Commit 23a55086 authored by 杨日斐's avatar 杨日斐

解决ie10无法进入登录系统页面

parent 6e9ea5a1
package com.archser.aserver.controller; package com.archser.aserver.controller;
import com.archser.aserver.util.FinalStringUtil; import com.archser.aserver.util.AesEncryptUtil;
import com.archser.aserver.util.redis.InfoSystem; import com.archser.aserver.util.FinalStringUtil;
import com.archser.aserver.util.redis.InfoUser; import com.archser.aserver.util.redis.InfoSystem;
import java.math.BigInteger; import com.archser.aserver.util.redis.InfoUser;
import java.util.Date; import java.math.BigInteger;
import java.util.Iterator; import java.util.Date;
import java.util.LinkedHashMap; import java.util.Iterator;
import java.util.List; import java.util.LinkedHashMap;
import java.util.Map; import java.util.List;
import java.util.Map.Entry; import java.util.Map;
import java.util.Optional; import java.util.Map.Entry;
import org.bouncycastle.crypto.InvalidCipherTextException; import java.util.Optional;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils; import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import com.alibaba.fastjson.JSON; import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import com.archser.aserver.interceptor.JwtInterceptor; import com.alibaba.fastjson.JSON;
import com.archser.aserver.model.System; import com.archser.aserver.interceptor.JwtInterceptor;
import com.archser.aserver.model.User; import com.archser.aserver.model.System;
import com.archser.aserver.service.LogService; import com.archser.aserver.model.User;
import com.archser.aserver.service.UserService; import com.archser.aserver.service.LogService;
import com.archser.aserver.util.HttpRequestUtil; import com.archser.aserver.service.UserService;
import com.archser.aserver.util.KeysUtil; import com.archser.aserver.util.HttpRequestUtil;
import com.archser.aserver.util.gm.BCECUtil; import com.archser.aserver.util.KeysUtil;
import com.archser.aserver.util.gm.SM2Util; import com.archser.aserver.util.gm.BCECUtil;
import com.jfinal.aop.Clear; import com.archser.aserver.util.gm.SM2Util;
import com.jfinal.aop.Inject; import com.jfinal.aop.Clear;
import com.jfinal.core.Controller; import com.jfinal.aop.Inject;
import com.jfinal.kit.HashKit; import com.jfinal.core.Controller;
import com.jfinal.kit.Kv; import com.jfinal.kit.HashKit;
import com.jfinal.kit.PropKit; import com.jfinal.kit.Kv;
import com.jfinal.kit.Ret; import com.jfinal.kit.PropKit;
import com.jfinal.kit.StrKit; import com.jfinal.kit.Ret;
import com.jfinal.log.Log; import com.jfinal.kit.StrKit;
import com.jfinal.plugin.activerecord.Db; import com.jfinal.log.Log;
import com.jfinal.plugin.activerecord.Record; import com.jfinal.plugin.activerecord.Db;
import com.jfinal.plugin.redis.Redis; import com.jfinal.plugin.activerecord.Record;
import com.spbportal.sso.SsoToken; import com.jfinal.plugin.redis.Redis;
import io.jsonwebtoken.JwsHeader; import com.spbportal.sso.SsoToken;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
/**
* IndexController 指向系统访问首页 /**
* * IndexController 指向系统访问首页
* @author jbolt.cn *
* @email 909854136@qq.com * @author jbolt.cn
* @date 2018年11月4日 下午9:02:52 * @email 909854136@qq.com
*/ * @date 2018年11月4日 下午9:02:52
public class IndexController extends Controller { */
/** public class IndexController extends Controller {
* 登陆用户名,密码解密 /**
*/ * 登陆用户名,密码解密
public static final String PRIVATE_KEY_D = "38627fffe8003e6d2faa76d4eae2f74fd9cd7be257ab36c356c4f01bbc17e41d"; */
public static final ECPrivateKeyParameters USER_PRIVATE_KEY = BCECUtil.createECPrivateKeyParameters( public static final String PRIVATE_KEY_D = "38627fffe8003e6d2faa76d4eae2f74fd9cd7be257ab36c356c4f01bbc17e41d";
new BigInteger(ByteUtils.fromHexString(PRIVATE_KEY_D)), SM2Util.DOMAIN_PARAMS); public static final ECPrivateKeyParameters USER_PRIVATE_KEY = BCECUtil.createECPrivateKeyParameters(
new BigInteger(ByteUtils.fromHexString(PRIVATE_KEY_D)), SM2Util.DOMAIN_PARAMS);
private static Log log = Log.getLog(IndexController.class);
/** private static Log log = Log.getLog(IndexController.class);
* 超期时间:24小时,即:24 * 60 * 60 * 1000 /**
*/ * 超期时间:24小时,即:24 * 60 * 60 * 1000
public static final int EXPIRATION = 24 * 60 * 60 * 1000; */
private static int permitLoginTimes = 5;// 允许登陆次数 public static final int EXPIRATION = 24 * 60 * 60 * 1000;
private static int hour = 2; // 两小时内不可登录 private static int permitLoginTimes = 5;// 允许登陆次数
@Inject private static int hour = 2; // 两小时内不可登录
private LogService logService; @Inject
@Inject private LogService logService;
private UserService userService; @Inject
private UserService userService;
/** @Inject
* 首页Action private AesEncryptUtil encryptUtil;
*/
@Clear
public void index() { /**
render("index.html"); * 首页Action
} */
@Clear
/** public void index() {
* 修改密码 render("index.html");
*/ }
@Clear
public void updatePassword() { /**
String username = this.getPara("username"); * 修改密码
String password = this.getPara("newPwd"); */
password = HashKit.sha256(password); @Clear
int a = userService.updatePwd(password, username); public void updatePassword() {
if (a == 0) { String username = this.getPara("username");
this.renderJson(Ret.fail("msg", "修改失败")); String password = this.getPara("newPwd");
logService.saveAsLog("operate", password = HashKit.sha256(password);
username + "修改密码操作:修改密码失败", FinalStringUtil.UPDATE); int a = userService.updatePwd(password, username);
return; if (a == 0) {
} this.renderJson(Ret.fail("msg", "修改失败"));
this.renderJson(Ret.ok("msg", "修改成功")); logService.saveAsLog("operate",
logService.saveAsLog("operate", username + "修改密码操作:修改密码成功", FinalStringUtil.UPDATE); username + "修改密码操作:修改密码失败", FinalStringUtil.UPDATE);
} return;
}
private String decrypt(String sm2Cipher) throws InvalidCipherTextException { this.renderJson(Ret.ok("msg", "修改成功"));
return new String(SM2Util.decrypt(USER_PRIVATE_KEY, ByteUtils.fromHexString("04" + sm2Cipher))); logService.saveAsLog("operate", username + "修改密码操作:修改密码成功", FinalStringUtil.UPDATE);
} }
/** private String decrypt(String sm2Cipher) throws InvalidCipherTextException {
* 登录验证 return new String(SM2Util.decrypt(USER_PRIVATE_KEY, ByteUtils.fromHexString("04" + sm2Cipher)));
*/ }
@Clear(JwtInterceptor.class)
// @Before(LoginValidator.class) /**
public void login() { * 登录验证
String app = this.getPara("app"); */
String username = this.getPara("username"); @Clear(JwtInterceptor.class)
String password = this.getPara("password"); // @Before(LoginValidator.class)
String callback = this.getPara("callback"); public void login() {
// 解密用户名和密码 String app = this.getPara("app");
try { String username = this.getPara("username");
username = decrypt(username); String password = this.getPara("password");
password = decrypt(password); String callback = this.getPara("callback");
} catch (Exception e1) { // 解密用户名和密码
e1.printStackTrace(); try {
username = this.getPara("username"); username = AesEncryptUtil.desEncrypt(username);
password = this.getPara("password"); password = AesEncryptUtil.desEncrypt(password);
} } catch (Exception e1) {
//校验密码是否符合强度设置 e1.printStackTrace();
String verify = password; username = this.getPara("username");
password = HashKit.sha256(password); password = this.getPara("password");
User user = InfoUser.getUser(username); }
if (user == null) { //校验密码是否符合强度设置
this.renderJson(Ret.fail("msg", "用户名或密码不存在: " + username)); String verify = password;
logService.saveAsLog("login", "该用户非本系统用户正在非法登录", FinalStringUtil.QUERY); password = HashKit.sha256(password);
return; User user = InfoUser.getUser(username);
} if (user == null) {
/**chenyong 20201116 add 增加演示时提醒 start**/ this.renderJson(Ret.fail("msg", "用户名或密码不存在: " + username));
String showSetting = Db.queryStr(Db.getSql("getConfigByName"), "showSetting"); logService.saveAsLog("login", "该用户非本系统用户正在非法登录", FinalStringUtil.QUERY);
if (showSetting != null) { return;
String[] showSettingArr=showSetting.split("\\|"); }
boolean isShow="是".equals(showSettingArr[0]); /**chenyong 20201116 add 增加演示时提醒 start**/
if(isShow) { String showSetting = Db.queryStr(Db.getSql("getConfigByName"), "showSetting");
boolean isShowUser=false; if (showSetting != null) {
String[] userNameArr=showSettingArr[1].split(","); String[] showSettingArr=showSetting.split("\\|");
for(String userName:userNameArr) { boolean isShow="是".equals(showSettingArr[0]);
if(username.equals(userName)) { if(isShow) {
isShowUser=true; boolean isShowUser=false;
break; String[] userNameArr=showSettingArr[1].split(",");
} for(String userName:userNameArr) {
} if(username.equals(userName)) {
if(!isShowUser) { isShowUser=true;
this.renderJson(Ret.fail("msg", "系统正在演示中,请稍候......")); break;
return; }
} }
} if(!isShowUser) {
} this.renderJson(Ret.fail("msg", "系统正在演示中,请稍候......"));
/**chenyong 20201116 add end**/ return;
// 一旦开启三员 admin用户不能使用 }
if ("admin".equals(user.getUsername())) { }
Integer userCount = Db.queryInt(Db.getSql("hasThreeMemberUsersCount")); }
boolean isExistThreeMemberUsers = userCount != null && (userCount > 0); /**chenyong 20201116 add end**/
if (isExistThreeMemberUsers) { // 一旦开启三员 admin用户不能使用
this.renderJson(Ret.fail("msg", "已开启三员管理,admin失效了。")); if ("admin".equals(user.getUsername())) {
logService.saveAsLog("login", "登录失败,原因:已开启三员管理", FinalStringUtil.QUERY); Integer userCount = Db.queryInt(Db.getSql("hasThreeMemberUsersCount"));
return; boolean isExistThreeMemberUsers = userCount != null && (userCount > 0);
} if (isExistThreeMemberUsers) {
} this.renderJson(Ret.fail("msg", "已开启三员管理,admin失效了。"));
if (user.getLocked() != null && Integer.parseInt(user.getLocked()) == 1) { logService.saveAsLog("login", "登录失败,原因:已开启三员管理", FinalStringUtil.QUERY);
this.renderJson(Ret.fail("msg", "当前账户已被锁定")); return;
logService.saveAsLog("login","登录失败,原因:该用户已被锁定", FinalStringUtil.QUERY); }
return; }
} if (user.getLocked() != null && Integer.parseInt(user.getLocked()) == 1) {
if (!password.equals(user.getPassword())) { this.renderJson(Ret.fail("msg", "当前账户已被锁定"));
if (this.checkErrorCount(user)) { logService.saveAsLog("login","登录失败,原因:该用户已被锁定", FinalStringUtil.QUERY);
this.renderJson(Ret.fail("msg", "您的错误次数已达5次以上,请稍后再试!")); return;
} else { }
int errorCount = permitLoginTimes - (user.getErrorcount() == null ? 0 : user.getErrorcount()) - 1; if (!password.equals(user.getPassword())) {
if (user.getErrorcount() !=null && user.getErrorcount() == 4) { if (this.checkErrorCount(user)) {
this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您的账户于两小时后才可登录!")); this.renderJson(Ret.fail("msg", "您的错误次数已达5次以上,请稍后再试!"));
} else { } else {
this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您还有" + errorCount + "次机会!")); int errorCount = permitLoginTimes - (user.getErrorcount() == null ? 0 : user.getErrorcount()) - 1;
logService.saveAsLog("login", "登录失败,原因:密码验证错误", FinalStringUtil.QUERY); if (user.getErrorcount() !=null && user.getErrorcount() == 4) {
} this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您的账户于两小时后才可登录!"));
} } else {
return ; this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您还有" + errorCount + "次机会!"));
} logService.saveAsLog("login", "登录失败,原因:密码验证错误", FinalStringUtil.QUERY);
Integer errorcount = user.getErrorcount(); }
if (errorcount != null && errorcount != 0) { }
if (!this.checkWhenPwdOk(user)) { return ;
Date date = new Date(); }
long hour1 = 2 * 60 * 60; Integer errorcount = user.getErrorcount();
long begin = date.getTime(); if (errorcount != null && errorcount != 0) {
long end = user.getLastLoginTime().getTime(); if (!this.checkWhenPwdOk(user)) {
long between = (begin - end) / 1000; Date date = new Date();
long hour2 = (hour1 - between) % (24 * 3600) / 3600; long hour1 = 2 * 60 * 60;
long minute = (hour1 - between) % 3600 / 60; long begin = date.getTime();
long second = (hour1 - between) % 60; long end = user.getLastLoginTime().getTime();
if (between < hour1) { long between = (begin - end) / 1000;
this.renderJson(Ret.fail("msg", "您的账户还剩" + hour2 + "小时" + minute + "分" + second + "秒才可登录!")); long hour2 = (hour1 - between) % (24 * 3600) / 3600;
return; long minute = (hour1 - between) % 3600 / 60;
} long second = (hour1 - between) % 60;
} if (between < hour1) {
} this.renderJson(Ret.fail("msg", "您的账户还剩" + hour2 + "小时" + minute + "分" + second + "秒才可登录!"));
return;
if (!"admin".equals(user.getUsername())) { }
Integer noLockedRolesCount = Db.queryInt(Db.getSql("hasNoLockedRolesCount"), user.getUsername()); }
boolean noLockedRolesFlag = noLockedRolesCount != null && (noLockedRolesCount > 0); }
if (!noLockedRolesFlag) {
this.renderJson(Ret.fail("msg", "拥有的角色全部被锁定,不能登录系统了。")); if (!"admin".equals(user.getUsername())) {
logService.saveAsLog("login", "登录失败,原因:该用户拥有的角色全部被锁定", FinalStringUtil.QUERY); Integer noLockedRolesCount = Db.queryInt(Db.getSql("hasNoLockedRolesCount"), user.getUsername());
return; boolean noLockedRolesFlag = noLockedRolesCount != null && (noLockedRolesCount > 0);
} if (!noLockedRolesFlag) {
} this.renderJson(Ret.fail("msg", "拥有的角色全部被锁定,不能登录系统了。"));
logService.saveAsLog("login", "登录失败,原因:该用户拥有的角色全部被锁定", FinalStringUtil.QUERY);
System system = InfoSystem.getSystem(app); return;
if (system == null) { }
this.renderJson(Ret.fail("msg", "没有找到应用:" + app)); }
logService.saveAsLog("login", "登录失败,原因:没有找到应用" + app, FinalStringUtil.QUERY);
return; System system = InfoSystem.getSystem(app);
} if (system == null) {
if (StrKit.isBlank(system.getPrivatekey()) || StrKit.isBlank(system.getKeyid())) { this.renderJson(Ret.fail("msg", "没有找到应用:" + app));
this.renderJson(Ret.fail("msg", "没有找到应用的密钥:" + app)); logService.saveAsLog("login", "登录失败,原因:没有找到应用" + app, FinalStringUtil.QUERY);
logService.saveAsLog("login", "登录失败,原因:没有找到应用的密钥" + app, FinalStringUtil.QUERY); return;
return; }
} if (StrKit.isBlank(system.getPrivatekey()) || StrKit.isBlank(system.getKeyid())) {
this.renderJson(Ret.fail("msg", "没有找到应用的密钥:" + app));
//查询用户是否有该系统的权限 logService.saveAsLog("login", "登录失败,原因:没有找到应用的密钥" + app, FinalStringUtil.QUERY);
// boolean homeAuth = userService.checkUserSystemPermission(user.getId(), app); return;
// if (!homeAuth) { }
// this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
// logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:您没有权限登录此系统" + app, //查询用户是否有该系统的权限
// app); // boolean homeAuth = userService.checkUserSystemPermission(user.getId(), app);
// return; // if (!homeAuth) {
// } // this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
// logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:您没有权限登录此系统" + app,
List<System> systemList = userService.findSystemWithUserPermission(user.getId()); // app);
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 start */ // return;
if (!"admin".equals(user.getUsername())) { // }
if ((systemList == null || systemList.isEmpty())) {
this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统")); List<System> systemList = userService.findSystemWithUserPermission(user.getId());
logService.saveAsLog("login", /** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 start */
"登录失败,原因:您没有权限登录此系统" + app, FinalStringUtil.QUERY); if (!"admin".equals(user.getUsername())) {
return; if ((systemList == null || systemList.isEmpty())) {
} this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
logService.saveAsLog("login",
Optional<System> systemOptional = userService.getSystemByName(app, systemList); "登录失败,原因:您没有权限登录此系统" + app, FinalStringUtil.QUERY);
if (!systemOptional.isPresent()) {// 没有当前系统的权限 return;
system = systemList.get(0); }
app = system.getName();
callback = system.getUrl(); Optional<System> systemOptional = userService.getSystemByName(app, systemList);
} if (!systemOptional.isPresent()) {// 没有当前系统的权限
} system = systemList.get(0);
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 end */ app = system.getName();
callback = system.getUrl();
try { }
String jws = Jwts.builder() }
// 设置密匙ID /** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 end */
.setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 赋予应用 try {
.setSubject(app) String jws = Jwts.builder()
// 签发时间 // 设置密匙ID
.setIssuedAt(new Date()) .setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 超期时间 // 赋予应用
.setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION)) .setSubject(app)
// 用户名 // 签发时间
.claim("name", username).claim("ip", JwtInterceptor.getIpAddr(getRequest())) .setIssuedAt(new Date())
// 签名 // 超期时间
.signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact(); .setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION))
// 用户名
if (errorcount != null && errorcount != 0) { .claim("name", username).claim("ip", JwtInterceptor.getIpAddr(getRequest()))
this.setErrZero(user); // 签名
} .signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact();
Boolean aBoolean = userService.verifyPassword(verify); if (errorcount != null && errorcount != 0) {
this.renderJson(Ret.ok("token", jws).set("callback", callback).set("verify",aBoolean)); this.setErrZero(user);
logService.saveAsLog("login", username + "登录" + app + "成功", FinalStringUtil.QUERY); }
/**
* 20200706 lidecai 将用户信息保存到Redis end Boolean aBoolean = userService.verifyPassword(verify);
*/ this.renderJson(Ret.ok("token", jws).set("callback", callback).set("verify",aBoolean));
} catch (Exception e) { logService.saveAsLog("login", username + "登录" + app + "成功", FinalStringUtil.QUERY);
log.error("生成登录票据失败", e); /**
this.renderJson(Ret.fail("msg", "生成登录票据失败")); * 20200706 lidecai 将用户信息保存到Redis end
logService.saveAsLog("login", "生成登录票据失败", FinalStringUtil.QUERY); */
} } catch (Exception e) {
} log.error("生成登录票据失败", e);
this.renderJson(Ret.fail("msg", "生成登录票据失败"));
/** logService.saveAsLog("login", "生成登录票据失败", FinalStringUtil.QUERY);
* LiuKexin 20210310 登录前先获取设置首页的信息 }
*/ }
@Clear
public void getUserHome() { /**
String username = this.getPara("username"); * LiuKexin 20210310 登录前先获取设置首页的信息
Record findUser = Db.findById("AS_USER", "username", username); */
if (null == findUser) { @Clear
renderJson(Ret.fail()); public void getUserHome() {
return; String username = this.getPara("username");
} Record findUser = Db.findById("AS_USER", "username", username);
Record findUserHome = Db.findById("AS_USER_HOME", "user_id", findUser.getInt("ID")); if (null == findUser) {
if (null == findUserHome) { renderJson(Ret.fail());
renderJson(Ret.fail()); return;
return; }
} Record findUserHome = Db.findById("AS_USER_HOME", "user_id", findUser.getInt("ID"));
renderJson(Ret.ok("app", findUserHome.getStr("system")).set("callback", findUserHome.getStr("home_url"))); if (null == findUserHome) {
} renderJson(Ret.fail());
return;
/** }
* @Description: 验证密码强度 renderJson(Ret.ok("app", findUserHome.getStr("system")).set("callback", findUserHome.getStr("home_url")));
* @authorAndDate: ChengYaqing create on 2020/10/30 10:38 }
* @return void
*/ /**
@Clear * @Description: 验证密码强度
public void verifyPassword() { * @authorAndDate: ChengYaqing create on 2020/10/30 10:38
String password = getPara("password"); * @return void
if(password==null||"".equals(password)||"null".equals(password)) { */
renderJson(Ret.fail("msg","密码不能为空")); @Clear
return; public void verifyPassword() {
} String password = getPara("password");
try { if(password==null||"".equals(password)||"null".equals(password)) {
password = decrypt(password); renderJson(Ret.fail("msg","密码不能为空"));
} catch (Exception e1) { return;
e1.printStackTrace(); }
password = this.getPara("password"); try {
} password = decrypt(password);
try { } catch (Exception e1) {
String verify = userService.verifyPasswordInfo(password); e1.printStackTrace();
if("".equals(verify)) { password = this.getPara("password");
renderJson(Ret.ok()); }
} else { try {
renderJson(Ret.fail("msg",verify)); String verify = userService.verifyPasswordInfo(password);
} if("".equals(verify)) {
} catch (Exception e) { renderJson(Ret.ok());
renderJson(Ret.fail("error",e.getMessage())); } else {
} renderJson(Ret.fail("msg",verify));
} }
} catch (Exception e) {
// 密码正确时错误次数清零 renderJson(Ret.fail("error",e.getMessage()));
private void setErrZero(User user) { }
Db.update(Db.getSqlPara("updateForOk", Kv.by("id", user.getId()))); }
}
// 密码正确时错误次数清零
//密码错误时判断错误次数是否为5次 private void setErrZero(User user) {
private boolean checkErrorCount(User user) { Db.update(Db.getSqlPara("updateForOk", Kv.by("id", user.getId())));
Kv cond = Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes); }
List<Record> currentList = Db.find(Db.getSqlPara("getErrorCount", cond));
int currentNum = 0; //密码错误时判断错误次数是否为5次
for (Record record : currentList) { private boolean checkErrorCount(User user) {
currentNum = Integer.parseInt(record.get("flag").toString()); Kv cond = Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes);
} List<Record> currentList = Db.find(Db.getSqlPara("getErrorCount", cond));
if (currentNum >= permitLoginTimes) { int currentNum = 0;
return true; for (Record record : currentList) {
} else { currentNum = Integer.parseInt(record.get("flag").toString());
//执行+1或=1的操作 }
Db.update(Db.getSqlPara("updateForErr", cond)); if (currentNum >= permitLoginTimes) {
//同步到redis ChengYaqing 20210224 return true;
User byId = User.dao.findById(user.getId()); } else {
InfoUser.saveUser(byId); //执行+1或=1的操作
return false; Db.update(Db.getSqlPara("updateForErr", cond));
} //同步到redis ChengYaqing 20210224
} User byId = User.dao.findById(user.getId());
InfoUser.saveUser(byId);
//密码正确时判断次数和锁定时间是否在指定范围内 return false;
private boolean checkWhenPwdOk(User user) { }
List<Record> currentList = Db.find(Db.getSqlPara("checkWhenPwdOk", }
Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes)));
int currentNum = 0; //密码正确时判断次数和锁定时间是否在指定范围内
if (currentList == null || currentList.size() == 0) { private boolean checkWhenPwdOk(User user) {
return true; List<Record> currentList = Db.find(Db.getSqlPara("checkWhenPwdOk",
} Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes)));
for (Record record : currentList) { int currentNum = 0;
currentNum = Integer.parseInt(record.get("flag").toString()); if (currentList == null || currentList.size() == 0) {
} return true;
if (currentNum >= permitLoginTimes) { }
return false; for (Record record : currentList) {
} else { currentNum = Integer.parseInt(record.get("flag").toString());
return true; }
} if (currentNum >= permitLoginTimes) {
} return false;
} else {
/** return true;
* 通过门户系统单点登录 }
* }
* @author Guo XJ
* @date 2019-12-13 15:08:00 /**
*/ * 通过门户系统单点登录
public void ssoByPortalSystem() { *
try { * @author Guo XJ
//获取app * @date 2019-12-13 15:08:00
String app = getPara("app", null); */
if (app == null) { public void ssoByPortalSystem() {
renderJson(Ret.fail("msg", "获取服务信息失败")); try {
return; //获取app
} String app = getPara("app", null);
//获取到门户系统的Token if (app == null) {
String ssotoken = getPara("ssotoken"); renderJson(Ret.fail("msg", "获取服务信息失败"));
//获取到personCode(用户唯一标识) return;
SsoToken st = new SsoToken(); }
st.initialise(ssotoken); //获取到门户系统的Token
String personCode = st.getTokenId(); String ssotoken = getPara("ssotoken");
//获取用户 //获取到personCode(用户唯一标识)
Record user = userService.getUserInfoByPersonCode(personCode); SsoToken st = new SsoToken();
System system = System.dao.template("getSystemPrivatekey", app).findFirst(); st.initialise(ssotoken);
if (system == null) { String personCode = st.getTokenId();
renderJson(Ret.fail("msg", "获取服务信息失败")); //获取用户
return; Record user = userService.getUserInfoByPersonCode(personCode);
} System system = System.dao.template("getSystemPrivatekey", app).findFirst();
//判断用户是否存在 if (system == null) {
if (user != null && user.getStr("username") != null) { renderJson(Ret.fail("msg", "获取服务信息失败"));
String jws = Jwts.builder() return;
// 设置密匙ID }
.setHeaderParam(JwsHeader.KEY_ID, system.getKeyid()) //判断用户是否存在
// 赋予应用 if (user != null && user.getStr("username") != null) {
.setSubject(app) String jws = Jwts.builder()
// 签发时间 // 设置密匙ID
.setIssuedAt(new Date()) .setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 超期时间 // 赋予应用
.setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION)) .setSubject(app)
// 用户名 // 签发时间
.claim("name", user.getStr("username")).claim("ip", JwtInterceptor.getIpAddr(getRequest())) .setIssuedAt(new Date())
// 签名 // 超期时间
.signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact(); .setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION))
this.renderJson(Ret.ok("token", jws)); // 用户名
return; .claim("name", user.getStr("username")).claim("ip", JwtInterceptor.getIpAddr(getRequest()))
} else { // 签名
this.renderJson(Ret.fail("msg", "没有找到当前用户")); .signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact();
return; this.renderJson(Ret.ok("token", jws));
} return;
} catch (Exception e) { } else {
// TODO: handle exception this.renderJson(Ret.fail("msg", "没有找到当前用户"));
e.printStackTrace(); return;
this.renderJson(Ret.fail("msg", "登录出错!")); }
} } catch (Exception e) {
// TODO: handle exception
} e.printStackTrace();
this.renderJson(Ret.fail("msg", "登录出错!"));
/** }
* 根据邮政门户传回的code 获取用户信息
* }
* @Title: getUserInfoForH5
* @author LDC /**
* @date 2019-11-19 03:22:34 * 根据邮政门户传回的code 获取用户信息
*/ *
@Clear * @Title: getUserInfoForH5
public void getUserInfoForH5() { * @author LDC
String code = getPara("code", null); * @date 2019-11-19 03:22:34
if (code == null) { */
renderJson(Ret.fail("msg", "获取用户信息失败")); @Clear
return; public void getUserInfoForH5() {
} String code = getPara("code", null);
if (code == null) {
String app = getPara("app", null); renderJson(Ret.fail("msg", "获取用户信息失败"));
if (app == null) { return;
renderJson(Ret.fail("msg", "获取服务信息失败")); }
return;
} String app = getPara("app", null);
if (app == null) {
Map<String, String> paramMap = new LinkedHashMap<String, String>(); renderJson(Ret.fail("msg", "获取服务信息失败"));
paramMap.put("client_id", "MmEepJkH7Hiz7EtS"); return;
paramMap.put("code", code); }
paramMap.put("state", "1");
paramMap.put("grant_type", "authorization_code"); Map<String, String> paramMap = new LinkedHashMap<String, String>();
paramMap.put("scope", "scope"); paramMap.put("client_id", "MmEepJkH7Hiz7EtS");
paramMap.put("redirect_uri", PropKit.get("redirect_uri")); paramMap.put("code", code);
paramMap.put("state", "1");
Iterator<Entry<String, String>> entrySet = paramMap.entrySet().iterator(); paramMap.put("grant_type", "authorization_code");
StringBuilder builder = new StringBuilder(); paramMap.put("scope", "scope");
while (entrySet.hasNext()) { paramMap.put("redirect_uri", PropKit.get("redirect_uri"));
Entry<String, String> next = entrySet.next();
builder.append(next.getKey()).append("=").append(next.getValue()).append("&"); Iterator<Entry<String, String>> entrySet = paramMap.entrySet().iterator();
} StringBuilder builder = new StringBuilder();
while (entrySet.hasNext()) {
String param = builder.deleteCharAt(builder.length() - 1).toString(); Entry<String, String> next = entrySet.next();
Kv header = Kv.by("Content-type", "application/x-www-form-urlencoded"); builder.append(next.getKey()).append("=").append(next.getValue()).append("&");
String result = HttpRequestUtil.sendPost(PropKit.get("authUrl"), param,header); }
Kv parseObject = JSON.parseObject(result, Kv.class);
Object access_token = parseObject.get("access_token"); String param = builder.deleteCharAt(builder.length() - 1).toString();
if (access_token == null) { Kv header = Kv.by("Content-type", "application/x-www-form-urlencoded");
renderJson(Ret.fail("msg", "获取授权失败,请重新登录")); String result = HttpRequestUtil.sendPost(PropKit.get("authUrl"), param,header);
return; Kv parseObject = JSON.parseObject(result, Kv.class);
} Object access_token = parseObject.get("access_token");
String sendPost = HttpRequestUtil.sendPost(PropKit.get("userInfoUrl"), if (access_token == null) {
"access_token=" + access_token.toString(),header); renderJson(Ret.fail("msg", "获取授权失败,请重新登录"));
Kv userObj = JSON.parseObject(sendPost, Kv.class); return;
Object uuid = userObj.get("uuid"); }
if (uuid == null) { String sendPost = HttpRequestUtil.sendPost(PropKit.get("userInfoUrl"),
renderJson(Ret.fail("msg", "获取用户信息失败")); "access_token=" + access_token.toString(),header);
return; Kv userObj = JSON.parseObject(sendPost, Kv.class);
} Object uuid = userObj.get("uuid");
System system = System.dao.template("getSystemPrivatekey", app).findFirst(); if (uuid == null) {
if (system == null) { renderJson(Ret.fail("msg", "获取用户信息失败"));
renderJson(Ret.fail("msg", "获取服务信息失败")); return;
return; }
} System system = System.dao.template("getSystemPrivatekey", app).findFirst();
Record userInfo = Db.findById("AS_USER", "UUID", uuid.toString()); if (system == null) {
if (userInfo == null) { renderJson(Ret.fail("msg", "获取服务信息失败"));
renderJson(Ret.fail("msg", "没有找到当前用户")); return;
return; }
} Record userInfo = Db.findById("AS_USER", "UUID", uuid.toString());
String userName = userInfo.getStr("USERNAME"); if (userInfo == null) {
if (userName == null) { renderJson(Ret.fail("msg", "没有找到当前用户"));
renderJson(Ret.fail("msg", "获取用户名失败")); return;
return; }
} String userName = userInfo.getStr("USERNAME");
try { if (userName == null) {
String jws = Jwts.builder() renderJson(Ret.fail("msg", "获取用户名失败"));
// 设置密匙ID return;
.setHeaderParam(JwsHeader.KEY_ID, system.getKeyid()) }
// 赋予应用 try {
.setSubject(app) String jws = Jwts.builder()
// 签发时间 // 设置密匙ID
.setIssuedAt(new Date()) .setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 超期时间 // 赋予应用
.setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION)) .setSubject(app)
// 用户名 // 签发时间
.claim("name", userName).claim("ip", JwtInterceptor.getIpAddr(getRequest())) .setIssuedAt(new Date())
// 签名 // 超期时间
.signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact(); .setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION))
this.renderJson(Ret.ok("token", jws)); // 用户名
logService.saveAsLog("login", userName + "登录" + app + "成功", FinalStringUtil.QUERY); .claim("name", userName).claim("ip", JwtInterceptor.getIpAddr(getRequest()))
} catch (Exception e) { // 签名
log.error("生成登录票据失败", e); .signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact();
this.renderJson(Ret.fail("msg", "生成登录票据失败")); this.renderJson(Ret.ok("token", jws));
logService.saveAsLog("login", "生成登录票据失败", FinalStringUtil.QUERY); logService.saveAsLog("login", userName + "登录" + app + "成功", FinalStringUtil.QUERY);
} } catch (Exception e) {
} log.error("生成登录票据失败", e);
this.renderJson(Ret.fail("msg", "生成登录票据失败"));
/** logService.saveAsLog("login", "生成登录票据失败", FinalStringUtil.QUERY);
* 退出系统,清空Redis 中的用户信息 }
* @Time:2020年7月6日 - 下午5:19:58 }
* @author:李德才
* @param: /**
* @return: void * 退出系统,清空Redis 中的用户信息
* @throws * @Time:2020年7月6日 - 下午5:19:58
*/ * @author:李德才
public void loginOut() { * @param:
String userName = getAttrForStr("username"); * @return: void
Redis.use().del(userName + "_INFO"); * @throws
renderJson(Ret.ok()); */
} public void loginOut() {
String userName = getAttrForStr("username");
Redis.use().del(userName + "_INFO");
} renderJson(Ret.ok());
}
}
package com.archser.aserver.util;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.xerces.impl.dv.util.Base64;
/**
*
* @ClassName: AesEncryptUtil
* @Description:
* @author liukexin
* @date 2021-1-19 15:49:56
*/
public class AesEncryptUtil {
/***
* key和iv值可以随机生成
*/
private static String KEY = "1234567890123456";
private static String IV = "1234567890123456";
// /***
// * 加密
// * @param data 要加密的数据
// * @return encrypt
// */
// public static String encrypt(String data){
// return encrypt(data, KEY, IV);
// }
/***
* param data 需要解密的数据
* 调用desEncrypt()方法
*/
public static String desEncrypt(String data){
return desEncrypt(data, KEY, IV);
}
// /**
// * 加密方法
// * @param data 要加密的数据
// * @param key 加密key
// * @param iv 加密iv
// * @return 加密的结果
//
// */
// private static String encrypt(String data, String key, String iv){
// try {
// //"算法/模式/补码方式"NoPadding PkcsPadding
// Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
// int blockSize = cipher.getBlockSize();
//
// byte[] dataBytes = data.getBytes();
// int plaintextLength = dataBytes.length;
// if (plaintextLength % blockSize != 0) {
// plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
// }
//
// byte[] plaintext = new byte[plaintextLength];
// System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
//
// SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
// IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
//
// cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
// byte[] encrypted = cipher.doFinal(plaintext);
//
// return new Base64().encodeToString(encrypted);
//
// } catch (Exception e) {
// e.printStackTrace();
// return null;
// }
// }
/**
* 解密方法
* @param data 要解密的数据
* @param key 解密key
* @param iv 解密iv
* @return 解密的结果
*/
private static String desEncrypt(String data, String key, String iv){
try {
byte[] encrypted1 = new Base64().decode(data);
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] original = cipher.doFinal(encrypted1);
return new String(original).trim();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment