTemplate = redisTemplate;
+    }
+
+    /**
+     * 生成JWT Token
+     */
+    public String generateToken(String operatorId) {
+        Date now = new Date();
+        Date expiryDate = new Date(now.getTime() + expireSeconds * 1000);
+        
+        String token = Jwts.builder()
+                .setSubject(operatorId)
+                .setIssuedAt(now)
+                .setExpiration(expiryDate)
+                .signWith(secretKey, SignatureAlgorithm.HS512)
+                .compact();
+        
+        // 存储到Redis，支持Token主动撤销
+        storeTokenInRedis(token, operatorId);
+        
+        return token;
+    }
+
+    /**
+     * 验证JWT Token有效性
+     */
+    public boolean validateToken(String token) {
+        try {
+            // 首先检查Redis中是否存在该token（支持主动撤销）
+            if (!isTokenInRedis(token)) {
+                return false;
+            }
+            
+            // 验证JWT签名和过期时间
+            Jwts.parserBuilder()
+                .setSigningKey(secretKey)
+                .build()
+                .parseClaimsJws(token);
+            
+            return true;
+            
+        } catch (ExpiredJwtException e) {
+            System.out.println("Token已过期: " + e.getMessage());
+        } catch (UnsupportedJwtException e) {
+            System.out.println("不支持的Token格式: " + e.getMessage());
+        } catch (MalformedJwtException e) {
+            System.out.println("Token格式错误: " + e.getMessage());
+        } catch (SignatureException e) {
+            System.out.println("Token签名验证失败: " + e.getMessage());
+        } catch (IllegalArgumentException e) {
+            System.out.println("Token参数错误: " + e.getMessage());
+        }
+        
+        return false;
+    }
+
+    /**
+     * 从Token中提取OperatorID
+     */
+    public String getOperatorIdFromToken(String token) {
+        try {
+            Claims claims = Jwts.parserBuilder()
+                    .setSigningKey(secretKey)
+                    .build()
+                    .parseClaimsJws(token)
+                    .getBody();
+            return claims.getSubject();
+        } catch (Exception e) {
+            System.out.println("从Token提取OperatorID失败: " + e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * 存储Token到Redis
+     */
+    private void storeTokenInRedis(String token, String operatorId) {
+        String tokenKey = REDIS_TOKEN_PREFIX + token;
+        String operatorTokensKey = REDIS_OPERATOR_TOKENS_PREFIX + operatorId;
+        
+        // 存储token基本信息，设置过期时间
+        redisTemplate.opsForValue().set(tokenKey, operatorId, expireSeconds, TimeUnit.SECONDS);
+        
+        // 将token添加到operator的token集合中
+        redisTemplate.opsForSet().add(operatorTokensKey, token);
+        redisTemplate.expire(operatorTokensKey, expireSeconds, TimeUnit.SECONDS);
+    }
+
+    /**
+     * 检查Token是否在Redis中
+     */
+    private boolean isTokenInRedis(String token) {
+        String tokenKey = REDIS_TOKEN_PREFIX + token;
+        return Boolean.TRUE.equals(redisTemplate.hasKey(tokenKey));
+    }
+
+    /**
+     * 获取Token剩余有效时间
+     */
+    public Long getRemainingTTL(String token) {
+        String tokenKey = REDIS_TOKEN_PREFIX + token;
+        return redisTemplate.getExpire(tokenKey, TimeUnit.SECONDS);
+    }
+
+    /**
+     * 撤销Token（使其立即失效）
+     */
+    public void revokeToken(String token) {
+        String operatorId = getOperatorIdFromToken(token);
+        if (operatorId != null) {
+            String tokenKey = REDIS_TOKEN_PREFIX + token;
+            String operatorTokensKey = REDIS_OPERATOR_TOKENS_PREFIX + operatorId;
+            
+            redisTemplate.delete(tokenKey);
+            redisTemplate.opsForSet().remove(operatorTokensKey, token);
+        }
+    }
+}

src/main/java/com/zsElectric/boot/common/util/electric/queryToken/QueryTokenRequestParms.java

@@ -0,0 +1,17 @@
+package com.zsElectric.boot.common.util.electric.queryToken;
+
+import lombok.Data;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+@Data
+public class QueryTokenRequestParms implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = 1L;
+
+    private String OperatorID;
+
+    private String OperatorSecret;
+}

src/main/java/com/zsElectric/boot/common/util/electric/queryToken/ThirdPartyJwtAuthFilter.java

@@ -0,0 +1,94 @@
+package com.zsElectric.boot.common.util.electric.queryToken;
+
+import com.zsElectric.boot.common.constant.ConnectivityConstants;
+import jakarta.annotation.Resource;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+@Component
+public class ThirdPartyJwtAuthFilter extends OncePerRequestFilter {
+
+    @Resource
+    private JwtTokenUtil jwtTokenUtil; // 你的JWT工具类
+    @Resource
+    private JwtAuthenticationEntryPoint authenticationEntryPoint; // 统一认证异常处理
+
+    // 定义你的第三方接口路径模式，例如 /api/third-party/**
+    private final String thirdPartyApiPath = "/api/third-party/v1/**";
+    private final AntPathMatcher pathMatcher = new AntPathMatcher();
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        
+        String requestUri = request.getRequestURI();
+        
+        // 检查当前请求是否是需要第三方Token验证的接口
+        if (pathMatcher.match(thirdPartyApiPath, requestUri)) {
+            String token = extractToken(request);
+            
+            if (token == null) {
+                // Token缺失，通过AuthenticationEntryPoint返回统一错误格式
+                authenticationEntryPoint.commence(request, response, 
+                    new AuthenticationServiceException("Missing or invalid Bearer token"));
+                return; // 重要：直接返回，不再执行过滤链后续操作
+            }
+            
+            try {
+                // 验证Token的有效性（例如是否过期、签名是否正确）
+                if (jwtTokenUtil.validateToken(token)) {
+                    // 从Token中解析用户标识
+                    String principal = jwtTokenUtil.getOperatorIdFromToken(token);
+                    // 构建Authentication对象，细节见下文
+                    UsernamePasswordAuthenticationToken authentication =
+                        new UsernamePasswordAuthenticationToken(principal, null, new ArrayList<>());
+                    authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                    
+                    // 将认证信息设置到SecurityContext中[5](@ref)
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                } else {
+                    // Token无效
+                    authenticationEntryPoint.commence(request, response, 
+                        new AuthenticationServiceException("Invalid token"));
+                    return;
+                }
+            } catch (Exception e) { // 捕获JWT解析等特定异常
+                authenticationEntryPoint.commence(request, response, 
+                    new AuthenticationServiceException("Token validation failed: " + e.getMessage()));
+                return;
+            }
+        }
+        
+        // 如果不是第三方接口，或者Token验证通过，则继续执行后续过滤器
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * 从请求头Authorization中提取Bearer Token[4,5](@ref)
+     */
+    private String extractToken(HttpServletRequest request) {
+        String header = request.getHeader("Authorization");
+        if (StringUtils.hasText(header) && header.startsWith("Bearer ")) {
+            return header.substring(7);
+        }
+        return null;
+    }
+}

src/main/java/com/zsElectric/boot/common/util/electric/queryToken/TokenRequired.java

@@ -0,0 +1,11 @@
+package com.zsElectric.boot.common.util.electric.queryToken;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface TokenRequired {
+}

src/main/java/com/zsElectric/boot/common/util/electric/queryToken/TokenValidationAspect.java

@@ -0,0 +1,67 @@
+package com.zsElectric.boot.common.util.electric.queryToken;
+
+import com.zsElectric.boot.core.exception.BusinessException;
+import jakarta.servlet.http.HttpServletRequest;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+@Aspect
+@Component
+public class TokenValidationAspect {
+    
+//    private final JwtUtil jwtUtil;
+    
+//    public TokenValidationAspect(JwtUtil jwtUtil) {
+//        this.jwtUtil = jwtUtil;
+//    }
+    
+    @Around("@annotation(tokenRequired)")
+    public Object validateToken(ProceedingJoinPoint joinPoint, TokenRequired tokenRequired) throws Throwable {
+        // 获取HttpServletRequest
+        HttpServletRequest request = getHttpServletRequest(joinPoint);
+        if (request == null) {
+            throw new RuntimeException("无法获取HttpServletRequest");
+        }
+        
+        // 验证Token
+        String token = extractTokenFromRequest(request);
+        //todo
+//        if (token == null || !jwtUtil.validateToken(token)) {
+//            throw new BusinessException("Token验证失败");
+//        }
+        
+        return joinPoint.proceed();
+    }
+    
+
+    
+    private HttpServletRequest getHttpServletRequest(ProceedingJoinPoint joinPoint) {
+        Object[] args = joinPoint.getArgs();
+        for (Object arg : args) {
+            if (arg instanceof HttpServletRequest) {
+                return (HttpServletRequest) arg;
+            }
+        }
+        
+        // 如果从方法参数中找不到HttpServletRequest，则尝试从RequestContextHolder获取
+        try {
+            ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
+            return attributes.getRequest();
+        } catch (IllegalStateException e) {
+            // RequestContextHolder中没有可用的请求上下文
+            return null;
+        }
+    }
+    
+    private String extractTokenFromRequest(HttpServletRequest request) {
+        String authHeader = request.getHeader("x-token");
+        if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            return authHeader.substring(7);
+        }
+        return null;
+    }
+}

src/main/java/com/zsElectric/boot/config/SecurityConfig.java

@@ -3,6 +3,7 @@ package com.zsElectric.boot.config;
 import cn.binarywang.wx.miniapp.api.WxMaService;
 import cn.hutool.captcha.generator.CodeGenerator;
 import cn.hutool.core.util.ArrayUtil;
+import com.zsElectric.boot.common.util.electric.queryToken.ThirdPartyJwtAuthFilter;
 import com.zsElectric.boot.config.property.SecurityProperties;
 import com.zsElectric.boot.core.filter.RateLimiterFilter;
 import com.zsElectric.boot.security.filter.CaptchaValidationFilter;
@@ -57,6 +58,7 @@ public class SecurityConfig {
     private final CodeGenerator codeGenerator;
     private final ConfigService configService;
     private final SecurityProperties securityProperties;
+    private final ThirdPartyJwtAuthFilter thirdPartyAuthFilter;
 
     /**
      * 配置安全过滤链 SecurityFilterChain
@@ -96,6 +98,8 @@ public class SecurityConfig {
                 .addFilterBefore(new CaptchaValidationFilter(redisTemplate, codeGenerator), UsernamePasswordAuthenticationFilter.class)
                 // 验证和解析过滤器
                 .addFilterBefore(new TokenAuthenticationFilter(tokenManager), UsernamePasswordAuthenticationFilter.class)
+                // 第三方认证过滤器
+                .addFilterBefore(thirdPartyAuthFilter, UsernamePasswordAuthenticationFilter.class)
                 .build();
     }
 

src/main/resources/application-dev.yml

@@ -88,6 +88,8 @@ security:
     - /api/v1/auth/wx/miniapp/code-login # 微信小程序code登陆
     - /ws/** # WebSocket接口
     - /dev/v1/linkData/** #互联互通
+    - /api/third-party/query_token
+    - /api/third-party/get
   # 非安全端点路径，完全绕过 Spring Security 的安全控制
   unsecured-urls:
     - ${springdoc.swagger-ui.path}
@@ -296,3 +298,9 @@ ai:
   rate-limit:
     max-executions-per-minute: 10
     max-executions-per-day: 100
+
+# 第三方认证配置
+third-party:
+  jwt:
+    secret: "vgct1TZ4ZikKjaaeIiq3LUwIvpmcgYa6"
+    expire: 7200