package com.whyc.service;
|
|
import com.whyc.dto.Response;
|
import com.whyc.pojo.UserClient;
|
import com.whyc.pojo.UserInf;
|
import com.whyc.util.ActionUtil;
|
import com.whyc.util.RSAUtil;
|
import com.whyc.util.ShiroUtil;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
import org.apache.shiro.subject.Subject;
|
import org.springframework.stereotype.Service;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpSession;
|
import java.io.UnsupportedEncodingException;
|
import java.net.URLDecoder;
|
import java.util.Locale;
|
import java.util.Map;
|
|
@Service
|
public class LoginService {
|
|
public Response login(String userName, String password, HttpServletRequest request) {
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
String message = e.getMessage();
|
if(message.contains("did not match the expected credentials")){
|
return new Response<>().set(1,false,"密码错误");
|
}
|
return new Response<>().set(1,false,message);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//Session存储当前用户
|
request.getSession().setAttribute("user",subject.getPrincipal());
|
return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
public Response login2(String userName, String pwd, HttpServletRequest request) {
|
String password = "";
|
try {
|
password = URLDecoder.decode(pwd, "utf-8");
|
}catch (UnsupportedEncodingException e){
|
e.printStackTrace();
|
}
|
String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);
|
//验签md5
|
if(!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())){
|
return new Response<>().set(0,"密码验签失败");
|
}
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
String message = e.getMessage();
|
if(message.contains("did not match the expected credentials")){
|
return new Response<>().set(1,false,"密码错误");
|
}
|
return new Response<>().set(1,false,message);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//Session存储当前用户
|
request.getSession().setAttribute("user",subject.getPrincipal());
|
return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
public Response loginByRSA(String userName, String pwd,String deliveredCode, HttpServletRequest request) {
|
deliveredCode = deliveredCode.toUpperCase();
|
String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
|
if (!deliveredCode.equals(fontDynamicCode.toUpperCase())){
|
return new Response().set(1,false,"验证码错误");
|
}
|
//验证正确,清除验证码
|
ActionUtil.getSession().removeAttribute("fontDynamicCode");
|
String password = "";
|
try {
|
password = URLDecoder.decode(pwd, "utf-8");
|
}catch (UnsupportedEncodingException e){
|
e.printStackTrace();
|
}
|
String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);
|
//验签md5
|
if(!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())){
|
return new Response<>().set(0,"密码验签失败");
|
}
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
String message = e.getMessage();
|
if(message.contains("did not match the expected credentials")){
|
return new Response<>().set(1,false,"密码错误");
|
}
|
return new Response<>().set(1,false,message);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//Session存储当前用户
|
request.getSession().setAttribute("user",subject.getPrincipal());
|
return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
|
public Response loginWithUKey(String userName, String password, HttpServletRequest request) {
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
String message = e.getMessage();
|
if(message.contains("did not match the expected credentials")){
|
return new Response<>().set(1,false,"密码错误");
|
}
|
return new Response<>().set(1,false,message);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId
|
System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//uKey和人脸识别 TODO
|
return new Response<>().set(1,true,"登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
/**
|
* 开始查看application中是否有另一用使用该账号登陆
|
*
|
* @return
|
*/
|
|
public Response checkUser(){
|
Response model = new Response();
|
Map<String, UserClient> map = (Map) ActionUtil.getApplication().getAttribute("users");
|
// System.out.println(map);
|
if (map != null && map.size() > 0) {
|
HttpSession session = ActionUtil.getSession();
|
// System.out.println(session);
|
UserInf user = (UserInf) session.getAttribute("user");
|
Long login_time = (Long) session.getAttribute("login_time");
|
if (user != null && login_time != null) {
|
UserClient client = map.get(user.getUName());
|
if (client != null) {
|
if (login_time != client.getLogin_times()) {
|
model.setCode(1);
|
//model.setMsg(getText("The landing on the account in another host, please log in again"));
|
model.setMsg("The landing on the account in another host, please log in again");
|
}
|
}
|
} else {
|
model.setCode(1);
|
//model.setMsg(getText("You are not logged in, please log in"));
|
model.setMsg("You are not logged in, please log in");
|
}
|
} else {
|
model.setCode(1);
|
//model.setMsg(getText("You are not logged in, please log in"));
|
model.setMsg("You are not logged in, please log in");
|
}
|
return model;
|
}
|
|
|
public void logout() {
|
Subject subject = SecurityUtils.getSubject();
|
subject.logout();
|
}
|
}
|
