密码验证加-

whyclxw

2025-05-28 e16302f9d475c7cc4dd18c5abf1a23cb5502e362

 src/main/java/com/whyc/service/LoginService.java

@@ -8,15 +8,10 @@
import com.whyc.dto.Response;
import com.whyc.mapper.PageParamMapper;
import com.whyc.mapper.UserMapper;
import com.whyc.pojo.PageParam;
import com.whyc.pojo.PermitGroupUser;
import com.whyc.pojo.UserClient;
import com.whyc.pojo.UserInf;
import com.whyc.util.ActionUtil;
import com.whyc.util.CommonUtil;
import com.whyc.util.MessageUtils;
import com.whyc.util.RSAUtil;
import com.whyc.pojo.*;
import com.whyc.util.*;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
@@ -27,7 +22,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.*;

@Service
@@ -50,6 +44,9 @@

    @Autowired
    private BaoJiGroupUserService baoJiGroupUserService;

    @Autowired
    private PageParam2Service pageParam2Service;

    public Response login(String userName, String password, HttpServletRequest request) {
        UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
@@ -105,17 +102,21 @@
        return new Response<>().set(1,false,"密码错误");
    }

    public Response loginByRSA(String userName, String pwd,String deliveredCode, HttpServletRequest request) {
    public Response loginByRSA(String userName, String pwd, String deliveredCode, HttpServletRequest request, Integer validCode) {
        Response<Object> response = new Response<>();
        //默认赋值0
        response.setData3(0);
        //Locale.setDefault(Locale.ENGLISH);
        deliveredCode = deliveredCode.toUpperCase(Locale.ENGLISH);
        if(YamlProperties.fontDynamicCodeSwitch.toLowerCase(Locale.ENGLISH).equals("true")) {
            String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
            if (fontDynamicCode == null || "".equals(fontDynamicCode)) {
                return response.set(1, false, MessageUtils.getMessage("RefreshVerification"));
            }
            if (!deliveredCode.equals(fontDynamicCode.toUpperCase(Locale.ENGLISH))) {
                return response.set(1, false, MessageUtils.getMessage("VerificationError"));
        if(validCode ==null ) { //属性不存在,则进行验证码校验;属性存在,则不进行验证码校验
            if (YamlProperties.fontDynamicCodeSwitch.toLowerCase(Locale.ENGLISH).equals("true")) {
                String fontDynamicCode = (String) ActionUtil.getSession().getAttribute("fontDynamicCode");
                if (fontDynamicCode == null || "".equals(fontDynamicCode)) {
                    return response.set(1, false, MessageUtils.getMessage("RefreshVerification"));
                }
                if (!deliveredCode.equals(fontDynamicCode.toUpperCase(Locale.ENGLISH))) {
                    return response.set(1, false, MessageUtils.getMessage("VerificationError"));
                }
            }
        }
        //验证正确,清除验证码
@@ -145,7 +146,7 @@

        //查询账号状态
        if(userInf == null){
            return response.set(1,false,MessageUtils.getMessage("AccountNotExist"));
            return response.set(1,false,MessageUtils.getMessage("AccountOrPasswordError"));
        }
        if (userInf.getStatus() != 1) {
            switch (userInf.getStatus()) {
@@ -216,15 +217,17 @@
            Calendar now = Calendar.getInstance();
            now.add(Calendar.MONTH, -3);
            if (passwordUpdateTime == null) { //密码修改时间为空,尚未修改初始口令
                response.setCode(3);
                /*response.setCode(3);
                response.setData(false);
                response.setMsg(MessageUtils.getMessage("FirstLoginModify"));
                return response;
                return response;*/
                response.setData3(2);
            } else if (passwordUpdateTime.compareTo(now.getTime()) < 0) {
                response.setCode(2);
                /*response.setCode(2);
                response.setData(false);
                response.setMsg(MessageUtils.getMessage("ThreeMonthModify"));
                return response;
                return response;*/
                response.setData3(3);
            }
        }

@@ -255,15 +258,31 @@
                    servletContext.setAttribute(userName + "_login_fail_times_" + System.currentTimeMillis(), 0);
                }
                CommonUtil.record(0, UserOperation.TYPE_LOGIN_FAIL.getType(), UserOperation.TYPE_LOGIN_FAIL.getTypeName(), UserOperation.TYPE_LOGIN_FAIL.getTypeNameEn());
                return response.set(1, false, MessageUtils.getMessage("PasswordError"));
                return response.set(1, false, MessageUtils.getMessage("AccountOrPasswordError"));
            }else if(e instanceof AuthenticationException){
                return response.set(1, false, "密码解析失败");
            }
            return response.set(1, false, message);
        }

        if (subject.isAuthenticated()) {

            //验证密码时效性
            int flag=userService.checkPasswordValidity(userInf);
            if(flag==-1){
                return response.set(1, false, "密码长期未修改已失效,请修改密码");
            }
            //登录成功
            servletContext.setAttribute(userName, request.getSession().getId());
            //日登录用户统计
            HashMap<String, String> loginMap = (HashMap<String, String>) servletContext.getAttribute("login");
            if(loginMap == null){
                loginMap = new HashMap<>();
                servletContext.setAttribute("login", loginMap);
            }
            String dateStr = DateUtil.YYYY_MM_DD.format(new Date());
            loginMap.put(userName, dateStr);
            //累计访问人次
            pageParam2Service.updateVisitCount();
            //Session存储当前用户及权限组列表
            request.getSession().setAttribute("user", subject.getPrincipal());
            request.getSession().setMaxInactiveInterval(60*60*24);
@@ -282,7 +301,7 @@
            dataList.add(subject.getPrincipal());
            PermitGroupUser permitGroup = permitGroupUserService.getPermitGroup(userInf.getUId());
            if(permitGroup == null){
                return new Response().set(1, false, MessageUtils.getMessage("userNoPermitGroup"));
                return response.set(1, false, MessageUtils.getMessage("userNoPermitGroup"));
            }else {
                int permitGroupId = permitGroup.getPermitGroupId();
                dataList.add(permitGroupId);
@@ -293,9 +312,9 @@
            String mapName = mapOutlineService.selectMapName();
            dataList.add(mapName);
            CommonUtil.record(((UserInf) subject.getPrincipal()).getUId(), UserOperation.TYPE_LOGIN.getType(), UserOperation.TYPE_LOGIN.getTypeName(), UserOperation.TYPE_LOGIN.getTypeNameEn());
            return new Response<>().setII(1, true, dataList, MessageUtils.getMessage("LoginSucceeded"));
            return response.setII(1, true, dataList, MessageUtils.getMessage("LoginSucceeded"));
        }
        return new Response().set(1, false, MessageUtils.getMessage("AuthenticationFailed"));
        return response.set(1, false, MessageUtils.getMessage("AuthenticationFailed"));
    }

    // 将所有登陆的用户的信息存到application中
@@ -344,7 +363,7 @@

        //查询账号状态
        if(userInf == null){
            return response.set(1,false,MessageUtils.getMessage("AccountNotExist"));
            return response.set(1,false,MessageUtils.getMessage("AccountOrPasswordError"));
        }
        if (userInf.getStatus() != 1) {
            switch (userInf.getStatus()) {
@@ -466,6 +485,16 @@

            //登录成功
            servletContext.setAttribute(userName, request.getSession().getId());
            //日登录用户统计
            HashMap<String, String> loginMap = (HashMap<String, String>) servletContext.getAttribute("login");
            if(loginMap == null){
                loginMap = new HashMap<>();
                servletContext.setAttribute("login", loginMap);
            }
            String dateStr = DateUtil.YYYY_MM_DD.format(new Date());
            loginMap.put(userName, dateStr);
            //累计访问人次
            pageParam2Service.updateVisitCount();
            //Session存储当前用户及权限组列表
            request.getSession().setAttribute("user", subject.getPrincipal());
            request.getSession().setAttribute("permits", ActionUtil.getGson().toJson(permitGroupUserService.getItemList(userInf.getUId())));
@@ -536,8 +565,16 @@
            UserInf user = (UserInf) httpSession.getAttribute("user");
            //System.out.println("webSocket:"+user);
            if(user!=null){
                String sessionId = (String) httpSession.getServletContext().getAttribute(user.getUName());
                ServletContext servletContext = httpSession.getServletContext();
                String sessionId = (String) servletContext.getAttribute(user.getUName());
                if(httpSession.getId().equals(sessionId)){
                    //用户在线状态校验成功,更新当前用户的在线时间
                    HashMap<String, Long> onlineMap = (HashMap<String, Long>) servletContext.getAttribute("online");
                    if(onlineMap == null){
                        onlineMap = new HashMap<>();
                        servletContext.setAttribute("online", onlineMap);
                    }
                    onlineMap.put(user.getUName(), System.currentTimeMillis());
                    model.set(1,user,null);
                }else{
                    model.set(1,false,"不同主机登录");