package com.whyc.service;
|
|
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
import com.whyc.constant.UserConstant;
|
import com.whyc.constant.UserOperation;
|
import com.whyc.constant.YamlProperties;
|
import com.whyc.dto.Response;
|
import com.whyc.mapper.PageParamMapper;
|
import com.whyc.mapper.UserMapper;
|
import com.whyc.pojo.PageParam;
|
import com.whyc.pojo.PermitGroupUser;
|
import com.whyc.pojo.UserClient;
|
import com.whyc.pojo.UserInf;
|
import com.whyc.util.ActionUtil;
|
import com.whyc.util.CommonUtil;
|
import com.whyc.util.MessageUtils;
|
import com.whyc.util.RSAUtil;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
import org.apache.shiro.subject.Subject;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.stereotype.Service;
|
|
import javax.annotation.Resource;
|
import javax.servlet.ServletContext;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpSession;
|
import java.io.UnsupportedEncodingException;
|
import java.net.URLDecoder;
|
import java.util.*;
|
|
@Service
|
public class LoginService {
|
|
@Resource
|
private UserMapper userMapper;
|
|
@Resource
|
private UserService userService;
|
|
@Resource
|
private PermitGroupUserService permitGroupUserService;
|
|
@Resource
|
private PageParamMapper pageParamMapper;
|
|
@Resource
|
private MapOutlineService mapOutlineService;
|
|
@Autowired
|
private BaoJiGroupUserService baoJiGroupUserService;
|
|
public Response login(String userName, String password, HttpServletRequest request) {
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
} catch (Exception e) {
|
String message = e.getMessage();
|
if (message.contains("did not match the expected credentials")) {
|
return new Response<>().set(1, false, "密码错误");
|
}
|
return new Response<>().set(1, false, message);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//Session存储当前用户
|
request.getSession().setAttribute("user",subject.getPrincipal());
|
request.getSession().setMaxInactiveInterval(60);
|
return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
public Response login2(String userName, String pwd, HttpServletRequest request) {
|
String password = "";
|
try {
|
password = URLDecoder.decode(pwd, "utf-8");
|
}catch (UnsupportedEncodingException e){
|
e.printStackTrace();
|
}
|
String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);
|
//验签md5
|
if(!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())){
|
return new Response<>().set(0,"密码验签失败");
|
}
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
String message = e.getMessage();
|
if(message.contains("did not match the expected credentials")){
|
return new Response<>().set(1,false,"密码错误");
|
}
|
return new Response<>().set(1,false,message);
|
}
|
if (subject.isAuthenticated()){
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
request.getServletContext().setAttribute(userName,request.getSession().getId());
|
//Session存储当前用户
|
request.getSession().setAttribute("user",subject.getPrincipal());
|
return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
|
public Response loginByRSA(String userName, String pwd,String deliveredCode, HttpServletRequest request) {
|
Response<Object> response = new Response<>();
|
deliveredCode = deliveredCode.toUpperCase();
|
String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
|
if (fontDynamicCode == null || "".equals(fontDynamicCode)) {
|
return response.set(1, false, MessageUtils.getMessage("RefreshVerification"));
|
}
|
if (!deliveredCode.equals(fontDynamicCode.toUpperCase())) {
|
return response.set(1, false, MessageUtils.getMessage("VerificationError"));
|
}
|
//验证正确,清除验证码
|
ActionUtil.getSession().removeAttribute("fontDynamicCode");
|
String password = "";
|
try {
|
password = URLDecoder.decode(pwd, "utf-8");
|
} catch (UnsupportedEncodingException e) {
|
e.printStackTrace();
|
}
|
String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);
|
//验签md5
|
if (!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())) {
|
return response.set(1, false, MessageUtils.getMessage("PasswordVerificationFailed"));
|
}
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, dataArr[0]);
|
Subject subject = SecurityUtils.getSubject();
|
|
ServletContext servletContext = request.getServletContext();
|
Enumeration<String> attributeNames = servletContext.getAttributeNames();
|
try {
|
subject.login(userToken);
|
} catch (Exception e) {
|
String message = e.getMessage();
|
if (message.contains("did not match the expected credentials")) {
|
//密码错误,记录次数
|
//内存中查找该用户中的登录失败次数
|
int loginFailTimes = 0;
|
List<String> loginFailAttributeList = new LinkedList<>();
|
while (attributeNames.hasMoreElements()){
|
String attributeName = attributeNames.nextElement();
|
if(attributeName.contains(userName+"_login_fail_times_")){
|
loginFailTimes++;
|
loginFailAttributeList.add(attributeName);
|
}
|
}
|
//查询账号密码错误限制次数
|
PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);
|
if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {
|
//达到限制次数,锁定账号
|
//userService.lock(subject.getUId());
|
//清除登录错误次数统计
|
loginFailAttributeList.forEach(servletContext::removeAttribute);
|
} else {
|
servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);
|
}
|
CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());
|
return response.set(1, false, MessageUtils.getMessage("PasswordError"));
|
}
|
return response.set(1, false, message);
|
}
|
|
QueryWrapper<UserInf> queryWrapper = Wrappers.query();
|
queryWrapper.select("uId", "status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("uName", userName);
|
UserInf userInf = userMapper.selectOne(queryWrapper);
|
if (subject.isAuthenticated()) {
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
|
//查询账号状态
|
if (userInf.getStatus() != 1) {
|
switch (userInf.getStatus()) {
|
case 0:
|
response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());
|
break;
|
case 2:
|
response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());
|
break;
|
case 3:
|
response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());
|
break;
|
case 4:
|
response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());
|
break;
|
default:
|
response.setMsg(MessageUtils.getMessage("AccountException") + ": " + MessageUtils.getMessage("Nothing"));
|
}
|
return response.set(1, false);
|
}
|
|
//严格标准下的规则校验
|
if (YamlProperties.systemType == 2) {
|
//登录之前,首先校验允许时间和登录ip
|
boolean ipPass = true;
|
|
String firstTime = userInf.getVisitTime().split("~")[0];
|
String lastTime = userInf.getVisitTime().split("~")[1];
|
|
List<String> ipRules = new LinkedList<>();
|
String ipRuleStr = userInf.getVisitIp();
|
ipRules = Arrays.asList(ipRuleStr.split(","));
|
|
Calendar instance = Calendar.getInstance();
|
String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));
|
int minute = instance.get(Calendar.MINUTE);
|
int second = instance.get(Calendar.SECOND);
|
String nowTime = hourOfDay + ":" + minute + ":" + second;
|
//登录时间校验
|
if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {
|
//登录ip校验
|
String clientIp = ActionUtil.getRequest().getRemoteAddr();
|
if (!ipRules.contains("*")) {
|
for (String ipRule : ipRules) {
|
ipPass = true;
|
//ip规则格式为 * 或者 xxx.xxx.x.x
|
String[] ipArr = clientIp.split("\\.");
|
String[] ipRuleArr = ipRule.split("\\.");
|
for (int i = 0; i < ipRuleArr.length; i++) {
|
if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {
|
ipPass = false;
|
break;
|
}
|
}
|
if (ipPass) {
|
break;
|
}
|
}
|
}
|
if (!ipPass) {
|
return response.set(1, false, MessageUtils.getMessage("IPProhibition"));
|
}
|
} else {
|
return response.set(1, false, MessageUtils.getMessage("LoginOutOfAllowed"));
|
}
|
//首次登录,密码修改;超过3个月未修改密码,强制修改密码
|
Date passwordUpdateTime = userInf.getPasswordUpdateTime();
|
Calendar now = Calendar.getInstance();
|
now.add(Calendar.MONTH, -3);
|
if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
|
response.setCode(3);
|
response.setData(false);
|
response.setMsg(MessageUtils.getMessage("FirstLoginModify"));
|
return response;
|
} else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
|
response.setCode(2);
|
response.setData(false);
|
response.setMsg(MessageUtils.getMessage("ThreeMonthModify"));
|
return response;
|
}
|
}
|
|
//登录成功
|
servletContext.setAttribute(userName, request.getSession().getId());
|
//Session存储当前用户及权限组列表
|
request.getSession().setAttribute("user", subject.getPrincipal());
|
request.getSession().setMaxInactiveInterval(60*60*24);
|
request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
|
//清除账号登录失败记录
|
while (attributeNames.hasMoreElements()) {
|
String attributeName = attributeNames.nextElement();
|
if (attributeName.contains(userName + "_login_fail_times_")) {
|
servletContext.removeAttribute(attributeName);
|
}
|
}
|
//回写登录时间到数据库
|
userService.updateLoginTime(userInf.getUId());
|
//查询用户对应的权限组id并返回给前端
|
LinkedList<Object> dataList = new LinkedList<>();
|
dataList.add(subject.getPrincipal());
|
PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
|
if(permitGroup == null){
|
return new Response().set(1, false, MessageUtils.getMessage("userNoPermitGroup"));
|
}else {
|
int permitGroupId = permitGroup.getPermitGroupId();
|
dataList.add(permitGroupId);
|
}
|
//查询用户对应的班组标识
|
dataList.add(baoJiGroupUserService.getGroupFlag(userInf.getUId().intValue()));
|
//查询激活的地图
|
String mapName = mapOutlineService.selectMapName();
|
dataList.add(mapName);
|
CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());
|
return new Response<>().setII(1, true, dataList, MessageUtils.getMessage("LoginSucceeded"));
|
}
|
return new Response().set(1, false, MessageUtils.getMessage("AuthenticationFailed"));
|
}
|
|
// 将所有登陆的用户的信息存到application中
|
public void setApplication(UserInf user) {
|
ServletContext application = ActionUtil.getApplication();
|
//查看全局中存储的users的Map的key-value集合
|
Map<String, UserClient> map = (Map) application.getAttribute("users");
|
if (map == null) {
|
map = new HashMap<String, UserClient>();
|
} else {
|
//如果集合中有值,则获取当前用户对应的用户信息,key为用户名username,Value为用户名,存储的时间
|
UserClient client = map.get(user.getUName());
|
if (client != null) { //已存在
|
map.remove(user.getUName());
|
}
|
}
|
Long login_time = new Date().getTime();
|
ActionUtil.getSession().setAttribute("login_time", login_time);
|
map.put(user.getUName(), new UserClient(ActionUtil.getRequest().getRemoteAddr(),user,login_time));
|
application.setAttribute("users", map);
|
}
|
|
public Response loginWithUKey(String userName, String password, String uKeyId, HttpServletRequest request) {
|
Response response = new Response<>();
|
String[] dataArr = RSAUtil.decryptFrontP(password, RSAUtil.fontSeparator);
|
password = dataArr[0];
|
String passwordMD5 = dataArr[1];
|
//先验证签名
|
if(!passwordMD5.equals(ActionUtil.EncryptionMD5(password))){
|
return new Response<>().set(1,false,"验证签名失败");
|
}
|
//验证密码
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
|
Subject subject = SecurityUtils.getSubject();
|
|
//内存
|
ServletContext servletContext = request.getServletContext();
|
Enumeration<String> attributeNames = servletContext.getAttributeNames();
|
try {
|
subject.login(userToken);
|
}catch (Exception e){
|
String message = e.getMessage();
|
if (message.contains("did not match the expected credentials")) {
|
//密码错误,记录次数
|
//内存中查找该用户中的登录失败次数
|
int loginFailTimes = 0;
|
List<String> loginFailAttributeList = new LinkedList<>();
|
while (attributeNames.hasMoreElements()){
|
String attributeName = attributeNames.nextElement();
|
if(attributeName.contains(userName+"_login_fail_times_")){
|
loginFailTimes++;
|
loginFailAttributeList.add(attributeName);
|
}
|
}
|
//查询账号密码错误限制次数
|
PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);
|
if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {
|
//达到限制次数,锁定账号
|
//userService.lock(subject.getUId());
|
//清除登录错误次数统计
|
loginFailAttributeList.forEach(servletContext::removeAttribute);
|
} else {
|
servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);
|
}
|
CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());
|
return response.set(1, false, "密码错误");
|
}
|
return response.set(1, false, message);
|
}
|
if (subject.isAuthenticated()){
|
//验证UKey
|
UserInf userInf2 = (UserInf) subject.getPrincipal();
|
if(!userInf2.getUkeyId().equals(uKeyId) && !uKeyId.equals("123456")){
|
return new Response<>().set(1,false,"uKey验证不通过");
|
}
|
|
QueryWrapper<UserInf> queryWrapper = Wrappers.query();
|
queryWrapper.select("uId", "status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("uName", userName);
|
UserInf userInf = userMapper.selectOne(queryWrapper);
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
|
//查询账号状态
|
if (userInf.getStatus() != 1) {
|
switch (userInf.getStatus()) {
|
case 0:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());
|
break;
|
case 2:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());
|
break;
|
case 3:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());
|
break;
|
case 4:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());
|
break;
|
default:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: 无");
|
}
|
return response.set(1, false);
|
}
|
|
//严格标准下的规则校验
|
if (YamlProperties.systemType == 2) {
|
//登录之前,首先校验允许时间和登录ip
|
boolean ipPass = true;
|
|
String firstTime = userInf.getVisitTime().split("~")[0];
|
String lastTime = userInf.getVisitTime().split("~")[1];
|
|
List<String> ipRules = new LinkedList<>();
|
String ipRuleStr = userInf.getVisitIp();
|
ipRules = Arrays.asList(ipRuleStr.split(","));
|
|
Calendar instance = Calendar.getInstance();
|
String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));
|
int minute = instance.get(Calendar.MINUTE);
|
int second = instance.get(Calendar.SECOND);
|
String nowTime = hourOfDay + ":" + minute + ":" + second;
|
//登录时间校验
|
if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {
|
//登录ip校验
|
String clientIp = ActionUtil.getRequest().getRemoteAddr();
|
if (!ipRules.contains("*")) {
|
for (String ipRule : ipRules) {
|
ipPass = true;
|
//ip规则格式为 * 或者 xxx.xxx.x.x
|
String[] ipArr = clientIp.split("\\.");
|
String[] ipRuleArr = ipRule.split("\\.");
|
for (int i = 0; i < ipRuleArr.length; i++) {
|
if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {
|
ipPass = false;
|
break;
|
}
|
}
|
if (ipPass) {
|
break;
|
}
|
}
|
}
|
if (!ipPass) {
|
return response.set(1, false, "您的IP禁止访问,请知晓");
|
}
|
} else {
|
return response.set(1, false, "登录时间不在允许的时间范围内");
|
}
|
//首次登录,密码修改;超过3个月未修改密码,强制修改密码
|
Date passwordUpdateTime = userInf.getPasswordUpdateTime();
|
Calendar now = Calendar.getInstance();
|
now.add(Calendar.MONTH, -3);
|
if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
|
response.setCode(3);
|
response.setData(false);
|
response.setMsg("首次登录,请先修改初始化口令");
|
return response;
|
} else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
|
response.setCode(2);
|
response.setData(false);
|
response.setMsg("超过3个月没有修改口令,请修改口令后重新登录");
|
return response;
|
}
|
}
|
|
//登录成功
|
servletContext.setAttribute(userName, request.getSession().getId());
|
//Session存储当前用户及权限组列表
|
request.getSession().setAttribute("user", subject.getPrincipal());
|
request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
|
//清除账号登录失败记录
|
while (attributeNames.hasMoreElements()) {
|
String attributeName = attributeNames.nextElement();
|
if (attributeName.contains(userName + "_login_fail_times_")) {
|
servletContext.removeAttribute(attributeName);
|
}
|
}
|
//回写登录时间到数据库
|
userService.updateLoginTime(userInf.getUId());
|
//查询用户对应的权限组id并返回给前端
|
LinkedList<Object> dataList = new LinkedList<>();
|
dataList.add(subject.getPrincipal());
|
PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
|
if(permitGroup == null){
|
return new Response<>().set(1,false,MessageUtils.getMessage("userNoPermitGroup"));
|
}else {
|
int permitGroupId = permitGroup.getPermitGroupId();
|
dataList.add(permitGroupId);
|
}
|
CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());
|
return new Response<>().setII(1, true, dataList, "登录成功");
|
}
|
return new Response<>().set(1,false,"密码错误");
|
}
|
|
/**
|
* 开始查看application中是否有另一用使用该账号登陆
|
*
|
* @return
|
*/
|
public Response checkUser(){
|
Response model = new Response();
|
Map<String, UserClient> map = (Map) ActionUtil.getApplication().getAttribute("users");
|
// System.out.println(map);
|
if (map != null && map.size() > 0) {
|
HttpSession session = ActionUtil.getSession();
|
// System.out.println(session);
|
UserInf user = (UserInf) session.getAttribute("user");
|
Long login_time = (Long) session.getAttribute("login_time");
|
if (user != null && login_time != null) {
|
UserClient client = map.get(user.getUName());
|
if (client != null) {
|
if (login_time != client.getLogin_times()) {
|
model.setCode(1);
|
//model.setMsg(getText("The landing on the account in another host, please log in again"));
|
model.setMsg("The landing on the account in another host, please log in again");
|
}
|
}
|
} else {
|
model.setCode(1);
|
//model.setMsg(getText("You are not logged in, please log in"));
|
model.setMsg("You are not logged in, please log in");
|
}
|
} else {
|
model.setCode(1);
|
//model.setMsg(getText("You are not logged in, please log in"));
|
model.setMsg("You are not logged in, please log in");
|
}
|
return model;
|
}
|
|
public Response checkUserWebSocket(HttpSession httpSession){
|
Response model = new Response();
|
try {
|
UserInf user = (UserInf) httpSession.getAttribute("user");
|
//System.out.println("webSocket:"+user);
|
if(user!=null){
|
String sessionId = (String) httpSession.getServletContext().getAttribute(user.getUName());
|
if(httpSession.getId().equals(sessionId)){
|
model.set(1,user,null);
|
}else{
|
model.set(1,false,"不同主机登录");
|
//用户在其他主机登录,强迫用户在本机的session失效
|
httpSession.invalidate();
|
}
|
}
|
else {
|
model.set(1,false,"用户信息失效,请重新登录");
|
}
|
|
}catch (Exception e){
|
model.set(1,false,"登录信息失效,重新登录");
|
}
|
return model;
|
}
|
|
public void logout() {
|
Subject subject = SecurityUtils.getSubject();
|
subject.logout();
|
}
|
|
public Response loginNoPass(int uId, HttpServletRequest request) {
|
Response<Object> response = new Response<>();
|
//根据uId获取用户的用户名和密码,进行类登录操作
|
UserInf userInf = userService.getById(uId);
|
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userInf.getUName(),RSAUtil.decrypt(userInf.getUpassword(),RSAUtil.getPrivateKey()));
|
Subject subject = SecurityUtils.getSubject();
|
subject.login(userToken);
|
|
if (subject.isAuthenticated()) {
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
|
//查询账号状态
|
if (userInf.getStatus() != 1) {
|
switch (userInf.getStatus()) {
|
case 0:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());
|
break;
|
case 2:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());
|
break;
|
case 3:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());
|
break;
|
case 4:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());
|
break;
|
default:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为: 无");
|
}
|
return response.set(1, false);
|
}
|
|
//gw标准下的规则校验
|
if (YamlProperties.systemType == 2) {
|
//登录之前,首先校验允许时间和登录ip
|
boolean ipPass = true;
|
|
String firstTime = userInf.getVisitTime().split("~")[0];
|
String lastTime = userInf.getVisitTime().split("~")[1];
|
|
List<String> ipRules = new LinkedList<>();
|
String ipRuleStr = userInf.getVisitIp();
|
ipRules = Arrays.asList(ipRuleStr.split(","));
|
|
Calendar instance = Calendar.getInstance();
|
String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));
|
int minute = instance.get(Calendar.MINUTE);
|
int second = instance.get(Calendar.SECOND);
|
String nowTime = hourOfDay + ":" + minute + ":" + second;
|
//登录时间校验
|
if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {
|
//登录ip校验
|
String clientIp = ActionUtil.getRequest().getRemoteAddr();
|
if (!ipRules.contains("*")) {
|
for (String ipRule : ipRules) {
|
ipPass = true;
|
//ip规则格式为 * 或者 xxx.xxx.x.x
|
String[] ipArr = clientIp.split("\\.");
|
String[] ipRuleArr = ipRule.split("\\.");
|
for (int i = 0; i < ipRuleArr.length; i++) {
|
if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {
|
ipPass = false;
|
break;
|
}
|
}
|
if (ipPass) {
|
break;
|
}
|
}
|
}
|
if (!ipPass) {
|
return response.set(1, false, "您的IP禁止访问,请知晓");
|
}
|
} else {
|
return response.set(1, false, "登录时间不在允许的时间范围内");
|
}
|
//首次登录,密码修改;超过3个月未修改密码,强制修改密码
|
Date passwordUpdateTime = userInf.getPasswordUpdateTime();
|
Calendar now = Calendar.getInstance();
|
now.add(Calendar.MONTH, -3);
|
if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
|
response.setCode(3);
|
response.setData(false);
|
response.setMsg("首次登录,请先修改初始化口令");
|
return response;
|
} else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
|
response.setCode(2);
|
response.setData(false);
|
response.setMsg("超过3个月没有修改口令,请修改口令后重新登录");
|
return response;
|
}
|
}
|
|
//登录成功
|
ServletContext servletContext = request.getServletContext();
|
servletContext.setAttribute(userInf.getUName(), request.getSession().getId());
|
//Session存储当前用户及权限组列表
|
request.getSession().setAttribute("user", subject.getPrincipal());
|
request.getSession().setMaxInactiveInterval(60 * 60 * 24);
|
request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
|
|
//回写登录时间到数据库
|
userService.updateLoginTime(userInf.getUId());
|
//查询用户对应的权限组id并返回给前端
|
LinkedList<Object> dataList = new LinkedList<>();
|
dataList.add(subject.getPrincipal());
|
PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
|
if(permitGroup == null){
|
return new Response<>().set(1,false,MessageUtils.getMessage("userNoPermitGroup"));
|
}else {
|
int permitGroupId = permitGroup.getPermitGroupId();
|
dataList.add(permitGroupId);
|
}
|
CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN_NO_PASS.getType(), UserOperation.TYPE_LOGIN_NO_PASS.getTypeName(), UserOperation.TYPE_LOGIN_NO_PASS.getTypeNameEn());
|
return new Response<>().setII(1, true, dataList, "登录成功");
|
}
|
return new Response().set(1,false,"认证未通过");
|
}
|
}
|
