package com.whyc.service;
|
|
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
import com.whyc.constant.UserConstant;
|
import com.whyc.constant.UserLogTypeEnum;
|
import com.whyc.constant.YamlProperties;
|
import com.whyc.dto.Response;
|
import com.whyc.dto.UserClient;
|
import com.whyc.mapper.PageParamMapper;
|
import com.whyc.mapper.UserMapper;
|
import com.whyc.pojo.db_app_sys.PageParam;
|
import com.whyc.pojo.db_user.Permitgroup;
|
import com.whyc.pojo.db_user.PermitgroupUsr;
|
import com.whyc.pojo.db_user.User;
|
import com.whyc.util.*;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
import org.apache.shiro.subject.Subject;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.stereotype.Service;
|
|
import javax.annotation.Resource;
|
import javax.servlet.ServletContext;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpSession;
|
import java.util.*;
|
|
@Service
|
public class LoginService {
|
|
@Resource
|
private UserMapper userMapper;
|
|
@Resource
|
private PageParamMapper pageParamMapper;
|
|
@Resource
|
private UserService userService;
|
|
@Resource
|
private PermitGroupUserService permitGroupUserService;
|
|
@Resource
|
private PermitGroupService permitGroupService;
|
|
@Autowired
|
private BaojigroupService bjService;
|
|
public Response loginByRSA(String userName, String pwd, String deliveredCode, HttpServletRequest request, Integer validCode) {
|
Response<Object> response = new Response<>();
|
//默认赋值0
|
response.setData3(0);
|
//Locale.setDefault(Locale.ENGLISH);
|
deliveredCode = deliveredCode.toUpperCase(Locale.ENGLISH);
|
if(validCode ==null ) { //属性不存在,则进行验证码校验;属性存在,则不进行验证码校验
|
if (YamlProperties.fontDynamicCodeSwitch.toLowerCase(Locale.ENGLISH).equals("true")) {
|
String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
|
if (fontDynamicCode == null || "".equals(fontDynamicCode)) {
|
return response.set(1, false, "请刷新验证码");
|
}
|
if (!deliveredCode.equals(fontDynamicCode.toUpperCase(Locale.ENGLISH))) {
|
return response.set(1, false, "验证码错误");
|
}
|
}
|
}
|
//验证正确,清除验证码
|
ActionUtil.getSession().removeAttribute("fontDynamicCode");
|
|
String[] dataArr = RSAUtil.decryptFrontP(pwd, RSAUtil.fontSeparator);
|
//验签md5
|
if (!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())) {
|
return response.set(1, false, "密码验签失败");
|
}
|
UsernamePasswordToken userToken = new UsernamePasswordToken(userName, dataArr[0]);
|
Subject subject = SecurityUtils.getSubject();
|
|
ServletContext servletContext = request.getServletContext();
|
Enumeration<String> attributeNames = servletContext.getAttributeNames();
|
|
QueryWrapper<User> queryWrapper = Wrappers.query();
|
queryWrapper.select("id","name","role","status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("name", userName);
|
User userInf = userMapper.selectOne(queryWrapper);
|
//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
|
//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
|
|
//查询账号状态
|
if(userInf == null){
|
return response.set(1,false,"账号或密码错误");
|
}
|
if (userInf.getStatus() != 1) {
|
switch (userInf.getStatus()) {
|
case 0:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为" + ": " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());
|
break;
|
case 2:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为" + ": " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());
|
break;
|
case 3:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为" + ": " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());
|
break;
|
case 4:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为" + ": " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());
|
break;
|
default:
|
response.setMsg("当前账号的状态异常,无法登录. 异常信息为:无" );
|
}
|
return response.set(1, false);
|
}
|
|
//严格标准下的规则校验
|
if (YamlProperties.systemType == 2) {
|
//登录之前,首先校验允许时间和登录ip
|
boolean ipPass = true;
|
|
String firstTime = userInf.getVisitTime().split("~")[0];
|
String lastTime = userInf.getVisitTime().split("~")[1];
|
|
List<String> ipRules = new LinkedList<>();
|
String ipRuleStr = userInf.getVisitIp();
|
ipRules = Arrays.asList(ipRuleStr.split(","));
|
|
Calendar instance = Calendar.getInstance();
|
String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));
|
int minute = instance.get(Calendar.MINUTE);
|
int second = instance.get(Calendar.SECOND);
|
String nowTime = hourOfDay + ":" + minute + ":" + second;
|
//登录时间校验
|
if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {
|
//登录ip校验
|
String clientIp = ActionUtil.getRequest().getRemoteAddr();
|
if (!ipRules.contains("*")) {
|
for (String ipRule : ipRules) {
|
ipPass = true;
|
//ip规则格式为 * 或者 xxx.xxx.x.x
|
String[] ipArr = clientIp.split("\\.");
|
String[] ipRuleArr = ipRule.split("\\.");
|
for (int i = 0; i < ipRuleArr.length; i++) {
|
if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {
|
ipPass = false;
|
break;
|
}
|
}
|
if (ipPass) {
|
break;
|
}
|
}
|
}
|
if (!ipPass) {
|
return response.set(1, false, "您的IP禁止访问,请知晓");
|
}
|
} else {
|
return response.set(1, false,"登录时间不在允许的时间范围内");
|
}
|
//首次登录,密码修改;超过3个月未修改密码,强制修改密码
|
Date passwordUpdateTime = userInf.getPasswordUpdateTime();
|
Calendar now = Calendar.getInstance();
|
now.add(Calendar.MONTH, -3);
|
if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
|
/*response.setCode(3);
|
response.setData(false);
|
response.setMsg(MessageUtils.getMessage("FirstLoginModify"));
|
return response;*/
|
response.setData3(2);
|
} else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
|
/*response.setCode(2);
|
response.setData(false);
|
response.setMsg(MessageUtils.getMessage("ThreeMonthModify"));
|
return response;*/
|
response.setData3(3);
|
}
|
}
|
|
try {
|
subject.login(userToken);
|
} catch (Exception e) {
|
String message = e.getMessage();
|
if (message.contains("did not match the expected credentials")) {
|
//密码错误,记录次数
|
//内存中查找该用户中的登录失败次数
|
int loginFailTimes = 0;
|
List<String> loginFailAttributeList = new LinkedList<>();
|
while (attributeNames.hasMoreElements()){
|
String attributeName = attributeNames.nextElement();
|
if(attributeName.contains(userName+"_login_fail_times_")){
|
loginFailTimes++;
|
loginFailAttributeList.add(attributeName);
|
}
|
}
|
//查询账号密码错误限制次数
|
PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);
|
if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {
|
//达到限制次数,锁定账号
|
userService.lock(userInf.getId());
|
//清除登录错误次数统计
|
loginFailAttributeList.forEach(servletContext::removeAttribute);
|
} else {
|
servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);
|
}
|
CommonUtil.record( UserLogTypeEnum.CATEGORY_SYSTEM.getType(), UserLogTypeEnum.LOGIN_FAIL.getType(),UserLogTypeEnum.LOGIN_FAIL.getName(), UserLogTypeEnum.LOGIN_FAIL.getName());
|
return response.set(1, false, "账号或密码错误");
|
}else if(e instanceof AuthenticationException){
|
return response.set(1, false, "密码解析失败");
|
}
|
return response.set(1, false, message);
|
}
|
|
if (subject.isAuthenticated()) {
|
//验证密码时效性
|
int flag=userService.checkPasswordValidity(userInf);
|
if(flag==-1){
|
return response.set(1, false, "密码长期未修改已失效,请修改密码");
|
}
|
//登录成功
|
servletContext.setAttribute(userName, request.getSession().getId());
|
//日登录用户统计
|
HashMap<String, String> loginMap = (HashMap<String, String>) servletContext.getAttribute("login");
|
if(loginMap == null){
|
loginMap = new HashMap<>();
|
servletContext.setAttribute("login", loginMap);
|
}
|
String dateStr = DateUtil.YYYY_MM_DD.format(new Date());
|
loginMap.put(userName, dateStr);
|
/*//累计访问人次
|
pageParam2Service.updateVisitCount();*/
|
//Session存储当前用户及权限组列表
|
request.getSession().setAttribute("user", subject.getPrincipal());
|
request.getSession().setMaxInactiveInterval(60*30);
|
request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getId())));
|
//清除账号登录失败记录
|
while (attributeNames.hasMoreElements()) {
|
String attributeName = attributeNames.nextElement();
|
if (attributeName.contains(userName + "_login_fail_times_")) {
|
servletContext.removeAttribute(attributeName);
|
}
|
}
|
//回写登录时间到数据库
|
userService.updateLoginTime(userInf.getId());
|
//查询用户对应的权限组id并返回给前端
|
Map<String,Object> map=new HashMap<>();
|
map.put("user",userInf);
|
PermitgroupUsr permitGroup = permitGroupUserService.getPermitGroup(userInf.getId());
|
if(permitGroup == null){
|
return response.set(1, false, "当前用户没有对应的权限组,登录失败");
|
}else {
|
//int permitGroupId = permitGroup.getPermitGroupId();
|
//查询权限组信息
|
List<Permitgroup> permitgroupList=permitGroupUserService.getPermitByUser(userInf.getId());
|
map.put("permit",permitgroupList);
|
}
|
//查询用户对应的班组标识
|
map.put("teamFlag",bjService.getGroupFlag(userInf.getId().intValue()));
|
CommonUtil.record( UserLogTypeEnum.CATEGORY_SYSTEM.getType(), UserLogTypeEnum.LOGIN.getType(),UserLogTypeEnum.LOGIN.getName(), UserLogTypeEnum.LOGIN.getName());
|
return response.setII(1, true, map, "登录成功");
|
}
|
return response.set(1, false,"认证未通过");
|
}
|
|
|
|
|
//登录检测
|
public Response checkUserWebSocket(HttpSession httpSession){
|
Response model = new Response();
|
try {
|
User user = (User) httpSession.getAttribute("user");
|
if(user!=null){
|
String sessionId = (String) httpSession.getServletContext().getAttribute(user.getName());
|
if(httpSession.getId().equals(sessionId)){
|
model.set(1,user,"");
|
}else{
|
if(sessionId.equals("123456")){
|
model.set(1,false,"身份权限变更,请重新登录");
|
}else{
|
model.set(1,false,"不同主机登录");
|
}
|
//用户在其他主机登录,强迫用户在本机的session失效
|
httpSession.invalidate();
|
}
|
}
|
else {
|
model.set(1,false,"用户信息失效,请重新登录");
|
}
|
}catch (Exception e){
|
model.set(1,false,"登录信息失效,重新登录");
|
}
|
return model;
|
}
|
|
public void logout() {
|
Subject subject = SecurityUtils.getSubject();
|
subject.logout();
|
}
|
|
}
|
