🎉 重磅发布

.gitignore

@@ -0,0 +1,34 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**
+!**/src/test/**
+!**/target/generated-sources/**
+**/logs/**
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+
+### VS Code ###
+.vscode/
+.DS_Store
+*/.DS_Store

.mvn/jvm.config

@@ -0,0 +1 @@
+-Xmx2048m -Xms1024m  -Djava.awt.headless=true

.mvn/maven.config

@@ -0,0 +1 @@
+-T 1C -Dskiptests=true -Dmaven.compile.fork=true

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

LICENSE

@@ -0,0 +1,661 @@
+                    GNU AFFERO GENERAL PUBLIC LICENSE
+                       Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+  A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate.  Many developers of free software are heartened and
+encouraged by the resulting cooperation.  However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+  The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community.  It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server.  Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+  An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals.  This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU Affero General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Remote Network Interaction; Use with the GNU General Public License.
+
+  Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software.  This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time.  Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published
+    by the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source.  For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code.  There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+<https://www.gnu.org/licenses/>.

README.md

@@ -0,0 +1,136 @@
+<div align="center">
+
+<img src="https://user-images.githubusercontent.com/30397655/205442696-ccd32d07-2f7b-4335-8083-cac1d740b824.jpg" alt="logo" width="60%"/>
+
+[![](https://img.shields.io/badge/JDK-11+-orange)](https://www.oracle.com/au/java/technologies/javase/jdk11-archive-downloads.html)
+[![](https://img.shields.io/badge/MySQL-8.0%2B-brightgreen)](https://www.mysql.com/downloads/)
+[![](https://img.shields.io/badge/License-AGPL%203.0-orange)](https://github.com/topaim/eiam/blob/master/LICENSE)
+[![](https://img.shields.io/badge/Maven-3.5.0+-brightgreen.svg)](https://maven.apache.org)
+
+[官方网站](https://eiam.topiam.cn) | [需求收集](https://github.com/topiam/eiam/issues/new) | [问题反馈](https://github.com/topiam/eiam/issues/new)
+
+</div>
+
+--------------------------
+
+<div align="center">⭐️ 如果你喜欢 TopIAM，请给它一个 Star，您的支持将是我们前行的动力，项目正在积极开发，欢迎共建 👏🏻。</div>
+
+--------------------------
+
+## 项目介绍
+
+**TopIAM** 数字身份管控平台，简称：EIAM（Employee Identity and Access Management），
+用于管理企业内员工账号、权限、身份认证、应用访问，帮助整合部署在本地或云端的内部办公系统、业务系统及三方 SaaS
+系统的所有身份，实现一个账号打通所有应用的服务。
+
+## 产品价值
+
+传统企业 IT
+大多采用烟囱式建设方式，各系统独立建设账号体系、权限体系，当企业团队人数达到数十人至数百人时，由于系统数量多，在账户、密码、权限管理上会出现瓶颈。员工入职、离职，转岗都需要进行账号权限分配等此类管理，操作低效、功能重复、价值低，员工需要记录多套系统密码，容易出现安全问题，导致数据外泄。用户身份认证安全存疑，敏感系统缺乏严格的身份认证机制。
+
+`EIAM` 提供一套集中式账号、权限、认证、应用、审计等，帮助企业打通身份数据孤岛，实现用户全生命周期，实现一个账号打通所有应用的服务，强化企业安全体系，提升组织管理效率，助力企业数字化转型升级。
+
+## 核心特性
+
++ 提供统一组织信息管理，多维度建立对应关系，实现在一个平台对企业人员、组织架构、应用信息的高效统一管理。
++ 支持钉钉、飞书、企业微信等身份源集成能力，实现系统和企业OA平台数据联动，以用户为管理基点，结合入职、离职、调岗、兼职等人事事件，关联其相关应用权限变化而变化，保证应用访问权限的安全控制。
++ 支持多因素认证，行为验证码、社交认证，融合认证等机制，保证用户认证安全可靠。
++ 支持微信、微博、QQ等社交认证集成，使企业具有快速纳入互联网化认证能力。
++ 支持 `SAML2`，`OAuth2`，`OIDC`，`CAS`，表单代填等认证协议及机制，实现单点登录功能，预配置大量 SaaS 应用及传统应用模板，开箱即用。
++ 完善的安全审计，详尽记录每一次用户行为，使每一步操作有据可循，实时记录企业信息安全状况，精准识别企业异常访问和潜在威胁的源头。
++ 提供标准`REST`和`SCIM2.0`接口轻松完成机构用户同步，实现企业对于账号生命周期的精细化管理。
++ 开源、安全、自主可控。
+
+## 页面展示
+
+> 仅展示部分UI页面
+
++ 管理端
+
+![](https://user-images.githubusercontent.com/30397655/205442813-c5664670-aa12-4415-aa66-dadcddd04109.jpg)
+
+![](https://user-images.githubusercontent.com/30397655/206887727-2e6449a9-b75a-46f8-9fab-f215e2d26a38.png)
+
+![](https://user-images.githubusercontent.com/30397655/206887777-d1e6d138-8ab8-4d9b-87f6-08ea497a374e.png)
+
+![](https://user-images.githubusercontent.com/30397655/206887895-8c204839-9a74-4167-87f3-a131a528d444.png)
+
+--------------------------
+
++ 门户端
+
+![](https://user-images.githubusercontent.com/30397655/206888201-93b1b261-40a6-4e83-b04c-8589da5f2f8a.jpg)
+
+## 在线演示
+
++ 管理端：https://eiam-console.topiam.cn
++ 用户端：https://eiam-portal.topiam.cn
+
+> 注意：演示环境已屏蔽敏感权限和相关操作
+
+## 开源说明
+
+一方面希望通过开源加强项目产品化程度；另一方面希望在社区中吸收更多的实践场景进而继续完善产品，也欢迎大家参与到项目中来。
+
+为保证社区繁荣和项目自由健康发展，在开源许可证方面，`TopIAM` 选择采用 `AGPL-3.0` 开源协议，`AGPL-3.0` 是 OSI
+批准的许可证，符合自由和开源软件的所有标准，**开源永远是我们的初心与核心，我们将始终不渝的坚持去做这件事，我们相信在社区的推动下，这件事我们一定会做的更好**。
+
+或许很多开发者对此协议抱有一些疑问，开源社区目前也有很多采用 `AGPL-3.0` 协议的开源软件，例如 `MongoDB`、`Grafana`、`Loki`
+等，维基百科还专门有一份列表列出了哪些[开源项目](https://en.wikipedia.org/wiki/Category:Software_using_the_GNU_AGPL_license)
+采用了 `AGPL-3.0` 开源协议。
+
+`AGPL-3.0` 协议有一个非常关键的点，即对修改上游开源项目代码后的二次分发版本必须也要开源，协议限制的是部分企业想 `Folk`
+开源项目代码后进行闭源商业分发，跟上游开源项目的维护团队进行直接的商业竞争，如果仅仅只是企业内部自己使用而不进行任何层面修改，用户大可不必担心 `AGPL-3.0`
+协议带来的限制， 这些条件旨在鼓励和希望修改软件的第三方也为项目和社区做出贡献。我们认为这是一种更公平的前进方式，我们相信这将有助于我们建立更强大的社区。
+
+简单来讲：如果您修改了 `TopIAM` 项目源代码，那么您必须将这些修改贡献给社区，**绝不允许修改后和衍生的代码做为闭源的商业软件发布和销售
+**。
+
+我们也提供了商业授权，如果您**需要将本产品进行二次开发、更改并进行任何附带商业化性质行为使用**
+，请联系我们进行商业授权，以遵守 `AGPL-3.0` 协议保证您的正常使用。
+
+除此之外，我们也会酌情接受根据个人或企业需求的定制化开发。
+
+目前在国内 `GPL` 协议**具备合同特征，是一种民事法律行为** ，属于我国《合同法》调整的范围。 `TopIAM` 项目团队保留诉讼权利。
+
+[相关案例：违反 `GPL` 协议赔偿 50 万，国内首例！](https://mp.weixin.qq.com/s/YQ6sNjbDS-P7BViLZIsaoA)
+
+> **TopIAM 开源团队拥有对本开源协议的最终解释权。**
+
+## 技术架构
+
+前端技术栈：`ES6`、`React`、`TypeScript`、`UmiJS`、`Axios`、`Ant Design`；
+
+后端技术栈：`JDK11`、`Spring Boot`、`Spring Data`、`Spring Security`、`Elasticsearch`、`Redis`、`MySQL`；
+
+## 联系我们
+
+如果你想加入我们的开源交流群， 或在关于 `TopIAM` 产品上的任何想法、意见建议，商务上的合作需求，请扫码添加下方微信进一步沟通。
+
+![](https://user-images.githubusercontent.com/30397655/205442835-cfcfbf2e-eefb-4e9f-8f36-72d91c240896.jpg)
+
+欢迎关注 TopIAM 微信公众号，接收产品最新动态。
+
+![](https://user-images.githubusercontent.com/30397655/206887629-faf77f3e-1681-4918-99bf-773ef434f088.png)
+
+## 参与贡献
+
+我们强烈欢迎有兴趣的开发者参与到项目建设中来，同时欢迎大家对项目提出宝贵意见建议和功能需求，项目正在积极开发，欢迎 PR 👏。
+
+强烈推荐阅读 [《提问的智慧》](https://github.com/ryanhanwu/How-To-Ask-Questions-The-Smart-Way)、[《如何向开源社区提问题》](https://github.com/seajs/seajs/issues/545)
+和 [《如何有效地报告 Bug》](http://www.chiark.greenend.org.uk/%7Esgtatham/bugs-cn.html)、[《如何向开源项目提交无法解答的问题》](https://zhuanlan.zhihu.com/p/25795393)
+，更好的问题更容易获得帮助。
+
+## License
+
+<img src='https://www.gnu.org/graphics/agplv3-with-text-162x68.png' alt="license">
+
+## 捐赠支持
+
+如果您觉得我们的开源项目对您有帮助，那就请项目开发者们来一杯咖啡☕️吧！当前我们接受来自于**微信**、**支付宝**或者**码云**
+的捐赠，请在捐赠时备注自己的昵称或附言。
+
+您的捐赠将用于支付该项目的一些费用支出，并激励开发者们更好的推动项目的发展，同时欢迎捐赠**公网服务器**
+用于提高开发基础设施环境及在线演示系统体验。
+
+![](https://user-images.githubusercontent.com/30397655/205442840-1b54a95c-3d11-4542-ae51-040f849b26aa.jpg)

eiam-alert/pom.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-alert - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-alert</artifactId>
+    <packaging>pom</packaging>
+</project>

eiam-application/eiam-application-all/pom.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-all - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-all</artifactId>
+
+    <dependencies>
+        <!-- cas-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-cas</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <!-- form-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-form</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <!-- jwt-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-jwt</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <!-- oidc-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-oidc</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <!-- saml2-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-saml2</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-application/eiam-application-cas/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-cas - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-cas</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/AbstractCasApplicationService.java

@@ -0,0 +1,46 @@
+/*
+ * eiam-application-cas - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.cas;
+
+import cn.topiam.employee.application.ApplicationService;
+import cn.topiam.employee.common.repository.app.AppCertRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+
+/**
+ * CAS 应用配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/23 20:58
+ */
+public abstract class AbstractCasApplicationService implements ApplicationService {
+
+    /**
+     * AppCertRepository
+     */
+    protected final AppCertRepository appCertRepository;
+    /**
+     * ApplicationRepository
+     */
+    protected final AppRepository     appRepository;
+
+    protected AbstractCasApplicationService(AppCertRepository appCertRepository,
+                                            AppRepository appRepository) {
+        this.appCertRepository = appCertRepository;
+        this.appRepository = appRepository;
+    }
+}

eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-cas - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.cas;

eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-cas - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;

eiam-application/eiam-application-core/pom.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-core - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-core</artifactId>
+</project>

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractApplicationService.java

@@ -0,0 +1,136 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;
+
+import java.math.BigInteger;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.Date;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import cn.topiam.employee.common.entity.app.AppCertEntity;
+import cn.topiam.employee.common.enums.app.AppCertUsingType;
+import cn.topiam.employee.common.repository.app.AppAccessPolicyRepository;
+import cn.topiam.employee.common.repository.app.AppAccountRepository;
+import cn.topiam.employee.common.repository.app.AppCertRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+import cn.topiam.employee.support.exception.TopIamException;
+import cn.topiam.employee.support.util.CertUtils;
+import cn.topiam.employee.support.util.RsaUtils;
+import static cn.topiam.employee.support.util.CertUtils.encodePem;
+import static cn.topiam.employee.support.util.CertUtils.getX500Name;
+import static cn.topiam.employee.support.util.RsaUtils.getKeys;
+
+/**
+ * AbstractApplicationService
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/31 22:34
+ */
+public abstract class AbstractApplicationService implements ApplicationService {
+    private final Logger logger = LoggerFactory.getLogger(AbstractApplicationService.class);
+
+    /**
+     * 创建证书
+     *
+     * @param appId     {@link Long}
+     * @param appCode     {@link Long}
+     * @param usingType {@link AppCertUsingType}
+     */
+    public void createCertificate(Long appId, String appCode, AppCertUsingType usingType) {
+        try {
+            AppCertEntity config = new AppCertEntity();
+            config.setAppId(appId);
+            //私钥长度
+            config.setKeyLong(2048);
+            //算法
+            config.setSignAlgo("SHA256WITHRSA");
+            RsaUtils.RsaResult keys = getKeys(config.getKeyLong());
+            X500Name x500Name = getX500Name("app_" + appCode, "TopIAM", "Jinan", "Shandong", "CN",
+                "EIAM");
+            //发行者
+            config.setIssuer(x500Name.toString());
+            //主题
+            config.setSubject(x500Name.toString());
+            //证书 起始日期 与 结束日期
+            LocalDateTime localDateTime = LocalDateTime.now();
+            //证书序列号
+            config.setSerial(BigInteger.valueOf(System.currentTimeMillis()));
+            //开始时间
+            Date notBefore = Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
+            config.setBeginDate(
+                notBefore.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime());
+            //结束时间
+            Date notAfter = Date
+                .from(localDateTime.plusYears(10).atZone(ZoneId.systemDefault()).toInstant());
+            config
+                .setEndDate(notAfter.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime());
+            //相差天数
+            config
+                .setValidity((int) ((notAfter.getTime() - notBefore.getTime()) / 1000 / 3600 / 24));
+            //生成证书
+            String certificate = CertUtils.getCertificate(x500Name, x500Name, config.getSerial(),
+                notBefore, notAfter, keys.getPublicKey(), keys.getPrivateKey());
+            //私钥
+            config.setPrivateKey(encodePem(keys.getPrivateKey()));
+            //公钥
+            config.setPublicKey(encodePem(keys.getPublicKey()));
+            //证书
+            config.setCert(certificate);
+            //使用类型
+            config.setUsingType(usingType);
+            appCertRepository.save(config);
+        } catch (Exception e) {
+            logger.error("创建应用证书异常", e);
+            throw new TopIamException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * AppCertRepository
+     */
+    protected final AppCertRepository         appCertRepository;
+
+    /**
+     * AppAccountRepository
+     */
+    protected final AppAccountRepository      appAccountRepository;
+
+    /**
+     *AppAccessPolicyRepository
+     */
+    protected final AppAccessPolicyRepository appAccessPolicyRepository;
+
+    /**
+     * ApplicationRepository
+     */
+    protected final AppRepository             appRepository;
+
+    protected AbstractApplicationService(AppCertRepository appCertRepository,
+                                         AppAccountRepository appAccountRepository,
+                                         AppAccessPolicyRepository appAccessPolicyRepository,
+                                         AppRepository appRepository) {
+        this.appCertRepository = appCertRepository;
+        this.appAccountRepository = appAccountRepository;
+        this.appAccessPolicyRepository = appAccessPolicyRepository;
+        this.appRepository = appRepository;
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationService.java

@@ -0,0 +1,118 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;
+
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.transaction.annotation.Transactional;
+
+import cn.topiam.employee.common.enums.app.AppProtocol;
+import cn.topiam.employee.common.enums.app.AppType;
+
+/**
+ * 应用接口
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/20 23:20
+ */
+public interface ApplicationService {
+
+    /**
+     * 获取应用标志
+     *
+     * @return {@link String}
+     */
+    String getCode();
+
+    /**
+     * 获取应用名称
+     *
+     * @return {@link String}
+     */
+    String getName();
+
+    /**
+     * 获取应用描述
+     *
+     * @return {@link String}
+     */
+    String getDescription();
+
+    /**
+     * 获取应用类型
+     *
+     * @return {@link String}
+     */
+    AppType getType();
+
+    /**
+     * 获取应用协议
+     *
+     * @return {@link AppProtocol}
+     */
+    AppProtocol getProtocol();
+
+    /**
+     * 获取表单Schema
+     *
+     * @return {@link Map}
+     */
+    List<Map> getFormSchema();
+
+    /**
+     * 获取base64图标
+     *
+     * @return {@link String}
+     */
+    String getBase64Icon();
+
+    /**
+     * 创建应用
+     *
+     * @param name {@link String} 名称
+     * @param remark {@link String} 备注
+     * @return {@link String} 应用ID
+     */
+    @Transactional(rollbackFor = Exception.class)
+    String create(String name, String remark);
+
+    /**
+     * 删除应用
+     *
+     * @param appId {@link String} 应用ID
+     */
+    void delete(String appId);
+
+    /**
+     * 更新应用配置
+     *
+     * @param appId {@link String}
+     * @param config {@link Map}
+     */
+    @Transactional(rollbackFor = Exception.class)
+    void saveConfig(String appId, Map<String, Object> config);
+
+    /**
+     * 获取配置
+     *
+     * @param appId {@link String}
+     * @return {@link Map}
+     */
+    Object getConfig(String appId);
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationServiceLoader.java

@@ -0,0 +1,104 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;
+
+import java.util.*;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.BeanInitializationException;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.context.*;
+import org.springframework.context.annotation.Configuration;
+
+import cn.topiam.employee.application.exception.AppTemplateNotExistException;
+
+/**
+ * 应用服务加载器
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/20 19:08
+ */
+@Configuration
+public class ApplicationServiceLoader implements ApplicationContextAware {
+
+    private final Logger                          logger                = LoggerFactory
+        .getLogger(ApplicationServiceLoader.class);
+    /**
+     * 用于保存接口实现类名及对应的类
+     */
+    private Map<String, ApplicationService>       loadMap               = new HashMap<>(16);
+    /**
+     * key: code，value：templateImpl
+     */
+    private final Map<String, ApplicationService> applicationServiceMap = new HashMap<>(16);
+
+    /**
+     * Set the ApplicationContext that this object runs in.
+     * Normally this call will be used to initialize the object.
+     * <p>Invoked after population of normal bean properties but before an init callback such
+     * as {@link InitializingBean#afterPropertiesSet()}
+     * or a custom init-method. Invoked after {@link ResourceLoaderAware#setResourceLoader},
+     * {@link ApplicationEventPublisherAware#setApplicationEventPublisher} and
+     * {@link MessageSourceAware}, if applicable.
+     *
+     * @param applicationContext the ApplicationContext object to be used by this object
+     * @throws ApplicationContextException in case of context initialization errors
+     * @throws BeansException              if thrown by application context methods
+     * @see BeanInitializationException
+     */
+    @Override
+    public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext) throws BeansException {
+        loadMap = applicationContext.getBeansOfType(ApplicationService.class);
+        getApplicationServiceList();
+    }
+
+    /**
+     * 获取应用列表
+     *
+     * @return {@link List}
+     */
+    public Set<ApplicationService> getApplicationServiceList() {
+        List<ApplicationService> values = loadMap.values().stream().toList();
+        return new HashSet<>(values);
+    }
+
+    /**
+     * 根据CODE获取应用
+     *
+     * @param code {@link String}
+     * @return {@link List}
+     */
+    public ApplicationService getApplicationService(String code) {
+        ApplicationService impl = applicationServiceMap.get(code);
+        if (Objects.isNull(impl)) {
+            for (ApplicationService service : getApplicationServiceList()) {
+                if (code.equals(service.getCode())) {
+                    applicationServiceMap.put(code, service);
+                    return service;
+                }
+            }
+        }
+        if (Objects.isNull(impl)) {
+            throw new AppTemplateNotExistException();
+        }
+        return impl;
+    }
+
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/Saml2ApplicationService.java

@@ -0,0 +1,46 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;
+
+import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
+import cn.topiam.employee.core.protocol.Saml2SsoModel;
+
+/**
+ * 应用接口
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/20 23:20
+ */
+public interface Saml2ApplicationService extends ApplicationService {
+
+    /**
+     * 获取SSO Modal
+     *
+     * @param appId {@link String}
+     * @return {@link Saml2SsoModel}
+     */
+    Saml2SsoModel getSsoModel(String appId);
+
+    /**
+     * 获取协议配置
+     *
+     * @param appId {@link String}
+     * @return {@link Saml2ProtocolConfig}
+     */
+    Saml2ProtocolConfig getProtocolConfig(String appId);
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/SamlRamRoleNameValueType.java

@@ -0,0 +1,44 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+
+import lombok.Getter;
+
+/**
+ * Ram 角色名类型
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/24 22:39
+ */
+public enum SamlRamRoleNameValueType {
+
+                                      /**
+                                       * 应用用户名
+                                       */
+                                      APP_USERNAME("app_user.username");
+
+    @Getter
+    @JsonValue
+    private final String code;
+
+    SamlRamRoleNameValueType(String code) {
+        this.code = code;
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/context/ApplicationContext.java

@@ -0,0 +1,71 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.context;
+
+import java.util.Map;
+
+import lombok.Data;
+
+/**
+ * ApplicationContext
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/10/29 22:34
+ */
+@Data
+public final class ApplicationContext {
+    /**
+     * 应用ID
+     */
+    private final Long                appId;
+
+    /**
+     * 应用编码
+     */
+    private final String              appCode;
+
+    /**
+     * 应用模版
+     */
+    private final String              appTemplate;
+
+    /**
+     * 客户端ID
+     */
+    private final String              clientId;
+
+    /**
+     * 客户端秘钥
+     */
+    private final String              clientSecret;
+
+    /**
+     * 配置
+     */
+    private final Map<String, Object> config;
+
+    public ApplicationContext(Long appId, String appCode, String appTemplate, String clientId,
+                              String clientSecret, Map<String, Object> config) {
+        this.appCode = appCode;
+        this.appId = appId;
+        this.appTemplate = appTemplate;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+        this.config = config;
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/context/ApplicationContextHolder.java

@@ -0,0 +1,62 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.context;
+
+/**
+ *
+ * ApplicationContextHolder
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/10/29 22:37
+ */
+public final class ApplicationContextHolder {
+    private static final ThreadLocal<ApplicationContext> HOLDER = new ThreadLocal<>();
+
+    private ApplicationContextHolder() {
+    }
+
+    /**
+     * Returns the {@link ApplicationContext} bound to the current thread.
+     *
+     * @return the {@link ApplicationContext}
+     */
+    public static ApplicationContext getApplicationContext() {
+        return HOLDER.get();
+    }
+
+    /**
+     * Bind the given {@link ApplicationContext} to the current thread.
+     *
+     * @param applicationContext the {@link ApplicationContext}
+     */
+    public static void setProviderContext(ApplicationContext applicationContext) {
+        if (applicationContext == null) {
+            resetProviderContext();
+        } else {
+            HOLDER.set(applicationContext);
+        }
+    }
+
+    /**
+     * Reset the {@link ApplicationContext} bound to the current thread.
+     */
+    public static void resetProviderContext() {
+        HOLDER.remove();
+    }
+
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/context/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.context;

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppCertNotExistException.java

@@ -0,0 +1,32 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.exception;
+
+import cn.topiam.employee.support.exception.TopIamException;
+
+/**
+ * 应用证书不存在
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/8 22:21
+ */
+public class AppCertNotExistException extends TopIamException {
+    public AppCertNotExistException() {
+        super("应用证书不存在");
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppConfigNotExistException.java

@@ -0,0 +1,32 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.exception;
+
+import cn.topiam.employee.support.exception.TopIamException;
+
+/**
+ * 应用配置不存在
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/8 22:21
+ */
+public class AppConfigNotExistException extends TopIamException {
+    public AppConfigNotExistException() {
+        super("app_config_not_exist", "应用配置不存在", DEFAULT_STATUS);
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppNotEnableException.java

@@ -0,0 +1,32 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.exception;
+
+import cn.topiam.employee.support.exception.TopIamException;
+
+/**
+ * 应用未启用
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/8 22:23
+ */
+public class AppNotEnableException extends TopIamException {
+    public AppNotEnableException() {
+        super("app_not_enable", "应用未启用", DEFAULT_STATUS);
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppNotExistException.java

@@ -0,0 +1,32 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.exception;
+
+import cn.topiam.employee.support.exception.TopIamException;
+
+/**
+ * 应用不存在异常
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/8 22:23
+ */
+public class AppNotExistException extends TopIamException {
+    public AppNotExistException() {
+        super("app_not_exist", "应用不存在", DEFAULT_STATUS);
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppTemplateNotExistException.java

@@ -0,0 +1,34 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.exception;
+
+import cn.topiam.employee.support.exception.TopIamException;
+import static org.springframework.http.HttpStatus.BAD_REQUEST;
+
+/**
+ * 应用模版不存在
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/8 22:49
+ */
+public class AppTemplateNotExistException extends TopIamException {
+
+    public AppTemplateNotExistException() {
+        super("app_template_not_exist", "应用模版不存在", BAD_REQUEST);
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/ParseSaml2MetadataException.java

@@ -0,0 +1,31 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.exception;
+
+import cn.topiam.employee.support.exception.TopIamException;
+
+/**
+ * 解析SAML 元数据异常
+ *
+ * @author TopIAM
+ */
+public class ParseSaml2MetadataException extends TopIamException {
+    public ParseSaml2MetadataException() {
+        super("parse_saml2_metadata_error", "解析 SAML 元数据异常", DEFAULT_STATUS);
+    }
+}

eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-core - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;

eiam-application/eiam-application-form/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-form - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-form</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/AbstractFormApplicationService.java

@@ -0,0 +1,46 @@
+/*
+ * eiam-application-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.form;
+
+import cn.topiam.employee.application.ApplicationService;
+import cn.topiam.employee.common.repository.app.AppCertRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+
+/**
+ * Form 应用配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/23 20:58
+ */
+public abstract class AbstractFormApplicationService implements ApplicationService {
+
+    /**
+     * AppCertRepository
+     */
+    protected final AppCertRepository appCertRepository;
+    /**
+     * ApplicationRepository
+     */
+    protected final AppRepository     appRepository;
+
+    protected AbstractFormApplicationService(AppCertRepository appCertRepository,
+                                             AppRepository appRepository) {
+        this.appCertRepository = appCertRepository;
+        this.appRepository = appRepository;
+    }
+}

eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormStandardApplicationServiceImpl.java

@@ -0,0 +1,156 @@
+/*
+ * eiam-application-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.form;
+
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.stereotype.Component;
+
+import cn.topiam.employee.common.enums.app.AppProtocol;
+import cn.topiam.employee.common.enums.app.AppType;
+import cn.topiam.employee.common.repository.app.AppCertRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+
+/**
+ * Form 用户应用
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/20 23:20
+ */
+@Component
+public class FormStandardApplicationServiceImpl extends AbstractFormApplicationService {
+
+    /**
+     * 更新应用配置
+     *
+     * @param appId {@link String}
+     * @param config {@link Map}
+     */
+    @Override
+    public void saveConfig(String appId, Map<String, Object> config) {
+    }
+
+    /**
+     * 获取配置
+     *
+     * @param appId {@link String}
+     * @return {@link Map}
+     */
+    @Override
+    public Object getConfig(String appId) {
+        return null;
+    }
+
+    /**
+     * 获取应用标志
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getCode() {
+        return "form";
+    }
+
+    /**
+     * 获取应用名称
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getName() {
+        return "表单代填";
+    }
+
+    /**
+     * 获取应用描述
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getDescription() {
+        return "表单代填可以模拟用户在登录页输入用户名和密码，再通过表单提交的一种登录方式。应用的账号密码在 TopIAM 中使用 AES256 加密算法本地加密存储。很多旧系统、不支持标准认证协议的系统或不支持改造的系统可以使用表单代填实现统一身份管理。表单中有图片验证码、CSRF token、动态参数的场景不适用。";
+    }
+
+    /**
+     * 获取应用类型
+     *
+     * @return {@link AppType}
+     */
+    @Override
+    public AppType getType() {
+        return AppType.STANDARD;
+    }
+
+    /**
+     * 获取应用协议
+     *
+     * @return {@link AppProtocol}
+     */
+    @Override
+    public AppProtocol getProtocol() {
+        return AppProtocol.FORM;
+    }
+
+    /**
+     * 获取表单Schema
+     *
+     * @return {@link Map}
+     */
+    @Override
+    public List<Map> getFormSchema() {
+        return null;
+    }
+
+    /**
+     * 获取base64图标
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getBase64Icon() {
+        return "data:image/svg+xml;base64,PHN2ZyB0PSIxNjYwOTc4MDk3OTkyIiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjMxNDMiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNMjk0LjkxMiA0MTQuMjA4aDg2LjUyOHYzNDIuMDE2SDI5NC45MTJ6TTQyNC45NiA0MTQuMjA4aDMwMy4xMDR2MzQyLjAxNkg0MjQuOTZ6TTI5NC45MTIgMjY3LjI2NGg0MzMuMTUydjk3Ljc5MkgyOTQuOTEyeiIgZmlsbD0iIzI3QTNGRiIgcC1pZD0iMzE0NCI+PC9wYXRoPjxwYXRoIGQ9Ik05MjEuNiAwSDEwMi40YTEwMi40IDEwMi40IDAgMCAwLTEwMi40IDEwMi40djgxOS4yYTEwMi40IDEwMi40IDAgMCAwIDEwMi40IDEwMi40aDgxOS4yYTEwMi40IDEwMi40IDAgMCAwIDEwMi40LTEwMi40VjEwMi40YTEwMi40IDEwMi40IDAgMCAwLTEwMi40LTEwMi40eiBtLTE1MC4wMTYgNzgwLjhhMjMuMDQgMjMuMDQgMCAwIDEtMjEuNTA0IDI0LjA2NEgyNzMuNDA4YTIzLjA0IDIzLjA0IDAgMCAxLTIxLjUwNC0yNC4wNjRWMjQyLjY4OGEyMy4wNCAyMy4wNCAwIDAgMSAyMS41MDQtMjQuMDY0aDQ3Ni42NzJhMjMuMDQgMjMuMDQgMCAwIDEgMjEuNTA0IDI0LjA2NHoiIGZpbGw9IiMyN0EzRkYiIHAtaWQ9IjMxNDUiPjwvcGF0aD48L3N2Zz4=";
+    }
+
+    /**
+     * 创建应用
+     *
+     * @param name   {@link String} 名称
+     * @param remark {@link String} 备注
+     */
+    @Override
+    public String create(String name, String remark) {
+        return "";
+    }
+
+    /**
+     * 删除应用
+     *
+     * @param appId {@link String} 应用ID
+     */
+    @Override
+    public void delete(String appId) {
+
+    }
+
+    protected FormStandardApplicationServiceImpl(AppCertRepository appCertRepository,
+                                                 AppRepository appRepository) {
+        super(appCertRepository, appRepository);
+    }
+
+}

eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/AppFormConfigGetResult.java

@@ -0,0 +1,56 @@
+/*
+ * eiam-application-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.form.model;
+
+import java.io.Serializable;
+
+import cn.topiam.employee.common.enums.app.AuthorizationType;
+import cn.topiam.employee.common.enums.app.InitLoginType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * Form 配置返回
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/31 22:46
+ */
+@Data
+@Schema(description = "Form 配置返回结果")
+public class AppFormConfigGetResult implements Serializable {
+    /**
+     * SSO 发起方
+     */
+    @Parameter(description = "SSO 发起方")
+    private InitLoginType     initLoginType;
+
+    /**
+     * SSO 登录链接
+     */
+    @Parameter(description = "SSO 登录链接")
+    private String            initLoginUrl;
+
+    /**
+     * 授权范围
+     */
+    @Parameter(description = "SSO 授权范围")
+    private AuthorizationType authorizationType;
+}

eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.form.model;

eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-form - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.form;

eiam-application/eiam-application-jwt/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-jwt - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-jwt</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/AbstractJwtApplicationService.java

@@ -0,0 +1,46 @@
+/*
+ * eiam-application-jwt - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.jwt;
+
+import cn.topiam.employee.application.ApplicationService;
+import cn.topiam.employee.common.repository.app.AppCertRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+
+/**
+ * JWT 应用配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/23 20:58
+ */
+public abstract class AbstractJwtApplicationService implements ApplicationService {
+
+    /**
+     * AppCertRepository
+     */
+    protected final AppCertRepository appCertRepository;
+    /**
+     * ApplicationRepository
+     */
+    protected final AppRepository     appRepository;
+
+    protected AbstractJwtApplicationService(AppCertRepository appCertRepository,
+                                            AppRepository appRepository) {
+        this.appCertRepository = appCertRepository;
+        this.appRepository = appRepository;
+    }
+}

eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/JwtStandardApplicationServiceImpl.java

@@ -0,0 +1,155 @@
+/*
+ * eiam-application-jwt - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.jwt;
+
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.stereotype.Component;
+
+import cn.topiam.employee.common.enums.app.AppProtocol;
+import cn.topiam.employee.common.enums.app.AppType;
+import cn.topiam.employee.common.repository.app.AppCertRepository;
+import cn.topiam.employee.common.repository.app.AppRepository;
+
+/**
+ * JWT 用户应用
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/20 23:20
+ */
+@Component
+public class JwtStandardApplicationServiceImpl extends AbstractJwtApplicationService {
+
+    /**
+     * 更新应用配置
+     *
+     * @param appId {@link String}
+     * @param config {@link Map}
+     */
+    @Override
+    public void saveConfig(String appId, Map<String, Object> config) {
+    }
+
+    /**
+     * 获取配置
+     *
+     * @param appId {@link String}
+     * @return {@link Map}
+     */
+    @Override
+    public Object getConfig(String appId) {
+        return null;
+    }
+
+    /**
+     * 获取应用标志
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getCode() {
+        return "jwt";
+    }
+
+    /**
+     * 获取应用名称
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getName() {
+        return "JWT";
+    }
+
+    /**
+     * 获取应用描述
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getDescription() {
+        return "JWT（JSON Web Token）是在网络应用环境声明的一种基于 JSON 的开放标准。TopIAM 使用 JWT 进行分布式站点的单点登录 （SSO）。JWT 单点登录基于非对称加密，由 TopIAM 将用户状态和信息使用私钥加密，传递给应用后，应用使用公钥解密并进行验证。使用场景非常广泛，集成简单。";
+    }
+
+    /**
+     * 获取应用类型
+     *
+     * @return {@link AppType}
+     */
+    @Override
+    public AppType getType() {
+        return AppType.STANDARD;
+    }
+
+    /**
+     * 获取应用协议
+     *
+     * @return {@link AppProtocol}
+     */
+    @Override
+    public AppProtocol getProtocol() {
+        return AppProtocol.JWT;
+    }
+
+    /**
+     * 获取表单Schema
+     *
+     * @return {@link Map}
+     */
+    @Override
+    public List<Map> getFormSchema() {
+        return null;
+    }
+
+    /**
+     * 获取base64图标
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getBase64Icon() {
+        return "data:image/svg+xml;base64,PHN2ZyB0PSIxNjYwOTc4MjExNDg3IiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjM4NzEiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNNTg5LjMxMiAyNzUuNDU2TDU4OC4yODggMGgtMTUzLjZsMS4wMjQgMjc1LjQ1NiA3Ni44IDEwNS40NzJ6IG0tMTUzLjYgNDcyLjA2NHYyNzYuNDhoMTUzLjZ2LTI3Ni40OEw1MTIuNTEyIDY0Mi4wNDh6IiBmaWxsPSIjRkZGRkZGIiBwLWlkPSIzODcyIj48L3BhdGg+PHBhdGggZD0iTTU4OS4zMTIgNzQ3LjUybDE2MS43OTIgMjIzLjIzMiAxMjMuOTA0LTkwLjExMi0xNjEuNzkyLTIyMy4yMzItMTIzLjkwNC0zOS45MzZ6IG0tMTUzLjYtNDcyLjA2NEwyNzIuODk2IDUyLjIyNGwtMTIzLjkwNCA5MC4xMTJMMzEwLjc4NCAzNjUuNTY4bDEyNC45MjggMzkuOTM2eiIgZmlsbD0iIzAwRjJFNiIgcC1pZD0iMzg3MyI+PC9wYXRoPjxwYXRoIGQ9Ik0zMTAuNzg0IDM2NS41NjhMNDguNjQgMjgwLjU3NiAxLjUzNiA0MjUuOTg0IDI2My42OCA1MTJsMTIzLjkwNC00MC45NnogbTMyNS42MzIgMTg2LjM2OGw3Ni44IDEwNS40NzIgMjYyLjE0NCA4NC45OTIgNDcuMTA0LTE0NS40MDgtMjYyLjE0NC04NC45OTJ6IiBmaWxsPSIjMDBCOUYxIiBwLWlkPSIzODc0Ij48L3BhdGg+PHBhdGggZD0iTTc2MC4zMiA1MTJsMjYyLjE0NC04Ni4wMTYtNDcuMTA0LTE0NS40MDhMNzEzLjIxNiAzNjUuNTY4bC03Ni44IDEwNS40NzJ6IG0tNDk2LjY0IDBMMS41MzYgNTk2Ljk5MiA0OC42NCA3NDIuNGwyNjIuMTQ0LTg0Ljk5MiA3Ni44LTEwNS40NzJ6IiBmaWxsPSIjRDYzQUZGIiBwLWlkPSIzODc1Ij48L3BhdGg+PHBhdGggZD0iTTMxMC43ODQgNjU3LjQwOEwxNDguOTkyIDg4MC42NGwxMjMuOTA0IDkwLjExMiAxNjIuODE2LTIyMy4yMzJWNjE3LjQ3MnpNNzEzLjIxNiAzNjUuNTY4bDE2MS43OTItMjIzLjIzMi0xMjMuOTA0LTkwLjExMi0xNjEuNzkyIDIyMy4yMzJ2MTMwLjA0OHoiIGZpbGw9IiNGQjAxNUIiIHAtaWQ9IjM4NzYiPjwvcGF0aD48L3N2Zz4=";
+    }
+
+    /**
+     * 创建应用
+     *
+     * @param name   {@link String} 名称
+     * @param remark {@link String} 备注
+     */
+    @Override
+    public String create(String name, String remark) {
+        return "";
+    }
+
+    /**
+     * 删除应用
+     *
+     * @param appId {@link String} 应用ID
+     */
+    @Override
+    public void delete(String appId) {
+
+    }
+
+    public JwtStandardApplicationServiceImpl(AppCertRepository appCertRepository,
+                                             AppRepository appRepository) {
+        super(appCertRepository, appRepository);
+    }
+}

eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/model/AppJwtGetResult.java

@@ -0,0 +1,56 @@
+/*
+ * eiam-application-jwt - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.jwt.model;
+
+import java.io.Serializable;
+
+import cn.topiam.employee.common.enums.app.AuthorizationType;
+import cn.topiam.employee.common.enums.app.InitLoginType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * JWT 配置返回
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/31 22:46
+ */
+@Data
+@Schema(description = "JWT 配置返回结果")
+public class AppJwtGetResult implements Serializable {
+    /**
+     * SSO 发起方
+     */
+    @Parameter(description = "SSO 发起方")
+    private InitLoginType     initLoginType;
+
+    /**
+     * SSO 登录链接
+     */
+    @Parameter(description = "SSO 登录链接")
+    private String            initLoginUrl;
+
+    /**
+     * 授权范围
+     */
+    @Parameter(description = "SSO 授权范围")
+    private AuthorizationType authorizationType;
+}

eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/model/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-jwt - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.jwt.model;

eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-jwt - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.jwt;

eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-jwt - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;

eiam-application/eiam-application-oidc/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-oidc - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-oidc</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcApplicationService.java

@@ -0,0 +1,70 @@
+/*
+ * eiam-application-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.oidc;
+
+import cn.topiam.employee.application.AbstractApplicationService;
+import cn.topiam.employee.application.ApplicationService;
+import cn.topiam.employee.common.repository.app.*;
+
+/**
+ * OIDC 应用配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/23 20:58
+ */
+public abstract class AbstractOidcApplicationService extends AbstractApplicationService
+                                                     implements ApplicationService {
+
+    @Override
+    public void delete(String appId) {
+        //删除应用
+        appRepository.deleteById(Long.valueOf(appId));
+        //删除证书
+        appCertRepository.deleteByAppId(Long.valueOf(appId));
+        //删除应用账户
+        appAccountRepository.deleteAllByAppId(Long.valueOf(appId));
+        //删除应用权限策略
+        appAccessPolicyRepository.deleteAllByAppId(Long.valueOf(appId));
+        //删除SAML2配置
+        appOidcConfigRepository.deleteByAppId(Long.valueOf(appId));
+    }
+
+    /**
+     * AppCertRepository
+     */
+    protected final AppCertRepository       appCertRepository;
+    /**
+     * ApplicationRepository
+     */
+    protected final AppRepository           appRepository;
+    /**
+     * AppOidcConfigRepository
+     */
+    protected final AppOidcConfigRepository appOidcConfigRepository;
+
+    protected AbstractOidcApplicationService(AppCertRepository appCertRepository,
+                                             AppAccountRepository appAccountRepository,
+                                             AppAccessPolicyRepository appAccessPolicyRepository,
+                                             AppRepository appRepository,
+                                             AppOidcConfigRepository appOidcConfigRepository) {
+        super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository);
+        this.appCertRepository = appCertRepository;
+        this.appRepository = appRepository;
+        this.appOidcConfigRepository = appOidcConfigRepository;
+    }
+}

eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java

@@ -0,0 +1,130 @@
+/*
+ * eiam-application-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.oidc.converter;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+import org.apache.commons.text.StringSubstitutor;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+
+import cn.topiam.employee.application.oidc.model.AppOidcStandardConfigGetResult;
+import cn.topiam.employee.application.oidc.model.AppOidcStandardSaveConfigParam;
+import cn.topiam.employee.common.constants.ProtocolConstants;
+import cn.topiam.employee.common.entity.app.AppOidcConfigEntity;
+import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO;
+import cn.topiam.employee.core.context.ServerContextHelp;
+import cn.topiam.employee.support.util.HttpUrlUtils;
+import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE;
+import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.OIDC_AUTHORIZE_PATH;
+import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.WELL_KNOWN_OPENID_CONFIGURATION;
+
+/**
+ * 应用映射
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on 2020/8/14 22:45
+ */
+@Mapper(componentModel = "spring")
+public interface AppOidcStandardConfigConverter {
+    /**
+     * 实体转OIDC配置结果
+     *
+     * @param config {@link AppOidcConfigEntity}
+     * @return {@link AppOidcStandardConfigGetResult}
+     */
+    default AppOidcStandardConfigGetResult entityConverterToOidcConfigResult(AppOidcConfigPO config) {
+        AppOidcStandardConfigGetResult result = new AppOidcStandardConfigGetResult();
+        if (Objects.isNull(config)) {
+            return result;
+        }
+        //协议端点域
+        result.setProtocolEndpoint(getProtocolEndpointDomain(config.getAppCode()));
+        //认证授权类型
+        result.setAuthGrantTypes(config.getAuthGrantTypes());
+        //重定向URI
+        result.setRedirectUris(config.getRedirectUris());
+        //授权范围
+        result.setGrantScopes(config.getGrantScopes());
+        //启用PKCE
+        result.setRequireProofKey(config.getRequireProofKey());
+        //访问令牌有效时间
+        result.setAccessTokenTimeToLive(config.getAccessTokenTimeToLive().toString());
+        //刷新令牌有效时间
+        result.setRefreshTokenTimeToLive(config.getRefreshTokenTimeToLive().toString());
+        //ID令牌有效时间
+        result.setIdTokenTimeToLive(config.getIdTokenTimeToLive().toString());
+        // id 令牌签名算法
+        result.setIdTokenSignatureAlgorithm(config.getIdTokenSignatureAlgorithm());
+        //SSO 发起方
+        result.setInitLoginType(config.getInitLoginType());
+        //登录发起地址
+        result.setInitLoginUrl(config.getInitLoginUrl());
+        //授权类型
+        result.setAuthorizationType(config.getAuthorizationType());
+        return result;
+    }
+
+    /**
+     * save 转 entity
+     *
+     * @param config {@link AppOidcConfigEntity}
+     * @return {@link AppOidcConfigEntity}
+     */
+    @Mapping(target = "updateTime", ignore = true)
+    @Mapping(target = "updateBy", ignore = true)
+    @Mapping(target = "remark", ignore = true)
+    @Mapping(target = "id", ignore = true)
+    @Mapping(target = "createTime", ignore = true)
+    @Mapping(target = "createBy", ignore = true)
+    @Mapping(target = "appId", ignore = true)
+    AppOidcConfigEntity appOidcStandardSaveConfigParamToEntity(AppOidcStandardSaveConfigParam config);
+
+    /**
+     * 获取协议端点
+     *
+     * @param appCode {@link String}
+     * @return {@link AppOidcStandardConfigGetResult.ProtocolEndpoint}
+     */
+    private AppOidcStandardConfigGetResult.ProtocolEndpoint getProtocolEndpointDomain(String appCode) {
+        //@formatter:off
+        AppOidcStandardConfigGetResult.ProtocolEndpoint domain = new AppOidcStandardConfigGetResult.ProtocolEndpoint();
+        //issues
+        Map<String,String> variables = new HashMap<>(16);
+        variables.put(APP_CODE,appCode);
+        StringSubstitutor sub = new StringSubstitutor(variables, "{", "}");
+        //Issuer
+        domain.setIssuer(sub.replace(ServerContextHelp.getPortalPublicBaseUrl()+OIDC_AUTHORIZE_PATH));
+        //发现端点
+        domain.setDiscoveryEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace(WELL_KNOWN_OPENID_CONFIGURATION)));
+        //认证端点
+        domain.setAuthorizationEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() +  sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT)));
+        //Token端点
+        domain.setTokenEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace( ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT)));
+        //Jwks端点
+        domain.setJwksEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() +  sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT)));
+        //撤销端点
+        domain.setRevokeEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl()+  sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT)));
+        //UserInfo端点
+        domain.setUserinfoEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() +  sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT)));
+        return domain;
+        //@formatter:on
+    }
+}

eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardConfigGetResult.java

@@ -0,0 +1,202 @@
+/*
+ * eiam-application-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.oidc.model;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.Set;
+
+import cn.topiam.employee.common.enums.app.AuthorizationType;
+import cn.topiam.employee.common.enums.app.InitLoginType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * OIDC 配置返回
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/31 22:46
+ */
+@Data
+@Schema(description = "OIDC 配置返回结果")
+public class AppOidcStandardConfigGetResult implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = 4177874005424703372L;
+
+    /**
+     * APP ID
+     */
+    @Parameter(description = "appId")
+    private Long              appId;
+
+    /**
+     * SSO 发起方
+     */
+    @Parameter(description = "SSO 发起方")
+    private InitLoginType     initLoginType;
+
+    /**
+     * SSO 登录链接
+     */
+    @Parameter(description = "SSO 登录链接")
+    private String            initLoginUrl;
+
+    /**
+     * 授权范围
+     */
+    @Parameter(description = "SSO 授权范围")
+    private AuthorizationType authorizationType;
+    /**
+     * authorizationGrantTypes
+     */
+    @Parameter(description = "认证授权类型")
+    private Set<String>       authGrantTypes;
+
+    /**
+     * 客户端认证方式
+     */
+    @Parameter(description = "客户端认证方式")
+    private Set<String>       clientAuthMethods;
+
+    /**
+     * 重定向URI
+     */
+    @Parameter(description = "重定向URI")
+    private Set<String>       redirectUris;
+    /**
+     * scopes
+     */
+    @Parameter(description = "授权范围")
+    private Set<String>       grantScopes;
+
+    /**
+     * 启用PKCE
+     */
+    @Parameter(description = "启用PKCE")
+    private Boolean           requireProofKey;
+
+    /**
+     * 令牌 Endpoint 身份验证签名算法
+     */
+    @Parameter(description = "令牌 Endpoint 身份验证签名算法")
+    private String            tokenEndpointAuthSigningAlgorithm;
+
+    /**
+     * 是否需要授权同意
+     */
+    @Parameter(description = "是否需要授权同意")
+    private Boolean           requireAuthConsent;
+    /**
+     * 访问令牌有效时间
+     */
+    @Parameter(description = "访问令牌有效时间")
+    private String            accessTokenTimeToLive;
+    /**
+     * 刷新令牌有效时间
+     */
+    @Parameter(description = "刷新令牌有效时间")
+    private String            refreshTokenTimeToLive;
+
+    /**
+     * ID token 有效时间
+     */
+    @Parameter(description = "ID 令牌有效时间")
+    private String            idTokenTimeToLive;
+    /**
+     * id 令牌签名算法
+     */
+    @Parameter(description = "Id令牌签名算法")
+    private String            idTokenSignatureAlgorithm;
+
+    /**
+     * 协议端点域
+     */
+    @Parameter(description = "协议端点域")
+    private ProtocolEndpoint  protocolEndpoint;
+
+    /**
+     * Access Token 格式
+     */
+    @Parameter(description = "Access Token 格式")
+    private String            accessTokenFormat;
+
+    /**
+     * 是否重用刷新令牌
+     */
+    @Parameter(description = "是否重用刷新令牌")
+    private Boolean           reuseRefreshToken;
+
+    /**
+     * 协议端点域
+     *
+     * @author TopIAM
+     * Created by support@topiam.cn on  2022/6/4 23:37
+     */
+    @Data
+    @Schema(description = "协议端点")
+    public static class ProtocolEndpoint implements Serializable {
+
+        @Serial
+        private static final long serialVersionUID = -2261602995152894964L;
+        /**
+         * oidcIssuer
+         */
+        @Parameter(description = "Issuer")
+        private String            issuer;
+
+        /**
+         * discoveryEndpoint
+         */
+        @Parameter(description = "Discovery Endpoint")
+        private String            discoveryEndpoint;
+
+        /**
+         * UserinfoEndpoint
+         */
+        @Parameter(description = "UserInfo Endpoint")
+        private String            userinfoEndpoint;
+
+        /**
+         * jwksEndpoint
+         */
+        @Parameter(description = "Jwks Endpoint")
+        private String            jwksEndpoint;
+
+        /**
+         * revokeEndpoint
+         */
+        @Parameter(description = "Revoke Endpoint")
+        private String            revokeEndpoint;
+
+        /**
+         * tokenEndpoint
+         */
+        @Parameter(description = "Token Endpoint")
+        private String            tokenEndpoint;
+
+        /**
+         * authorizationEndpoint
+         */
+        @Parameter(description = "Authorization Endpoint")
+        private String            authorizationEndpoint;
+    }
+}

eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardSaveConfigParam.java

@@ -0,0 +1,151 @@
+/*
+ * eiam-application-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.oidc.model;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+
+import cn.topiam.employee.common.enums.app.AuthorizationType;
+import cn.topiam.employee.common.enums.app.InitLoginType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/10 01:45
+ */
+@Data
+@Schema(description = "保存 OIDC 应用配置参数")
+public class AppOidcStandardSaveConfigParam implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = 7257798528680745281L;
+
+    /**
+     * 授权类型
+     */
+    @NotNull(message = "授权类型不能为空")
+    @Schema(description = "授权类型")
+    private List<String>      authGrantTypes;
+
+    /**
+     * 授权类型
+     */
+    @NotNull(message = "授权类型不能为空")
+    @Schema(description = "授权类型")
+    private List<String>      redirectUris;
+
+    /**
+     * SSO范围
+     */
+    @NotNull(message = "SSO范围不能为空")
+    @Schema(description = "SSO范围")
+    private AuthorizationType authorizationType;
+
+    /**
+     * SSO发起方
+     */
+    @NotNull(message = "SSO发起方不能为空")
+    @Schema(description = "SSO发起方")
+    private InitLoginType     initLoginType;
+
+    /**
+     * SSO 发起登录URL
+     */
+    @Schema(description = "SSO 发起登录URL")
+    private String            initLoginUrl;
+
+    /**
+     * 授予范围
+     */
+    @NotNull(message = "授予范围不能为空")
+    @Schema(description = "授予范围")
+    private List<String>      grantScopes;
+
+    /**
+     * 客户端身份验证方法
+     */
+    @Schema(description = "客户端身份验证方法")
+    private List<String>      clientAuthMethods;
+
+    /**
+     * 是否需要PKCE
+     */
+    @NotNull(message = "请选择是否需要PKCE")
+    @Schema(description = "是否需要PKCE")
+    private Boolean           requireProofKey;
+
+    /**
+     * Access Token 生存时间
+     */
+    @NotBlank(message = "Access Token 生存时间不能为空")
+    @Schema(description = "Access Token 生存时间")
+    private String            accessTokenTimeToLive;
+
+    /**
+     * Access Token 格式
+     */
+    @Schema(description = "Access Token 格式")
+    private String            accessTokenFormat;
+
+    /**
+     * Refresh Token 生存时间
+     */
+    @NotBlank(message = "Refresh Token 生存时间不能为空")
+    @Schema(description = "Refresh Token 生存时间")
+    private String            refreshTokenTimeToLive;
+
+    /**
+     * Id Token 生存时间
+     */
+    @NotBlank(message = "Id Token 生存时间不能为空")
+    @Schema(description = "Id Token 生存时间")
+    private String            idTokenTimeToLive;
+
+    /**
+     * ID Token签名算法
+     */
+    @NotBlank(message = "ID Token签名算法不能为空")
+    @Schema(description = "ID Token签名算法")
+    private String            idTokenSignatureAlgorithm;
+
+    /**
+     * Token签名算法
+     */
+    @Schema(description = "令牌端点身份验证签名算法")
+    private String            tokenEndpointAuthSigningAlgorithm;
+
+    /**
+     * 重用刷新令牌
+     */
+    @Schema(description = "重用刷新令牌")
+    private Boolean           reuseRefreshToken;
+
+    /**
+     * 需要授权同意
+     */
+    @Schema(description = "需要授权同意")
+    private Boolean           requireAuthConsent;
+
+}

eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.oidc.model;

eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-oidc - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.oidc;

eiam-application/eiam-application-saml2/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application-saml2 - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam-application</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application-saml2</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-application-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application;

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/AbstractSamlAppService.java

@@ -0,0 +1,348 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2;
+
+import java.util.*;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringSubstitutor;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.AlternativeJdkIdGenerator;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.IdGenerator;
+
+import cn.topiam.employee.application.AbstractApplicationService;
+import cn.topiam.employee.application.Saml2ApplicationService;
+import cn.topiam.employee.application.exception.AppCertNotExistException;
+import cn.topiam.employee.common.entity.account.UserEntity;
+import cn.topiam.employee.common.entity.app.AppAccountEntity;
+import cn.topiam.employee.common.entity.app.AppCertEntity;
+import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
+import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO;
+import cn.topiam.employee.common.enums.app.AppCertUsingType;
+import cn.topiam.employee.common.enums.app.SamlAttributeStatementValueType;
+import cn.topiam.employee.common.enums.app.SamlNameIdValueType;
+import cn.topiam.employee.common.exception.app.AppAccountNotExistException;
+import cn.topiam.employee.common.repository.account.UserRepository;
+import cn.topiam.employee.common.repository.app.*;
+import cn.topiam.employee.common.util.SamlKeyStoreProvider;
+import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
+import cn.topiam.employee.core.protocol.Saml2SsoModel;
+import cn.topiam.employee.core.security.util.SecurityUtils;
+import cn.topiam.employee.support.context.ApplicationContextHelp;
+import static cn.topiam.employee.common.enums.app.SamlNameIdValueType.*;
+import static cn.topiam.employee.core.security.util.UserUtils.getUser;
+
+/**
+ * SAML 应用配置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/23 20:58
+ */
+public abstract class AbstractSamlAppService extends AbstractApplicationService
+                                             implements Saml2ApplicationService {
+
+    private static final Logger logger = LoggerFactory.getLogger(AbstractSamlAppService.class);
+
+    /**
+     * 删除应用
+     *
+     * @param appId {@link String} 应用ID
+     */
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void delete(String appId) {
+        //删除应用
+        appRepository.deleteById(Long.valueOf(appId));
+        //删除证书
+        appCertRepository.deleteByAppId(Long.valueOf(appId));
+        //删除应用账户
+        appAccountRepository.deleteAllByAppId(Long.valueOf(appId));
+        //删除应用权限策略
+        appAccessPolicyRepository.deleteAllByAppId(Long.valueOf(appId));
+        //删除SAML2配置
+        appSaml2ConfigRepository.deleteByAppId(Long.valueOf(appId));
+    }
+
+    /**
+     * 获取SAML2 协议配置
+     *
+     * @param appId {@link String}
+     * @return {@link Saml2ProtocolConfig}
+     */
+    @Override
+    public Saml2ProtocolConfig getProtocolConfig(String appId) {
+        //根据提供商ID查询配置
+        AppSaml2ConfigPO saml2Config = appSaml2ConfigRepository.getByAppId(Long.valueOf(appId));
+        Optional<AppCertEntity> signCert = appCertRepository
+            .findByAppIdAndUsingType(Long.valueOf(appId), AppCertUsingType.SAML_SIGN);
+        Optional<AppCertEntity> encryptCert = appCertRepository
+            .findByAppIdAndUsingType(Long.valueOf(appId), AppCertUsingType.SAML_ENCRYPT);
+        if (signCert.isEmpty()) {
+            logger.error("SAML2 应用证书不存在 [{}] ", appId);
+            throw new AppCertNotExistException();
+        }
+        //构建配置
+        Saml2ProtocolConfig config = getSamlAppConverter()
+            .appSaml2ConfigPoToSaml2ProtocolConfig(saml2Config);
+        //签名证书
+        signCert
+            .ifPresent(appCertEntity -> config.setIdpSignCert(SamlKeyStoreProvider.getCredential(
+                StringUtils.defaultString(saml2Config.getSpEntityId(),
+                    UUID.randomUUID().toString()),
+                appCertEntity.getPrivateKey(), appCertEntity.getCert(), "")));
+        //加密证书存在
+        encryptCert
+            .ifPresent(appCertEntity -> config.setIdpEncryptCert(SamlKeyStoreProvider.getCredential(
+                StringUtils.defaultString(saml2Config.getSpEntityId(),
+                    UUID.randomUUID().toString()),
+                appCertEntity.getPrivateKey(), appCertEntity.getCert(), "")));
+        return config;
+    }
+
+    @Override
+    public Saml2SsoModel getSsoModel(String appId) {
+        //根据提供商ID查询配置
+        Saml2ProtocolConfig saml2Config = getProtocolConfig(appId);
+        //构建配置
+        return getSamlAppConverter().saml2ProtocolConfigToSaml2SsoModel(saml2Config);
+    }
+
+    private SamlAppConverter getSamlAppConverter() {
+        return ApplicationContextHelp.getBean(SamlAppConverter.class);
+    }
+
+    /**
+     * AppSaml2ConfigRepository
+     */
+    protected final AppSaml2ConfigRepository appSaml2ConfigRepository;
+
+    /**
+     * IdGenerator
+     */
+    protected final IdGenerator              idGenerator;
+
+    protected AbstractSamlAppService(AppCertRepository appCertRepository,
+                                     AppAccountRepository appAccountRepository,
+                                     AppAccessPolicyRepository appAccessPolicyRepository,
+                                     AppRepository appRepository,
+                                     AppSaml2ConfigRepository appSaml2ConfigRepository) {
+        super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository);
+        this.appSaml2ConfigRepository = appSaml2ConfigRepository;
+        this.idGenerator = new AlternativeJdkIdGenerator();
+    }
+
+    @Mapper(componentModel = "spring")
+    interface SamlAppConverter {
+
+        /**
+         * 应用 Saml 2 配置实体到 Saml 2 协议配置
+         *
+         * @param entity {@link AppSaml2ConfigEntity}
+         * @return {@link Saml2ProtocolConfig}
+         */
+        @Mapping(target = "idpSignCert", ignore = true)
+        @Mapping(target = "idpEncryptCert", ignore = true)
+        Saml2ProtocolConfig appSaml2ConfigPoToSaml2ProtocolConfig(AppSaml2ConfigPO entity);
+
+        /**
+         * 应用 Saml 2 配置实体到 Saml 2 协议配置
+         *
+         * @param config {@link Saml2ProtocolConfig}
+         * @return {@link Saml2SsoModel}
+         */
+        default Saml2SsoModel saml2ProtocolConfigToSaml2SsoModel(Saml2ProtocolConfig config) {
+            if (config == null) {
+                return null;
+            }
+            Saml2SsoModel.Saml2SsoModelBuilder saml2SsoModel = Saml2SsoModel.builder();
+            saml2SsoModel.appId(config.getAppId());
+            saml2SsoModel.appCode(config.getAppCode());
+            saml2SsoModel.spEntityId(config.getSpEntityId());
+            saml2SsoModel.spAcsUrl(config.getSpAcsUrl());
+            saml2SsoModel.recipient(config.getRecipient());
+            //Audience为空默认使用 SP EntityId
+            saml2SsoModel
+                .audience(StringUtils.defaultString(config.getAudience(), config.getSpEntityId()));
+            saml2SsoModel.spSlsUrl(config.getSpSloUrl());
+            saml2SsoModel.spRequestsSigned(config.getSpRequestsSigned());
+            saml2SsoModel.spSignCert(config.getSpSignCert());
+            saml2SsoModel.acsBinding(config.getAcsBinding());
+            saml2SsoModel.slsBinding(config.getSlsBinding());
+            saml2SsoModel.nameIdFormat(config.getNameIdFormat());
+            //NameID 值
+            saml2SsoModel
+                .nameIdValue(getNameIdValue(config.getAppId(), config.getNameIdValueType()));
+            //断言签名相关
+            saml2SsoModel.assertSigned(config.getAssertSigned());
+            saml2SsoModel.assertSignAlgorithm(config.getAssertSignAlgorithm());
+            //断言签名相关
+            saml2SsoModel.assertEncrypted(config.getAssertEncrypted());
+            saml2SsoModel.assertEncryptAlgorithm(config.getAssertEncryptAlgorithm());
+            //响应签名相关
+            saml2SsoModel.responseSigned(config.getResponseSigned());
+            saml2SsoModel.responseSignAlgorithm(config.getResponseSignAlgorithm());
+            saml2SsoModel.authnContextClassRef(config.getAuthnContextClassRef());
+
+            saml2SsoModel.relayState(config.getRelayState());
+            //加密、签名相关证书
+            saml2SsoModel.idpSignCert(config.getIdpSignCert());
+            saml2SsoModel.idpEncryptCert(config.getIdpEncryptCert());
+            //处理属性
+            saml2SsoModel.attributeStatements(
+                getAttributeStatementList(config.getAppId(), config.getAttributeStatements()));
+            return saml2SsoModel.build();
+        }
+
+        /**
+         * 获取NameId value
+         *
+         * @param appId {@link String} 应用ID
+         * @param nameIdValueType {@link SamlNameIdValueType}
+         * @return {@link String}
+         */
+        private String getNameIdValue(String appId, SamlNameIdValueType nameIdValueType) {
+            UserEntity user = getUser();
+            //@formatter:off
+            //用户名
+            if (USER_USERNAME.equals(nameIdValueType)) {
+                return user.getUsername();
+            }
+            //姓名
+            if (USER_FULL_NAME.equals(nameIdValueType)) {
+                return user.getFullName();
+            }
+            //用户名
+            if (USER_NICK_NAME.equals(nameIdValueType)) {
+                return user.getNickName();
+            }
+            //邮箱
+            if (USER_EMAIL.equals(nameIdValueType)) {
+                return user.getEmail();
+            }
+            //应用用户名
+            Long userId = Long.valueOf(SecurityUtils.getCurrentUserId());
+            Optional<AppAccountEntity> optional = getAppAccountRepository().findByAppIdAndUserId(Long.valueOf(appId), userId);
+            if (optional.isEmpty()) {
+                logger.error("用户: " + SecurityUtils.getCurrentUserName() + "应用账户不存在");
+                throw new AppAccountNotExistException();
+            }
+            return optional.get().getAccount();
+            //@formatter:on
+        }
+
+        /**
+         * 获取属性List
+         *
+         * @param appId {@link String} 应用ID
+         * @param attributeStatements {@link List}
+         * @return {@link Saml2SsoModel.AttributeStatement}
+         */
+        private List<Saml2SsoModel.AttributeStatement> getAttributeStatementList(String appId,
+                                                                                 List<AppSaml2ConfigEntity.AttributeStatement> attributeStatements) {
+            if (!CollectionUtils.isEmpty(attributeStatements)) {
+                List<Saml2SsoModel.AttributeStatement> list = new ArrayList<>();
+                UserEntity user = getUser();
+                //@formatter:off
+                //封装变量
+                for (AppSaml2ConfigEntity.AttributeStatement attributeStatement : attributeStatements) {
+                    Saml2SsoModel.AttributeStatement attributeStatementModal = new Saml2SsoModel.AttributeStatement();
+                    attributeStatementModal.setKey(attributeStatement.getName());
+                    attributeStatementModal.setNameFormat(attributeStatement.getNameFormat());
+                    //用户名
+                    if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.USERNAME.getExpression())){
+                        HashMap<String, Object> values = new HashMap<>(16);
+                        values.put(SamlAttributeStatementValueType.USERNAME.getCode(), user.getUsername());
+                        attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
+                        list.add(attributeStatementModal);
+                    }
+                    //昵称
+                    else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.NICK_NAME.getExpression())){
+                        if (StringUtils.isNotBlank(user.getNickName())) {
+                            HashMap<String, Object> values = new HashMap<>(16);
+                            values.put(SamlAttributeStatementValueType.NICK_NAME.getCode(), user.getNickName());
+                            attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
+                            list.add(attributeStatementModal);
+                        }
+                    }
+                     //手机号
+                    else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.PHONE.getExpression())){
+                        if (StringUtils.isNotBlank(user.getPhone())) {
+                            HashMap<String, Object> values = new HashMap<>(16);
+                            values.put(SamlAttributeStatementValueType.PHONE.getCode(), user.getPhone());
+                            attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
+                            list.add(attributeStatementModal);
+                        }
+                    }
+                    //邮箱
+                    else  if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.EMAIL.getExpression())){
+                        if (StringUtils.isNotBlank(user.getEmail())){
+                            HashMap<String, Object> values = new HashMap<>(16);
+                            values.put(SamlAttributeStatementValueType.EMAIL.getCode(), user.getEmail());
+                            attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
+                            list.add(attributeStatementModal);
+                        }
+                    }
+                    //应用用户
+                    else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.APP_USERNAME.getExpression())){
+                        //应用用户名
+                        Long userId = Long.valueOf(SecurityUtils.getCurrentUserId());
+                        Optional<AppAccountEntity> optional = getAppAccountRepository().findByAppIdAndUserId(Long.valueOf(appId), userId);
+                        if (optional.isEmpty()) {
+                            logger.error("用户 [{}] 应用账户不存在",SecurityUtils.getCurrentUserName() );
+                            throw new AppAccountNotExistException();
+                        }
+                        HashMap<String, Object> values = new HashMap<>(16);
+                        values.put(SamlAttributeStatementValueType.APP_USERNAME.getCode(), optional.get().getAccount());
+                        attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
+                        list.add(attributeStatementModal);
+                    } else {
+                        attributeStatementModal.setValue(attributeStatement.getValueExpression());
+                        list.add(attributeStatementModal);
+                    }
+                }
+                //@formatter:on
+                return list;
+            }
+            return new ArrayList<>();
+        }
+
+        /**
+         * 获取 AppAccountRepository
+         *
+         * @return {@link AppAccountRepository}
+         */
+        private AppAccountRepository getAppAccountRepository() {
+            return ApplicationContextHelp.getBean(AppAccountRepository.class);
+        }
+
+        /**
+         * 获取 UserRepository
+         *
+         * @return {@link UserRepository}
+         */
+        private UserRepository getUserRepository() {
+            return ApplicationContextHelp.getBean(UserRepository.class);
+        }
+
+    }
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2StandardApplicationServiceImpl.java

@@ -0,0 +1,256 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+
+import javax.validation.ConstraintViolationException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import cn.topiam.employee.application.exception.AppNotExistException;
+import cn.topiam.employee.application.saml2.converter.AppSaml2StandardConfigConverter;
+import cn.topiam.employee.application.saml2.model.AppSaml2StandardSaveConfigParam;
+import cn.topiam.employee.audit.context.AuditContext;
+import cn.topiam.employee.common.entity.app.AppEntity;
+import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
+import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO;
+import cn.topiam.employee.common.enums.app.*;
+import cn.topiam.employee.common.repository.app.*;
+import cn.topiam.employee.support.exception.TopIamException;
+import cn.topiam.employee.support.util.BeanUtils;
+import cn.topiam.employee.support.validation.ValidationHelp;
+import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI;
+
+import static com.fasterxml.jackson.databind.DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES;
+
+import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
+import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
+
+/**
+ * SAML2 用户应用
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/20 23:20
+ */
+@SuppressWarnings({ "rawtypes", "DuplicatedCode" })
+@Component
+public class Saml2StandardApplicationServiceImpl extends AbstractSamlAppService {
+    private final Logger logger = LoggerFactory
+        .getLogger(Saml2StandardApplicationServiceImpl.class);
+
+    /**
+     * 更新应用配置
+     *
+     * @param appId {@link String}
+     * @param config {@link Map}
+     */
+    @Override
+    public void saveConfig(String appId, Map<String, Object> config) {
+        AppSaml2StandardSaveConfigParam model;
+        try {
+            ObjectMapper mapper = new ObjectMapper();
+            String value = mapper.writeValueAsString(config);
+            // 指定序列化输入的类型
+            mapper.configure(FAIL_ON_UNKNOWN_PROPERTIES, false);
+            model = mapper.readValue(value, AppSaml2StandardSaveConfigParam.class);
+        } catch (Exception e) {
+            throw new TopIamException(e.getMessage());
+        }
+        //@formatter:off
+        ValidationHelp.ValidationResult<AppSaml2StandardSaveConfigParam> validationResult = ValidationHelp.validateEntity(model);
+        if (validationResult.isHasErrors()) {
+            throw new ConstraintViolationException(validationResult.getConstraintViolations());
+        }
+        //@formatter:on
+        //1、修改基本信息
+        Optional<AppEntity> optional = appRepository.findById(Long.valueOf(appId));
+        if (optional.isEmpty()) {
+            AuditContext.setContent("保存配置失败，应用 [" + appId + "] 不存在！");
+            logger.error(AuditContext.getContent());
+            throw new AppNotExistException();
+        }
+        AppEntity appEntity = optional.get();
+        appEntity.setAuthorizationType(model.getAuthorizationType());
+        appEntity.setInitLoginUrl(model.getInitLoginUrl());
+        appEntity.setInitLoginType(model.getInitLoginType());
+        appRepository.save(appEntity);
+        //2、修改SAML2配置
+        Optional<AppSaml2ConfigEntity> saml = appSaml2ConfigRepository
+            .findByAppId(Long.valueOf(appId));
+        if (saml.isEmpty()) {
+            AuditContext.setContent("保存配置失败，应用 [" + appId + "] 不存在！");
+            logger.error(AuditContext.getContent());
+            throw new AppNotExistException();
+        }
+        AppSaml2ConfigEntity entity = saml.get();
+        AppSaml2ConfigEntity saml2Config = appSaml2StandardConfigConverter
+            .saveSaml2ConfigConverterToEntity(model);
+        BeanUtils.merge(saml2Config, entity, LAST_MODIFIED_BY, LAST_MODIFIED_TIME);
+        appSaml2ConfigRepository.save(entity);
+    }
+
+    /**
+     * 获取配置
+     *
+     * @param appId {@link String}
+     * @return {@link Map}
+     */
+    @Override
+    public Object getConfig(String appId) {
+        AppSaml2ConfigPO po = appSaml2ConfigRepository.getByAppId(Long.valueOf(appId));
+        return appSaml2StandardConfigConverter.entityConverterToSaml2ConfigResult(po);
+    }
+
+    /**
+     * 获取应用标志
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getCode() {
+        return "saml2";
+    }
+
+    /**
+     * 获取应用名称
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getName() {
+        return "SAML2";
+    }
+
+    /**
+     * 获取应用描述
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getDescription() {
+        return "SAML（Security Assertion Markup Language，安全断言标记语言，版本 2.0）基于 XML 协议，使用包含断言（Assertion）的安全令牌，在授权方（TopIAM）和消费方（应用）之间传递身份信息，实现基于网络跨域的单点登录。SAML 协议是成熟的认证协议，在国内外的公有云和私有云中有非常广泛的运用。";
+    }
+
+    /**
+     * 获取应用类型
+     *
+     * @return {@link AppType}
+     */
+    @Override
+    public AppType getType() {
+        return AppType.STANDARD;
+    }
+
+    /**
+     * 获取应用协议
+     *
+     * @return {@link AppProtocol}
+     */
+    @Override
+    public AppProtocol getProtocol() {
+        return AppProtocol.SAML2;
+    }
+
+    /**
+     * 获取表单Schema
+     *
+     * @return {@link Map}
+     */
+    @Override
+    public List<Map> getFormSchema() {
+        return new ArrayList<>();
+    }
+
+    /**
+     * 获取base64图标
+     *
+     * @return {@link String}
+     */
+    @Override
+    public String getBase64Icon() {
+        return "data:image/svg+xml;base64,PHN2ZyB0PSIxNjYwOTc4ODM3NTM4IiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjIyMzIiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNNTc3LjgwODQxIDE4Ni4yOTkwNzdjLTU3LjA2NTAyNiAyNy42OTM5NDktMTU0LjMzODQ2MiAyNDAuNjMzNDM2LTE5OS41NDIxNTQgMzQ0LjU5MjQxIDI4LjgzOTM4NS02My44Njg3MTggMTQ4LjYxNDU2NC0yMTIuNDI3NDg3IDIwNi4wOTk2OTMtMjAzLjUyIDk2Ljk4Nzg5NyAyLjg0ODgyMSAyNDQuMTQxOTQ5IDI0OS42MDY1NjQgMzAzLjM3OTY5MiAzNzMuODA5MjMxLTM2LjYwOC04MS40ODY3NjktNzQuMzU0ODcyLTE4OC4yMDU5NDktMTM1LjExNTQ4Ny0yODAuNzUzMjMxLTYwLjc2Mzg5Ny05Mi41NDQtMTQzLjk0MDkyMy0yMTUuODYwNTEzLTE3NC44MjE3NDQtMjM0LjEyODQxeiIgZmlsbD0iI0NCMzkzOSIgcC1pZD0iMjIzMyI+PC9wYXRoPjxwYXRoIGQ9Ik04MjUuNDg4NDEgODMxLjgwMzA3N2M2LjAxOTI4Mi02My4xNDMzODUtMTI1LjI3OTE3OS0yNTYuOTY4MjA1LTE5MC41NjU3NDMtMzQ5LjYzNjkyMyAzOS41NTIgNTcuODQ2MTU0IDEwNC4xNTkxNzkgMjM3LjQwNzE3OSA2Ni42NTg0NjEgMjgxLjg3NTY5Mi01Mi44NzM4NDYgODEuMzYyMDUxLTM0MC4xNjQ5MjMgNzguNzI5ODQ2LTQ3Ny4wNTYgNjQuNzQxNzQ0IDg4LjYzODM1OSAxMS4xMDY0NjIgMTk5LjQyNCAzNC4zNTk3OTUgMzEwLjA2ODUxMyAzMC41ODg3MTggMTEwLjY0NDUxMy0zLjc3NDM1OSAyNTkuMjMyODIxLTEwLjY5MjkyMyAyOTAuODk0NzY5LTI3LjU2OTIzMXoiIGZpbGw9IiNDQjM5MzkiIHAtaWQ9IjIyMzQiPjwvcGF0aD48cGF0aCBkPSJNMTM3Ljg0NjE1NCA2OTYuMTkyYzUyLjg3NzEyOCAzNS4wMzU4OTcgMjg1LjY4OTQzNiAxMC40MjA1MTMgMzk4LjE4MTc0My0zLjU2NDMwOC02OS42NTQ5NzQgNy42NzAxNTQtMjU4LjQ5NDM1OS0xOS44NDY1NjQtMjgwLjA3Mzg0Ni03My44NjI1NjRDMjA5LjA1MzUzOCA1MzMuODE5MDc3IDM0Ni42MDEwMjYgMjgxLjU4MDMwOCA0MjMuMzc4MDUxIDE2Ny4zODQ2MTUgMzcxLjg1NjQxIDI0MC4zNjQzMDggMjk5LjE5MTc5NSAzMjcuMTYxNDM2IDI1MC40NDM0ODcgNDI2LjU2MTY0MSAyMDEuNjkxODk3IDUyNS45NjE4NDYgMTM3Ljg1OTI4MiA2NjAuMzE1ODk3IDEzNy44NDYxNTQgNjk2LjE5MnoiIGZpbGw9IiNDQjM5MzkiIHAtaWQ9IjIyMzUiPjwvcGF0aD48L3N2Zz4=";
+    }
+
+    /**
+     * 创建应用
+     *
+     * @param name   {@link String} 名称
+     * @param remark {@link String} 备注
+     */
+    @Override
+    public String create(String name, String remark) {
+        //1、创建基础信息
+        AppEntity appEntity = new AppEntity();
+        appEntity.setName(name);
+        appEntity.setCode(
+            org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric(32).toLowerCase());
+        appEntity.setTemplate(getCode());
+        appEntity.setType(AppType.STANDARD);
+        appEntity.setEnabled(true);
+        appEntity.setProtocol(getProtocol());
+        appEntity.setClientId(idGenerator.generateId().toString().replace("-", ""));
+        appEntity.setClientSecret(idGenerator.generateId().toString().replace("-", ""));
+        appEntity.setInitLoginType(InitLoginType.PORTAL_OR_APP);
+        appEntity.setAuthorizationType(AuthorizationType.AUTHORIZATION);
+        appEntity.setRemark(remark);
+        appRepository.save(appEntity);
+        //2、创建证书
+        createCertificate(appEntity.getId(), appEntity.getCode(), AppCertUsingType.SAML_SIGN);
+        createCertificate(appEntity.getId(), appEntity.getCode(), AppCertUsingType.SAML_ENCRYPT);
+        //3、创建配置
+        AppSaml2ConfigEntity entity = new AppSaml2ConfigEntity();
+        entity.setAppId(appEntity.getId());
+        //Binding POST
+        entity.setAcsBinding(SAML2_POST_BINDING_URI);
+        //NameID
+        entity.setNameIdFormat(SamlNameIdFormatType.PERSISTENT);
+        //应用账户名
+        entity.setNameIdValueType(SamlNameIdValueType.APP_USERNAME);
+        //签名非对称算法
+        entity.setAssertSigned(true);
+        entity.setAssertSignAlgorithm(SamlSignAssertAlgorithmType.RSA_SHA256);
+        //加密使用的非对称算法
+        entity.setAssertEncrypted(false);
+        entity.setAssertEncryptAlgorithm(SamlEncryptAssertAlgorithmType.RSA_SHA256);
+        //SAML 身份认证上下文
+        entity.setAuthnContextClassRef(AuthnContextClassRefType.UNSPECIFIED_AUTHN_CTX);
+        appSaml2ConfigRepository.save(entity);
+        return appEntity.getId().toString();
+    }
+
+    private final AppSaml2StandardConfigConverter appSaml2StandardConfigConverter;
+
+    public Saml2StandardApplicationServiceImpl(AppRepository appRepository,
+                                               AppCertRepository appCertRepository,
+                                               AppAccountRepository appAccountRepository,
+                                               AppAccessPolicyRepository appAccessPolicyRepository,
+                                               AppSaml2ConfigRepository appSaml2ConfigRepository,
+                                               AppSaml2StandardConfigConverter appSaml2StandardConfigConverter) {
+        super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository,
+            appSaml2ConfigRepository);
+        this.appSaml2StandardConfigConverter = appSaml2StandardConfigConverter;
+    }
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/converter/AppSaml2StandardConfigConverter.java

@@ -0,0 +1,117 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2.converter;
+
+import java.util.List;
+
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+
+import cn.topiam.employee.application.saml2.model.AppSaml2StandardConfigGetResult;
+import cn.topiam.employee.application.saml2.model.AppSaml2StandardSaveConfigParam;
+import cn.topiam.employee.application.saml2.model.Saml2ConverterUtils;
+import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
+import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO;
+
+/**
+ * 应用映射
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on 2020/8/14 22:45
+ */
+@Mapper(componentModel = "spring")
+public interface AppSaml2StandardConfigConverter {
+    /**
+     * 实体转Saml2配置结果
+     *
+     * @param config {@link AppSaml2ConfigPO}
+     * @return {@link AppSaml2StandardConfigGetResult}
+     */
+    default AppSaml2StandardConfigGetResult entityConverterToSaml2ConfigResult(AppSaml2ConfigPO config) {
+        if (config == null) {
+            return null;
+        }
+        AppSaml2StandardConfigGetResult result = new AppSaml2StandardConfigGetResult();
+        //协议端点域
+        result.setProtocolEndpoint(
+            Saml2ConverterUtils.getProtocolEndpointDomain(config.getAppCode().toString()));
+        //SpEntityId
+        result.setSpEntityId(config.getSpEntityId());
+        //SP 单点登录 ACS URL
+        result.setSpAcsUrl(config.getSpAcsUrl());
+        //单点登录 ACS BINDING
+        result.setAcsBinding(config.getAcsBinding());
+        //是否对 SAML Request 签名进行验证 ，用来对SAML Request签名进行验证，对应SP元数据文件中“AuthnRequestsSigned”值
+        result.setSpRequestsSigned(config.getSpRequestsSigned());
+        //SP公钥证书，用来验证SAML request的签名，对应SP元数据文件中 use='signing' 证书内容
+        result.setSpSignCert(config.getSpSignCert());
+        //Audience
+        result.setSpAudience(config.getAudience());
+        //NameId 值类型
+        result.setNameIdValueType(config.getNameIdValueType());
+        //SAML Response 中指定账户标识 NameID 字段格式。
+        result.setNameIdFormat(config.getNameIdFormat());
+        //是否对断言签名
+        result.setAssertSigned(config.getAssertSigned());
+        //断言签名使用的非对称算法
+        result.setAssertSignAlgorithm(config.getAssertSignAlgorithm());
+        //是否对断言加密
+        result.setAssertEncrypted(config.getAssertEncrypted());
+        //断言加密使用的非对称算法
+        result.setAssertEncryptAlgorithm(config.getAssertEncryptAlgorithm());
+        //是否对响应加密
+        result.setResponseSigned(config.getResponseSigned());
+        //响应加密使用的非对称算法
+        result.setResponseSignAlgorithm(config.getResponseSignAlgorithm());
+        //SAML 身份认证上下文
+        result.setAuthnContextClassRef(config.getAuthnContextClassRef());
+        //IDP 发起 SSO 登录成功后，应用应自动跳转的地址。在 SAML Response 中会在 RelayState 参数中传递，应用读取后实现跳转。
+        result.setRelayState(config.getRelayState());
+        //SSO 发起方
+        result.setInitLoginType(config.getInitLoginType());
+        //登录发起地址
+        result.setInitLoginUrl(config.getInitLoginUrl());
+        //授权类型
+        result.setAuthorizationType(config.getAuthorizationType());
+        //属性声明
+        List<AppSaml2ConfigEntity.AttributeStatement> list = config.getAttributeStatements();
+        if (list != null) {
+            result.setAttributeStatements(list);
+        }
+        result.setAdditionalConfig(config.getAdditionalConfig());
+        return result;
+    }
+
+    /**
+     * 将 Saml 2 配置转换器保存到实体
+     *
+     * @param param {@link AppSaml2StandardSaveConfigParam}
+     * @return {@link AppSaml2ConfigEntity}
+     */
+    @Mapping(target = "slsBinding", ignore = true)
+    @Mapping(target = "recipient", ignore = true)
+    @Mapping(target = "appId", ignore = true)
+    @Mapping(target = "updateTime", ignore = true)
+    @Mapping(target = "updateBy", ignore = true)
+    @Mapping(target = "spMetadata", ignore = true)
+    @Mapping(target = "remark", ignore = true)
+    @Mapping(target = "id", ignore = true)
+    @Mapping(target = "createTime", ignore = true)
+    @Mapping(target = "createBy", ignore = true)
+    AppSaml2ConfigEntity saveSaml2ConfigConverterToEntity(AppSaml2StandardSaveConfigParam param);
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardConfigGetResult.java

@@ -0,0 +1,170 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2.model;
+
+import java.util.List;
+import java.util.Map;
+
+import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
+import cn.topiam.employee.common.enums.app.*;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * Saml2 配置返回
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/5/31 22:46
+ */
+@Data
+@Schema(description = "Saml2 配置返回结果")
+public class AppSaml2StandardConfigGetResult {
+    /**
+     * SSO 发起方
+     */
+    @Parameter(description = "SSO 发起方")
+    private InitLoginType                                 initLoginType;
+
+    /**
+     * SSO 登录链接
+     */
+    @Parameter(description = "SSO 登录链接")
+    private String                                        initLoginUrl;
+
+    /**
+     * 授权范围
+     */
+    @Parameter(description = "SSO 授权范围")
+    private AuthorizationType                             authorizationType;
+    /**
+     * SpEntityId
+     */
+    @Parameter(description = "SP Entity ID")
+    private String                                        spEntityId;
+
+    /**
+     * SP 单点登录 ACS URL
+     */
+    @Parameter(description = "SP 单点登录 ACS URL")
+    private String                                        spAcsUrl;
+
+    /**
+     * 允许使用SAML断言的资源，默认和SP Entity ID相同。
+     */
+    @Parameter(description = "Audience")
+    private String                                        spAudience;
+
+    /**
+     * 是否对 SAML Request 签名进行验证 ，用来对SAML Request签名进行验证，对应SP元数据文件中“AuthnRequestsSigned”值
+     */
+    @Parameter(description = "是否对 SAML Request 签名进行验证")
+    private Boolean                                       spRequestsSigned;
+
+    /**
+     * SP公钥证书，用来验证SAML request的签名，对应SP元数据文件中 use='signing' 证书内容
+     */
+    @Parameter(description = "SP公钥证书，用来验证SAML request的签名request的签名")
+    private String                                        spSignCert;
+
+    /**
+     * 单点登录 ACS BINDING
+     */
+    @Parameter(name = "单点登录 ACS BINDING")
+    private String                                        acsBinding;
+
+    /**
+     * NameId 值类型
+     */
+    @Parameter(description = "NameIdType")
+    private SamlNameIdValueType                           nameIdValueType;
+
+    /**
+     * SAML Response 中指定账户标识 NameID 字段格式。一般无需修改。
+     */
+    @Parameter(description = "NameIdFormat")
+    private SamlNameIdFormatType                          nameIdFormat;
+
+    /**
+     * 是否对断言签名
+     */
+    @Parameter(description = "是否对断言签名")
+    private Boolean                                       assertSigned;
+
+    /**
+     * 断言签名使用的非对称算法
+     */
+    @Parameter(description = "断言签名使用的非对称算法")
+    private SamlSignAssertAlgorithmType                   assertSignAlgorithm;
+
+    /**
+     * 是否对断言加密
+     */
+    @Parameter(description = "是否对断言加密")
+    private Boolean                                       assertEncrypted;
+
+    /**
+     * 加密使用的非对称算法
+     */
+    @Parameter(description = "加密使用的非对称算法")
+    private SamlEncryptAssertAlgorithmType                assertEncryptAlgorithm;
+
+    /**
+     * 响应是否加密
+     */
+    @Parameter(description = "响应是否加密")
+    private Boolean                                       responseSigned;
+
+    /**
+     * 响应签名使用的非对称算法
+     */
+    @Parameter(description = "响应签名使用的非对称算法")
+    private SamlSignAssertAlgorithmType                   responseSignAlgorithm;
+
+    /**
+     * SAML 身份认证上下文
+     */
+    @Parameter(description = "AuthnContextClassRef")
+    private AuthnContextClassRefType                      authnContextClassRef;
+
+    /**
+     * IDP 发起 SSO 登录成功后，应用应自动跳转的地址。在 SAML Response 中会在 RelayState 参数中传递，应用读取后实现跳转。
+     */
+    @Parameter(description = "RelayState")
+    private String                                        relayState;
+
+    /**
+     * 在 SAML Response 中，可以将额外用户字段（例如邮箱、显示名等）返回给应用解析。
+     */
+    @Parameter(description = "AttributeStatements")
+    private List<AppSaml2ConfigEntity.AttributeStatement> attributeStatements;
+
+    /**
+     * 协议端点域
+     */
+    @Parameter(description = "协议端点域")
+    private Saml2ProtocolEndpoint                         protocolEndpoint;
+
+    /**
+     * 模版配置
+     */
+    private Map<String, Object>                           additionalConfig;
+
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardSaveConfigParam.java

@@ -0,0 +1,175 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2.model;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+import java.util.Map;
+
+import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
+import cn.topiam.employee.common.enums.app.*;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/7/10 01:45
+ */
+@Data
+@Schema(description = "保存 SAML2 应用配置参数")
+public class AppSaml2StandardSaveConfigParam implements Serializable {
+
+    @Serial
+    private static final long                             serialVersionUID = 7257798528680745281L;
+
+    /**
+     * 应用ID
+     */
+    @Schema(description = "授权类型")
+    private AuthorizationType                             authorizationType;
+
+    /**
+     * SSO 发起登录类型
+     */
+    @Schema(description = "SSO 发起登录类型")
+    private InitLoginType                                 initLoginType;
+
+    /**
+     * SSO 发起登录URL
+     */
+    @Schema(description = "SSO 发起登录URL")
+    private String                                        initLoginUrl;
+
+    /**
+     * ACS URL
+     */
+    @Schema(description = "ACS URL")
+    private String                                        spAcsUrl;
+
+    /**
+     * SLO URL
+     */
+    @Schema(description = "SLO URL")
+    private String                                        spSloUrl;
+
+    /**
+     * SP Entity ID
+     */
+    @Schema(description = "SP Entity ID")
+    private String                                        spEntityId;
+
+    /**
+     * Name ID 类型
+     */
+    @Schema(description = "Name ID 类型")
+    private SamlNameIdValueType                           nameIdValueType;
+
+    /**
+     * RelayState
+     */
+    @Schema(description = "RelayState")
+    private String                                        relayState;
+
+    /**
+     * Audience
+     */
+    @Schema(description = "Audience")
+    private String                                        audience;
+
+    /**
+     * NameID 格式
+     */
+    @Schema(description = "NameID 格式")
+    private SamlNameIdFormatType                          nameIdFormat;
+
+    /**
+     * Acs Binding 格式
+     */
+    @Schema(description = "ACS Binding 格式")
+    private String                                        acsBinding;
+
+    /**
+     * 是否签名断言
+     */
+    @Schema(description = "是否签名断言")
+    private Boolean                                       assertSigned;
+
+    /**
+     * 是否签名断言
+     */
+    @Schema(description = "签名断言算法")
+    private SamlSignAssertAlgorithmType                   assertSignAlgorithm;
+
+    /**
+     * 是否加密断言
+     */
+    @Schema(description = "是否加密断言")
+    private Boolean                                       assertEncrypted;
+
+    /**
+     * 断言签名算法
+     */
+    @Schema(description = "加密断言算法")
+    private SamlEncryptAssertAlgorithmType                assertEncryptAlgorithm;
+
+    /**
+     * 是否签名断言
+     */
+    @Schema(description = "身份认证上下文")
+    private AuthnContextClassRefType                      authnContextClassRef;
+
+    /**
+     * 响应是否加密
+     */
+    @Parameter(description = "响应是否加密")
+    private Boolean                                       responseSigned;
+
+    /**
+     * 响应签名使用的非对称算法
+     */
+    @Parameter(description = "响应签名使用的非对称算法")
+    private SamlSignAssertAlgorithmType                   responseSignAlgorithm;
+
+    /**
+     *  在 SAML Response 中，可以将额外用户字段（例如邮箱、显示名等）返回给应用解析。
+     */
+    @Schema(description = "Attribute Statements")
+    private List<AppSaml2ConfigEntity.AttributeStatement> attributeStatements;
+
+    /**
+     * 是否验证请求签名
+     */
+    @Schema(description = "验证请求签名")
+    private Boolean                                       spRequestsSigned;
+
+    /**
+     * 请求验证证书
+     */
+    @Schema(description = "请求验证证书")
+    private String                                        spSignCert;
+
+    /**
+     * 模版配置
+     */
+    @Schema(description = "模版配置")
+    private Map<String, String>                           additionalConfig;
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ConverterUtils.java

@@ -0,0 +1,54 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2.model;
+
+import cn.topiam.employee.core.context.ServerContextHelp;
+import static cn.topiam.employee.common.constants.ProtocolConstants.*;
+
+/**
+ * Saml2ConverterUtils
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/8/23 22:57
+ */
+public class Saml2ConverterUtils {
+    /**
+     * 应用ID
+     *
+     * @param appCode {@link String}
+     * @return {@link Saml2ProtocolEndpoint}
+     */
+    public static Saml2ProtocolEndpoint getProtocolEndpointDomain(String appCode) {
+        Saml2ProtocolEndpoint domain = new Saml2ProtocolEndpoint();
+        //IDP
+        String baseUrl = ServerContextHelp.getPortalPublicBaseUrl();
+        //元数据端点
+        domain.setIdpMetaEndpoint(baseUrl + Saml2EndpointConstants.SAML_METADATA_PATH
+            .replace(APP_CODE_VARIABLE, appCode));
+        //EntityId端点
+        domain.setIdpEntityIdEndpoint(baseUrl + Saml2EndpointConstants.SAML_METADATA_PATH
+            .replace(APP_CODE_VARIABLE, appCode));
+        //Sso端点
+        domain.setIdpSsoEndpoint(
+            baseUrl + Saml2EndpointConstants.SAML_SSO_PATH.replace(APP_CODE_VARIABLE, appCode));
+        //Slo端点
+        domain.setIdpSloEndpoint(
+            baseUrl + Saml2EndpointConstants.SAML_LOGOUT_PATH.replace(APP_CODE_VARIABLE, appCode));
+        return domain;
+    }
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolEndpoint.java

@@ -0,0 +1,64 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2.model;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+     * 协议端点域
+     *
+     * @author TopIAM
+     * Created by support@topiam.cn on  2022/6/4 23:37
+     */
+@Data
+@Schema(description = "协议端点")
+public class Saml2ProtocolEndpoint implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = -2261602995152894964L;
+
+    /**
+     * IDP 元数据端点
+     */
+    @Parameter(description = "IDP 元数据端点")
+    private String            idpMetaEndpoint;
+
+    /**
+     * IDP EntityId 端点
+     */
+    @Parameter(description = "IDP EntityId 端点")
+    private String            idpEntityIdEndpoint;
+
+    /**
+     * IDP SSO 端点
+     */
+    @Parameter(description = "IDP SSO 端点")
+    private String            idpSsoEndpoint;
+
+    /**
+     * IDP SLO 端点
+     */
+    @Parameter(description = "IDP SLO 端点")
+    private String            idpSloEndpoint;
+}

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2.model;

eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-application-saml2 - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.application.saml2;

eiam-application/pom.xml

@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-application - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>pom</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-application</artifactId>
+
+    <modules>
+        <module>eiam-application-core</module>
+        <module>eiam-application-saml2</module>
+        <module>eiam-application-oidc</module>
+        <module>eiam-application-cas</module>
+        <module>eiam-application-jwt</module>
+        <module>eiam-application-form</module>
+        <module>eiam-application-all</module>
+    </modules>
+    <dependencies>
+        <!--审计-->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-audit</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <resources>
+            <resource>
+                <directory>src/main/java</directory>
+                <includes>
+                    <include>**</include>
+                </includes>
+                <excludes>
+                    <exclude>**/*.java</exclude>
+                </excludes>
+                <filtering>false</filtering>
+            </resource>
+        </resources>
+    </build>
+</project>

eiam-audit/pom.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    eiam-audit - Employee Identity and Access Management Program
+    Copyright © 2020-2022 TopIAM (support@topiam.cn)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>cn.topiam</groupId>
+        <artifactId>eiam</artifactId>
+        <version>1.0.0-beta1</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <packaging>jar</packaging>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>eiam-audit</artifactId>
+    <dependencies>
+        <!-- core -->
+        <dependency>
+            <groupId>cn.topiam</groupId>
+            <artifactId>eiam-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/Audit.java

@@ -0,0 +1,49 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.annotation;
+
+import java.lang.annotation.*;
+
+import cn.topiam.employee.audit.enums.EventType;
+
+/**
+ * Audit
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/28 21:56
+ */
+@Target({ ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+public @interface Audit {
+
+    /**
+     * 类型
+     *
+     * @return {@link Class}
+     */
+    EventType type();
+
+    /**
+     * 审计内容 支持SPEL表达式
+     *
+     * @return {@link String}
+     */
+    String content() default "";
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/AuditAspect.java

@@ -0,0 +1,177 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.annotation;
+
+import java.util.Map;
+import java.util.Objects;
+
+import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.core.DefaultParameterNameDiscoverer;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+import org.springframework.stereotype.Component;
+
+import com.alibaba.fastjson2.JSON;
+import com.alibaba.fastjson2.JSONWriter;
+import com.beust.jcommander.internal.Maps;
+
+import cn.topiam.employee.audit.context.AuditContext;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.event.AuditEventPublish;
+import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
+import static cn.topiam.employee.support.constant.EiamConstants.COLON;
+
+/**
+ * 审计切面
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/28 19:20
+ */
+@Component
+@Aspect
+@AllArgsConstructor
+public class AuditAspect {
+
+    private final Logger                         logger                  = LoggerFactory
+        .getLogger(AuditAspect.class);
+    /**
+     * SpelExpressionParser
+     */
+    private final SpelExpressionParser           spelExpressionParser    = new SpelExpressionParser();
+    /**
+     * 参数名发现器
+     */
+    private final DefaultParameterNameDiscoverer parameterNameDiscoverer = new DefaultParameterNameDiscoverer();
+
+    private final ApplicationContext             applicationContext;
+
+    private final AuditEventPublish              auditEventPublish;
+
+    private static final String                  RESULT                  = "result";
+    private static final String                  METHOD                  = "method";
+    private static final String                  ARGS                    = "args";
+    private static final String                  P                       = "p";
+    private static final String                  ERROR                   = "error";
+
+    /**
+     * 请求Controller 日志处理
+     *
+     * @param pjp {@link ProceedingJoinPoint}
+     */
+    @Around(value = "@annotation(audit)", argNames = "pjp,audit")
+    public Object around(ProceedingJoinPoint pjp, Audit audit) throws Throwable {
+        boolean success = true;
+        Object[] parameter;
+        String result = "";
+        StandardEvaluationContext context = new StandardEvaluationContext();
+        context.setRootObject(new AuditExpressionRoot());
+        context.setBeanResolver(new BeanFactoryResolver(applicationContext));
+        MethodSignature signature = (MethodSignature) pjp.getSignature();
+        String[] parameterNames = parameterNameDiscoverer.getParameterNames(signature.getMethod());
+        Map<String, Object> parameterMap = Maps.newHashMap();
+        if (parameterNames != null && parameterNames.length > 0) {
+            //获取方法参数值
+            parameter = pjp.getArgs();
+            for (int i = 0; i < parameter.length; i++) {
+                if (ObjectUtils.isNotEmpty(parameter[i])) {
+                    context.setVariable(METHOD, signature.getMethod());
+                    context.setVariable(ARGS, pjp.getArgs());
+                    // #参数名
+                    context.setVariable(parameterNames[i], parameter[i]);
+                    // #p0.
+                    context.setVariable(P + i, parameter[i]);
+                    parameterMap.put(parameterNames[i], parameter[i]);
+                }
+            }
+        }
+        Object proceed;
+        try {
+            proceed = pjp.proceed();
+            //结果
+            context.setVariable(RESULT, proceed);
+        } catch (Throwable e) {
+            success = false;
+            context.setVariable(ERROR, e);
+            throw e;
+        }
+        //正常、还是异常，都会走以下逻辑
+        finally {
+            //@formatter:off
+            //内容
+            Object content = null;
+            if (StringUtils.isNoneBlank(audit.content())) {
+                content = spelExpressionParser.parseExpression(audit.content()).getValue(context);
+                if (!Objects.isNull(content)) {
+                    try {
+                        content = audit.type().getDesc() + COLON + JSON.toJSONString(content);
+                    } catch (Exception e) {
+                        content = audit.type().getDesc() + COLON + content;
+                    }
+                }
+                //后面有设置的内容，拼接
+                if (!Objects.isNull(content) && StringUtils.isNoneBlank(AuditContext.getContent())) {
+                    content = content + "," + spelExpressionParser.parseExpression(AuditContext.getContent()).getValue(context);
+                }
+            }
+            //上下文内容，自动拼接事件类型描述
+            if (Objects.isNull(content) && StringUtils.isNoneBlank(AuditContext.getContent())) {
+                content = audit.type().getDesc() +COLON + AuditContext.getContent();
+            }
+            if (Objects.isNull(content) && StringUtils.isBlank(AuditContext.getContent())) {
+                content = audit.type().getDesc();
+            }
+            content=(content == null) ? "" : content.toString();
+            //结果
+            Object resultObject = spelExpressionParser.parseExpression("#" + RESULT).getValue(context);
+            if (!Objects.isNull(resultObject)) {
+                try {
+                    if (resultObject instanceof ApiRestResult) {
+                       success=((ApiRestResult<?>) resultObject).getSuccess();
+                    }
+                    result = JSON.toJSONString(resultObject);
+                } catch (Exception e) {
+                    result = resultObject.toString();
+                }
+            }
+            //错误
+            if (!success) {
+                Object error = spelExpressionParser.parseExpression("#" + ERROR).getValue(context);
+                if (!Objects.isNull(error)) {
+                    result= JSON.toJSONString(error, JSONWriter.Feature.PrettyFormat);
+                }
+            }
+            //@formatter:on
+            auditEventPublish.publish(audit.type(), parameterMap, content.toString(),
+                AuditContext.getTarget(), result, success ? EventStatus.SUCCESS : EventStatus.FAIL);
+        }
+        //Remove AuditContext
+        AuditContext.removeAuditContext();
+        return proceed;
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/AuditExpressionOperations.java

@@ -0,0 +1,45 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.annotation;
+
+import org.springframework.security.core.Authentication;
+
+/**
+ * Audit 解析器
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/28 22:45
+ */
+public interface AuditExpressionOperations {
+
+    /**
+     * Gets the {@link Authentication} used for evaluating the expressions
+     *
+     * @return the {@link Authentication} for evaluating the expressions
+     */
+    Authentication getAuthentication();
+
+    /**
+     * 转JSON字符串
+     *
+     * @param object {@link Object}
+     * @return {@link String}
+     */
+    String toJsonString(Object object);
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/AuditExpressionRoot.java

@@ -0,0 +1,57 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.annotation;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import com.alibaba.fastjson2.JSON;
+
+import lombok.AllArgsConstructor;
+
+/**
+ * AuditExpressionRoot
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/28 22:48
+ */
+@AllArgsConstructor
+public class AuditExpressionRoot implements AuditExpressionOperations {
+
+    /**
+     * Gets the {@link Authentication} used for evaluating the expressions
+     *
+     * @return the {@link Authentication} for evaluating the expressions
+     */
+    @Override
+    public Authentication getAuthentication() {
+        return SecurityContextHolder.getContext().getAuthentication();
+    }
+
+    /**
+     * 转为JSON字符串
+     *
+     * @param object {@link Object}
+     * @return {@link String}
+     */
+    @Override
+    public String toJsonString(Object object) {
+        return JSON.toJSONString(object);
+    }
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.annotation;

eiam-audit/src/main/java/cn/topiam/employee/audit/configuration/ElasticsearchConfiguration.java

@@ -0,0 +1,217 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.configuration;
+
+import java.util.Map;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.data.convert.ReadingConverter;
+import org.springframework.data.convert.WritingConverter;
+import org.springframework.data.elasticsearch.core.convert.ElasticsearchCustomConversions;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.google.common.collect.Lists;
+
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.audit.enums.TargetType;
+import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
+import cn.topiam.employee.support.util.JsonUtils;
+
+/**
+ * ElasticsearchConfiguration
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/3 23:31
+ */
+@Configuration
+public class ElasticsearchConfiguration {
+
+    @Bean
+    public ElasticsearchCustomConversions elasticsearchCustomConversions() {
+        return new ElasticsearchCustomConversions(
+            Lists.newArrayList(AuditTypeToStringConverter.INSTANCE,
+                StringToAuditTypeConverter.INSTANCE, EventStatusToStringConverter.INSTANCE,
+                StringToEventStatusConverter.INSTANCE, ActorTypeToStringConverter.INSTANCE,
+                StringToActorTypeConverter.INSTANCE, GeoLocationProviderToStringConverter.INSTANCE,
+                StringToGeoLocationProviderConverter.INSTANCE, TargetTypeToStringConverter.INSTANCE,
+                StringToTargetTypeConverter.INSTANCE, StringToMapConverter.INSTANCE,
+                MapToStringConverter.INSTANCE));
+    }
+
+    @WritingConverter
+    enum AuditTypeToStringConverter implements Converter<EventType, String> {
+                                                                             /**
+                                                                              * INSTANCE
+                                                                              */
+                                                                             INSTANCE,;
+
+        @Override
+        public String convert(EventType source) {
+            return source.getCode();
+        }
+    }
+
+    @ReadingConverter
+    enum StringToAuditTypeConverter implements Converter<String, EventType> {
+                                                                             /**
+                                                                              *INSTANCE
+                                                                              */
+                                                                             INSTANCE;
+
+        @Override
+        public EventType convert(@NotNull String source) {
+            return EventType.getType(source);
+        }
+    }
+
+    @WritingConverter
+    enum ActorTypeToStringConverter implements Converter<UserType, String> {
+                                                                            /**
+                                                                             * INSTANCE
+                                                                             */
+                                                                            INSTANCE,;
+
+        @Override
+        public String convert(UserType source) {
+            return source.getCode();
+        }
+    }
+
+    @ReadingConverter
+    enum StringToActorTypeConverter implements Converter<String, UserType> {
+                                                                            /**
+                                                                             *INSTANCE
+                                                                             */
+                                                                            INSTANCE;
+
+        @Override
+        public UserType convert(@NotNull String source) {
+            return UserType.getType(source);
+        }
+    }
+
+    @WritingConverter
+    enum TargetTypeToStringConverter implements Converter<TargetType, String> {
+                                                                               /**
+                                                                                * INSTANCE
+                                                                                */
+                                                                               INSTANCE,;
+
+        @Override
+        public String convert(TargetType source) {
+            return source.getCode();
+        }
+    }
+
+    @ReadingConverter
+    enum StringToTargetTypeConverter implements Converter<String, TargetType> {
+                                                                               /**
+                                                                                *INSTANCE
+                                                                                */
+                                                                               INSTANCE;
+
+        @Override
+        public TargetType convert(@NotNull String source) {
+            return TargetType.getType(source);
+        }
+    }
+
+    @WritingConverter
+    enum GeoLocationProviderToStringConverter implements Converter<GeoLocationProvider, String> {
+                                                                                                 /**
+                                                                                                  * INSTANCE
+                                                                                                  */
+                                                                                                 INSTANCE,;
+
+        @Override
+        public String convert(GeoLocationProvider source) {
+            return source.getCode();
+        }
+    }
+
+    @ReadingConverter
+    enum StringToGeoLocationProviderConverter implements Converter<String, GeoLocationProvider> {
+                                                                                                 /**
+                                                                                                  *INSTANCE
+                                                                                                  */
+                                                                                                 INSTANCE;
+
+        @Override
+        public GeoLocationProvider convert(@NotNull String source) {
+            return GeoLocationProvider.getType(source);
+        }
+    }
+
+    @WritingConverter
+    enum MapToStringConverter implements Converter<Map<String, Object>, String> {
+                                                                                 /**
+                                                                                  * INSTANCE
+                                                                                  */
+                                                                                 INSTANCE,;
+
+        @Override
+        public String convert(@NotNull Map<String, Object> source) {
+            return JsonUtils.writeValueAsString(source);
+        }
+    }
+
+    @ReadingConverter
+    enum StringToMapConverter implements Converter<String, Map<String, Object>> {
+                                                                                 /**
+                                                                                  *INSTANCE
+                                                                                  */
+                                                                                 INSTANCE;
+
+        @Override
+        public Map<String, Object> convert(@NotNull String source) {
+            return JsonUtils.readValue(source, new TypeReference<>() {
+            });
+        }
+    }
+
+    @WritingConverter
+    enum EventStatusToStringConverter implements Converter<EventStatus, String> {
+                                                                                 /**
+                                                                                  * INSTANCE
+                                                                                  */
+                                                                                 INSTANCE,;
+
+        @Override
+        public String convert(@NotNull EventStatus source) {
+            return source.getCode();
+        }
+    }
+
+    @ReadingConverter
+    enum StringToEventStatusConverter implements Converter<String, EventStatus> {
+                                                                                 /**
+                                                                                  *INSTANCE
+                                                                                  */
+                                                                                 INSTANCE;
+
+        @Override
+        public EventStatus convert(@NotNull String source) {
+            return EventStatus.getType(source);
+        }
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/context/AuditContext.java

@@ -0,0 +1,186 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.context;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+import org.springframework.util.CollectionUtils;
+
+import com.alibaba.ttl.TransmittableThreadLocal;
+
+import cn.topiam.employee.audit.entity.Target;
+
+/**
+ * AuditContext
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/23 22:39
+ */
+public class AuditContext {
+
+    /**
+     * 内容
+     */
+    private static final TransmittableThreadLocal<String>              CONTENT         = new TransmittableThreadLocal<>();
+
+    /**
+     * 目标对象
+     */
+    private static final TransmittableThreadLocal<List<Target>>        TARGET_LIST     = new TransmittableThreadLocal<>();
+
+    /**
+     * 额外数据
+     */
+    private static final TransmittableThreadLocal<Map<String, Object>> ADDITIONAL_DATA = new TransmittableThreadLocal<>();
+
+    /**
+     * Get Content
+     *
+     * @return {@link Object}
+     */
+    public static String getContent() {
+        return CONTENT.get();
+    }
+
+    /**
+     * Set Content
+     */
+    public static void setContent(String content) {
+        CONTENT.set(content);
+    }
+
+    /**
+     * Remove Content
+     */
+    public static void removeContent() {
+        CONTENT.remove();
+    }
+
+    /**
+     * Get Additional Content
+     *
+     * @return {@link Object}
+     */
+    public static Object getAdditionalData(String key) {
+        return getAdditionalData().get(key);
+    }
+
+    /**
+     * Get
+     *
+     * @return {@link Map}
+     */
+    public static Map<String, Object> getAdditionalData() {
+        Map<String, Object> values = ADDITIONAL_DATA.get();
+        if (CollectionUtils.isEmpty(values)) {
+            ADDITIONAL_DATA.set(new HashMap<>(16));
+        }
+        return values;
+    }
+
+    /**
+     * PUT
+     *
+     * @param key   {@link String}
+     * @param value {@link Object}
+     */
+    public static void putAdditionalData(String key, Object value) {
+        Map<String, Object> values = ADDITIONAL_DATA.get();
+        if (CollectionUtils.isEmpty(values)) {
+            HashMap<String, Object> map = new HashMap<>(16);
+            map.put(key, value);
+            ADDITIONAL_DATA.set(map);
+            return;
+        }
+        values.put(key, value);
+    }
+
+    /**
+     * PUT
+     *
+     * @param value {@link Map}
+     */
+    public static void putAdditionalData(Map<String, Object> value) {
+        ADDITIONAL_DATA.set(value);
+    }
+
+    /**
+     * Get Target
+     *
+     * @return {@link Object}
+     */
+    public static List<Target> getTarget() {
+        return TARGET_LIST.get();
+    }
+
+    /**
+     * Set Target
+     */
+    public static void setTarget(Target... target) {
+        if (!Objects.isNull(target)) {
+            TARGET_LIST.set(List.of(target));
+        }
+    }
+
+    /**
+     * Set Target
+     */
+    public static void setTarget(List<Target> targets) {
+        if (!CollectionUtils.isEmpty(targets)) {
+            TARGET_LIST.set(targets);
+        }
+    }
+
+    /**
+     * Remove Content
+     */
+    public static void removeTarget() {
+        TARGET_LIST.remove();
+    }
+
+    /**
+     * remove
+     */
+    public static void removeAdditionalData() {
+        ADDITIONAL_DATA.remove();
+    }
+
+    /**
+     * remove
+     *
+     * @param key {@link String}
+     */
+    public static void removeAdditionalData(String key) {
+        Map<String, Object> values = ADDITIONAL_DATA.get();
+        if (!CollectionUtils.isEmpty(values)) {
+            values.remove(key);
+        }
+    }
+
+    /**
+     * remove
+     */
+    public static void removeAuditContext() {
+        removeAdditionalData();
+        removeContent();
+        removeTarget();
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/controller/AuditController.java

@@ -0,0 +1,91 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.controller;
+
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
+import org.springframework.http.MediaType;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import cn.topiam.employee.audit.controller.pojo.AuditDictResult;
+import cn.topiam.employee.audit.controller.pojo.AuditListQuery;
+import cn.topiam.employee.audit.controller.pojo.AuditListResult;
+import cn.topiam.employee.audit.service.AuditService;
+import cn.topiam.employee.common.constants.AuditConstants;
+import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.support.repository.page.domain.Page;
+import cn.topiam.employee.support.repository.page.domain.PageModel;
+import cn.topiam.employee.support.result.ApiRestResult;
+
+import lombok.AllArgsConstructor;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+/**
+ * 系统审计
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/23 21:12
+ */
+@Validated
+@Tag(name = "系统审计")
+@RestController
+@RequestMapping(value = AuditConstants.AUDIT_PATH, produces = MediaType.APPLICATION_JSON_VALUE)
+@AllArgsConstructor
+public class AuditController {
+
+    /**
+     * 审计列表查询
+     *
+     * @param query     {@link AuditListQuery}
+     * @param pageModel {@link PageModel}
+     * @return {@link ApiRestResult}
+     */
+    @Operation(description = "查询审计列表")
+    @GetMapping(value = "/list")
+    public ApiRestResult<Page<AuditListResult>> getAuditList(@Validated AuditListQuery query,
+                                                             PageModel pageModel) {
+        Page<AuditListResult> list = auditService.getAuditList(query, pageModel);
+        return ApiRestResult.ok(list);
+    }
+
+    /**
+     * 获取审计字典类型
+     *
+     * @return {@link ApiRestResult}
+     */
+    @Validated
+    @Operation(description = "获取审计类型")
+    @GetMapping(value = "/types/{user_type}")
+    public ApiRestResult<List<AuditDictResult>> getAuditDict(@PathVariable(name = "user_type") @NotNull(message = "用户类型不能为空！") UserType userType) {
+        List<AuditDictResult> dict = auditService.getAuditDict(userType);
+        return ApiRestResult.ok(dict);
+    }
+
+    /**
+     * AuditService
+     */
+    private final AuditService auditService;
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/controller/pojo/AuditDictResult.java

@@ -0,0 +1,63 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.controller.pojo;
+
+import java.util.Set;
+
+import org.springdoc.api.annotations.ParameterObject;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * 审计字典结果
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/27 22:35
+ */
+@Data
+@Schema(description = "审计字典结果")
+@ParameterObject
+public class AuditDictResult {
+
+    @Parameter(description = "分组名")
+    private String         name;
+    @Parameter(description = "分组编码")
+    private String         code;
+    @Parameter(description = "类型")
+    private Set<AuditType> types;
+
+    @Data
+    @Schema(description = "审计类型")
+    public static class AuditType {
+        /**
+         * 名称
+         */
+        @Parameter(description = "名称")
+        private String name;
+
+        /**
+         * CODE
+         */
+        @Parameter(description = "CODE")
+        private String code;
+    }
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/controller/pojo/AuditListQuery.java

@@ -0,0 +1,80 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.controller.pojo;
+
+import java.io.Serializable;
+import java.time.LocalDateTime;
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
+import org.springdoc.api.annotations.ParameterObject;
+import org.springframework.format.annotation.DateTimeFormat;
+
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.common.enums.UserType;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
+
+/**
+ * 查询审计日志列表入参
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/23 21:22
+ */
+@Data
+@Schema(description = "查询审计日志列表入参")
+@ParameterObject
+public class AuditListQuery implements Serializable {
+
+    /**
+     * 用户名
+     */
+    @Parameter(description = "用户名")
+    private String          username;
+    /**
+     * 审计类型
+     */
+    @Parameter(description = "审计类型")
+    private List<EventType> eventType;
+
+    /**
+     * 用户类型
+     */
+    @NotNull(message = "用户类型不能为空")
+    @Parameter(description = "用户类型")
+    private UserType        userType;
+
+    /**
+     * 事件开始时间
+     */
+    @Parameter(description = "事件开始时间")
+    @DateTimeFormat(pattern = DEFAULT_DATE_TIME_FORMATTER_PATTERN)
+    private LocalDateTime   startEventTime;
+
+    /**
+     * 事件结束时间
+     */
+    @Parameter(description = "事件结束时间")
+    @DateTimeFormat(pattern = DEFAULT_DATE_TIME_FORMATTER_PATTERN)
+    private LocalDateTime   endEventTime;
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/controller/pojo/AuditListResult.java

@@ -0,0 +1,105 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.controller.pojo;
+
+import java.io.Serializable;
+import java.time.LocalDateTime;
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+
+import cn.topiam.employee.audit.entity.GeoLocation;
+import cn.topiam.employee.audit.entity.Target;
+import cn.topiam.employee.audit.entity.UserAgent;
+import cn.topiam.employee.audit.enums.EventStatus;
+
+import lombok.Data;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
+
+/**
+ * 审计日志列表结果
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/24 22:07
+ */
+@Data
+@Schema(description = "审计日志列表结果")
+public class AuditListResult implements Serializable {
+    /**
+     * ID
+     */
+    @Schema(description = "ID")
+    private String        id;
+
+    /**
+     * 用户
+     */
+    @Schema(description = "用户名")
+    private String        username;
+
+    /**
+     * 用户 ID
+     */
+    @Schema(description = "用户ID")
+    private String        userId;
+
+    /**
+     * 用户类型
+     */
+    @Schema(description = "用户类型")
+    private String        userType;
+
+    /**
+     * 用户代理
+     */
+    @Schema(description = "用户代理")
+    private UserAgent     userAgent;
+
+    /**
+     * 地理IP
+     */
+    @Schema(description = "地理位置")
+    private GeoLocation   geoLocation;
+
+    /**
+     * 事件类型
+     */
+    @Schema(description = "事件类型")
+    private String        eventType;
+
+    /**
+     * 操作时间
+     */
+    @JsonFormat(pattern = DEFAULT_DATE_TIME_FORMATTER_PATTERN)
+    @Schema(description = "事件时间")
+    private LocalDateTime eventTime;
+
+    /**
+     * 事件状态
+     */
+    @Schema(description = "事件状态")
+    private EventStatus   eventStatus;
+
+    /**
+     * 目标
+     */
+    @Schema(description = "目标")
+    private List<Target>  targets;
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Actor.java

@@ -0,0 +1,57 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+
+import cn.topiam.employee.common.enums.UserType;
+
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * Actor
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/5 23:30
+ */
+@Data
+@Builder
+public class Actor implements Serializable {
+
+    public static final String ACTOR_ID         = "actor.id";
+    public static final String ACTOR_TYPE       = "actor.type";
+
+    @Serial
+    private static final long  serialVersionUID = -1144169992714000310L;
+    /**
+     * 行动者ID
+     */
+    @Field(type = FieldType.Keyword, name = "id")
+    private String             id;
+
+    /**
+     * 行动者类型
+     */
+    @Field(type = FieldType.Keyword, name = "type")
+    private UserType           type;
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditElasticSearchEntity.java

@@ -0,0 +1,98 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.time.Instant;
+import java.util.List;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+
+import lombok.Builder;
+import lombok.Data;
+import static org.springframework.data.elasticsearch.annotations.DateFormat.date_hour_minute_second_millis;
+
+/**
+ * 审计elasticsearch实体
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/10/13 23:22
+ */
+@Data
+@Builder
+public class AuditElasticSearchEntity implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = 6589338521638519634L;
+
+    @Id
+    @Field(type = FieldType.Keyword, name = "id")
+    private String            id;
+
+    /**
+     * Request Id
+     */
+    @Field(type = FieldType.Keyword, name = "request_id")
+    private String            requestId;
+
+    /**
+     * Session Id
+     */
+    @Field(type = FieldType.Keyword, name = "session_id")
+    private String            sessionId;
+
+    /**
+     * 操作者
+     */
+    @Field(type = FieldType.Object, name = "actor")
+    private Actor             actor;
+
+    /**
+     * 事件
+     */
+    @Field(type = FieldType.Object, name = "event")
+    private Event             event;
+
+    /**
+     * 操作目标
+     */
+    @Field(type = FieldType.Object, name = "target")
+    private List<Target>      targets;
+
+    /**
+     * UserAgent
+     */
+    @Field(type = FieldType.Object, name = "user_agent")
+    private UserAgent         userAgent;
+
+    /**
+     * 地理位置
+     */
+    @Field(type = FieldType.Object, name = "geo_location")
+    private GeoLocation       geoLocation;
+
+    /**
+     * 时间戳
+     */
+    @Field(type = FieldType.Date, name = "@timestamp", format = date_hour_minute_second_millis)
+    private Instant           timestamp;
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditEntity.java

@@ -0,0 +1,139 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serial;
+import java.time.Instant;
+import java.util.List;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Table;
+
+import org.hibernate.annotations.Type;
+
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.support.repository.domain.BaseEntity;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
+import lombok.experimental.Accessors;
+
+/**
+ * 审计
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/8/1 21:41
+ */
+@Getter
+@Setter
+@ToString
+@RequiredArgsConstructor
+@Accessors(chain = true)
+@Entity
+@Table(name = "audit")
+public class AuditEntity extends BaseEntity<Long> {
+
+    @Serial
+    private static final long serialVersionUID = -3119319193111206582L;
+
+    /**
+     * Request Id
+     */
+    @Column(name = "request_id")
+    private String            requestId;
+
+    /**
+     * Session Id
+     */
+    @Column(name = "session_id")
+    private String            sessionId;
+
+    /**
+     * 操作目标
+     */
+    @Type(type = "json")
+    @Column(name = "target_")
+    private List<Target>      targets;
+
+    /**
+     * UserAgent
+     */
+    @Type(type = "json")
+    @Column(name = "user_agent")
+    private UserAgent         userAgent;
+
+    /**
+     * 地理位置
+     */
+    @Type(type = "json")
+    @Column(name = "geo_location")
+    private GeoLocation       geoLocation;
+
+    /**
+     * 审计事件类型
+     */
+    @Column(name = "event_type")
+    private EventType         eventType;
+
+    /**
+     * 参数
+     */
+    @Column(name = "event_param")
+    private String            eventParam;
+
+    /**
+     * 事件内容
+     */
+    @Column(name = "event_content")
+    private String            eventContent;
+
+    /**
+     * 事件结果
+     */
+    @Column(name = "event_result")
+    private String            eventResult;
+
+    /**
+     * 事件时间
+     */
+    @Column(name = "event_time")
+    private Instant           eventTime;
+
+    /**
+     * 事件状态
+     */
+    @Column(name = "event_status")
+    private EventStatus       eventStatus;
+
+    /**
+     * 操作者ID
+     */
+    @Column(name = "actor_id")
+    private String            actorId;
+
+    /**
+     * 操作人类型
+     */
+    @Column(name = "actor_type")
+    private UserType          actorType;
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Event.java

@@ -0,0 +1,88 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.time.Instant;
+
+import org.springframework.data.elasticsearch.annotations.DateFormat;
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * Event
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/5 23:33
+ */
+@Data
+@Builder
+public class Event implements Serializable {
+
+    @Serial
+    private static final long  serialVersionUID = -1144169992714000310L;
+
+    public static final String EVENT_TYPE       = "event.type";
+    public static final String EVENT_TIME       = "event.time";
+
+    public static final String EVENT_STATUS     = "event.status.keyword";
+
+    /**
+     * 审计事件类型
+     */
+    @Field(type = FieldType.Keyword, name = "type")
+    private EventType          type;
+
+    /**
+     * 参数
+     */
+    @Field(type = FieldType.Text, name = "param")
+    private String             param;
+
+    /**
+     * 事件内容
+     */
+    @Field(type = FieldType.Text, name = "content")
+    private String             content;
+
+    /**
+     * 事件结果
+     */
+    @Field(type = FieldType.Text, name = "result")
+    private String             result;
+
+    /**
+     * 事件时间
+     */
+    @Field(type = FieldType.Date, name = "time", format = DateFormat.date_hour_minute_second_millis)
+    private Instant            time;
+
+    /**
+     * 事件状态
+     */
+    @Field(type = FieldType.Keyword, name = "status")
+    private EventStatus        status;
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/GeoLocation.java

@@ -0,0 +1,112 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+import org.springframework.data.elasticsearch.annotations.GeoPointField;
+import org.springframework.data.elasticsearch.core.geo.GeoPoint;
+
+import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
+
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * 地理位置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/5 23:31
+ */
+@Data
+@Builder
+public class GeoLocation implements Serializable {
+
+    @Serial
+    private static final long   serialVersionUID = -1144169992714000310L;
+
+    /**
+     * IP
+     */
+    @Field(type = FieldType.Ip, name = "ip")
+    private String              ip;
+
+    /**
+     * continent code
+     */
+    @Field(type = FieldType.Keyword, name = "continent_code")
+    private String              continentCode;
+
+    /**
+     * continent Name
+     */
+    @Field(type = FieldType.Text, name = "continent_code")
+    private String              continentName;
+
+    /**
+     * 国家code
+     */
+    @Field(type = FieldType.Keyword, name = "country_code")
+    private String              countryCode;
+
+    /**
+     * 国家名称
+     */
+    @Field(type = FieldType.Text, name = "country_name")
+    private String              countryName;
+
+    /**
+     * 省份code
+     */
+    @Field(type = FieldType.Keyword, name = "province_code")
+    private String              provinceCode;
+
+    /**
+     * 省份
+     */
+    @Field(type = FieldType.Text, name = "province_name")
+    private String              provinceName;
+
+    /**
+     * 城市code
+     */
+    @Field(type = FieldType.Keyword, name = "city_code")
+    private String              cityCode;
+
+    /**
+     * 城市名称
+     */
+    @Field(type = FieldType.Text, name = "city_name")
+    private String              cityName;
+
+    /**
+     * 地理坐标
+     */
+    @GeoPointField
+    private GeoPoint            point;
+
+    /**
+     * 提供商
+     */
+    @Field(type = FieldType.Keyword, name = "provider")
+    private GeoLocationProvider provider;
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Target.java

@@ -0,0 +1,58 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+
+import cn.topiam.employee.audit.enums.TargetType;
+
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * Target
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/5 23:34
+ */
+@Data
+@Builder
+public class Target implements Serializable {
+
+    @Serial
+    private static final long  serialVersionUID  = -1144169992714000310L;
+
+    public static final String TARGET_ID_KEYWORD = "target.id.keyword";
+
+    /**
+     * 目标 ID
+     */
+    @Field(type = FieldType.Keyword, name = "id")
+    private String             id;
+    /**
+     *
+     * 目标类型
+     */
+    @Field(type = FieldType.Keyword, name = "type")
+    private TargetType         type;
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/entity/UserAgent.java

@@ -0,0 +1,54 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.entity;
+
+import java.io.Serializable;
+
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+
+import lombok.Builder;
+import lombok.Data;
+
+/**
+ * UserAgent
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/5 23:31
+ */
+@Data
+@Builder
+public class UserAgent implements Serializable {
+
+    @Field(type = FieldType.Keyword, name = "device_type")
+    private String deviceType;
+
+    @Field(type = FieldType.Keyword, name = "platform")
+    private String platform;
+
+    @Field(type = FieldType.Keyword, name = "platform_version")
+    private String platformVersion;
+
+    @Field(type = FieldType.Keyword, name = "browser")
+    private String browser;
+
+    @Field(type = FieldType.Keyword, name = "browser_type")
+    private String browserType;
+
+    @Field(type = FieldType.Keyword, name = "browser_major_version")
+    private String browserMajorVersion;
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/enums/EventStatus.java

@@ -0,0 +1,68 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.enums;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+
+import cn.topiam.employee.support.web.converter.EnumConvert;
+
+import lombok.Getter;
+
+/**
+ * 事件状态
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/11/6 19:57
+ */
+@Getter
+public enum EventStatus {
+                         /**
+                          * 成功
+                          */
+                         SUCCESS("success", "成功"),
+                         /**
+                          * 失败
+                          */
+                         FAIL("fail", "失败");
+
+    @JsonValue
+    private final String code;
+    private final String desc;
+
+    EventStatus(String code, String desc) {
+        this.code = code;
+        this.desc = desc;
+    }
+
+    /**
+     * 获取类型
+     *
+     * @param code {@link String}
+     * @return {@link EventStatus}
+     */
+    @EnumConvert
+    public static EventStatus getType(String code) {
+        EventStatus[] values = values();
+        for (EventStatus status : values) {
+            if (String.valueOf(status.getCode()).equals(code)) {
+                return status;
+            }
+        }
+        return null;
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/enums/EventType.java

@@ -0,0 +1,551 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.enums;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+
+import cn.topiam.employee.audit.event.type.*;
+import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.support.web.converter.EnumConvert;
+
+import lombok.Getter;
+
+/**
+ * 事件类型
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/29 21:00
+ */
+@Getter
+public enum EventType {
+                       /**
+                        * 登录门户
+                        */
+                       LOGIN_PORTAL(AuthenticationEventType.LOGIN_PORTAL),
+
+                       /**
+                        * 登录控制台
+                        */
+                       LOGIN_CONSOLE(AuthenticationEventType.LOGIN_CONSOLE),
+
+                       /**
+                        * 退出门户
+                        */
+                       LOGOUT_PORTAL(AuthenticationEventType.LOGOUT_PORTAL),
+
+                       /**
+                        * 退出控制台
+                        */
+                       LOGOUT_CONSOLE(AuthenticationEventType.LOGOUT_CONSOLE),
+
+                       /**
+                        * 注册
+                        */
+                       USER_REGISTER(AccountEventType.USER_REGISTER),
+
+                       /**
+                        * 修改账户信息
+                        */
+                       MODIFY_ACCOUNT_INFO(AccountEventType.MODIFY_ACCOUNT_INFO),
+
+                       /**
+                        * 修改邮箱
+                        */
+                       MODIFY_USER_EMAIL(AccountEventType.MODIFY_USER_EMAIL),
+
+                       /**
+                        * 修改手机号
+                        */
+                       MODIFY_USER_PHONE(AccountEventType.MODIFY_USER_PHONE),
+
+                       /**
+                        * 修改密码
+                        */
+                       MODIFY_USER_PASSWORD(AccountEventType.MODIFY_USER_PASSWORD),
+
+                       /**
+                        * 创建用户
+                        */
+                       CREATE_USER(AccountEventType.CREATE_USER),
+
+                       /**
+                        * 编辑用户
+                        */
+                       UPDATE_USER(AccountEventType.UPDATE_USER),
+
+                       /**
+                        * 删除用户
+                        */
+                       DELETE_USER(AccountEventType.DELETE_USER),
+
+                       /**
+                        * 禁用用户
+                        */
+                       DISABLE_USER(AccountEventType.DISABLE_USER),
+
+                       /**
+                        * 启用用户
+                        */
+                       ENABLE_USER(AccountEventType.ENABLE_USER),
+                       /**
+                        * 绑定账号
+                        */
+                       BIND_IDP_USER(AccountEventType.BIND_IDP_USER),
+                       /**
+                        * 解绑账号
+                        */
+                       UNBIND_IDP_USER(AccountEventType.UNBIND_IDP_USER),
+                       /**
+                        * 解绑应用用户
+                        */
+                       UNBIND_APPLICATION_USER(AccountEventType.UNBIND_APPLICATION_USER),
+                       /**
+                        * 创建组织
+                        */
+                       CREATE_ORG(AccountEventType.CREATE_ORG),
+                       /**
+                        * 编辑组织
+                        */
+                       UPDATE_ORG(AccountEventType.UPDATE_ORG),
+                       /**
+                        * 删除组织
+                        */
+                       DELETE_ORG(AccountEventType.DELETE_ORGANIZATION),
+                       /**
+                        * 删除组织
+                        */
+                       MOVE_ORGANIZATION(AccountEventType.MOVE_ORGANIZATION),
+                       /**
+                        * 添加用户到组织
+                        */
+                       USER_ADD_ORG(AccountEventType.USER_ADD_ORG),
+                       /**
+                        * 用户转岗到其他组织
+                        */
+                       USER_TRANSFER_ORG(AccountEventType.USER_TRANSFER_ORG),
+                       /**
+                        * 从组织中移除用户
+                        */
+                       ORG_REMOVE_USER(AccountEventType.ORG_REMOVE_USER),
+                       /**
+                        * 登录应用
+                        */
+                       APP_SSO(AppEventType.APP_SSO),
+                       /**
+                        * 退出应用
+                        */
+                       SIGN_OUT_APP(AppEventType.SIGN_OUT_APP),
+                       /**
+                        * 添加应用
+                        */
+                       ADD_APP(AppEventType.ADD_APP),
+                       /**
+                        * 启用应用
+                        */
+                       ENABLE_APP(AppEventType.ENABLE_APP),
+                       /**
+                        * 禁用应用
+                        */
+                       DISABLE_APP(AppEventType.DISABLE_APP),
+                       /**
+                        * 修改应用
+                        */
+                       UPDATE_APP(AppEventType.UPDATE_APP),
+                       /**
+                        * 保存应用配置
+                        */
+                       SAVE_APP_CONFIG(AppEventType.SAVE_APP_CONFIG),
+                       /**
+                        * 删除应用
+                        */
+                       DELETE_APP(AppEventType.DELETE_APP),
+                       /**
+                        * 应用授权
+                        */
+                       APP_AUTHORIZATION(AppEventType.APP_ACCESS_POLICY),
+                       /**
+                        * 删除应用授权
+                        */
+                       APP_DELETE_ACCESS_POLICY(AppEventType.APP_DELETE_ACCESS_POLICY),
+                       /**
+                        * 添加应用账户
+                        */
+                       ADD_APP_ACCOUNT(AppEventType.ADD_APP_ACCOUNT),
+                       /**
+                        * 删除应用账户
+                        */
+                       DELETE_APP_ACCOUNT(AppEventType.DELETE_APP_ACCOUNT),
+                       /**
+                        * 保存SSO配置
+                        */
+                       SAVE_SSO_CONFIG(AppEventType.SAVE_SSO_CONFIG),
+                       /**
+                        * 添加身份提供商
+                        */
+                       ADD_IDP(AuthenticationEventType.ADD_IDP),
+                       /**
+                        * 编辑身份提供商
+                        */
+                       UPDATE_IDP(AuthenticationEventType.UPDATE_IDP),
+                       /**
+                        * 启用认证提供商
+                        */
+                       ENABLE_IDP(AuthenticationEventType.ENABLE_IDP),
+                       /**
+                        * 禁用认证提供商
+                        */
+                       DISABLE_IDP(AuthenticationEventType.DISABLE_IDP),
+
+                       /**
+                        * 删除认证提供商
+                        */
+                       DELETE_IDP(AuthenticationEventType.DELETE_IDP),
+
+                       /**
+                        * 保存安全基础设置
+                        */
+                       SAVE_LOGIN_SECURITY_BASIC_SETTINGS(SettingEventType.SAVE_LOGIN_SECURITY_BASIC_SETTINGS),
+                       /**
+                        * 密码策略
+                        */
+                       SAVE_PASSWORD_POLICY_SETTINGS(SettingEventType.SAVE_PASSWORD_POLICY_SETTINGS),
+
+                       /**
+                        * 多因素认证
+                        */
+                       SAVE_MFA_SETTINGS(SettingEventType.SAVE_MFA_SETTINGS),
+
+                       /**
+                        * 行为验证码
+                        */
+                       SAVE_CAPTCHA_PROVIDER(SettingEventType.SAVE_CAPTCHA_PROVIDER),
+
+                       /**
+                        * 禁用行为验证码
+                        */
+                       OFF_CAPTCHA_PROVIDER(SettingEventType.OFF_CAPTCHA_PROVIDER),
+
+                       /**
+                        * 添加管理员
+                        */
+                       ADD_ADMINISTRATOR(SettingEventType.ADD_ADMINISTRATOR),
+                       /**
+                        * 删除管理员
+                        */
+                       DELETE_ADMINISTRATOR(SettingEventType.DELETE_ADMINISTRATOR),
+                       /**
+                        * 修改管理员
+                        */
+                       UPDATE_ADMINISTRATOR(SettingEventType.UPDATE_ADMINISTRATOR),
+                       /**
+                        * 启用管理员
+                        */
+                       ENABLE_ADMINISTRATOR(SettingEventType.ENABLE_ADMINISTRATOR),
+                       /**
+                        * 禁用管理员
+                        */
+                       DISABLE_ADMINISTRATOR(SettingEventType.DISABLE_ADMINISTRATOR),
+                       /**
+                        * 重置管理员密码
+                        */
+                       RESET_ADMINISTRATOR_PASSWORD(SettingEventType.RESET_ADMINISTRATOR_PASSWORD),
+                       /**
+                        * 开启自定义修改密码邮件模板
+                        */
+                       ON_CUSTOMIZE_CHANGE_PASSWORD_MAIL(SettingEventType.ON_CUSTOMIZE_CHANGE_PASSWORD_MAIL),
+
+                       /**
+                        * 开启自定义重置密码邮件模板
+                        */
+                       ON_CUSTOMIZE_RESET_PASSWORD_MAIL(SettingEventType.ON_CUSTOMIZE_RESET_PASSWORD_MAIL),
+
+                       /**
+                        * 开启自定义确认重置密码邮件模板
+                        */
+                       ON_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL(SettingEventType.ON_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL),
+
+                       /**
+                        * 开启自定义验证邮件模板
+                        */
+                       ON_CUSTOMIZE_VERIFY_MAIL(SettingEventType.ON_CUSTOMIZE_VERIFY_MAIL),
+                       /**
+                        * 开启自定义欢迎邮件模板
+                        */
+                       ON_CUSTOMIZE_WELCOME_MAIL(SettingEventType.ON_CUSTOMIZE_WELCOME_MAIL),
+                       /**
+                        * 开启自定义修改绑定邮件模板
+                        */
+                       ON_CUSTOMIZE_MODIFY_BINDING_MAIL(SettingEventType.ON_CUSTOMIZE_MODIFY_BINDING_MAIL),
+                       /**
+                        * 关闭自定义修改密码邮件模板
+                        */
+                       OFF_CUSTOMIZE_CHANGE_PASSWORD_MAIL(SettingEventType.OFF_CUSTOMIZE_CHANGE_PASSWORD_MAIL),
+
+                       /**
+                        * 关闭自定义重置密码邮件模板
+                        */
+                       OFF_CUSTOMIZE_RESET_PASSWORD_MAIL(SettingEventType.OFF_CUSTOMIZE_RESET_PASSWORD_MAIL),
+
+                       /**
+                        * 关闭自定义确认重置密码邮件模板
+                        */
+                       OFF_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL(SettingEventType.OFF_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL),
+
+                       /**
+                        * 关闭自定义验证邮件模板
+                        */
+                       OFF_CUSTOMIZE_VERIFY_MAIL(SettingEventType.OFF_CUSTOMIZE_VERIFY_MAIL),
+                       /**
+                        * 关闭自定义欢迎邮件模板
+                        */
+                       OFF_CUSTOMIZE_WELCOME_MAIL(SettingEventType.OFF_CUSTOMIZE_WELCOME_MAIL),
+                       /**
+                        * 关闭自定义修改绑定邮件模板
+                        */
+                       OFF_CUSTOMIZE_MODIFY_BINDING_MAIL(SettingEventType.OFF_CUSTOMIZE_MODIFY_BINDING_MAIL),
+
+                       /**
+                        * 保存自定义修改密码邮件模板
+                        */
+                       SAVE_CUSTOMIZE_CHANGE_PASSWORD_MAIL(SettingEventType.SAVE_CUSTOMIZE_CHANGE_PASSWORD_MAIL),
+
+                       /**
+                        * 保存自定义重置密码邮件模板
+                        */
+                       SAVE_CUSTOMIZE_RESET_PASSWORD_MAIL(SettingEventType.SAVE_CUSTOMIZE_RESET_PASSWORD_MAIL),
+
+                       /**
+                        * 保存自定义确认重置密码邮件模板
+                        */
+                       SAVE_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL(SettingEventType.SAVE_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL),
+
+                       /**
+                        * 保存自定义验证邮件模板
+                        */
+                       SAVE_CUSTOMIZE_VERIFY_MAIL(SettingEventType.SAVE_CUSTOMIZE_VERIFY_MAIL),
+                       /**
+                        * 保存自定义欢迎邮件模板
+                        */
+                       SAVE_CUSTOMIZE_WELCOME_MAIL(SettingEventType.SAVE_CUSTOMIZE_WELCOME_MAIL),
+                       /**
+                        * 保存自定义修改绑定邮件模板
+                        */
+                       SAVE_CUSTOMIZE_MODIFY_BINDING_MAIL(SettingEventType.SAVE_CUSTOMIZE_MODIFY_BINDING_MAIL),
+
+                       /**
+                        * 开启邮件服务
+                        */
+                       ON_MAIL_SERVICE(SettingEventType.ON_MAIL_SERVICE),
+                       /**
+                        * 关闭邮件服务
+                        */
+                       OFF_MAIL_SERVICE(SettingEventType.OFF_MAIL_SERVICE),
+
+                       /**
+                        * 保存邮件服务
+                        */
+                       SAVE_MAIL_SERVICE(SettingEventType.SAVE_MAIL_SERVICE),
+
+                       /**
+                        * 开启短信验证服务
+                        */
+                       ON_SMS_SERVICE(SettingEventType.ON_SMS_SERVICE),
+
+                       /**
+                        * 关闭短信验证服务
+                        */
+                       OFF_SMS_SERVICE(SettingEventType.OFF_SMS_SERVICE),
+
+                       /**
+                        * 保存短信验证服务
+                        */
+                       SAVE_SMS_SERVICE(SettingEventType.SAVE_SMS_SERVICE),
+
+                       /**
+                        * 开启存储服务
+                        */
+                       ON_STORAGE_SERVICE(SettingEventType.ON_STORAGE_SERVICE),
+                       /**
+                        * 关闭存储服务
+                        */
+                       OFF_STORAGE_SERVICE(SettingEventType.OFF_STORAGE_SERVICE),
+                       /**
+                        * 保存存储服务
+                        */
+                       SAVE_STORAGE_SERVICE(SettingEventType.SAVE_STORAGE_SERVICE),
+                       /**
+                        * 开启地理位置服务
+                        */
+                       ON_GEO_LOCATION_SERVICE(SettingEventType.ON_GEO_LOCATION_SERVICE),
+                       /**
+                        * 关闭地理位置服务
+                        */
+                       OFF_GEO_LOCATION_SERVICE(SettingEventType.OFF_GEO_LOCATION_SERVICE),
+                       /**
+                        * 保存地理位置服务
+                        */
+                       SAVE_GEO_LOCATION_SERVICE(SettingEventType.SAVE_GEO_LOCATION_SERVICE),
+
+                       /**
+                        * 下线会话
+                        */
+                       DOWN_LINE_SESSION(OtherEventType.DOWN_LINE_SESSION),
+
+                       /**
+                        * 批量下线会话
+                        */
+                       BATCH_DOWN_LINE_SESSION(OtherEventType.BATCH_DOWN_LINE_SESSION),
+
+                       /**
+                        * 创建用户组
+                        */
+                       CREATE_USER_GROUP(AccountEventType.CREATE_USER_GROUP),
+
+                       /**
+                        * 修改用户组
+                        */
+                       UPDATE_USER_GROUP(AccountEventType.UPDATE_USER_GROUP),
+
+                       /**
+                        * 删除用户组
+                        */
+                       DELETE_USER_GROUP(AccountEventType.DELETE_USER_GROUP),
+
+                       /**
+                        * 添加用户组成员
+                        */
+                       ADD_USER_GROUP_MEMBER(AccountEventType.ADD_USER_GROUP_MEMBER),
+
+                       /**
+                        * 移除用户组成员
+                        */
+                       REMOVE_USER_GROUP_MEMBER(AccountEventType.REMOVE_USER_GROUP_MEMBER),
+
+                       /**
+                        * 创建身份源
+                        */
+                       CREATE_IDENTITY_RESOURCE(AccountEventType.CREATE_IDENTITY_RESOURCE),
+
+                       /**
+                        * 修改身份源
+                        */
+                       UPDATE_IDENTITY_RESOURCE(AccountEventType.UPDATE_IDENTITY_RESOURCE),
+
+                       /**
+                        * 删除身份源
+                        */
+                       DELETE_IDENTITY_RESOURCE(AccountEventType.DELETE_IDENTITY_RESOURCE),
+
+                       /**
+                        * 启用身份源
+                        */
+                       ENABLE_IDENTITY_RESOURCE(AccountEventType.ENABLE_IDENTITY_RESOURCE),
+
+                       /**
+                        * 禁用身份源
+                        */
+                       DISABLE_IDENTITY_RESOURCE(AccountEventType.DISABLE_IDENTITY_RESOURCE),
+                       /**
+                        * 身份源同步
+                        */
+                       IDENTITY_RESOURCE_SYNC(AccountEventType.IDENTITY_RESOURCE_SYNC),
+
+                       /**
+                        * 保存应用资源
+                        */
+                       SAVE_APP_PERMISSION_RESOURCE(AppEventType.SAVE_APP_PERMISSION_RESOURCE),
+                       /**
+                        * 修改应用资源
+                        */
+                       UPDATE_APP_PERMISSION_RESOURCE(AppEventType.UPDATE_APP_PERMISSION_RESOURCE),
+                       /**
+                        * 删除应用资源
+                        */
+                       DELETE_APP_PERMISSION_RESOURCE(AppEventType.DELETE_APP_PERMISSION_RESOURCE),
+                       /**
+                        * 启用应用资源
+                        */
+                       ENABLE_APP_PERMISSION_RESOURCE(AppEventType.ENABLE_APP_PERMISSION_RESOURCE),
+                       /**
+                        * 禁用应用资源
+                        */
+                       DISABLE_APP_PERMISSION_RESOURCE(AppEventType.DISABLE_APP_PERMISSION_RESOURCE),
+                       /**
+                        * 删除用户身份提供商绑定
+                        */
+                       DELETE_USER_IDP_BIND(AppEventType.DELETE_APP_ACCOUNT),
+
+                       /**
+                        * 添加应用角色
+                        */
+                       SAVE_APP_PERMISSION_ROLE(AppEventType.SAVE_APP_PERMISSION_ROLE),
+
+                       /**
+                        * 修改应用角色
+                        */
+                       UPDATE_APP_PERMISSION_ROLE(AppEventType.UPDATE_APP_PERMISSION_ROLE),
+
+                       /**
+                        * 删除应用角色
+                        */
+                       DELETE_APP_PERMISSION_ROLE(AppEventType.DELETE_APP_PERMISSION_ROLE);
+
+    /**
+     * code
+     */
+    @JsonValue
+    private final String         code;
+    /**
+     * desc
+     */
+    private final String         desc;
+    /**
+     * 用户类型
+     */
+    private final List<UserType> userTypes;
+    /**
+     * 归属资源
+     */
+    private final Resource       resource;
+
+    EventType(Type type) {
+        this.code = type.getCode();
+        this.desc = type.getName();
+        this.resource = type.getResource();
+        this.userTypes = type.getUserTypes();
+    }
+
+    /**
+     * 获取审计类型
+     *
+     * @param code {@link String}
+     * @return {@link EventType}
+     */
+    @EnumConvert
+    public static EventType getType(String code) {
+        EventType[] values = values();
+        for (EventType status : values) {
+            if (String.valueOf(status.getCode()).equals(code)) {
+                return status;
+            }
+        }
+        return null;
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/enums/TargetType.java

@@ -0,0 +1,145 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.enums;
+
+import com.fasterxml.jackson.annotation.JsonValue;
+
+import cn.topiam.employee.support.web.converter.EnumConvert;
+
+import lombok.Getter;
+
+/**
+ * 目标类型
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2022/10/27 23:46
+ */
+@Getter
+public enum TargetType {
+
+                        /**
+                         * 用户
+                         */
+                        USER("user", "用户"),
+
+                        /**
+                         * 用户详情
+                         */
+                        USER_DETAIL("user_detail", "用户详情"),
+
+                        /**
+                         * 用户组
+                         */
+                        USER_GROUP("user_group", "用户组"),
+
+                        /**
+                         * 用户组成员
+                         */
+                        USER_GROUP_MEMBER("user_group_member", "用户组成员"),
+
+                        /**
+                         * 身份源
+                         */
+                        IDENTITY_SOURCE("identity_source", "身份源"),
+
+                        /**
+                         * 组织机构
+                         */
+                        ORGANIZATION("organization", "组织机构"),
+                        /**
+                         * 应用
+                         */
+                        APPLICATION("application", "应用"),
+
+                        /**
+                         * 应用账户
+                         */
+                        APPLICATION_ACCOUNT("application_account", "应用账户"),
+
+                        /**
+                         * 会话管理
+                         */
+                        SESSION("session", "会话管理"),
+
+                        /**
+                         * 应用权限
+                         */
+                        APP_PERMISSION_RESOURCE("app_permission_resource", "应用权限"),
+
+                        /**
+                         * 应用权限策略
+                         */
+                        APP_PERMISSION_POLICY("app_permission_policy", "应用权限策略"),
+
+                        /**
+                         * 应用权限策略
+                         */
+                        APP_PERMISSION_ROLE("app_permission_role", "应用权限角色"),
+
+                        /**
+                         * 管理员
+                         */
+                        ADMINISTRATOR("administrator", "管理员"),
+
+                        /**
+                         * 邮件模版
+                         */
+                        MAIL_TEMPLATE("mail_template", "邮件模版"),
+
+                        /**
+                         * 身份认证提供商
+                         */
+                        IDENTITY_PROVIDER("identity_provider", "身份认证提供商"),
+
+                        /**
+                         * 控制台
+                         */
+                        CONSOLE("console", "控制台"),
+
+                        /**
+                         * 门户端
+                         */
+                        PORTAL("portal", "门户端");
+
+    @JsonValue
+    private final String code;
+    private final String desc;
+
+    TargetType(String code, String desc) {
+        this.code = code;
+        this.desc = desc;
+    }
+
+    /**
+     * 获取类型
+     *
+     * @param code {@link String}
+     * @return {@link EventType}
+     */
+    @EnumConvert
+    public static TargetType getType(String code) {
+        TargetType[] values = values();
+        for (TargetType status : values) {
+            if (String.valueOf(status.getCode()).equals(code)) {
+                return status;
+            }
+        }
+        return null;
+    }
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/enums/converter/AuditTypeConverter.java

@@ -0,0 +1,67 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.enums.converter;
+
+import java.util.Objects;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import cn.topiam.employee.audit.enums.EventType;
+
+/**
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/10 23:02
+ */
+@Converter(autoApply = true)
+public class AuditTypeConverter implements AttributeConverter<EventType, String> {
+
+    /**
+     * Converts the value stored in the entity attribute into the
+     * data representation to be stored in the database.
+     *
+     * @param attribute the entity attribute value to be converted
+     * @return the converted data to be stored in the database
+     * column
+     */
+    @Override
+    public String convertToDatabaseColumn(EventType attribute) {
+        if (Objects.isNull(attribute)) {
+            return null;
+        }
+        return attribute.getCode();
+    }
+
+    /**
+     * Converts the data stored in the database column into the
+     * value to be stored in the entity attribute.
+     * Note that it is the responsibility of the converter writer to
+     * specify the correct <code>dbData</code> type for the corresponding
+     * column for use by the JDBC driver: i.e., persistence providers are
+     * not expected to do such type conversion.
+     *
+     * @param dbData the data from the database column to be
+     *               converted
+     * @return the converted value to be stored in the entity
+     * attribute
+     */
+    @Override
+    public EventType convertToEntityAttribute(String dbData) {
+        return EventType.getType(dbData);
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/enums/converter/EventStatusConverter.java

@@ -0,0 +1,67 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.enums.converter;
+
+import java.util.Objects;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import cn.topiam.employee.audit.enums.EventStatus;
+
+/**
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/10 23:02
+ */
+@Converter(autoApply = true)
+public class EventStatusConverter implements AttributeConverter<EventStatus, String> {
+
+    /**
+     * Converts the value stored in the entity attribute into the
+     * data representation to be stored in the database.
+     *
+     * @param attribute the entity attribute value to be converted
+     * @return the converted data to be stored in the database
+     * column
+     */
+    @Override
+    public String convertToDatabaseColumn(EventStatus attribute) {
+        if (Objects.isNull(attribute)) {
+            return null;
+        }
+        return attribute.getCode();
+    }
+
+    /**
+     * Converts the data stored in the database column into the
+     * value to be stored in the entity attribute.
+     * Note that it is the responsibility of the converter writer to
+     * specify the correct <code>dbData</code> type for the corresponding
+     * column for use by the JDBC driver: i.e., persistence providers are
+     * not expected to do such type conversion.
+     *
+     * @param dbData the data from the database column to be
+     *               converted
+     * @return the converted value to be stored in the entity
+     * attribute
+     */
+    @Override
+    public EventStatus convertToEntityAttribute(String dbData) {
+        return EventStatus.getType(dbData);
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/enums/converter/TargetTypeConverter.java

@@ -0,0 +1,67 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.enums.converter;
+
+import java.util.Objects;
+
+import javax.persistence.AttributeConverter;
+import javax.persistence.Converter;
+
+import cn.topiam.employee.audit.enums.TargetType;
+
+/**
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/10 23:02
+ */
+@Converter(autoApply = true)
+public class TargetTypeConverter implements AttributeConverter<TargetType, String> {
+
+    /**
+     * Converts the value stored in the entity attribute into the
+     * data representation to be stored in the database.
+     *
+     * @param attribute the entity attribute value to be converted
+     * @return the converted data to be stored in the database
+     * column
+     */
+    @Override
+    public String convertToDatabaseColumn(TargetType attribute) {
+        if (Objects.isNull(attribute)) {
+            return null;
+        }
+        return attribute.getCode();
+    }
+
+    /**
+     * Converts the data stored in the database column into the
+     * value to be stored in the entity attribute.
+     * Note that it is the responsibility of the converter writer to
+     * specify the correct <code>dbData</code> type for the corresponding
+     * column for use by the JDBC driver: i.e., persistence providers are
+     * not expected to do such type conversion.
+     *
+     * @param dbData the data from the database column to be
+     *               converted
+     * @return the converted value to be stored in the entity
+     * attribute
+     */
+    @Override
+    public TargetType convertToEntityAttribute(String dbData) {
+        return TargetType.getType(dbData);
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEvent.java

@@ -0,0 +1,59 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event;
+
+import java.io.Serial;
+import java.util.*;
+
+import org.springframework.context.ApplicationEvent;
+
+import cn.topiam.employee.audit.entity.*;
+
+import lombok.Getter;
+
+/**
+ * 审计事件
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/8/1 21:56
+ */
+@Getter
+public class AuditEvent extends ApplicationEvent {
+    @Serial
+    private static final long  serialVersionUID = 3425943796938543659L;
+
+    private final String       requestId;
+    private final String       sessionId;
+    private final Actor        actor;
+    private final Event        event;
+    private final List<Target> target;
+    private final UserAgent    userAgent;
+    private final GeoLocation  geoLocationModal;
+
+    public AuditEvent(String requestId, String sessionId, Actor actor, Event event,
+                      UserAgent userAgent, GeoLocation geoLocation, List<Target> targets) {
+        super(requestId);
+        this.requestId = requestId;
+        this.sessionId = sessionId;
+        this.actor = actor;
+        this.event = event;
+        this.target = targets;
+        this.userAgent = userAgent;
+        this.geoLocationModal = geoLocation;
+    }
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventListener.java

@@ -0,0 +1,125 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event;
+
+import java.time.LocalDate;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import java.util.Objects;
+
+import org.springframework.context.ApplicationListener;
+import org.springframework.data.elasticsearch.core.ElasticsearchOperations;
+import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates;
+import org.springframework.lang.NonNull;
+import org.springframework.stereotype.Component;
+
+import cn.topiam.employee.audit.entity.*;
+import cn.topiam.employee.audit.repository.*;
+import cn.topiam.employee.core.configuration.EiamSupportProperties;
+import static cn.topiam.employee.common.constants.AuditConstants.getAuditIndexPrefix;
+import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_FORMATTER_PATTERN;
+
+/**
+ * 事件监听
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/12 22:49
+ */
+@Component
+public class AuditEventListener implements ApplicationListener<AuditEvent> {
+
+    /**
+     * onApplicationEvent
+     *
+     * @param auditEvent {@link AuditEvent}
+     */
+    @Override
+    public void onApplicationEvent(@NonNull AuditEvent auditEvent) {
+        Event event = auditEvent.getEvent();
+        Actor actor = auditEvent.getActor();
+        List<Target> target = auditEvent.getTarget();
+        GeoLocation geoLocation = auditEvent.getGeoLocationModal();
+        UserAgent userAgent = auditEvent.getUserAgent();
+        //保存数据库
+        AuditEntity entity = new AuditEntity();
+        try {
+            entity.setRequestId(auditEvent.getRequestId());
+            entity.setSessionId(auditEvent.getSessionId());
+            //事件
+            entity.setEventType(event.getType());
+            entity.setEventContent(event.getContent());
+            entity.setEventParam(event.getParam());
+            entity.setEventStatus(event.getStatus());
+            entity.setEventResult(event.getResult());
+            entity.setEventTime(event.getTime());
+            //操作目标
+            entity.setTargets(target);
+            entity.setGeoLocation(geoLocation);
+            entity.setUserAgent(userAgent);
+            entity.setActorId(actor.getId());
+            entity.setActorType(actor.getType());
+            auditRepository.save(entity);
+        } catch (Exception ignored) {
+        } finally {
+            if (!Objects.isNull(entity.getId())) {
+                //保存 Elasticsearch
+                AuditElasticSearchEntity audit = AuditElasticSearchEntity.builder().build();
+                audit.setRequestId(auditEvent.getRequestId());
+                audit.setSessionId(auditEvent.getSessionId());
+                audit.setId(entity.getId().toString());
+                audit.setEvent(event);
+                audit.setTargets(target);
+                audit.setGeoLocation(geoLocation);
+                audit.setUserAgent(userAgent);
+                audit.setActor(actor);
+                audit.setTimestamp(
+                    entity.getCreateTime().atZone(ZoneId.systemDefault()).toInstant());
+                String auditIndex = getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen())
+                                    + LocalDate.now().format(DateTimeFormatter
+                                        .ofPattern(DEFAULT_DATE_FORMATTER_PATTERN));
+                elasticsearchOperations.save(audit, IndexCoordinates.of(auditIndex));
+            }
+        }
+
+    }
+
+    /**
+     * EiamSupportProperties
+     */
+    private final EiamSupportProperties   eiamSupportProperties;
+
+    /**
+     * AuditRepository
+     */
+    private final AuditRepository         auditRepository;
+
+    /**
+     * ElasticsearchOperations
+     */
+    private final ElasticsearchOperations elasticsearchOperations;
+
+    public AuditEventListener(EiamSupportProperties eiamSupportProperties,
+                              AuditRepository auditRepository,
+                              ElasticsearchOperations elasticsearchOperations) {
+        this.eiamSupportProperties = eiamSupportProperties;
+        this.auditRepository = auditRepository;
+        this.elasticsearchOperations = elasticsearchOperations;
+    }
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java

@@ -0,0 +1,327 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event;
+
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.data.elasticsearch.core.geo.GeoPoint;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+import com.alibaba.fastjson2.JSONObject;
+
+import cn.topiam.employee.audit.entity.*;
+import cn.topiam.employee.audit.enums.EventStatus;
+import cn.topiam.employee.audit.enums.EventType;
+import cn.topiam.employee.common.enums.UserType;
+import cn.topiam.employee.common.geo.GeoLocationService;
+import cn.topiam.employee.core.security.userdetails.UserDetails;
+import cn.topiam.employee.support.context.ServletContextHelp;
+import cn.topiam.employee.support.trace.TraceUtils;
+import cn.topiam.employee.support.util.IpUtils;
+import cn.topiam.employee.support.web.useragent.UserAgentUtils;
+
+import lombok.AllArgsConstructor;
+import static cn.topiam.employee.core.logger.LogAspect.replaceBlank;
+
+/**
+ * 发布审计事件
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/8/1 21:04
+ */
+@Component
+@AllArgsConstructor
+public class AuditEventPublish {
+
+    private final Logger logger = LoggerFactory.getLogger(AuditEventPublish.class);
+
+    /**
+     * 发布 审计事件
+     *
+     * @param eventType {@link EventType}
+     */
+    public void publish(EventType eventType, String content, EventStatus eventStatus) {
+        //@formatter:off
+        //封装操作事件
+        Event event = Event.builder()
+                .type(eventType)
+                .time(Instant.now())
+                .content(content)
+                .status(eventStatus).build();
+        //封装地理位置
+        GeoLocation geoLocationModal = getGeoLocation();
+        //封装用户代理
+        UserAgent userAgent = getUserAgent();
+        //封装操作人
+        Actor actor = getActor();
+        //Publish AuditEvent
+        applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, null));
+        //@formatter:on
+    }
+
+    /**
+     * 发布 审计事件
+     *
+     * @param eventType {@link EventType}
+     */
+    public void publish(EventType eventType, Authentication authentication, EventStatus eventStatus,
+                        List<Target> targets) {
+        //@formatter:off
+        //封装操作事件
+        Event event = Event.builder()
+                .type(eventType)
+                .time(Instant.now())
+                .status(eventStatus).build();
+        if (authentication.getPrincipal() instanceof UserDetails){
+            String username = ((UserDetails) authentication.getPrincipal()).getUsername();
+            event.setContent(username+"："+event.getType().getDesc());
+        }
+        //封装地理位置
+        GeoLocation geoLocationModal = getGeoLocation();
+        //封装用户代理
+        UserAgent userAgent = getUserAgent();
+        //封装操作人
+        Actor actor = getActor(authentication);
+        //Publish AuditEvent
+        applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, targets));
+        //@formatter:on
+    }
+
+    /**
+     * 发布 审计事件
+     *
+     * @param eventType {@link EventType}
+     */
+    public void publish(EventType eventType, String content, Actor actor, EventStatus eventStatus) {
+        //@formatter:off
+        //封装操作事件
+        Event event = Event.builder()
+                .type(eventType)
+                .time(Instant.now())
+                .content(content)
+                .status(eventStatus).build();
+        //封装地理位置
+        GeoLocation geoLocationModal = getGeoLocation();
+        //封装用户代理
+        UserAgent userAgent = getUserAgent();
+        //Publish AuditEvent
+        applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, null));
+        //@formatter:on
+    }
+
+    /**
+     * 发布 审计事件
+     *
+     * @param eventType {@link EventType}
+     */
+    public void publish(EventType eventType, Map<String, Object> parameters, String content,
+                        List<Target> target, String result, EventStatus eventStatus) {
+        //@formatter:off
+        //封装操作事件
+        Event event = Event.builder()
+                .type(eventType)
+                .time(Instant.now())
+                .status(eventStatus).build();
+        if (!Objects.isNull(parameters)){
+            try {
+                event.setParam(replaceBlank(JSONObject.toJSONString(parameters)));
+            } catch (Exception e) {
+                event.setParam(parameters.toString());
+            }
+        }
+        //描述
+        if (StringUtils.isNotBlank(content)){
+            event.setContent(content);
+        }
+        //事件结果
+        if (StringUtils.isNotBlank(result)){
+            event.setResult(result);
+        }
+        //封装地理位置
+        GeoLocation geoLocationModal = getGeoLocation();
+        //封装用户代理
+        UserAgent userAgent = getUserAgent();
+        //封装操作人
+        Actor actor = getActor();
+        //Publish AuditEvent
+        applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, target));
+        //@formatter:on
+    }
+
+    /**
+     * 发布 审计事件
+     *
+     * @param eventType {@link EventType}
+     */
+    public void publish(EventType eventType, List<Target> target, String result,
+                        EventStatus eventStatus) {
+        //@formatter:off
+        //封装操作事件
+        Event event = Event.builder()
+                .type(eventType)
+                .time(Instant.now())
+                .status(eventStatus).build();
+        //事件结果
+        event.setResult(result);
+        //封装地理位置
+        GeoLocation geoLocationModal = getGeoLocation();
+        //封装用户代理
+        UserAgent userAgent = getUserAgent();
+        //封装操作人
+        Actor actor = getActor();
+        //Publish AuditEvent
+        applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, target));
+        //@formatter:on
+    }
+
+    /**
+     * 封装操作者
+     * @return {@link Actor}
+     */
+    private Actor getActor() {
+        //@formatter:off
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        Authentication authentication = securityContext.getAuthentication();
+        return Actor.builder()
+                .id(getActorId(authentication))
+                .type(getActorType(authentication))
+                .build();
+        //@formatter:on
+    }
+
+    /**
+     * 封装操作者
+     * @param authentication {@link Authentication}
+     * @return {@link Actor}
+     */
+    private Actor getActor(Authentication authentication) {
+        //@formatter:off
+        return Actor.builder()
+                .id(getActorId(authentication))
+                .type(getActorType(authentication))
+                .build();
+        //@formatter:on
+    }
+
+    private String getActorId(Authentication authentication) {
+        //@formatter:off
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof UserDetails) {
+            return ((UserDetails) principal).getId();
+        }
+        return null;
+        //@formatter:on
+    }
+
+    /**
+     * 获取行动者类型
+     *
+     * @param authentication {@link Authentication}
+     * @return {@link UserType}
+     */
+    private UserType getActorType(Authentication authentication) {
+        //@formatter:off
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof UserDetails) {
+            return  ((UserDetails) principal).getUserType();
+        }
+        return null;
+        //@formatter:on
+    }
+
+    /**
+     * 获取用户代理
+     *
+     * @return {@link UserAgent}
+     */
+    private UserAgent getUserAgent() {
+        //@formatter:off
+        HttpServletRequest request = ServletContextHelp.getRequest();
+        cn.topiam.employee.support.web.useragent.UserAgent ua = UserAgentUtils.getUserAgent(request);
+        return UserAgent.builder()
+                .browser(ua.getBrowser())
+                .browserType(ua.getBrowserType())
+                .browserMajorVersion(ua.getBrowserMajorVersion())
+                .platform(ua.getPlatform())
+                .platformVersion(ua.getPlatformVersion())
+                .deviceType(ua.getDeviceType())
+                .build();
+        //@formatter:on
+    }
+
+    /**
+     * 获取地理位置
+     *
+     * @return {@link GeoLocation}
+     */
+    private GeoLocation getGeoLocation() {
+        //@formatter:off
+        HttpServletRequest request = ServletContextHelp.getRequest();
+        String ip = IpUtils.getIpAddr(request);
+        cn.topiam.employee.common.geo.GeoLocation geoLocation = geoLocationService.getGeoLocation(ip);
+        if (Objects.isNull(geoLocation)){
+            return null;
+        }
+        if (IpUtils.isInternalIp(ip)){
+            return GeoLocation.builder()
+                    .ip(geoLocation.getIp())
+                    .provider(geoLocation.getProvider())
+                    .build();
+       }
+        GeoPoint geoPoint = null;
+        if (!Objects.isNull(geoLocation.getLatitude()) && !Objects.isNull(geoLocation.getLongitude())) {
+            geoPoint = new GeoPoint(geoLocation.getLatitude(), geoLocation.getLongitude());
+        }
+        return  GeoLocation.builder()
+                .ip(ip)
+                .continentCode(geoLocation.getContinentCode())
+                .continentName(geoLocation.getContinentName())
+                .countryCode(geoLocation.getCountryCode())
+                .countryName(geoLocation.getCountryName())
+                .provinceCode(geoLocation.getProvinceCode())
+                .provinceName(geoLocation.getProvinceName())
+                .cityCode(geoLocation.getCityCode())
+                .cityName(geoLocation.getCityName())
+                .point(geoPoint)
+                .provider(geoLocation.getProvider())
+                .build();
+        //@formatter:on
+    }
+
+    /**
+     * ApplicationEventPublisher
+     */
+    private final ApplicationEventPublisher applicationEventPublisher;
+    /**
+     * 地理位置
+     */
+    private final GeoLocationService        geoLocationService;
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/AccountEventType.java

@@ -0,0 +1,213 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import java.util.List;
+
+import cn.topiam.employee.common.enums.UserType;
+import static cn.topiam.employee.audit.event.type.Resource.ACCOUNT_RESOURCE;
+
+/**
+ * 账户资源
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/24 22:58
+ */
+public class AccountEventType {
+
+    /**
+     * 创建用户
+     */
+    public static Type CREATE_USER               = new Type("eiam:event:account:create_user",
+        "创建用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 编辑用户
+     */
+    public static Type UPDATE_USER               = new Type("eiam:event:account:update_user",
+        "修改用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 删除用户
+     */
+    public static Type DELETE_USER               = new Type("eiam:event:account:delete_user",
+        "删除用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 禁用用户
+     */
+    public static Type DISABLE_USER              = new Type("eiam:event:account:disabled_user",
+        "禁用用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 启用用户
+     */
+    public static Type ENABLE_USER               = new Type("eiam:event:account:enabled_user",
+        "启用用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 创建组织
+     */
+    public static Type CREATE_ORG                = new Type(
+        "eiam:event:account:create_organization", "创建组织", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 编辑组织
+     */
+    public static Type UPDATE_ORG                = new Type(
+        "eiam:event:account:update_organization", "修改组织", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 删除组织
+     */
+    public static Type DELETE_ORGANIZATION       = new Type(
+        "eiam:event:account:delete_organization", "删除组织", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 移动组织
+     */
+    public static Type MOVE_ORGANIZATION         = new Type("eiam:event:account:move_organization",
+        "移动组织", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 用户转岗到其他组织
+     */
+    public static Type USER_TRANSFER_ORG         = new Type("eiam:event:account:transfer_user",
+        "用户转岗", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 从组织中移除用户
+     */
+    public static Type ORG_REMOVE_USER           = new Type(
+        "eiam:event:account:delete_user_organization", "移除组织用户", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 添加用户到组织
+     */
+    public static Type USER_ADD_ORG              = new Type(
+        "eiam:event:account:user_add_organization", "组织添加用户", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 绑定账号
+     */
+    public static Type BIND_IDP_USER             = new Type("eiam:event:account:bind_idp_user",
+        "绑定 IDP", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+    /**
+     * 解绑账号
+     */
+    public static Type UNBIND_IDP_USER           = new Type("eiam:event:account:unbind_idp_user",
+        "解绑 IDP", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+    /**
+     * 用户应用解绑
+     */
+    public static Type UNBIND_APPLICATION_USER   = new Type(
+        "eiam:event:account:unbind_application_user", "解绑应用账户", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 用户注册
+     */
+    public static Type USER_REGISTER             = new Type("eiam:event:account:user_register",
+        "用户注册", ACCOUNT_RESOURCE, List.of(UserType.USER));
+
+    /**
+     * 修改账户信息
+     */
+    public static Type MODIFY_ACCOUNT_INFO       = new Type(
+        "eiam:event:account:update_account_info", "修改账户", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN, UserType.USER));
+    /**
+     * 修改邮箱
+     */
+    public static Type MODIFY_USER_EMAIL         = new Type("eiam:event:account:update_email",
+        "修改邮箱", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+    /**
+     * 修改手机号
+     */
+    public static Type MODIFY_USER_PHONE         = new Type("eiam:event:account:update_phone",
+        "修改手机号", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+    /**
+     * 修改密码
+     */
+    public static Type MODIFY_USER_PASSWORD      = new Type("eiam:event:account:update_password",
+        "修改密码", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+
+    /**
+     * 创建用户组
+     */
+    public static Type CREATE_USER_GROUP         = new Type("eiam:event:account:create_user_group",
+        "创建用户组", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 编辑用户组
+     */
+    public static Type UPDATE_USER_GROUP         = new Type("eiam:event:account:update_user_group",
+        "修改用户组", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 删除用户组
+     */
+    public static Type DELETE_USER_GROUP         = new Type("eiam:event:account:delete_user_group",
+        "删除用户组", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 添加用户组成员
+     */
+    public static Type ADD_USER_GROUP_MEMBER     = new Type(
+        "eiam:event:account:add_user_group_member", "添加用户组成员", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 移除用户组成员
+     */
+    public static Type REMOVE_USER_GROUP_MEMBER  = new Type(
+        "eiam:event:account:remove_user_group_member", "移除用户组成员", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 创建身份源
+     */
+    public static Type CREATE_IDENTITY_RESOURCE  = new Type(
+        "eiam:event:account:create_identity_resource", "创建身份源", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 编辑身份源
+     */
+    public static Type UPDATE_IDENTITY_RESOURCE  = new Type(
+        "eiam:event:account:update_identity_resource", "修改身份源", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 删除身份源
+     */
+    public static Type DELETE_IDENTITY_RESOURCE  = new Type(
+        "eiam:event:account:delete_identity_resource", "删除身份源", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 启用身份源
+     */
+    public static Type ENABLE_IDENTITY_RESOURCE  = new Type(
+        "eiam:event:account:enable_identity_resource", "启用身份源", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 禁用身份源
+     */
+    public static Type DISABLE_IDENTITY_RESOURCE = new Type(
+        "eiam:event:account:disable_identity_resource", "禁用身份源", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 禁用身份源
+     */
+    public static Type IDENTITY_RESOURCE_SYNC    = new Type(
+        "eiam:event:account:identity_resource_sync", "身份源同步", ACCOUNT_RESOURCE,
+        List.of(UserType.ADMIN));
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/AppEventType.java

@@ -0,0 +1,165 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import java.util.List;
+
+import cn.topiam.employee.common.enums.UserType;
+import static cn.topiam.employee.audit.event.type.Resource.APP_RESOURCE;
+
+/**
+ * 应用资源
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/24 23:00
+ */
+public class AppEventType {
+    /**
+     * 单点登录
+     */
+    public static Type APP_SSO                         = new Type("eiam:event:app:sso", "单点登录",
+        APP_RESOURCE, List.of(UserType.USER));
+    /**
+     * 退出应用
+     */
+    public static Type SIGN_OUT_APP                    = new Type("eiam:event:app:login", "退出应用",
+        APP_RESOURCE, List.of(UserType.USER));
+    /**
+     * 添加应用
+     */
+    public static Type ADD_APP                         = new Type("eiam:event:app:create", "添加应用",
+        APP_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 启用应用
+     */
+    public static Type ENABLE_APP                      = new Type("eiam:event:app:enabled", "启用应用",
+        APP_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 禁用应用
+     */
+    public static Type DISABLE_APP                     = new Type("eiam:event:app:disabled", "禁用应用",
+        APP_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 编辑应用
+     */
+    public static Type UPDATE_APP                      = new Type("eiam:event:app:update", "修改应用",
+        APP_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 保存应用配置
+     */
+    public static Type SAVE_APP_CONFIG                 = new Type("eiam:event:app:save:config",
+        "保存应用配置", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 删除应用
+     */
+    public static Type DELETE_APP                      = new Type("eiam:event:app:delete", "删除应用",
+        APP_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 应用访问授权
+     */
+    public static Type APP_ACCESS_POLICY               = new Type("eiam:event:app:access_policy",
+        "应用访问授权", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 删除访问授权
+     */
+    public static Type APP_DELETE_ACCESS_POLICY        = new Type(
+        "eiam:event:app:delete_access_policy", "应用访问授权", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 添加应用账户
+     */
+    public static Type ADD_APP_ACCOUNT                 = new Type("eiam:event:app:add_app_account",
+        "添加应用账户", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 删除应用账户
+     */
+    public static Type DELETE_APP_ACCOUNT              = new Type(
+        "eiam:event:app:delete_app_account", "删除应用账户", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 保存SSO配置
+     */
+    public static Type SAVE_SSO_CONFIG                 = new Type("eiam:event:app:save_sso_config",
+        "保存SSO配置", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 保存应用权限资源
+     */
+    public static Type SAVE_APP_PERMISSION_RESOURCE    = new Type(
+        "eiam:event:app:save_app_permission_resource", "保存应用权限资源", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 修改应用权限资源
+     */
+    public static Type UPDATE_APP_PERMISSION_RESOURCE  = new Type(
+        "eiam:event:app:update_app_permission_resource", "修改应用权限资源", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 删除应用权限资源
+     */
+    public static Type DELETE_APP_PERMISSION_RESOURCE  = new Type(
+        "eiam:event:app:delete_app_permission_resource", "删除应用权限资源", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 启用应用权限资源
+     */
+    public static Type ENABLE_APP_PERMISSION_RESOURCE  = new Type(
+        "eiam:event:app:enable_app_permission_resource", "启用应用权限资源", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 禁用应用权限资源
+     */
+    public static Type DISABLE_APP_PERMISSION_RESOURCE = new Type(
+        "eiam:event:app:disable_app_permission_resource", "禁用应用权限资源", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 删除用户身份提供商绑定
+     */
+    public static Type DELETE_USER_IDP_BIND            = new Type(
+        "eiam:event:app:delete_user_idp_bind", "删除用户身份提供商绑定", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 添加应用角色
+     */
+    public static Type SAVE_APP_PERMISSION_ROLE        = new Type(
+        "eiam:event:app:save_app_permission_role", "添加应用角色", APP_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 修改应用角色
+     */
+    public static Type UPDATE_APP_PERMISSION_ROLE      = new Type(
+        "eiam:event:app:update_app_permission_role", "修改应用角色", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 删除应用角色
+     */
+    public static Type DELETE_APP_PERMISSION_ROLE      = new Type(
+        "eiam:event:app:delete_app_permission_role", "删除应用角色", APP_RESOURCE,
+        List.of(UserType.ADMIN));
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/AuthenticationEventType.java

@@ -0,0 +1,82 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import java.util.List;
+
+import cn.topiam.employee.common.enums.UserType;
+import static cn.topiam.employee.audit.event.type.Resource.AUTHENTICATION_RESOURCE;
+
+/**
+ * 认证资源
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/24 22:59
+ */
+public class AuthenticationEventType {
+
+    /**
+     * 添加身份提供商
+     */
+    public static Type ADD_IDP        = new Type("eiam:event:idp_add", "添加身份提供商",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 编辑身份提供商
+     */
+    public static Type UPDATE_IDP     = new Type("eiam:event:idp_update", "修改身份提供商",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 启用身份提供商
+     */
+    public static Type ENABLE_IDP     = new Type("eiam:event:idp_enabled", "启用身份提供商",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 禁用身份提供商
+     */
+    public static Type DISABLE_IDP    = new Type("eiam:event:idp_disabled", "禁用身份提供商",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
+    /**
+     * 删除身份提供商
+     */
+    public static Type DELETE_IDP     = new Type("eiam:event:idp_delete", "删除身份提供商",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 登录控制台
+     */
+    public static Type LOGIN_CONSOLE  = new Type("eiam:event:login:console", "登录控制台",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+
+    /**
+     * 登录门户
+     */
+    public static Type LOGIN_PORTAL   = new Type("eiam:event:login:portal", "登录门户",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+
+    /**
+     * 退出控制台
+     */
+    public static Type LOGOUT_CONSOLE = new Type("eiam:event:logout:console", "退出控制台",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+
+    /**
+     * 退出门户
+     */
+    public static Type LOGOUT_PORTAL  = new Type("eiam:event:logout:portal", "退出门户",
+        AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/OtherEventType.java

@@ -0,0 +1,46 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import java.util.List;
+
+import cn.topiam.employee.common.enums.UserType;
+import static cn.topiam.employee.audit.event.type.Resource.OTHER_RESOURCE;
+
+/**
+ * 其他设置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/24 22:58
+ */
+public class OtherEventType {
+
+    /**
+     * 下线会话
+     */
+    public static Type DOWN_LINE_SESSION       = new Type("eiam:event:other:down_line_session",
+        "下线会话", OTHER_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 批量下线会话
+     */
+    public static Type BATCH_DOWN_LINE_SESSION = new Type(
+        "eiam:event:other:batch_down_line_session", "批量下线会话", OTHER_RESOURCE,
+        List.of(UserType.ADMIN));
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/Resource.java

@@ -0,0 +1,75 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+/**
+ * 审计资源
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/29 21:07
+ */
+@Data
+@AllArgsConstructor
+public class Resource {
+    /**
+     * 资源编码
+     */
+    private String code;
+    /**
+     * 资源名称
+     */
+    private String name;
+
+    @Override
+    public String toString() {
+        return String.format("[%s](%s)", name, code);
+    }
+
+    /**
+     * 账户
+     */
+    public static Resource ACCOUNT_RESOURCE        = new Resource("eiam:event:resource:account",
+        "账户管理");
+
+    /**
+     * 认证
+     */
+    public static Resource AUTHENTICATION_RESOURCE = new Resource(
+        "eiam:event:resource:authentication", "认证管理");
+    /**
+     * 应用
+     */
+    public static Resource APP_RESOURCE            = new Resource("eiam:event:resource:application",
+        "应用管理");
+
+    /**
+     * 其他管理
+     */
+    public static Resource OTHER_RESOURCE          = new Resource("eiam:event:resource:other",
+        "其他管理");
+
+    /**
+     * 系统设置
+     */
+    public static Resource SETTING_RESOURCE        = new Resource("eiam:event:resource:settings",
+        "系统设置");
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/SettingEventType.java

@@ -0,0 +1,314 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import java.util.List;
+
+import cn.topiam.employee.common.enums.UserType;
+import static cn.topiam.employee.audit.event.type.Resource.SETTING_RESOURCE;
+
+/**
+ * 系统设置
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/24 22:58
+ */
+public class SettingEventType {
+
+    /**
+     * 保存安全基础设置
+     */
+    public static Type SAVE_LOGIN_SECURITY_BASIC_SETTINGS         = new Type(
+        "eiam:event:setting:save_security_basic", "保存安全基础设置", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 密码策略
+     */
+    public static Type SAVE_PASSWORD_POLICY_SETTINGS              = new Type(
+        "eiam:event:setting:save_password_policy", "保存密码策略", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存多因素认证
+     */
+    public static Type SAVE_MFA_SETTINGS                          = new Type(
+        "eiam:event:setting:save_mfa", "保存多因素认证", SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 保存行为验证码
+     */
+    public static Type SAVE_CAPTCHA_PROVIDER                      = new Type(
+        "eiam:event:setting:save_captcha_provider", "保存行为验证码", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存行为验证码
+     */
+    public static Type OFF_CAPTCHA_PROVIDER                       = new Type(
+        "eiam:event:setting:off_captcha_provider", "禁用行为验证码", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 添加管理员
+     */
+    public static Type ADD_ADMINISTRATOR                          = new Type(
+        "eiam:event:setting:add_administrator", "添加管理员", SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 删除管理员
+     */
+    public static Type DELETE_ADMINISTRATOR                       = new Type(
+        "eiam:event:setting:delete_administrator", "删除管理员", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 修改管理员
+     */
+    public static Type UPDATE_ADMINISTRATOR                       = new Type(
+        "eiam:event:setting:update_administrator", "修改管理员", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 启用管理员
+     */
+    public static Type ENABLE_ADMINISTRATOR                       = new Type(
+        "eiam:event:setting:enable_administrator", "启用管理员", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 禁用管理员
+     */
+    public static Type DISABLE_ADMINISTRATOR                      = new Type(
+        "eiam:event:setting:disable_administrator", "禁用管理员", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+    /**
+     * 重置管理员密码
+     */
+    public static Type RESET_ADMINISTRATOR_PASSWORD               = new Type(
+        "eiam:event:setting:reset_administrator_password", "重置管理员密码", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启自定义修改密码邮件模板
+     */
+    public static Type ON_CUSTOMIZE_CHANGE_PASSWORD_MAIL          = new Type(
+        "eiam:event:setting:on_customize_change_password_mail", "开启自定义修改密码邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启自定义重置密码邮件模板
+     */
+    public static Type ON_CUSTOMIZE_RESET_PASSWORD_MAIL           = new Type(
+        "eiam:event:setting:on_customize_reset_password_mail", "开启自定义重置密码邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启自定义确认重置密码邮件模板
+     */
+    public static Type ON_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL   = new Type(
+        "eiam:event:setting:on_customize_confirm_reset_password_mail", "开启自定义确认重置密码邮件模板",
+        SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 开启自定义验证邮件模板
+     */
+    public static Type ON_CUSTOMIZE_VERIFY_MAIL                   = new Type(
+        "eiam:event:setting:on_customize_verify_mail", "开启自定义验证邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启自定义欢迎邮件模板
+     */
+    public static Type ON_CUSTOMIZE_WELCOME_MAIL                  = new Type(
+        "eiam:event:setting:on_customize_welcome_mail", "开启自定义欢迎邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启自定义修改绑定邮件模板
+     */
+    public static Type ON_CUSTOMIZE_MODIFY_BINDING_MAIL           = new Type(
+        "eiam:event:setting:on_customize_modify_binding:_mail", "开启自定义修改绑定邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭自定义修改密码邮件模板
+     */
+    public static Type OFF_CUSTOMIZE_CHANGE_PASSWORD_MAIL         = new Type(
+        "eiam:event:setting:off_customize_change_password_mail", "关闭自定义修改密码邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭自定义重置密码邮件模板
+     */
+    public static Type OFF_CUSTOMIZE_RESET_PASSWORD_MAIL          = new Type(
+        "eiam:event:setting:off_customize_reset_password_mail", "关闭自定义重置密码邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭自定义确认重置密码邮件模板
+     */
+    public static Type OFF_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL  = new Type(
+        "eiam:event:setting:off_customize_confirm_reset_password_mail", "关闭自定义确认重置密码邮件模板",
+        SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 关闭自定义验证邮件模板
+     */
+    public static Type OFF_CUSTOMIZE_VERIFY_MAIL                  = new Type(
+        "eiam:event:setting:off_customize_verify_mail", "关闭自定义验证邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭自定义欢迎邮件模板
+     */
+    public static Type OFF_CUSTOMIZE_WELCOME_MAIL                 = new Type(
+        "eiam:event:setting:off_customize_welcome_mail", "关闭自定义欢迎邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭自定义修改绑定邮件模板
+     */
+    public static Type OFF_CUSTOMIZE_MODIFY_BINDING_MAIL          = new Type(
+        "eiam:event:setting:off_customize_modify_binding_mail", "关闭自定义修改绑定邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存自定义修改密码邮件模板
+     */
+    public static Type SAVE_CUSTOMIZE_CHANGE_PASSWORD_MAIL        = new Type(
+        "eiam:event:setting:save_customize_change_password_mail", "保存自定义修改密码邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存自定义重置密码邮件模板
+     */
+    public static Type SAVE_CUSTOMIZE_RESET_PASSWORD_MAIL         = new Type(
+        "eiam:event:setting:save_customize_reset_password_mail", "保存自定义重置密码邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存自定义确认重置密码邮件模板
+     */
+    public static Type SAVE_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL = new Type(
+        "eiam:event:setting:save_customize_confirm_reset_password_mail", "保存自定义确认重置密码邮件模板",
+        SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 保存自定义验证邮件模板
+     */
+    public static Type SAVE_CUSTOMIZE_VERIFY_MAIL                 = new Type(
+        "eiam:event:setting:save_customize_verify_mail", "保存自定义验证邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存自定义欢迎邮件模板
+     */
+    public static Type SAVE_CUSTOMIZE_WELCOME_MAIL                = new Type(
+        "eiam:event:setting:save_customize_welcome_mail", "保存自定义欢迎邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存自定义修改绑定邮件模板
+     */
+    public static Type SAVE_CUSTOMIZE_MODIFY_BINDING_MAIL         = new Type(
+        "eiam:event:setting:save_customize_modify_binding_mail", "保存自定义修改绑定邮件模板", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启邮件服务
+     */
+    public static Type ON_MAIL_SERVICE                            = new Type(
+        "eiam:event:setting:on_mail_service", "开启邮件服务", SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 关闭邮件服务
+     */
+    public static Type OFF_MAIL_SERVICE                           = new Type(
+        "eiam:event:setting:off_mail_service", "关闭邮件服务", SETTING_RESOURCE, List.of(UserType.ADMIN));
+
+    /**
+     * 保存邮件服务
+     */
+    public static Type SAVE_MAIL_SERVICE                          = new Type(
+        "eiam:event:setting:save_mail_service", "保存邮件服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启短信验证服务
+     */
+    public static Type ON_SMS_SERVICE                             = new Type(
+        "eiam:event:setting:on_sms_verify_service", "开启短信验证服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭短信验证服务
+     */
+    public static Type OFF_SMS_SERVICE                            = new Type(
+        "eiam:event:setting:off_sms_verify_service", "关闭短信验证服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存短信验证服务
+     */
+    public static Type SAVE_SMS_SERVICE                           = new Type(
+        "eiam:event:setting:save_sms_verify_service", "保存短信验证服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启存储服务
+     */
+    public static Type ON_STORAGE_SERVICE                         = new Type(
+        "eiam:event:setting:on_storage_service", "开启存储服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭存储服务
+     */
+    public static Type OFF_STORAGE_SERVICE                        = new Type(
+        "eiam:event:setting:off_storage_service", "关闭存储服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存存储服务
+     */
+    public static Type SAVE_STORAGE_SERVICE                       = new Type(
+        "eiam:event:setting:save_storage_service", "保存存储服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 开启地理位置服务
+     */
+    public static Type ON_GEO_LOCATION_SERVICE                    = new Type(
+        "eiam:event:setting:on_geoip_service", "开启地理位置服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 关闭地理位置服务
+     */
+    public static Type OFF_GEO_LOCATION_SERVICE                   = new Type(
+        "eiam:event:setting:off_geoip_service", "关闭地理位置服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+
+    /**
+     * 保存地理位置服务
+     */
+    public static Type SAVE_GEO_LOCATION_SERVICE                  = new Type(
+        "eiam:event:setting:save_geoip_service", "保存地理位置服务", SETTING_RESOURCE,
+        List.of(UserType.ADMIN));
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/Type.java

@@ -0,0 +1,58 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.audit.event.type;
+
+import java.util.List;
+
+import cn.topiam.employee.common.enums.UserType;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+/**
+ * 类型
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/11/24 23:06
+ */
+@Data
+@AllArgsConstructor
+public class Type {
+    /**
+     * 编码
+     */
+    private String         code;
+    /**
+     * 名称
+     */
+    private String         name;
+    /**
+     * 资源
+     */
+    private Resource       resource;
+    /**
+     * 用户类型
+     */
+    private List<UserType> userTypes;
+
+    @Override
+    public String toString() {
+        return String.format("[%s](%s) %s", name, code, resource);
+    }
+
+}

eiam-audit/src/main/java/cn/topiam/employee/audit/package-info.java

@@ -0,0 +1,24 @@
+/*
+ * eiam-audit - Employee Identity and Access Management Program
+ * Copyright © 2020-2022 TopIAM (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * 审计事件
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2021/9/11 22:10
+ */
+package cn.topiam.employee.audit;