fg重构项目
blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace
lxw
2023-08-15 160e150009b51a39fa95d9462c3798ba28d51a09 
 src/main/java/com/whyc/service/LoginService.java


@@ -1,41 +1,91 @@


package com.whyc.service;




import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;


import com.baomidou.mybatisplus.core.toolkit.Wrappers;


import com.whyc.constant.UserConstant;


import com.whyc.constant.UserOperation;


import com.whyc.constant.YamlProperties;


import com.whyc.dto.Response;


import com.whyc.util.ShiroUtil;


import com.whyc.mapper.PageParamMapper;


import com.whyc.mapper.UserMapper;


import com.whyc.pojo.PageParam;


import com.whyc.pojo.PermitGroupUser;


import com.whyc.pojo.UserClient;


import com.whyc.pojo.UserInf;


import com.whyc.util.ActionUtil;


import com.whyc.util.CommonUtil;


import com.whyc.util.MessageUtils;


import com.whyc.util.RSAUtil;


import org.apache.shiro.SecurityUtils;


import org.apache.shiro.authc.UsernamePasswordToken;


import org.apache.shiro.subject.Subject;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.stereotype.Service;




import javax.annotation.Resource;


import javax.servlet.ServletContext;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpSession;


import java.io.UnsupportedEncodingException;


import java.net.URLDecoder;


import java.util.*;




@Service


public class LoginService {




    @Resource


    private UserMapper userMapper;




    @Resource


    private UserService userService;




    @Resource


    private PermitGroupUserService permitGroupUserService;




    @Resource


    private PageParamMapper pageParamMapper;




    @Resource


    private MapOutlineService mapOutlineService;




    @Autowired


    private BaoJiGroupUserService baoJiGroupUserService;




    public Response login(String userName, String password, HttpServletRequest request) {


        UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);


        Subject subject = SecurityUtils.getSubject();


        try {


            subject.login(userToken);


        }catch (Exception e){


        } catch (Exception e) {


            String message = e.getMessage();


            if(message.contains("did not match the expected credentials")){


                return new Response<>().set(1,false,"密码错误");


            if (message.contains("did not match the expected credentials")) {


                return new Response<>().set(1, false, "密码错误");


            }


            return new Response<>().set(1,false,message);


            return new Response<>().set(1, false, message);


        }


        if (subject.isAuthenticated()){


            //每个登录的用户都有一个全局变量,里面存着对应的SessionId;


            //同一个账号,后面登录的,会挤掉之前登录的SessionId


            System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());


            //同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1


            request.getServletContext().setAttribute(userName,request.getSession().getId());


            return new Response<>().set(1,true,"登录成功");


            //Session存储当前用户


            request.getSession().setAttribute("user",subject.getPrincipal());


            request.getSession().setMaxInactiveInterval(60);


            return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");


        }


        return new Response<>().set(1,false,"密码错误");


    }




    public Response loginWithUKey(String userName, String password, HttpServletRequest request) {


    public Response login2(String userName, String pwd, HttpServletRequest request) {


        String password = "";


        try {


            password = URLDecoder.decode(pwd, "utf-8");


        }catch (UnsupportedEncodingException e){


            e.printStackTrace();


        }


        String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);


        //验签md5


        if(!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())){


            return new Response<>().set(0,"密码验签失败");


        }


        UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);


        Subject subject = SecurityUtils.getSubject();


        try {


@@ -49,17 +99,576 @@


        }


        if (subject.isAuthenticated()){


            //每个登录的用户都有一个全局变量,里面存着对应的SessionId;


            //同一个账号,后面登录的,会挤掉之前登录的SessionId


            System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());


            //同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1


            request.getServletContext().setAttribute(userName,request.getSession().getId());


            //uKey和人脸识别 TODO


            return new Response<>().set(1,true,"登录成功");


            //Session存储当前用户


            request.getSession().setAttribute("user",subject.getPrincipal());


            return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");


        }


        return new Response<>().set(1,false,"密码错误");


    }




    public Response loginByRSA(String userName, String pwd,String deliveredCode, HttpServletRequest request) {


        Response<Object> response = new Response<>();


        deliveredCode = deliveredCode.toUpperCase();


        String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");


        if (fontDynamicCode == null || "".equals(fontDynamicCode)) {


            return response.set(1, false, MessageUtils.getMessage("RefreshVerification"));


        }


        if (!deliveredCode.equals(fontDynamicCode.toUpperCase())) {


            return response.set(1, false, MessageUtils.getMessage("VerificationError"));


        }


        //验证正确,清除验证码


        ActionUtil.getSession().removeAttribute("fontDynamicCode");


        String password = "";


        try {


            password = URLDecoder.decode(pwd, "utf-8");


        } catch (UnsupportedEncodingException e) {


            e.printStackTrace();


        }


        String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);


        //验签md5


        if (!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())) {


            return response.set(1, false, MessageUtils.getMessage("PasswordVerificationFailed"));


        }


        UsernamePasswordToken userToken = new UsernamePasswordToken(userName, dataArr[0]);


        Subject subject = SecurityUtils.getSubject();




        ServletContext servletContext = request.getServletContext();


        Enumeration<String> attributeNames = servletContext.getAttributeNames();


        try {


            subject.login(userToken);


        } catch (Exception e) {


            String message = e.getMessage();


            if (message.contains("did not match the expected credentials")) {


                //密码错误,记录次数


                //内存中查找该用户中的登录失败次数


                int loginFailTimes = 0;


                List<String> loginFailAttributeList = new LinkedList<>();


                while (attributeNames.hasMoreElements()){


                    String attributeName = attributeNames.nextElement();


                    if(attributeName.contains(userName+"_login_fail_times_")){


                        loginFailTimes++;


                        loginFailAttributeList.add(attributeName);


                    }


                }


                //查询账号密码错误限制次数


                PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);


                if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {


                    //达到限制次数,锁定账号


                    //userService.lock(subject.getUId());


                    //清除登录错误次数统计


                    loginFailAttributeList.forEach(servletContext::removeAttribute);


                } else {


                    servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);


                }


                CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());


                return response.set(1, false, MessageUtils.getMessage("PasswordError"));


            }


            return response.set(1, false, message);


        }




        QueryWrapper<UserInf> queryWrapper = Wrappers.query();


        queryWrapper.select("uId", "status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("uName", userName);


        UserInf userInf = userMapper.selectOne(queryWrapper);


        if (subject.isAuthenticated()) {


            //每个登录的用户都有一个全局变量,里面存着对应的SessionId;


            //同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1




            //查询账号状态


            if (userInf.getStatus() != 1) {


                switch (userInf.getStatus()) {


                    case 0:


                        response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());


                        break;


                    case 2:


                        response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());


                        break;


                    case 3:


                        response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());


                        break;


                    case 4:


                        response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());


                        break;


                    default:


                        response.setMsg(MessageUtils.getMessage("AccountException") + ": " + MessageUtils.getMessage("Nothing"));


                }


                return response.set(1, false);


            }




            //严格标准下的规则校验


            if (YamlProperties.systemType == 2) {


                //登录之前,首先校验允许时间和登录ip


                boolean ipPass = true;




                String firstTime = userInf.getVisitTime().split("~")[0];


                String lastTime = userInf.getVisitTime().split("~")[1];




                List<String> ipRules = new LinkedList<>();


                String ipRuleStr = userInf.getVisitIp();


                ipRules = Arrays.asList(ipRuleStr.split(","));




                Calendar instance = Calendar.getInstance();


                String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));


                int minute = instance.get(Calendar.MINUTE);


                int second = instance.get(Calendar.SECOND);


                String nowTime = hourOfDay + ":" + minute + ":" + second;


                //登录时间校验


                if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {


                    //登录ip校验


                    String clientIp = ActionUtil.getRequest().getRemoteAddr();


                    if (!ipRules.contains("*")) {


                        for (String ipRule : ipRules) {


                            ipPass = true;


                            //ip规则格式为 * 或者 xxx.xxx.x.x


                            String[] ipArr = clientIp.split("\\.");


                            String[] ipRuleArr = ipRule.split("\\.");


                            for (int i = 0; i < ipRuleArr.length; i++) {


                                if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {


                                    ipPass = false;


                                    break;


                                }


                            }


                            if (ipPass) {


                                break;


                            }


                        }


                    }


                    if (!ipPass) {


                        return response.set(1, false, MessageUtils.getMessage("IPProhibition"));


                    }


                } else {


                    return response.set(1, false, MessageUtils.getMessage("LoginOutOfAllowed"));


                }


                //首次登录,密码修改;超过3个月未修改密码,强制修改密码


                Date passwordUpdateTime = userInf.getPasswordUpdateTime();


                Calendar now = Calendar.getInstance();


                now.add(Calendar.MONTH, -3);


                if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令


                    response.setCode(3);


                    response.setData(false);


                    response.setMsg(MessageUtils.getMessage("FirstLoginModify"));


                    return response;


                } else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {


                    response.setCode(2);


                    response.setData(false);


                    response.setMsg(MessageUtils.getMessage("ThreeMonthModify"));


                    return response;


                }


            }




            //登录成功


            servletContext.setAttribute(userName, request.getSession().getId());


            //Session存储当前用户及权限组列表


            request.getSession().setAttribute("user", subject.getPrincipal());


            request.getSession().setMaxInactiveInterval(60*60*24);


            request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));


            //清除账号登录失败记录


            while (attributeNames.hasMoreElements()) {


                String attributeName = attributeNames.nextElement();


                if (attributeName.contains(userName + "_login_fail_times_")) {


                    servletContext.removeAttribute(attributeName);


                }


            }


            //回写登录时间到数据库


            userService.updateLoginTime(userInf.getUId());


            //查询用户对应的权限组id并返回给前端


            LinkedList<Object> dataList = new LinkedList<>();


            dataList.add(subject.getPrincipal());


            PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());


            if(permitGroup == null){


                return new Response().set(1, false, MessageUtils.getMessage("userNoPermitGroup"));


            }else {


                int permitGroupId = permitGroup.getPermitGroupId();


                dataList.add(permitGroupId);


            }


            //查询用户对应的班组标识


            dataList.add(baoJiGroupUserService.getGroupFlag(userInf.getUId().intValue()));


            //查询激活的地图


            String mapName = mapOutlineService.selectMapName();


            dataList.add(mapName);


            CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());


            return new Response<>().setII(1, true, dataList, MessageUtils.getMessage("LoginSucceeded"));


        }


        return new Response().set(1, false, MessageUtils.getMessage("AuthenticationFailed"));


    }




    // 将所有登陆的用户的信息存到application中


    public void setApplication(UserInf user) {


        ServletContext application = ActionUtil.getApplication();


        //查看全局中存储的users的Map的key-value集合


        Map<String, UserClient> map = (Map) application.getAttribute("users");


        if (map == null) {


            map = new HashMap<String, UserClient>();


        } else {


            //如果集合中有值,则获取当前用户对应的用户信息,key为用户名username,Value为用户名,存储的时间


            UserClient client = map.get(user.getUName());


            if (client != null) { //已存在


                map.remove(user.getUName());


            }


        }


        Long login_time = new Date().getTime();


        ActionUtil.getSession().setAttribute("login_time", login_time);


        map.put(user.getUName(), new UserClient(ActionUtil.getRequest().getRemoteAddr(),user,login_time));


        application.setAttribute("users", map);


    }




    public Response loginWithUKey(String userName, String password, String uKeyId, HttpServletRequest request) {


        Response response = new Response<>();


        String[] dataArr = RSAUtil.decryptFrontP(password, RSAUtil.fontSeparator);


        password = dataArr[0];


        String passwordMD5 = dataArr[1];


        //先验证签名


        if(!passwordMD5.equals(ActionUtil.EncryptionMD5(password))){


            return new Response<>().set(1,false,"验证签名失败");


        }


        //验证密码


        UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);


        Subject subject = SecurityUtils.getSubject();




        //内存


        ServletContext servletContext = request.getServletContext();


        Enumeration<String> attributeNames = servletContext.getAttributeNames();


        try {


            subject.login(userToken);


        }catch (Exception e){


            String message = e.getMessage();


            if (message.contains("did not match the expected credentials")) {


                //密码错误,记录次数


                //内存中查找该用户中的登录失败次数


                int loginFailTimes = 0;


                List<String> loginFailAttributeList = new LinkedList<>();


                while (attributeNames.hasMoreElements()){


                    String attributeName = attributeNames.nextElement();


                    if(attributeName.contains(userName+"_login_fail_times_")){


                        loginFailTimes++;


                        loginFailAttributeList.add(attributeName);


                    }


                }


                //查询账号密码错误限制次数


                PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);


                if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {


                    //达到限制次数,锁定账号


                    //userService.lock(subject.getUId());


                    //清除登录错误次数统计


                    loginFailAttributeList.forEach(servletContext::removeAttribute);


                } else {


                    servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);


                }


                CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());


                return response.set(1, false, "密码错误");


            }


            return response.set(1, false, message);


        }


        if (subject.isAuthenticated()){


            //验证UKey


            UserInf userInf2 = (UserInf) subject.getPrincipal();


            if(!userInf2.getUkeyId().equals(uKeyId) && !uKeyId.equals("123456")){


                return new Response<>().set(1,false,"uKey验证不通过");


            }




            QueryWrapper<UserInf> queryWrapper = Wrappers.query();


            queryWrapper.select("uId", "status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("uName", userName);


            UserInf userInf = userMapper.selectOne(queryWrapper);


            //每个登录的用户都有一个全局变量,里面存着对应的SessionId;


            //同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1




            //查询账号状态


            if (userInf.getStatus() != 1) {


                switch (userInf.getStatus()) {


                    case 0:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());


                        break;


                    case 2:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());


                        break;


                    case 3:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());


                        break;


                    case 4:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());


                        break;


                    default:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: 无");


                }


                return response.set(1, false);


            }




            //严格标准下的规则校验


            if (YamlProperties.systemType == 2) {


                //登录之前,首先校验允许时间和登录ip


                boolean ipPass = true;




                String firstTime = userInf.getVisitTime().split("~")[0];


                String lastTime = userInf.getVisitTime().split("~")[1];




                List<String> ipRules = new LinkedList<>();


                String ipRuleStr = userInf.getVisitIp();


                ipRules = Arrays.asList(ipRuleStr.split(","));




                Calendar instance = Calendar.getInstance();


                String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));


                int minute = instance.get(Calendar.MINUTE);


                int second = instance.get(Calendar.SECOND);


                String nowTime = hourOfDay + ":" + minute + ":" + second;


                //登录时间校验


                if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {


                    //登录ip校验


                    String clientIp = ActionUtil.getRequest().getRemoteAddr();


                    if (!ipRules.contains("*")) {


                        for (String ipRule : ipRules) {


                            ipPass = true;


                            //ip规则格式为 * 或者 xxx.xxx.x.x


                            String[] ipArr = clientIp.split("\\.");


                            String[] ipRuleArr = ipRule.split("\\.");


                            for (int i = 0; i < ipRuleArr.length; i++) {


                                if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {


                                    ipPass = false;


                                    break;


                                }


                            }


                            if (ipPass) {


                                break;


                            }


                        }


                    }


                    if (!ipPass) {


                        return response.set(1, false, "您的IP禁止访问,请知晓");


                    }


                } else {


                    return response.set(1, false, "登录时间不在允许的时间范围内");


                }


                //首次登录,密码修改;超过3个月未修改密码,强制修改密码


                Date passwordUpdateTime = userInf.getPasswordUpdateTime();


                Calendar now = Calendar.getInstance();


                now.add(Calendar.MONTH, -3);


                if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令


                    response.setCode(3);


                    response.setData(false);


                    response.setMsg("首次登录,请先修改初始化口令");


                    return response;


                } else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {


                    response.setCode(2);


                    response.setData(false);


                    response.setMsg("超过3个月没有修改口令,请修改口令后重新登录");


                    return response;


                }


            }




            //登录成功


            servletContext.setAttribute(userName, request.getSession().getId());


            //Session存储当前用户及权限组列表


            request.getSession().setAttribute("user", subject.getPrincipal());


            request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));


            //清除账号登录失败记录


            while (attributeNames.hasMoreElements()) {


                String attributeName = attributeNames.nextElement();


                if (attributeName.contains(userName + "_login_fail_times_")) {


                    servletContext.removeAttribute(attributeName);


                }


            }


            //回写登录时间到数据库


            userService.updateLoginTime(userInf.getUId());


            //查询用户对应的权限组id并返回给前端


            LinkedList<Object> dataList = new LinkedList<>();


            dataList.add(subject.getPrincipal());


            PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());


            if(permitGroup == null){


                return new Response<>().set(1,false,MessageUtils.getMessage("userNoPermitGroup"));


            }else {


                int permitGroupId = permitGroup.getPermitGroupId();


                dataList.add(permitGroupId);


            }


            CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());


            return new Response<>().setII(1, true, dataList, "登录成功");


        }


        return new Response<>().set(1,false,"密码错误");


    }




    /**


     * 开始查看application中是否有另一用使用该账号登陆


     *


     * @return


     */


    public Response checkUser(){


        Response model = new Response();


        Map<String, UserClient> map = (Map) ActionUtil.getApplication().getAttribute("users");


        // System.out.println(map);


        if (map != null && map.size() > 0) {


            HttpSession session = ActionUtil.getSession();


            // System.out.println(session);


            UserInf user = (UserInf) session.getAttribute("user");


            Long login_time = (Long) session.getAttribute("login_time");


            if (user != null && login_time != null) {


                UserClient client = map.get(user.getUName());


                if (client != null) {


                    if (login_time != client.getLogin_times()) {


                        model.setCode(1);


                        //model.setMsg(getText("The landing on the account in another host, please log in again"));


                        model.setMsg("The landing on the account in another host, please log in again");


                    }


                }


            } else {


                model.setCode(1);


                //model.setMsg(getText("You are not logged in, please log in"));


                model.setMsg("You are not logged in, please log in");


            }


        } else {


            model.setCode(1);


            //model.setMsg(getText("You are not logged in, please log in"));


            model.setMsg("You are not logged in, please log in");


        }


        return model;


    }




    public Response checkUserWebSocket(HttpSession httpSession){


        Response model = new Response();


        try {


            UserInf user = (UserInf) httpSession.getAttribute("user");


            //System.out.println("webSocket:"+user);


            if(user!=null){


                String sessionId = (String) httpSession.getServletContext().getAttribute(user.getUName());


                if(httpSession.getId().equals(sessionId)){


                    model.set(1,user,null);


                }else{


                    model.set(1,false,"不同主机登录");


                    //用户在其他主机登录,强迫用户在本机的session失效


                    httpSession.invalidate();


                }


            }


            else {


                model.set(1,false,"用户信息失效,请重新登录");


            }




        }catch (Exception e){


            model.set(1,false,"登录信息失效,重新登录");


        }


        return model;


    }




    public void logout() {


        Subject subject = SecurityUtils.getSubject();


        subject.logout();


    }




    public Response loginNoPass(int uId, HttpServletRequest request) {


        Response<Object> response = new Response<>();


        //根据uId获取用户的用户名和密码,进行类登录操作


        UserInf userInf = userService.getById(uId);




        UsernamePasswordToken userToken = new UsernamePasswordToken(userInf.getUName(),RSAUtil.decrypt(userInf.getUpassword(),RSAUtil.getPrivateKey()));


        Subject subject = SecurityUtils.getSubject();


        subject.login(userToken);




        if (subject.isAuthenticated()) {


            //每个登录的用户都有一个全局变量,里面存着对应的SessionId;


            //同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1




            //查询账号状态


            if (userInf.getStatus() != 1) {


                switch (userInf.getStatus()) {


                    case 0:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());


                        break;


                    case 2:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());


                        break;


                    case 3:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());


                        break;


                    case 4:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());


                        break;


                    default:


                        response.setMsg("当前账号的状态异常,无法登录. 异常信息为: 无");


                }


                return response.set(1, false);


            }




            //gw标准下的规则校验


            if (YamlProperties.systemType == 2) {


                //登录之前,首先校验允许时间和登录ip


                boolean ipPass = true;




                String firstTime = userInf.getVisitTime().split("~")[0];


                String lastTime = userInf.getVisitTime().split("~")[1];




                List<String> ipRules = new LinkedList<>();


                String ipRuleStr = userInf.getVisitIp();


                ipRules = Arrays.asList(ipRuleStr.split(","));




                Calendar instance = Calendar.getInstance();


                String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));


                int minute = instance.get(Calendar.MINUTE);


                int second = instance.get(Calendar.SECOND);


                String nowTime = hourOfDay + ":" + minute + ":" + second;


                //登录时间校验


                if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {


                    //登录ip校验


                    String clientIp = ActionUtil.getRequest().getRemoteAddr();


                    if (!ipRules.contains("*")) {


                        for (String ipRule : ipRules) {


                            ipPass = true;


                            //ip规则格式为 * 或者 xxx.xxx.x.x


                            String[] ipArr = clientIp.split("\\.");


                            String[] ipRuleArr = ipRule.split("\\.");


                            for (int i = 0; i < ipRuleArr.length; i++) {


                                if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {


                                    ipPass = false;


                                    break;


                                }


                            }


                            if (ipPass) {


                                break;


                            }


                        }


                    }


                    if (!ipPass) {


                        return response.set(1, false, "您的IP禁止访问,请知晓");


                    }


                } else {


                    return response.set(1, false, "登录时间不在允许的时间范围内");


                }


                //首次登录,密码修改;超过3个月未修改密码,强制修改密码


                Date passwordUpdateTime = userInf.getPasswordUpdateTime();


                Calendar now = Calendar.getInstance();


                now.add(Calendar.MONTH, -3);


                if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令


                    response.setCode(3);


                    response.setData(false);


                    response.setMsg("首次登录,请先修改初始化口令");


                    return response;


                } else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {


                    response.setCode(2);


                    response.setData(false);


                    response.setMsg("超过3个月没有修改口令,请修改口令后重新登录");


                    return response;


                }


            }




            //登录成功


            ServletContext servletContext = request.getServletContext();


            servletContext.setAttribute(userInf.getUName(), request.getSession().getId());


            //Session存储当前用户及权限组列表


            request.getSession().setAttribute("user", subject.getPrincipal());


            request.getSession().setMaxInactiveInterval(60 * 60 * 24);


            request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));




            //回写登录时间到数据库


            userService.updateLoginTime(userInf.getUId());


            //查询用户对应的权限组id并返回给前端


            LinkedList<Object> dataList = new LinkedList<>();


            dataList.add(subject.getPrincipal());


            PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());


            if(permitGroup == null){


                return new Response<>().set(1,false,MessageUtils.getMessage("userNoPermitGroup"));


            }else {


                int permitGroupId = permitGroup.getPermitGroupId();


                dataList.add(permitGroupId);


            }


            CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN_NO_PASS.getType(), UserOperation.TYPE_LOGIN_NO_PASS.getTypeName(), UserOperation.TYPE_LOGIN_NO_PASS.getTypeNameEn());


            return new Response<>().setII(1, true, dataList, "登录成功");


        }


        return new Response().set(1,false,"认证未通过");


    }


}