aliyunidaas
diff --git a/‎README.md
+86-1 b/‎README.md
+86-1
diff --git a/‎pom.xml
+34-2 b/‎pom.xml
+34-2
diff --git a/‎src/main/java/com/aliyunidaas/sample/common/EndpointContext.java
+12-12 b/‎src/main/java/com/aliyunidaas/sample/common/EndpointContext.java
+12-12
diff --git a/‎src/main/java/com/aliyunidaas/sample/common/SimpleAuthnInterceptor.java
+22-23 b/‎src/main/java/com/aliyunidaas/sample/common/SimpleAuthnInterceptor.java
+22-23
diff --git a/‎src/main/java/com/aliyunidaas/sample/common/cache/LocalCacheManager.java
+3-3 b/‎src/main/java/com/aliyunidaas/sample/common/cache/LocalCacheManager.java
+3-3
@@ -71,4 +71,89 @@ idaas:
 ### 可以通过SP发起登录，也可以通过IdP发起登录
 PKCE可以防止攻击者窃取code，从而通过code去拿到令牌。主要流程如下：
 ![img_14.png](src/main/resources/static/img/img_14.png)
-SP登录与IdP发起的登录可参考授权码流。
+SP登录与IdP发起的登录可参考授权码流。
+
+# 用户/组织全量拉取
+## 1. developer API依赖
+```pom
+  <dependency>
+    <groupId>com.aliyun</groupId>
+    <artifactId>alibabacloud-eiam_developerapi20220225</artifactId>
+    <version><请替换成最新版本></version>
+  </dependency>
+```
+## 2. 相关配置
+(1)全量拉取需要配置拉取的实例和应用以及需要拉取的范围，这里默认拉取IDaaS根节点下的所有用户和组织。实例ID和应用ID需要配置在配置项中。
+```yaml
+ idaas:
+  instance-id: # 实例ID
+  application-id: # 应用ID
+```
+(2)需要在IDaaS相应的应用打开API开放的接口以及相应的接口权限。如下图所示。
+![img.png](src/main/resources/static/img/img_16.png)
+## 3. 接口调用
+```http request
+POST http://127.0.0.1:8082/trigger_sync
+```
+Demo中采用H2内存数据库进行数据的存储，数据库表为user_info，ou_info，表结构如下所示：
+```sql
+create table user_info (
+    user_id varchar(255) not null, 
+    external_id varchar(255), 
+    external_ou_id varchar(255), 
+    ou_id varchar(255), 
+    phone_number varchar(255), 
+    phone_region varchar(255), 
+    user_email varchar(255), 
+    username varchar(255), 
+    primary key (user_id)
+)
+create index external_id_index on user_info (external_id)
+
+create table ou_info (
+    ou_id varchar(255) not null, 
+    ou_external_id varchar(255), 
+    ou_name varchar(255), 
+    parent_ou_id varchar(255), 
+    primary key (ou_id)
+ )
+create index ou_external_id_index on ou_info (ou_external_id)
+```
+备注：
+（1）避免在同步过程中移动组织、用户。以免目录结构出错， Demo中将external_id和ou_external_id，设置唯一索引，若发现同步过程中组织重复，则抛错回滚。
+（2）运行应用时该数据库若不存在则会进行新建，路径为./temp/data
+
+其中IDaaS与Demo中的字段映射如下所示，可以根据业务需求自行修改：
+
+| Demo字段  | user_id      | user_name              | phone_region|  phone_number | user_email | external_id | external_ou_id         |
+|---------|--------------|------------------------|----------------------------|---------------|------------|--------------|------------------------|
+| IDaaS字段 |    external_id   | user_name|phone_region| phone_number  | email        | user_id    | organizational_unit_id |
+
+
+
+| Demo字段  | ou_id                           | ou_external_id              | ou_name                  | parent_ou_id | 
+|---------|---------------------------------|------------------------|--------------------------|--------------|
+| IDaaS字段 | organizational_unit_external_id | organizational_unit_id| organizational_unit_name | parent_id    |
+
+# IDaaS账户/组织同步到Demo应用
+## 1.  相关配置信息
+```yaml
+ idaas:
+   syncConfig:
+     enabled: true #同步到账户开关是否开启
+     callback-uri: ${custom.server-domain}/receive_sync #同步回调接收地址
+     encrypt-required: true #是否加密传输
+     encrypt-key: #IDaaS应用中对应的加密密钥
+     jwks-uri:  #IDaaS应用中账户同步中对应的验签公钥端点
+
+```
+(1) 在IDaaS中注册的应用需要打开IDaaS同步到应用的开关
+![img_1.png](src/main/resources/static/img/img_17.png)
+(2) 在IDaaS中设置同步范围，业务是否解密等信息,同时设置同步接收地址为当前demo中的${custom.server-domain}/receive_sync,即http://127.0.0.1:8082/receive_sync
+![img_2.png](src/main/resources/static/img/img_18.png)
+(3) 在IDaaS中设置回调事件以及全量推送范围
+![img_3.png](src/main/resources/static/img/img_19.png)
+## 2.接口调用
+```http request
+POST http://127.0.0.1:8082/receive_sync?event=<your event>
+```
@@ -24,7 +24,7 @@
         <dependency>
             <groupId>com.alibaba</groupId>
             <artifactId>fastjson</artifactId>
-            <version>1.2.75_noneautotype</version>
+            <version>2.0.12</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -57,7 +57,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>20.0</version>
+            <version>31.1-jre</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -69,6 +69,38 @@
             <artifactId>jose4j</artifactId>
             <version>0.7.9</version>
         </dependency>
+        <!--developer API-->
+        <dependency>
+            <groupId>com.aliyun</groupId>
+            <artifactId>alibabacloud-eiam_developerapi20220225</artifactId>
+            <version>1.0.3</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+            <version>2.6.3</version>
+        </dependency>
+        <!--H2数据库-->
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+            <version>1.4.200</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.aliyunidaas</groupId>
+            <artifactId>idaas-sync</artifactId>
+            <version>1.1.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+
     </dependencies>
 
     <build>
 
@@ -24,30 +24,30 @@ public String getAuthorizationEndpoint() {
         return authorizationEndpoint;
     }
 
-    public void setAuthorizationEndpoint(String authorizationEndpoint) {
-        this.authorizationEndpoint = authorizationEndpoint;
-    }
-
     public String getTokenEndpoint() {
         return tokenEndpoint;
     }
 
-    public void setTokenEndpoint(String tokenEndpoint) {
-        this.tokenEndpoint = tokenEndpoint;
-    }
-
     public String getUserinfoEndpoint() {
         return userinfoEndpoint;
     }
 
-    public void setUserinfoEndpoint(String userinfoEndpoint) {
-        this.userinfoEndpoint = userinfoEndpoint;
-    }
-
     public String getJwksUri() {
         return jwksUri;
     }
 
+    public void setAuthorizationEndpoint(String authorizationEndpoint) {
+        this.authorizationEndpoint = authorizationEndpoint;
+    }
+
+    public void setTokenEndpoint(String tokenEndpoint) {
+        this.tokenEndpoint = tokenEndpoint;
+    }
+
+    public void setUserinfoEndpoint(String userinfoEndpoint) {
+        this.userinfoEndpoint = userinfoEndpoint;
+    }
+
     public void setJwksUri(String jwksUri) {
         this.jwksUri = jwksUri;
     }
 
@@ -1,9 +1,9 @@
 package com.aliyunidaas.sample.common;
 
 import com.aliyunidaas.sample.common.cache.CacheManager;
-import com.aliyunidaas.sample.common.config.CustomOidcConfiguration;
+import com.aliyunidaas.sample.common.config.InitConfiguration;
 import com.aliyunidaas.sample.common.factory.CodeChallengeMethodFactory;
-import com.aliyunidaas.sample.common.factory.ParameterNameFactory;
+import com.aliyunidaas.sample.common.factory.ConstantParams;
 import com.aliyunidaas.sample.common.util.CommonUtil;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -41,25 +41,25 @@ public class SimpleAuthnInterceptor implements HandlerInterceptor {
     private final static String UTF_8 = "UTF-8";
 
     @Autowired
-    private CustomOidcConfiguration customOidcConfiguration;
+    private InitConfiguration initConfiguration;
 
     @Autowired
     private CacheManager cacheManager;
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
             throws IOException, NoSuchAlgorithmException, IllegalAccessException {
-        Cookie cookie = WebUtils.getCookie(request, ParameterNameFactory.COOKIE_NAME);
+        Cookie cookie = WebUtils.getCookie(request, ConstantParams.COOKIE_NAME);
         if (cookie == null) {
             String state = UUID.randomUUID().toString();
-            String redirectUri = customOidcConfiguration.getRedirectUri();
-            String iDaaSLoginUri = getIDaaSLoginUri(request, state, redirectUri);
-            if (customOidcConfiguration.isPkceRequired()) {
-                iDaaSLoginUri = getIDaaSLoginUri(state, iDaaSLoginUri);
+            String redirectUri = initConfiguration.getOidcConfig().getRedirectUri();
+            String eiamLoginUri = getEiamLoginUri(request, state, redirectUri);
+            if (initConfiguration.getOidcConfig().isPkceRequired()) {
+                eiamLoginUri = getEiamLoginUri(state, eiamLoginUri);
             }
-            response.sendRedirect(iDaaSLoginUri);
+            response.sendRedirect(eiamLoginUri);
         } else {
-            String cookieValue = cacheManager.getCache(CommonUtil.generateCacheKey(cookie.getValue(), ParameterNameFactory.COOKIE_NAME));
+            String cookieValue = cacheManager.getCache(CommonUtil.generateCacheKey(cookie.getValue(), ConstantParams.COOKIE_NAME));
             if (StringUtils.isBlank(cookieValue) || !cookie.getValue().equals(cookieValue)) {
                 throw new IllegalAccessException(ILLEGAL_ACCESS_EXCEPTION_MESSAGE);
             }
@@ -74,47 +74,46 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
      * @param state 用于作为缓存的key以及作为随机值用于跨站保护
      * @return 登录的重定向地址
      */
-    private String getIDaaSLoginUri(HttpServletRequest request, String state, String redirectUri)
+    private String getEiamLoginUri(HttpServletRequest request, String state, String redirectUri)
             throws MalformedURLException, UnsupportedEncodingException {
-        EndpointContext endpointContext = cacheManager.getCache(customOidcConfiguration.getIssuer());
+        EndpointContext endpointContext = cacheManager.getCache(initConfiguration.getOidcConfig().getIssuer());
         String authorizationEndpoint = endpointContext.getAuthorizationEndpoint();
-        final String clientId = customOidcConfiguration.getClientId();
-        final String scopes = customOidcConfiguration.getScopes().replace(" ", "%20");
+        final String clientId = initConfiguration.getOidcConfig().getClientId();
 
         final String queryString = request.getQueryString();
         final String requestUrl = request.getRequestURL().toString();
         final URL url = new URL(requestUrl);
         String callbackUrl = url.getPath() + (queryString == null ? "" : "?" + queryString);
-        cacheManager.setCache(CommonUtil.generateCacheKey(state, ParameterNameFactory.URI), callbackUrl);
+        cacheManager.setCache(CommonUtil.generateCacheKey(state, ConstantParams.URI), callbackUrl);
         // responseType = code , It means that this is an authorization code request
         return authorizationEndpoint +
                 "?response_type=code"
                 + "&client_id=" + URLEncoder.encode(clientId, UTF_8)
                 + "&redirect_uri=" + URLEncoder.encode(redirectUri, UTF_8)
-                + "&scope=" + URLEncoder.encode(scopes, UTF_8)
+                + "&scope=" + URLEncoder.encode(initConfiguration.getOidcConfig().getScopes(), UTF_8).replace("+","%20")
                 + "&state=" + URLEncoder.encode(state, UTF_8);
     }
 
     /**
      * Obtain the redirection URL of Authorization Code With PKCE Flow
      *
      * @param state    缓存code verifier 的key
-     * @param iDaaSLoginUri 授权码情况下的重定向地址
+     * @param eiamLoginUri 授权码情况下的重定向地址
      * @return pkce情况下登录的的重定向地址
      * @throws NoSuchAlgorithmException
      */
-    private String getIDaaSLoginUri(String state, String iDaaSLoginUri) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+    private String getEiamLoginUri(String state, String eiamLoginUri) throws NoSuchAlgorithmException, UnsupportedEncodingException {
         String codeVerifier = createCodeVerifier();
         String codeChallenge = codeVerifier;
-        String codeChallengeMethod = customOidcConfiguration.getCodeChallengeMethod();
+        String codeChallengeMethod = initConfiguration.getOidcConfig().getCodeChallengeMethod();
         if (codeChallengeMethod.equals(CodeChallengeMethodFactory.SHA_256)) {
             codeChallenge = createHash(codeVerifier);
         }
-        cacheManager.setCache(CommonUtil.generateCacheKey(state, ParameterNameFactory.CODE_VERIFIER), codeVerifier);
-        iDaaSLoginUri = iDaaSLoginUri
-                + "&code_challenge_method=" + URLEncoder.encode(customOidcConfiguration.getCodeChallengeMethod(), UTF_8)
+        cacheManager.setCache(CommonUtil.generateCacheKey(state, ConstantParams.CODE_VERIFIER), codeVerifier);
+        eiamLoginUri = eiamLoginUri
+                + "&code_challenge_method=" + URLEncoder.encode(initConfiguration.getOidcConfig().getCodeChallengeMethod(), UTF_8)
                 + "&code_challenge=" + URLEncoder.encode(codeChallenge, UTF_8);
-        return iDaaSLoginUri;
+        return eiamLoginUri;
     }
 
     /**
 
@@ -18,11 +18,11 @@ public class LocalCacheManager implements CacheManager {
 
     private final Cache<String, Object> cache = CacheBuilder
             .newBuilder()
-            //设置cache的初始大小
+            // 设置cache的初始大小
             .initialCapacity(20)
-            //并发数
+            // 并发数
             .concurrencyLevel(2)
-            //过期时间
+            // 过期时间
             .expireAfterWrite(3600, TimeUnit.SECONDS)
             .build();