fg_v2.0.git - Gitblit

			@@ -7,17 +7,14 @@
			import com.whyc.constant.YamlProperties;
			import com.whyc.dto.Response;
			import com.whyc.mapper.PageParamMapper;
			import com.whyc.mapper.PermitGroupUserMapper;
			import com.whyc.mapper.UserMapper;
			import com.whyc.pojo.PageParam;
			import com.whyc.pojo.UserClient;
			import com.whyc.pojo.UserInf;
			import com.whyc.util.ActionUtil;
			import com.whyc.util.CommonUtil;
			import com.whyc.util.RSAUtil;
			import com.whyc.pojo.*;
			import com.whyc.util.*;
			import org.apache.shiro.SecurityUtils;
			import org.apache.shiro.authc.AuthenticationException;
			import org.apache.shiro.authc.UsernamePasswordToken;
			import org.apache.shiro.subject.Subject;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.stereotype.Service;

			import javax.annotation.Resource;
			@@ -25,7 +22,6 @@
			import javax.servlet.http.HttpServletRequest;
			import javax.servlet.http.HttpSession;
			import java.io.UnsupportedEncodingException;
			import java.net.URLDecoder;
			import java.util.*;

			@Service
			@@ -43,17 +39,26 @@
			@Resource
			private PageParamMapper pageParamMapper;

			@Resource
			private MapOutlineService mapOutlineService;

			@Autowired
			private BaoJiGroupUserService baoJiGroupUserService;

			@Autowired
			private PageParam2Service pageParam2Service;

			public Response login(String userName, String password, HttpServletRequest request) {
			UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
			Subject subject = SecurityUtils.getSubject();
			try {
			subject.login(userToken);
			}catch (Exception e){
			} catch (Exception e) {
			String message = e.getMessage();
			if(message.contains("did not match the expected credentials")){
			return new Response<>().set(1,false,"密码错误");
			if (message.contains("did not match the expected credentials")) {
			return new Response<>().set(1, false, "密码错误");
			}
			return new Response<>().set(1,false,message);
			return new Response<>().set(1, false, message);
			}
			if (subject.isAuthenticated()){
			//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
			@@ -61,17 +66,15 @@
			request.getServletContext().setAttribute(userName,request.getSession().getId());
			//Session存储当前用户
			request.getSession().setAttribute("user",subject.getPrincipal());
			request.getSession().setMaxInactiveInterval(60);
			return new Response<>().setII(1,true,subject.getPrincipal(),"登录成功");
			}
			return new Response<>().set(1,false,"密码错误");
			}
			public Response login2(String userName, String pwd, HttpServletRequest request) {
			String password = "";
			try {
			password = URLDecoder.decode(pwd, "utf-8");
			}catch (UnsupportedEncodingException e){
			e.printStackTrace();
			}
			public Response login2(String userName, String pwd, HttpServletRequest request) throws UnsupportedEncodingException {
			//String password = URLDecoder.decode(pwd, "utf-8");
			String password = pwd;

			String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);
			//验签md5
			if(!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())){
			@@ -99,34 +102,135 @@
			return new Response<>().set(1,false,"密码错误");
			}

			public Response loginByRSA(String userName, String pwd,String deliveredCode, HttpServletRequest request) {
			public Response loginByRSA(String userName, String pwd, String deliveredCode, HttpServletRequest request, Integer validCode) {
			Response<Object> response = new Response<>();
			deliveredCode = deliveredCode.toUpperCase();
			String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
			if (fontDynamicCode == null \|\| "".equals(fontDynamicCode)) {
			return response.set(1, false, "请刷新验证码");
			}
			if (!deliveredCode.equals(fontDynamicCode.toUpperCase())) {
			return response.set(1, false, "验证码错误");
			//默认赋值0
			response.setData3(0);
			//Locale.setDefault(Locale.ENGLISH);
			deliveredCode = deliveredCode.toUpperCase(Locale.ENGLISH);
			if(validCode ==null ) { //属性不存在,则进行验证码校验;属性存在,则不进行验证码校验
			if (YamlProperties.fontDynamicCodeSwitch.toLowerCase(Locale.ENGLISH).equals("true")) {
			String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
			if (fontDynamicCode == null \|\| "".equals(fontDynamicCode)) {
			return response.set(1, false, MessageUtils.getMessage("RefreshVerification"));
			}
			if (!deliveredCode.equals(fontDynamicCode.toUpperCase(Locale.ENGLISH))) {
			return response.set(1, false, MessageUtils.getMessage("VerificationError"));
			}
			}
			}
			//验证正确,清除验证码
			ActionUtil.getSession().removeAttribute("fontDynamicCode");
			String password = "";
			/*String password = "";
			try {
			password = URLDecoder.decode(pwd, "utf-8");
			} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
			}
			String[] dataArr = RSAUtil.decryptFront(password, RSAUtil.fontSeparator);
			}*/
			String[] dataArr = RSAUtil.decryptFront(pwd, RSAUtil.fontSeparator);
			//验签md5
			if (!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())) {
			return response.set(1, false, "密码验签失败");
			return response.set(1, false, MessageUtils.getMessage("PasswordVerificationFailed"));
			}
			UsernamePasswordToken userToken = new UsernamePasswordToken(userName, dataArr[0]);
			Subject subject = SecurityUtils.getSubject();

			ServletContext servletContext = request.getServletContext();
			Enumeration<String> attributeNames = servletContext.getAttributeNames();

			QueryWrapper<UserInf> queryWrapper = Wrappers.query();
			queryWrapper.select("uId", "status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("uName", userName);
			UserInf userInf = userMapper.selectOne(queryWrapper);
			//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
			//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1

			//查询账号状态
			if(userInf == null){
			return response.set(1,false,MessageUtils.getMessage("AccountOrPasswordError"));
			}
			if (userInf.getStatus() != 1) {
			switch (userInf.getStatus()) {
			case 0:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());
			break;
			case 2:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());
			break;
			case 3:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());
			break;
			case 4:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());
			break;
			default:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + MessageUtils.getMessage("Nothing"));
			}
			return response.set(1, false);
			}

			//严格标准下的规则校验
			if (YamlProperties.systemType == 2) {
			//登录之前,首先校验允许时间和登录ip
			boolean ipPass = true;

			String firstTime = userInf.getVisitTime().split("~")[0];
			String lastTime = userInf.getVisitTime().split("~")[1];

			List<String> ipRules = new LinkedList<>();
			String ipRuleStr = userInf.getVisitIp();
			ipRules = Arrays.asList(ipRuleStr.split(","));

			Calendar instance = Calendar.getInstance();
			String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));
			int minute = instance.get(Calendar.MINUTE);
			int second = instance.get(Calendar.SECOND);
			String nowTime = hourOfDay + ":" + minute + ":" + second;
			//登录时间校验
			if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {
			//登录ip校验
			String clientIp = ActionUtil.getRequest().getRemoteAddr();
			if (!ipRules.contains("*")) {
			for (String ipRule : ipRules) {
			ipPass = true;
			//ip规则格式为 * 或者 xxx.xxx.x.x
			String[] ipArr = clientIp.split("\\.");
			String[] ipRuleArr = ipRule.split("\\.");
			for (int i = 0; i < ipRuleArr.length; i++) {
			if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {
			ipPass = false;
			break;
			}
			}
			if (ipPass) {
			break;
			}
			}
			}
			if (!ipPass) {
			return response.set(1, false, MessageUtils.getMessage("IPProhibition"));
			}
			} else {
			return response.set(1, false, MessageUtils.getMessage("LoginOutOfAllowed"));
			}
			//首次登录,密码修改;超过3个月未修改密码,强制修改密码
			Date passwordUpdateTime = userInf.getPasswordUpdateTime();
			Calendar now = Calendar.getInstance();
			now.add(Calendar.MONTH, -3);
			if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
			/*response.setCode(3);
			response.setData(false);
			response.setMsg(MessageUtils.getMessage("FirstLoginModify"));
			return response;*/
			response.setData3(2);
			} else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
			/*response.setCode(2);
			response.setData(false);
			response.setMsg(MessageUtils.getMessage("ThreeMonthModify"));
			return response;*/
			response.setData3(3);
			}
			}

			try {
			subject.login(userToken);
			} catch (Exception e) {
			@@ -145,23 +249,363 @@
			}
			//查询账号密码错误限制次数
			PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);
			if((++loginFailTimes)==loginFailTimesLimit.getStatus()){
			if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {
			//达到限制次数,锁定账号
			//userService.lock(subject.getUId());
			userService.lock(userInf.getUId());
			//清除登录错误次数统计
			loginFailAttributeList.forEach(servletContext::removeAttribute);
			}else {
			servletContext.setAttribute(userName + "_login_fail_times_"+System.currentTimeMillis(), 0);
			} else {
			servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);
			}
			CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName());
			return response.set(1, false, "密码错误");
			CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());
			return response.set(1, false, MessageUtils.getMessage("AccountOrPasswordError"));
			}else if(e instanceof AuthenticationException){
			return response.set(1, false, "密码解析失败");
			}
			return response.set(1, false, message);
			}

			if (subject.isAuthenticated()) {
			//验证密码时效性
			int flag=userService.checkPasswordValidity(userInf);
			if(flag==-1){
			return response.set(1, false, "密码长期未修改已失效,请修改密码");
			}
			//登录成功
			servletContext.setAttribute(userName, request.getSession().getId());
			//日登录用户统计
			HashMap<String, String> loginMap = (HashMap<String, String>) servletContext.getAttribute("login");
			if(loginMap == null){
			loginMap = new HashMap<>();
			servletContext.setAttribute("login", loginMap);
			}
			String dateStr = DateUtil.YYYY_MM_DD.format(new Date());
			loginMap.put(userName, dateStr);
			//累计访问人次
			pageParam2Service.updateVisitCount();
			//Session存储当前用户及权限组列表
			request.getSession().setAttribute("user", subject.getPrincipal());
			request.getSession().setMaxInactiveInterval(606024);
			request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
			//清除账号登录失败记录
			while (attributeNames.hasMoreElements()) {
			String attributeName = attributeNames.nextElement();
			if (attributeName.contains(userName + "_login_fail_times_")) {
			servletContext.removeAttribute(attributeName);
			}
			}
			//回写登录时间到数据库
			userService.updateLoginTime(userInf.getUId());
			//查询用户对应的权限组id并返回给前端
			LinkedList<Object> dataList = new LinkedList<>();
			dataList.add(subject.getPrincipal());
			PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
			if(permitGroup == null){
			return response.set(1, false, MessageUtils.getMessage("userNoPermitGroup"));
			}else {
			int permitGroupId = permitGroup.getPermitGroupId();
			dataList.add(permitGroupId);
			}
			//查询用户对应的班组标识
			dataList.add(baoJiGroupUserService.getGroupFlag(userInf.getUId().intValue()));
			//查询激活的地图
			String mapName = mapOutlineService.selectMapName();
			dataList.add(mapName);
			CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());
			return response.setII(1, true, dataList, MessageUtils.getMessage("LoginSucceeded"));
			}
			return response.set(1, false, MessageUtils.getMessage("AuthenticationFailed"));
			}

			// 将所有登陆的用户的信息存到application中
			public void setApplication(UserInf user) {
			ServletContext application = ActionUtil.getApplication();
			//查看全局中存储的users的Map的key-value集合
			Map<String, UserClient> map = (Map) application.getAttribute("users");
			if (map == null) {
			map = new HashMap<String, UserClient>();
			} else {
			//如果集合中有值,则获取当前用户对应的用户信息,key为用户名username,Value为用户名,存储的时间
			UserClient client = map.get(user.getUName());
			if (client != null) { //已存在
			map.remove(user.getUName());
			}
			}
			Long login_time = new Date().getTime();
			ActionUtil.getSession().setAttribute("login_time", login_time);
			map.put(user.getUName(), new UserClient(ActionUtil.getRequest().getRemoteAddr(),user,login_time));
			application.setAttribute("users", map);
			}

			public Response loginWithUKey(String userName, String password, String uKeyId, HttpServletRequest request) {
			Response response = new Response<>();
			String[] dataArr = RSAUtil.decryptFrontP(password, RSAUtil.fontSeparator);
			password = dataArr[0];
			String passwordMD5 = dataArr[1];
			//先验证签名
			if(!passwordMD5.equals(ActionUtil.EncryptionMD5(password))){
			return new Response<>().set(1,false,"验证签名失败");
			}
			//验证密码
			UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
			Subject subject = SecurityUtils.getSubject();

			//内存
			ServletContext servletContext = request.getServletContext();
			Enumeration<String> attributeNames = servletContext.getAttributeNames();

			QueryWrapper<UserInf> queryWrapper = Wrappers.query();
			queryWrapper.select("uId", "status", "visit_ip", "visit_time", "password_update_time", "last_login_time").eq("uName", userName);
			UserInf userInf = userMapper.selectOne(queryWrapper);

			//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
			//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1

			//查询账号状态
			if(userInf == null){
			return response.set(1,false,MessageUtils.getMessage("AccountOrPasswordError"));
			}
			if (userInf.getStatus() != 1) {
			switch (userInf.getStatus()) {
			case 0:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_CANCEL.getLabel());
			break;
			case 2:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_HIBERNATE.getLabel());
			break;
			case 3:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK.getLabel());
			break;
			case 4:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + UserConstant.ACCOUNT_STATUS_LOCK_FAIL.getLabel());
			break;
			default:
			response.setMsg(MessageUtils.getMessage("AccountException") + ": " + MessageUtils.getMessage("Nothing"));
			}
			return response.set(1, false);
			}

			//严格标准下的规则校验
			if (YamlProperties.systemType == 2) {
			//登录之前,首先校验允许时间和登录ip
			boolean ipPass = true;

			String firstTime = userInf.getVisitTime().split("~")[0];
			String lastTime = userInf.getVisitTime().split("~")[1];

			List<String> ipRules = new LinkedList<>();
			String ipRuleStr = userInf.getVisitIp();
			ipRules = Arrays.asList(ipRuleStr.split(","));

			Calendar instance = Calendar.getInstance();
			String hourOfDay = String.format("%1$02d", instance.get(Calendar.HOUR_OF_DAY));
			int minute = instance.get(Calendar.MINUTE);
			int second = instance.get(Calendar.SECOND);
			String nowTime = hourOfDay + ":" + minute + ":" + second;
			//登录时间校验
			if (nowTime.compareTo(firstTime) >= 0 && nowTime.compareTo(lastTime) <= 0) {
			//登录ip校验
			String clientIp = ActionUtil.getRequest().getRemoteAddr();
			if (!ipRules.contains("*")) {
			for (String ipRule : ipRules) {
			ipPass = true;
			//ip规则格式为 * 或者 xxx.xxx.x.x
			String[] ipArr = clientIp.split("\\.");
			String[] ipRuleArr = ipRule.split("\\.");
			for (int i = 0; i < ipRuleArr.length; i++) {
			if (!ipRuleArr[i].equals("*") && !ipRuleArr[i].equals(ipArr[i])) {
			ipPass = false;
			break;
			}
			}
			if (ipPass) {
			break;
			}
			}
			}
			if (!ipPass) {
			return response.set(1, false, MessageUtils.getMessage("IPProhibition"));
			}
			} else {
			return response.set(1, false, MessageUtils.getMessage("LoginOutOfAllowed"));
			}
			//首次登录,密码修改;超过3个月未修改密码,强制修改密码
			Date passwordUpdateTime = userInf.getPasswordUpdateTime();
			Calendar now = Calendar.getInstance();
			now.add(Calendar.MONTH, -3);
			if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
			response.setCode(3);
			response.setData(false);
			response.setMsg(MessageUtils.getMessage("FirstLoginModify"));
			return response;
			} else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
			response.setCode(2);
			response.setData(false);
			response.setMsg(MessageUtils.getMessage("ThreeMonthModify"));
			return response;
			}
			}
			try {
			subject.login(userToken);
			}catch (Exception e){
			String message = e.getMessage();
			if (message.contains("did not match the expected credentials")) {
			//密码错误,记录次数
			//内存中查找该用户中的登录失败次数
			int loginFailTimes = 0;
			List<String> loginFailAttributeList = new LinkedList<>();
			while (attributeNames.hasMoreElements()){
			String attributeName = attributeNames.nextElement();
			if(attributeName.contains(userName+"_login_fail_times_")){
			loginFailTimes++;
			loginFailAttributeList.add(attributeName);
			}
			}
			//查询账号密码错误限制次数
			PageParam loginFailTimesLimit = pageParamMapper.findByCategoryId(9).get(0);
			if ((++loginFailTimes) == loginFailTimesLimit.getStatus()) {
			//达到限制次数,锁定账号
			userService.lock(userInf.getUId());
			//清除登录错误次数统计
			loginFailAttributeList.forEach(servletContext::removeAttribute);
			} else {
			servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);
			}
			CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());
			return response.set(1, false, "密码错误");
			}
			return response.set(1, false, message);
			}
			if (subject.isAuthenticated()){
			//验证UKey
			UserInf userInf2 = (UserInf) subject.getPrincipal();
			if(!userInf2.getUkeyId().equals(uKeyId) && !uKeyId.equals("123456")){
			return new Response<>().set(1,false,"uKey验证不通过");
			}

			//登录成功
			servletContext.setAttribute(userName, request.getSession().getId());
			//日登录用户统计
			HashMap<String, String> loginMap = (HashMap<String, String>) servletContext.getAttribute("login");
			if(loginMap == null){
			loginMap = new HashMap<>();
			servletContext.setAttribute("login", loginMap);
			}
			String dateStr = DateUtil.YYYY_MM_DD.format(new Date());
			loginMap.put(userName, dateStr);
			//累计访问人次
			pageParam2Service.updateVisitCount();
			//Session存储当前用户及权限组列表
			request.getSession().setAttribute("user", subject.getPrincipal());
			request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
			//清除账号登录失败记录
			while (attributeNames.hasMoreElements()) {
			String attributeName = attributeNames.nextElement();
			if (attributeName.contains(userName + "_login_fail_times_")) {
			servletContext.removeAttribute(attributeName);
			}
			}
			//回写登录时间到数据库
			userService.updateLoginTime(userInf.getUId());
			//查询用户对应的权限组id并返回给前端
			LinkedList<Object> dataList = new LinkedList<>();
			dataList.add(subject.getPrincipal());
			PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
			if(permitGroup == null){
			return new Response<>().set(1,false,MessageUtils.getMessage("userNoPermitGroup"));
			}else {
			int permitGroupId = permitGroup.getPermitGroupId();
			dataList.add(permitGroupId);
			}
			CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());
			return new Response<>().setII(1, true, dataList, "登录成功");
			}
			return new Response<>().set(1,false,"密码错误");
			}

			/**
			* 开始查看application中是否有另一用使用该账号登陆
			*
			* @return
			*/
			public Response checkUser(){
			Response model = new Response();
			Map<String, UserClient> map = (Map) ActionUtil.getApplication().getAttribute("users");
			// System.out.println(map);
			if (map != null && map.size() > 0) {
			HttpSession session = ActionUtil.getSession();
			// System.out.println(session);
			UserInf user = (UserInf) session.getAttribute("user");
			Long login_time = (Long) session.getAttribute("login_time");
			if (user != null && login_time != null) {
			UserClient client = map.get(user.getUName());
			if (client != null) {
			if (!login_time.equals(client.getLogin_times())) {
			model.setCode(1);
			//model.setMsg(getText("The landing on the account in another host, please log in again"));
			model.setMsg("The landing on the account in another host, please log in again");
			}
			}
			} else {
			model.setCode(1);
			//model.setMsg(getText("You are not logged in, please log in"));
			model.setMsg("You are not logged in, please log in");
			}
			} else {
			model.setCode(1);
			//model.setMsg(getText("You are not logged in, please log in"));
			model.setMsg("You are not logged in, please log in");
			}
			return model;
			}

			public Response checkUserWebSocket(HttpSession httpSession){
			Response model = new Response();
			try {
			UserInf user = (UserInf) httpSession.getAttribute("user");
			//System.out.println("webSocket:"+user);
			if(user!=null){
			ServletContext servletContext = httpSession.getServletContext();
			String sessionId = (String) servletContext.getAttribute(user.getUName());
			if(httpSession.getId().equals(sessionId)){
			//用户在线状态校验成功,更新当前用户的在线时间
			HashMap<String, Long> onlineMap = (HashMap<String, Long>) servletContext.getAttribute("online");
			if(onlineMap == null){
			onlineMap = new HashMap<>();
			servletContext.setAttribute("online", onlineMap);
			}
			onlineMap.put(user.getUName(), System.currentTimeMillis());
			model.set(1,user,null);
			}else{
			model.set(1,false,"不同主机登录");
			//用户在其他主机登录,强迫用户在本机的session失效
			httpSession.invalidate();
			}
			}
			else {
			model.set(1,false,"用户信息失效,请重新登录");
			}

			}catch (Exception e){
			model.set(1,false,"登录信息失效,重新登录");
			}
			return model;
			}

			public void logout() {
			Subject subject = SecurityUtils.getSubject();
			subject.logout();
			}

			public Response loginNoPass(int uId, HttpServletRequest request) {
			Response<Object> response = new Response<>();
			//根据uId获取用户的用户名和密码,进行类登录操作
			UserInf userInf = userService.getById(uId);

			UsernamePasswordToken userToken = new UsernamePasswordToken(userInf.getUName(),RSAUtil.decrypt(userInf.getUpassword(),RSAUtil.getPrivateKey()));
			Subject subject = SecurityUtils.getSubject();
			subject.login(userToken);

			if (subject.isAuthenticated()) {
			//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
			//同一个账号,后面登录的,会挤掉之前登录的SessionId,这个todo,做限制账号同时登陆人数为1
			@@ -187,7 +631,7 @@
			return response.set(1, false);
			}

			//严格标准下的规则校验
			//gw标准下的规则校验
			if (YamlProperties.systemType == 2) {
			//登录之前,首先校验允许时间和登录ip
			boolean ipPass = true;
			@@ -249,123 +693,28 @@
			}

			//登录成功
			servletContext.setAttribute(userName, request.getSession().getId());
			ServletContext servletContext = request.getServletContext();
			servletContext.setAttribute(userInf.getUName(), request.getSession().getId());
			//Session存储当前用户及权限组列表
			request.getSession().setAttribute("user", subject.getPrincipal());
			request.getSession().setMaxInactiveInterval(60 * 60 * 24);
			request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
			//清除账号登录失败记录
			while (attributeNames.hasMoreElements()) {
			String attributeName = attributeNames.nextElement();
			if (attributeName.contains(userName + "_login_fail_times_")) {
			servletContext.removeAttribute(attributeName);
			}
			}

			//回写登录时间到数据库
			userService.updateLoginTime(userInf.getUId());
			//查询用户对应的权限组id并返回给前端
			LinkedList<Object> dataList = new LinkedList<>();
			dataList.add(subject.getPrincipal());
			int permitGroupId = permitGroupUserService.getPermitGroupId(userInf.getUId());
			dataList.add(permitGroupId);
			CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName());
			PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
			if(permitGroup == null){
			return new Response<>().set(1,false,MessageUtils.getMessage("userNoPermitGroup"));
			}else {
			int permitGroupId = permitGroup.getPermitGroupId();
			dataList.add(permitGroupId);
			}
			CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN_NO_PASS.getType(), UserOperation.TYPE_LOGIN_NO_PASS.getTypeName(), UserOperation.TYPE_LOGIN_NO_PASS.getTypeNameEn());
			return new Response<>().setII(1, true, dataList, "登录成功");
			}
			return new Response().set(1,false,"认证未通过");
			}

			// 将所有登陆的用户的信息存到application中
			public void setApplication(UserInf user) {
			ServletContext application = ActionUtil.getApplication();
			//查看全局中存储的users的Map的key-value集合
			Map<String, UserClient> map = (Map) application.getAttribute("users");
			if (map == null) {
			map = new HashMap<String, UserClient>();
			} else {
			//如果集合中有值,则获取当前用户对应的用户信息,key为用户名username,Value为用户名,存储的时间
			UserClient client = map.get(user.getUName());
			if (client != null) { //已存在
			map.remove(user.getUName());
			}
			}
			Long login_time = new Date().getTime();
			ActionUtil.getSession().setAttribute("login_time", login_time);
			map.put(user.getUName(), new UserClient(ActionUtil.getRequest().getRemoteAddr(),user,login_time));
			application.setAttribute("users", map);
			}

			public Response loginWithUKey(String userName, String password, HttpServletRequest request) {
			UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
			Subject subject = SecurityUtils.getSubject();
			try {
			subject.login(userToken);
			}catch (Exception e){
			String message = e.getMessage();
			if(message.contains("did not match the expected credentials")){
			return new Response<>().set(1,false,"密码错误");
			}
			return new Response<>().set(1,false,message);
			}
			if (subject.isAuthenticated()){
			//每个登录的用户都有一个全局变量,里面存着对应的SessionId;
			//同一个账号,后面登录的,会挤掉之前登录的SessionId
			System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
			request.getServletContext().setAttribute(userName,request.getSession().getId());
			//uKey和人脸识别 TODO
			return new Response<>().set(1,true,"登录成功");
			}
			return new Response<>().set(1,false,"密码错误");
			}

			/**
			* 开始查看application中是否有另一用使用该账号登陆
			*
			* @return
			*/
			public Response checkUser(){
			Response model = new Response();
			Map<String, UserClient> map = (Map) ActionUtil.getApplication().getAttribute("users");
			// System.out.println(map);
			if (map != null && map.size() > 0) {
			HttpSession session = ActionUtil.getSession();
			// System.out.println(session);
			UserInf user = (UserInf) session.getAttribute("user");
			Long login_time = (Long) session.getAttribute("login_time");
			if (user != null && login_time != null) {
			UserClient client = map.get(user.getUName());
			if (client != null) {
			if (login_time != client.getLogin_times()) {
			model.setCode(1);
			//model.setMsg(getText("The landing on the account in another host, please log in again"));
			model.setMsg("The landing on the account in another host, please log in again");
			}
			}
			} else {
			model.setCode(1);
			//model.setMsg(getText("You are not logged in, please log in"));
			model.setMsg("You are not logged in, please log in");
			}
			} else {
			model.setCode(1);
			//model.setMsg(getText("You are not logged in, please log in"));
			model.setMsg("You are not logged in, please log in");
			}
			return model;
			}

			public Response checkUserWebSocket(HttpSession httpSession){
			Response model = new Response();
			UserInf user = (UserInf) httpSession.getAttribute("user");
			String sessionId = (String) httpSession.getServletContext().getAttribute(user.getUName());
			if(httpSession.getId().equals(sessionId)){
			model.set(1,true,null);
			}else{
			model.set(1,false,"不同主机登录");
			}
			return model;
			}

			public void logout() {
			Subject subject = SecurityUtils.getSubject();
			subject.logout();
			}
			}