Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
aserver
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
15所TongWeb
aserver
Commits
cc0c82c6
Commit
cc0c82c6
authored
Nov 08, 2020
by
胡文斌
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
修改消息跳转
parent
94e0a86f
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
591 additions
and
512 deletions
+591
-512
IndexController.java
.../java/com/archser/aserver/controller/IndexController.java
+510
-510
SystemController.java
...java/com/archser/aserver/controller/SystemController.java
+14
-2
JwtUtils.java
src/main/java/com/archser/aserver/util/JwtUtils.java
+67
-0
No files found.
src/main/java/com/archser/aserver/controller/IndexController.java
View file @
cc0c82c6
package
com
.
archser
.
aserver
.
controller
;
import
java.math.BigInteger
;
import
java.util.Date
;
import
java.util.HashMap
;
import
java.util.Iterator
;
import
java.util.LinkedHashMap
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Map.Entry
;
import
java.util.Optional
;
import
org.bouncycastle.crypto.InvalidCipherTextException
;
import
org.bouncycastle.crypto.params.ECPrivateKeyParameters
;
import
org.bouncycastle.pqc.math.linearalgebra.ByteUtils
;
import
com.alibaba.fastjson.JSON
;
import
com.archser.aserver.interceptor.JwtInterceptor
;
import
com.archser.aserver.model.System
;
import
com.archser.aserver.model.User
;
import
com.archser.aserver.service.LogService
;
import
com.archser.aserver.service.UserService
;
import
com.archser.aserver.util.HttpRequestUtil
;
import
com.archser.aserver.util.KeysUtil
;
import
com.archser.aserver.util.gm.BCECUtil
;
import
com.archser.aserver.util.gm.SM2Util
;
import
com.jfinal.aop.Clear
;
import
com.jfinal.aop.Inject
;
import
com.jfinal.core.Controller
;
import
com.jfinal.kit.HashKit
;
import
com.jfinal.kit.Kv
;
import
com.jfinal.kit.PropKit
;
import
com.jfinal.kit.Ret
;
import
com.jfinal.kit.StrKit
;
import
com.jfinal.log.Log
;
import
com.jfinal.plugin.activerecord.Db
;
import
com.jfinal.plugin.activerecord.Record
;
import
com.jfinal.plugin.redis.Redis
;
import
com.spbportal.sso.SsoToken
;
import
io.jsonwebtoken.JwsHeader
;
import
io.jsonwebtoken.Jwts
;
import
io.jsonwebtoken.SignatureAlgorithm
;
/**
* IndexController 指向系统访问首页
*
* @author jbolt.cn
* @email 909854136@qq.com
* @date 2018年11月4日 下午9:02:52
*/
public
class
IndexController
extends
Controller
{
/**
* 登陆用户名,密码解密
*/
public
static
final
String
PRIVATE_KEY_D
=
"38627fffe8003e6d2faa76d4eae2f74fd9cd7be257ab36c356c4f01bbc17e41d"
;
public
static
final
ECPrivateKeyParameters
USER_PRIVATE_KEY
=
BCECUtil
.
createECPrivateKeyParameters
(
new
BigInteger
(
ByteUtils
.
fromHexString
(
PRIVATE_KEY_D
)),
SM2Util
.
DOMAIN_PARAMS
);
private
static
Log
log
=
Log
.
getLog
(
IndexController
.
class
);
/**
* 超期时间:24小时,即:24 * 60 * 60 * 1000
*/
p
rivate
static
int
EXPIRATION
=
24
*
60
*
60
*
1000
;
private
static
int
permitLoginTimes
=
5
;
// 允许登陆次数
private
static
int
hour
=
2
;
// 两小时内不可登录
@Inject
private
LogService
logService
;
@Inject
private
UserService
userService
;
/**
* 首页Action
*/
public
void
index
()
{
render
(
"index.html"
);
}
/**
* 修改密码
*/
public
void
updatePassword
()
{
String
username
=
this
.
getPara
(
"username"
);
String
password
=
this
.
getPara
(
"newPwd"
);
password
=
HashKit
.
sha256
(
password
);
int
a
=
userService
.
updatePwd
(
password
,
username
);
if
(
a
==
0
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"修改失败"
));
logService
.
saveAsLog
(
"operate"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
username
+
"修改密码操作:修改密码失败"
,
"aserver"
);
return
;
}
this
.
renderJson
(
Ret
.
ok
(
"msg"
,
"修改成功"
));
logService
.
saveAsLog
(
"operate"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
username
+
"修改密码操作:修改密码成功"
,
"aserver"
);
}
private
String
decrypt
(
String
sm2Cipher
)
throws
InvalidCipherTextException
{
return
new
String
(
SM2Util
.
decrypt
(
USER_PRIVATE_KEY
,
ByteUtils
.
fromHexString
(
"04"
+
sm2Cipher
)));
}
/**
* 登录验证
*/
@Clear
(
JwtInterceptor
.
class
)
// @Before(LoginValidator.class)
public
void
login
()
{
String
app
=
this
.
getPara
(
"app"
);
String
username
=
this
.
getPara
(
"username"
);
String
password
=
this
.
getPara
(
"password"
);
String
callback
=
this
.
getPara
(
"callback"
);
// 解密用户名和密码
try
{
username
=
decrypt
(
username
);
password
=
decrypt
(
password
);
}
catch
(
Exception
e1
)
{
e1
.
printStackTrace
();
username
=
this
.
getPara
(
"username"
);
password
=
this
.
getPara
(
"password"
);
}
//校验密码是否符合强度设置
String
verify
=
password
;
password
=
HashKit
.
sha256
(
password
);
User
user
=
User
.
dao
.
template
(
"getUser"
,
username
).
findFirst
();
if
(
user
==
null
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"用户名或密码不存在: "
+
username
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"该用户非本系统用户正在非法登录"
,
app
);
return
;
}
// 一旦开启三员 admin用户不能使用
if
(
"admin"
.
equals
(
user
.
getUsername
()))
{
Integer
userCount
=
Db
.
queryInt
(
Db
.
getSql
(
"hasThreeMemberUsersCount"
));
boolean
isExistThreeMemberUsers
=
userCount
==
null
?
false
:
(
userCount
.
intValue
()
>
0
?
true
:
false
);
if
(
isExistThreeMemberUsers
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"已开启三员管理,admin失效了。"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:已开启三员管理"
,
app
);
return
;
}
}
if
(
Integer
.
valueOf
(
user
.
getLocked
())
==
1
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"当前账户已被锁定"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:该用户已被锁定"
,
app
);
return
;
}
if
(!
password
.
equals
(
user
.
getPassword
()))
{
if
(
this
.
checkErrorCount
(
user
))
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"您的错误次数已达5次以上,请稍后再试!"
));
return
;
}
else
{
int
errorCount
=
permitLoginTimes
-
(
user
.
getErrorcount
()
==
null
?
0
:
user
.
getErrorcount
())
-
1
;
if
(
user
.
getErrorcount
()
==
4
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"用户名或密码验证失败,您的账户于两小时后才可登录!"
));
return
;
}
else
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"用户名或密码验证失败,您还有"
+
errorCount
+
"次机会!"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:密码验证错误"
,
app
);
return
;
}
}
}
Integer
errorcount
=
user
.
getErrorcount
();
if
(
errorcount
!=
null
&&
errorcount
!=
0
)
{
if
(!
this
.
checkWhenPwdOk
(
user
))
{
Date
date
=
new
Date
();
long
hour1
=
2
*
60
*
60
;
long
begin
=
date
.
getTime
();
long
end
=
user
.
getLastLoginTime
().
getTime
();
long
between
=
(
begin
-
end
)
/
1000
;
long
hour2
=
(
hour1
-
between
)
%
(
24
*
3600
)
/
3600
;
long
minute
=
(
hour1
-
between
)
%
3600
/
60
;
long
second
=
(
hour1
-
between
)
%
60
;
if
(
between
<
hour1
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"您的账户还剩"
+
hour2
+
"小时"
+
minute
+
"分"
+
second
+
"秒才可登录!"
));
return
;
}
}
}
if
(!
"admin"
.
equals
(
user
.
getUsername
()))
{
Integer
noLockedRolesCount
=
Db
.
queryInt
(
Db
.
getSql
(
"hasNoLockedRolesCount"
),
user
.
getUsername
());
boolean
noLockedRolesFlag
=
noLockedRolesCount
==
null
?
false
:
(
noLockedRolesCount
.
intValue
()
>
0
?
true
:
false
);
if
(!
noLockedRolesFlag
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"拥有的角色全部被锁定,不能登录系统了。"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:该用户拥有的角色全部被锁定"
,
app
);
return
;
}
}
System
system
=
System
.
dao
.
template
(
"getSystemPrivatekey"
,
app
).
findFirst
();
if
(
system
==
null
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到应用:"
+
app
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:没有找到应用"
+
app
,
app
);
return
;
}
if
(
StrKit
.
isBlank
(
system
.
getPrivatekey
())
||
StrKit
.
isBlank
(
system
.
getKeyid
()))
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到应用的密钥:"
+
app
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:没有找到应用的密钥"
+
app
,
app
);
return
;
}
//查询用户是否有该系统的权限
// boolean homeAuth = userService.checkUserSystemPermission(user.getId(), app);
// if (!homeAuth) {
// this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
// logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:您没有权限登录此系统" + app,
// app);
// return;
// }
List
<
System
>
systemList
=
userService
.
findSystemWithUserPermission
(
user
.
getId
());
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 start */
if
(!
"admin"
.
equals
(
user
.
getUsername
()))
{
if
((
systemList
==
null
||
systemList
.
isEmpty
()))
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"您没有权限登录"
+
system
.
getTitle
()
+
"系统"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:您没有权限登录此系统"
+
app
,
app
);
return
;
}
Optional
<
System
>
systemOptional
=
userService
.
getSystemByName
(
app
,
systemList
);
if
(!
systemOptional
.
isPresent
())
{
// 没有当前系统的权限
system
=
systemList
.
get
(
0
);
app
=
system
.
getName
();
callback
=
system
.
getUrl
();
}
}
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 end */
try
{
String
jws
=
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
system
.
getKeyid
())
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
username
).
claim
(
"ip"
,
JwtInterceptor
.
getIpAddr
(
getRequest
()))
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
system
.
getPrivatekey
()),
SignatureAlgorithm
.
RS256
).
compact
();
if
(
errorcount
!=
null
&&
errorcount
!=
0
)
{
this
.
setErrZero
(
user
);
}
/**
* 20200706 lidecai 将用户信息保存到Redis start
*/
Map
<
Object
,
Object
>
userInfo
=
new
HashMap
<>();
Iterator
<
Entry
<
String
,
Object
>>
userIterator
=
user
.
_getAttrsEntrySet
().
iterator
();
Entry
<
String
,
Object
>
nextAttr
=
null
;
while
(
userIterator
.
hasNext
())
{
nextAttr
=
userIterator
.
next
();
userInfo
.
put
(
nextAttr
.
getKey
().
trim
().
toLowerCase
(),
nextAttr
.
getValue
());
}
try
{
Redis
.
use
().
hmset
(
username
+
"_INFO"
,
userInfo
);
// 设置过期时间
Redis
.
use
().
expire
(
username
,
60
*
60
*
24
);
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
Boolean
aBoolean
=
userService
.
verifyPassword
(
verify
);
this
.
renderJson
(
Ret
.
ok
(
"token"
,
jws
).
set
(
"callback"
,
callback
).
set
(
"verify"
,
aBoolean
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
username
+
"登录"
+
app
+
"成功"
,
app
);
/**
* 20200706 lidecai 将用户信息保存到Redis end
*/
}
catch
(
Exception
e
)
{
log
.
error
(
"生成登录票据失败"
,
e
);
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"生成登录票据失败"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"生成登录票据失败"
,
app
);
}
}
/**
* @Description: 验证密码强度
* @authorAndDate: ChengYaqing create on 2020/10/30 10:38
* @return void
*/
public
void
verifyPassword
()
{
String
password
=
getPara
(
"password"
);
if
(
password
==
null
||
""
.
equals
(
password
)||
"null"
.
equals
(
password
))
{
renderJson
(
Ret
.
fail
(
"msg"
,
"密码不能为空"
));
return
;
}
try
{
password
=
decrypt
(
password
);
}
catch
(
Exception
e1
)
{
e1
.
printStackTrace
();
password
=
this
.
getPara
(
"password"
);
}
try
{
String
verify
=
userService
.
verifyPasswordInfo
(
password
);
if
(
""
.
equals
(
verify
))
{
renderJson
(
Ret
.
ok
());
}
else
{
renderJson
(
Ret
.
fail
(
"msg"
,
verify
));
}
}
catch
(
Exception
e
)
{
renderJson
(
Ret
.
fail
(
"error"
,
e
.
getMessage
()));
}
}
// 密码正确时错误次数清零
private
void
setErrZero
(
User
user
)
{
Db
.
update
(
Db
.
getSqlPara
(
"updateForOk"
,
Kv
.
by
(
"id"
,
user
.
getId
())));
}
//密码错误时判断错误次数是否为5次
private
boolean
checkErrorCount
(
User
user
)
{
Kv
cond
=
Kv
.
by
(
"id"
,
user
.
getId
()).
set
(
"hour"
,
hour
).
set
(
"permitLoginTimes"
,
permitLoginTimes
);
List
<
Record
>
currentList
=
Db
.
find
(
Db
.
getSqlPara
(
"getErrorCount"
,
cond
));
int
currentNum
=
0
;
for
(
Record
record
:
currentList
)
{
currentNum
=
Integer
.
parseInt
(
record
.
get
(
"flag"
).
toString
());
}
if
(
currentNum
>=
permitLoginTimes
)
{
return
true
;
}
else
{
//执行+1或=1的操作
Db
.
update
(
Db
.
getSqlPara
(
"updateForErr"
,
cond
));
return
false
;
}
}
//密码正确时判断次数和锁定时间是否在指定范围内
private
boolean
checkWhenPwdOk
(
User
user
)
{
List
<
Record
>
currentList
=
Db
.
find
(
Db
.
getSqlPara
(
"checkWhenPwdOk"
,
Kv
.
by
(
"id"
,
user
.
getId
()).
set
(
"hour"
,
hour
).
set
(
"permitLoginTimes"
,
permitLoginTimes
)));
int
currentNum
=
0
;
if
(
currentList
==
null
||
currentList
.
size
()
==
0
)
{
return
true
;
}
for
(
Record
record
:
currentList
)
{
currentNum
=
Integer
.
parseInt
(
record
.
get
(
"flag"
).
toString
());
}
if
(
currentNum
>=
permitLoginTimes
)
{
return
false
;
}
else
{
return
true
;
}
}
/**
* 通过门户系统单点登录
*
* @author Guo XJ
* @date 2019-12-13 15:08:00
*/
public
void
ssoByPortalSystem
()
{
try
{
//获取app
String
app
=
getPara
(
"app"
,
null
);
if
(
app
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
//获取到门户系统的Token
String
ssotoken
=
getPara
(
"ssotoken"
);
//获取到personCode(用户唯一标识)
SsoToken
st
=
new
SsoToken
();
st
.
initialise
(
ssotoken
);
String
personCode
=
st
.
getTokenId
();
//获取用户
Record
user
=
userService
.
getUserInfoByPersonCode
(
personCode
);
System
system
=
System
.
dao
.
template
(
"getSystemPrivatekey"
,
app
).
findFirst
();
if
(
system
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
//判断用户是否存在
if
(
user
!=
null
&&
user
.
getStr
(
"username"
)
!=
null
)
{
String
jws
=
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
system
.
getKeyid
())
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
user
.
getStr
(
"username"
)).
claim
(
"ip"
,
JwtInterceptor
.
getIpAddr
(
getRequest
()))
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
system
.
getPrivatekey
()),
SignatureAlgorithm
.
RS256
).
compact
();
this
.
renderJson
(
Ret
.
ok
(
"token"
,
jws
));
return
;
}
else
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到当前用户"
));
return
;
}
}
catch
(
Exception
e
)
{
// TODO: handle exception
e
.
printStackTrace
();
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"登录出错!"
));
}
}
/**
* 根据邮政门户传回的code 获取用户信息
*
* @Title: getUserInfoForH5
* @author LDC
* @date 2019-11-19 03:22:34
*/
@Clear
public
void
getUserInfoForH5
()
{
String
code
=
getPara
(
"code"
,
null
);
if
(
code
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取用户信息失败"
));
return
;
}
String
app
=
getPara
(
"app"
,
null
);
if
(
app
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
Map
<
String
,
String
>
paramMap
=
new
LinkedHashMap
<
String
,
String
>();
paramMap
.
put
(
"client_id"
,
"MmEepJkH7Hiz7EtS"
);
paramMap
.
put
(
"code"
,
code
);
paramMap
.
put
(
"state"
,
"1"
);
paramMap
.
put
(
"grant_type"
,
"authorization_code"
);
paramMap
.
put
(
"scope"
,
"scope"
);
paramMap
.
put
(
"redirect_uri"
,
PropKit
.
get
(
"redirect_uri"
));
Iterator
<
Entry
<
String
,
String
>>
entrySet
=
paramMap
.
entrySet
().
iterator
();
StringBuilder
builder
=
new
StringBuilder
();
while
(
entrySet
.
hasNext
())
{
Entry
<
String
,
String
>
next
=
entrySet
.
next
();
builder
.
append
(
next
.
getKey
()).
append
(
"="
).
append
(
next
.
getValue
()).
append
(
"&"
);
}
String
param
=
builder
.
deleteCharAt
(
builder
.
length
()
-
1
).
toString
();
Kv
header
=
Kv
.
by
(
"Content-type"
,
"application/x-www-form-urlencoded"
);
String
result
=
HttpRequestUtil
.
sendPost
(
PropKit
.
get
(
"authUrl"
),
param
,
header
);
Kv
parseObject
=
JSON
.
parseObject
(
result
,
Kv
.
class
);
Object
access_token
=
parseObject
.
get
(
"access_token"
);
if
(
access_token
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取授权失败,请重新登录"
));
return
;
}
String
sendPost
=
HttpRequestUtil
.
sendPost
(
PropKit
.
get
(
"userInfoUrl"
),
"access_token="
+
access_token
.
toString
(),
header
);
Kv
userObj
=
JSON
.
parseObject
(
sendPost
,
Kv
.
class
);
Object
uuid
=
userObj
.
get
(
"uuid"
);
if
(
uuid
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取用户信息失败"
));
return
;
}
System
system
=
System
.
dao
.
template
(
"getSystemPrivatekey"
,
app
).
findFirst
();
if
(
system
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
Record
userInfo
=
Db
.
findById
(
"AS_USER"
,
"UUID"
,
uuid
.
toString
());
if
(
userInfo
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到当前用户"
));
return
;
}
String
userName
=
userInfo
.
getStr
(
"USERNAME"
);
if
(
userName
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取用户名失败"
));
return
;
}
try
{
String
jws
=
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
system
.
getKeyid
())
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
userName
).
claim
(
"ip"
,
JwtInterceptor
.
getIpAddr
(
getRequest
()))
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
system
.
getPrivatekey
()),
SignatureAlgorithm
.
RS256
).
compact
();
this
.
renderJson
(
Ret
.
ok
(
"token"
,
jws
));
logService
.
saveAsLog
(
"login"
,
userName
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
userName
+
"登录"
+
app
+
"成功"
,
app
);
}
catch
(
Exception
e
)
{
log
.
error
(
"生成登录票据失败"
,
e
);
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"生成登录票据失败"
));
logService
.
saveAsLog
(
"login"
,
userName
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"生成登录票据失败"
,
app
);
}
}
/**
* 退出系统,清空Redis 中的用户信息
* @Time:2020年7月6日 - 下午5:19:58
* @author:李德才
* @param:
* @return: void
* @throws
*/
public
void
loginOut
()
{
String
userName
=
getAttrForStr
(
"username"
);
Redis
.
use
().
del
(
userName
+
"_INFO"
);
renderJson
(
Ret
.
ok
());
}
}
package
com
.
archser
.
aserver
.
controller
;
import
java.math.BigInteger
;
import
java.util.Date
;
import
java.util.HashMap
;
import
java.util.Iterator
;
import
java.util.LinkedHashMap
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Map.Entry
;
import
java.util.Optional
;
import
org.bouncycastle.crypto.InvalidCipherTextException
;
import
org.bouncycastle.crypto.params.ECPrivateKeyParameters
;
import
org.bouncycastle.pqc.math.linearalgebra.ByteUtils
;
import
com.alibaba.fastjson.JSON
;
import
com.archser.aserver.interceptor.JwtInterceptor
;
import
com.archser.aserver.model.System
;
import
com.archser.aserver.model.User
;
import
com.archser.aserver.service.LogService
;
import
com.archser.aserver.service.UserService
;
import
com.archser.aserver.util.HttpRequestUtil
;
import
com.archser.aserver.util.KeysUtil
;
import
com.archser.aserver.util.gm.BCECUtil
;
import
com.archser.aserver.util.gm.SM2Util
;
import
com.jfinal.aop.Clear
;
import
com.jfinal.aop.Inject
;
import
com.jfinal.core.Controller
;
import
com.jfinal.kit.HashKit
;
import
com.jfinal.kit.Kv
;
import
com.jfinal.kit.PropKit
;
import
com.jfinal.kit.Ret
;
import
com.jfinal.kit.StrKit
;
import
com.jfinal.log.Log
;
import
com.jfinal.plugin.activerecord.Db
;
import
com.jfinal.plugin.activerecord.Record
;
import
com.jfinal.plugin.redis.Redis
;
import
com.spbportal.sso.SsoToken
;
import
io.jsonwebtoken.JwsHeader
;
import
io.jsonwebtoken.Jwts
;
import
io.jsonwebtoken.SignatureAlgorithm
;
/**
* IndexController 指向系统访问首页
*
* @author jbolt.cn
* @email 909854136@qq.com
* @date 2018年11月4日 下午9:02:52
*/
public
class
IndexController
extends
Controller
{
/**
* 登陆用户名,密码解密
*/
public
static
final
String
PRIVATE_KEY_D
=
"38627fffe8003e6d2faa76d4eae2f74fd9cd7be257ab36c356c4f01bbc17e41d"
;
public
static
final
ECPrivateKeyParameters
USER_PRIVATE_KEY
=
BCECUtil
.
createECPrivateKeyParameters
(
new
BigInteger
(
ByteUtils
.
fromHexString
(
PRIVATE_KEY_D
)),
SM2Util
.
DOMAIN_PARAMS
);
private
static
Log
log
=
Log
.
getLog
(
IndexController
.
class
);
/**
* 超期时间:24小时,即:24 * 60 * 60 * 1000
*/
p
ublic
static
final
int
EXPIRATION
=
24
*
60
*
60
*
1000
;
private
static
int
permitLoginTimes
=
5
;
// 允许登陆次数
private
static
int
hour
=
2
;
// 两小时内不可登录
@Inject
private
LogService
logService
;
@Inject
private
UserService
userService
;
/**
* 首页Action
*/
public
void
index
()
{
render
(
"index.html"
);
}
/**
* 修改密码
*/
public
void
updatePassword
()
{
String
username
=
this
.
getPara
(
"username"
);
String
password
=
this
.
getPara
(
"newPwd"
);
password
=
HashKit
.
sha256
(
password
);
int
a
=
userService
.
updatePwd
(
password
,
username
);
if
(
a
==
0
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"修改失败"
));
logService
.
saveAsLog
(
"operate"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
username
+
"修改密码操作:修改密码失败"
,
"aserver"
);
return
;
}
this
.
renderJson
(
Ret
.
ok
(
"msg"
,
"修改成功"
));
logService
.
saveAsLog
(
"operate"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
username
+
"修改密码操作:修改密码成功"
,
"aserver"
);
}
private
String
decrypt
(
String
sm2Cipher
)
throws
InvalidCipherTextException
{
return
new
String
(
SM2Util
.
decrypt
(
USER_PRIVATE_KEY
,
ByteUtils
.
fromHexString
(
"04"
+
sm2Cipher
)));
}
/**
* 登录验证
*/
@Clear
(
JwtInterceptor
.
class
)
// @Before(LoginValidator.class)
public
void
login
()
{
String
app
=
this
.
getPara
(
"app"
);
String
username
=
this
.
getPara
(
"username"
);
String
password
=
this
.
getPara
(
"password"
);
String
callback
=
this
.
getPara
(
"callback"
);
// 解密用户名和密码
try
{
username
=
decrypt
(
username
);
password
=
decrypt
(
password
);
}
catch
(
Exception
e1
)
{
e1
.
printStackTrace
();
username
=
this
.
getPara
(
"username"
);
password
=
this
.
getPara
(
"password"
);
}
//校验密码是否符合强度设置
String
verify
=
password
;
password
=
HashKit
.
sha256
(
password
);
User
user
=
User
.
dao
.
template
(
"getUser"
,
username
).
findFirst
();
if
(
user
==
null
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"用户名或密码不存在: "
+
username
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"该用户非本系统用户正在非法登录"
,
app
);
return
;
}
// 一旦开启三员 admin用户不能使用
if
(
"admin"
.
equals
(
user
.
getUsername
()))
{
Integer
userCount
=
Db
.
queryInt
(
Db
.
getSql
(
"hasThreeMemberUsersCount"
));
boolean
isExistThreeMemberUsers
=
userCount
==
null
?
false
:
(
userCount
.
intValue
()
>
0
?
true
:
false
);
if
(
isExistThreeMemberUsers
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"已开启三员管理,admin失效了。"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:已开启三员管理"
,
app
);
return
;
}
}
if
(
Integer
.
valueOf
(
user
.
getLocked
())
==
1
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"当前账户已被锁定"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:该用户已被锁定"
,
app
);
return
;
}
if
(!
password
.
equals
(
user
.
getPassword
()))
{
if
(
this
.
checkErrorCount
(
user
))
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"您的错误次数已达5次以上,请稍后再试!"
));
return
;
}
else
{
int
errorCount
=
permitLoginTimes
-
(
user
.
getErrorcount
()
==
null
?
0
:
user
.
getErrorcount
())
-
1
;
if
(
user
.
getErrorcount
()
==
4
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"用户名或密码验证失败,您的账户于两小时后才可登录!"
));
return
;
}
else
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"用户名或密码验证失败,您还有"
+
errorCount
+
"次机会!"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:密码验证错误"
,
app
);
return
;
}
}
}
Integer
errorcount
=
user
.
getErrorcount
();
if
(
errorcount
!=
null
&&
errorcount
!=
0
)
{
if
(!
this
.
checkWhenPwdOk
(
user
))
{
Date
date
=
new
Date
();
long
hour1
=
2
*
60
*
60
;
long
begin
=
date
.
getTime
();
long
end
=
user
.
getLastLoginTime
().
getTime
();
long
between
=
(
begin
-
end
)
/
1000
;
long
hour2
=
(
hour1
-
between
)
%
(
24
*
3600
)
/
3600
;
long
minute
=
(
hour1
-
between
)
%
3600
/
60
;
long
second
=
(
hour1
-
between
)
%
60
;
if
(
between
<
hour1
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"您的账户还剩"
+
hour2
+
"小时"
+
minute
+
"分"
+
second
+
"秒才可登录!"
));
return
;
}
}
}
if
(!
"admin"
.
equals
(
user
.
getUsername
()))
{
Integer
noLockedRolesCount
=
Db
.
queryInt
(
Db
.
getSql
(
"hasNoLockedRolesCount"
),
user
.
getUsername
());
boolean
noLockedRolesFlag
=
noLockedRolesCount
==
null
?
false
:
(
noLockedRolesCount
.
intValue
()
>
0
?
true
:
false
);
if
(!
noLockedRolesFlag
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"拥有的角色全部被锁定,不能登录系统了。"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:该用户拥有的角色全部被锁定"
,
app
);
return
;
}
}
System
system
=
System
.
dao
.
template
(
"getSystemPrivatekey"
,
app
).
findFirst
();
if
(
system
==
null
)
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到应用:"
+
app
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:没有找到应用"
+
app
,
app
);
return
;
}
if
(
StrKit
.
isBlank
(
system
.
getPrivatekey
())
||
StrKit
.
isBlank
(
system
.
getKeyid
()))
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到应用的密钥:"
+
app
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:没有找到应用的密钥"
+
app
,
app
);
return
;
}
//查询用户是否有该系统的权限
// boolean homeAuth = userService.checkUserSystemPermission(user.getId(), app);
// if (!homeAuth) {
// this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
// logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:您没有权限登录此系统" + app,
// app);
// return;
// }
List
<
System
>
systemList
=
userService
.
findSystemWithUserPermission
(
user
.
getId
());
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 start */
if
(!
"admin"
.
equals
(
user
.
getUsername
()))
{
if
((
systemList
==
null
||
systemList
.
isEmpty
()))
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"您没有权限登录"
+
system
.
getTitle
()
+
"系统"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"登录失败,原因:您没有权限登录此系统"
+
app
,
app
);
return
;
}
Optional
<
System
>
systemOptional
=
userService
.
getSystemByName
(
app
,
systemList
);
if
(!
systemOptional
.
isPresent
())
{
// 没有当前系统的权限
system
=
systemList
.
get
(
0
);
app
=
system
.
getName
();
callback
=
system
.
getUrl
();
}
}
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 end */
try
{
String
jws
=
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
system
.
getKeyid
())
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
username
).
claim
(
"ip"
,
JwtInterceptor
.
getIpAddr
(
getRequest
()))
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
system
.
getPrivatekey
()),
SignatureAlgorithm
.
RS256
).
compact
();
if
(
errorcount
!=
null
&&
errorcount
!=
0
)
{
this
.
setErrZero
(
user
);
}
/**
* 20200706 lidecai 将用户信息保存到Redis start
*/
Map
<
Object
,
Object
>
userInfo
=
new
HashMap
<>();
Iterator
<
Entry
<
String
,
Object
>>
userIterator
=
user
.
_getAttrsEntrySet
().
iterator
();
Entry
<
String
,
Object
>
nextAttr
=
null
;
while
(
userIterator
.
hasNext
())
{
nextAttr
=
userIterator
.
next
();
userInfo
.
put
(
nextAttr
.
getKey
().
trim
().
toLowerCase
(),
nextAttr
.
getValue
());
}
try
{
Redis
.
use
().
hmset
(
username
+
"_INFO"
,
userInfo
);
// 设置过期时间
Redis
.
use
().
expire
(
username
,
60
*
60
*
24
);
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
Boolean
aBoolean
=
userService
.
verifyPassword
(
verify
);
this
.
renderJson
(
Ret
.
ok
(
"token"
,
jws
).
set
(
"callback"
,
callback
).
set
(
"verify"
,
aBoolean
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
username
+
"登录"
+
app
+
"成功"
,
app
);
/**
* 20200706 lidecai 将用户信息保存到Redis end
*/
}
catch
(
Exception
e
)
{
log
.
error
(
"生成登录票据失败"
,
e
);
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"生成登录票据失败"
));
logService
.
saveAsLog
(
"login"
,
username
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"生成登录票据失败"
,
app
);
}
}
/**
* @Description: 验证密码强度
* @authorAndDate: ChengYaqing create on 2020/10/30 10:38
* @return void
*/
public
void
verifyPassword
()
{
String
password
=
getPara
(
"password"
);
if
(
password
==
null
||
""
.
equals
(
password
)||
"null"
.
equals
(
password
))
{
renderJson
(
Ret
.
fail
(
"msg"
,
"密码不能为空"
));
return
;
}
try
{
password
=
decrypt
(
password
);
}
catch
(
Exception
e1
)
{
e1
.
printStackTrace
();
password
=
this
.
getPara
(
"password"
);
}
try
{
String
verify
=
userService
.
verifyPasswordInfo
(
password
);
if
(
""
.
equals
(
verify
))
{
renderJson
(
Ret
.
ok
());
}
else
{
renderJson
(
Ret
.
fail
(
"msg"
,
verify
));
}
}
catch
(
Exception
e
)
{
renderJson
(
Ret
.
fail
(
"error"
,
e
.
getMessage
()));
}
}
// 密码正确时错误次数清零
private
void
setErrZero
(
User
user
)
{
Db
.
update
(
Db
.
getSqlPara
(
"updateForOk"
,
Kv
.
by
(
"id"
,
user
.
getId
())));
}
//密码错误时判断错误次数是否为5次
private
boolean
checkErrorCount
(
User
user
)
{
Kv
cond
=
Kv
.
by
(
"id"
,
user
.
getId
()).
set
(
"hour"
,
hour
).
set
(
"permitLoginTimes"
,
permitLoginTimes
);
List
<
Record
>
currentList
=
Db
.
find
(
Db
.
getSqlPara
(
"getErrorCount"
,
cond
));
int
currentNum
=
0
;
for
(
Record
record
:
currentList
)
{
currentNum
=
Integer
.
parseInt
(
record
.
get
(
"flag"
).
toString
());
}
if
(
currentNum
>=
permitLoginTimes
)
{
return
true
;
}
else
{
//执行+1或=1的操作
Db
.
update
(
Db
.
getSqlPara
(
"updateForErr"
,
cond
));
return
false
;
}
}
//密码正确时判断次数和锁定时间是否在指定范围内
private
boolean
checkWhenPwdOk
(
User
user
)
{
List
<
Record
>
currentList
=
Db
.
find
(
Db
.
getSqlPara
(
"checkWhenPwdOk"
,
Kv
.
by
(
"id"
,
user
.
getId
()).
set
(
"hour"
,
hour
).
set
(
"permitLoginTimes"
,
permitLoginTimes
)));
int
currentNum
=
0
;
if
(
currentList
==
null
||
currentList
.
size
()
==
0
)
{
return
true
;
}
for
(
Record
record
:
currentList
)
{
currentNum
=
Integer
.
parseInt
(
record
.
get
(
"flag"
).
toString
());
}
if
(
currentNum
>=
permitLoginTimes
)
{
return
false
;
}
else
{
return
true
;
}
}
/**
* 通过门户系统单点登录
*
* @author Guo XJ
* @date 2019-12-13 15:08:00
*/
public
void
ssoByPortalSystem
()
{
try
{
//获取app
String
app
=
getPara
(
"app"
,
null
);
if
(
app
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
//获取到门户系统的Token
String
ssotoken
=
getPara
(
"ssotoken"
);
//获取到personCode(用户唯一标识)
SsoToken
st
=
new
SsoToken
();
st
.
initialise
(
ssotoken
);
String
personCode
=
st
.
getTokenId
();
//获取用户
Record
user
=
userService
.
getUserInfoByPersonCode
(
personCode
);
System
system
=
System
.
dao
.
template
(
"getSystemPrivatekey"
,
app
).
findFirst
();
if
(
system
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
//判断用户是否存在
if
(
user
!=
null
&&
user
.
getStr
(
"username"
)
!=
null
)
{
String
jws
=
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
system
.
getKeyid
())
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
user
.
getStr
(
"username"
)).
claim
(
"ip"
,
JwtInterceptor
.
getIpAddr
(
getRequest
()))
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
system
.
getPrivatekey
()),
SignatureAlgorithm
.
RS256
).
compact
();
this
.
renderJson
(
Ret
.
ok
(
"token"
,
jws
));
return
;
}
else
{
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到当前用户"
));
return
;
}
}
catch
(
Exception
e
)
{
// TODO: handle exception
e
.
printStackTrace
();
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"登录出错!"
));
}
}
/**
* 根据邮政门户传回的code 获取用户信息
*
* @Title: getUserInfoForH5
* @author LDC
* @date 2019-11-19 03:22:34
*/
@Clear
public
void
getUserInfoForH5
()
{
String
code
=
getPara
(
"code"
,
null
);
if
(
code
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取用户信息失败"
));
return
;
}
String
app
=
getPara
(
"app"
,
null
);
if
(
app
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
Map
<
String
,
String
>
paramMap
=
new
LinkedHashMap
<
String
,
String
>();
paramMap
.
put
(
"client_id"
,
"MmEepJkH7Hiz7EtS"
);
paramMap
.
put
(
"code"
,
code
);
paramMap
.
put
(
"state"
,
"1"
);
paramMap
.
put
(
"grant_type"
,
"authorization_code"
);
paramMap
.
put
(
"scope"
,
"scope"
);
paramMap
.
put
(
"redirect_uri"
,
PropKit
.
get
(
"redirect_uri"
));
Iterator
<
Entry
<
String
,
String
>>
entrySet
=
paramMap
.
entrySet
().
iterator
();
StringBuilder
builder
=
new
StringBuilder
();
while
(
entrySet
.
hasNext
())
{
Entry
<
String
,
String
>
next
=
entrySet
.
next
();
builder
.
append
(
next
.
getKey
()).
append
(
"="
).
append
(
next
.
getValue
()).
append
(
"&"
);
}
String
param
=
builder
.
deleteCharAt
(
builder
.
length
()
-
1
).
toString
();
Kv
header
=
Kv
.
by
(
"Content-type"
,
"application/x-www-form-urlencoded"
);
String
result
=
HttpRequestUtil
.
sendPost
(
PropKit
.
get
(
"authUrl"
),
param
,
header
);
Kv
parseObject
=
JSON
.
parseObject
(
result
,
Kv
.
class
);
Object
access_token
=
parseObject
.
get
(
"access_token"
);
if
(
access_token
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取授权失败,请重新登录"
));
return
;
}
String
sendPost
=
HttpRequestUtil
.
sendPost
(
PropKit
.
get
(
"userInfoUrl"
),
"access_token="
+
access_token
.
toString
(),
header
);
Kv
userObj
=
JSON
.
parseObject
(
sendPost
,
Kv
.
class
);
Object
uuid
=
userObj
.
get
(
"uuid"
);
if
(
uuid
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取用户信息失败"
));
return
;
}
System
system
=
System
.
dao
.
template
(
"getSystemPrivatekey"
,
app
).
findFirst
();
if
(
system
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取服务信息失败"
));
return
;
}
Record
userInfo
=
Db
.
findById
(
"AS_USER"
,
"UUID"
,
uuid
.
toString
());
if
(
userInfo
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"没有找到当前用户"
));
return
;
}
String
userName
=
userInfo
.
getStr
(
"USERNAME"
);
if
(
userName
==
null
)
{
renderJson
(
Ret
.
fail
(
"msg"
,
"获取用户名失败"
));
return
;
}
try
{
String
jws
=
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
system
.
getKeyid
())
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
userName
).
claim
(
"ip"
,
JwtInterceptor
.
getIpAddr
(
getRequest
()))
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
system
.
getPrivatekey
()),
SignatureAlgorithm
.
RS256
).
compact
();
this
.
renderJson
(
Ret
.
ok
(
"token"
,
jws
));
logService
.
saveAsLog
(
"login"
,
userName
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
userName
+
"登录"
+
app
+
"成功"
,
app
);
}
catch
(
Exception
e
)
{
log
.
error
(
"生成登录票据失败"
,
e
);
this
.
renderJson
(
Ret
.
fail
(
"msg"
,
"生成登录票据失败"
));
logService
.
saveAsLog
(
"login"
,
userName
,
JwtInterceptor
.
getIpAddr
(
getRequest
()),
"生成登录票据失败"
,
app
);
}
}
/**
* 退出系统,清空Redis 中的用户信息
* @Time:2020年7月6日 - 下午5:19:58
* @author:李德才
* @param:
* @return: void
* @throws
*/
public
void
loginOut
()
{
String
userName
=
getAttrForStr
(
"username"
);
Redis
.
use
().
del
(
userName
+
"_INFO"
);
renderJson
(
Ret
.
ok
());
}
}
src/main/java/com/archser/aserver/controller/SystemController.java
View file @
cc0c82c6
package
com
.
archser
.
aserver
.
controller
;
import
java.util.List
;
import
com.archser.aserver.interceptor.JwtInterceptor
;
import
com.archser.aserver.model.System
;
import
com.archser.aserver.service.LogService
;
import
com.archser.aserver.service.SystemService
;
import
com.archser.aserver.util.JwtUtils
;
import
com.jfinal.aop.Before
;
import
com.jfinal.aop.Clear
;
import
com.jfinal.aop.Inject
;
...
...
@@ -14,6 +13,8 @@ import com.jfinal.kit.Ret;
import
com.jfinal.kit.StrKit
;
import
com.jfinal.plugin.activerecord.tx.Tx
;
import
java.util.List
;
/**
* 应用相关
*
...
...
@@ -150,4 +151,15 @@ public class SystemController extends Controller {
this
.
renderJson
(
Ret
.
ok
(
"system"
,
system
));
}
/**
* 获取系统url和生成用户token
*/
public
void
getTokenAndUrl
()
{
Integer
systemId
=
this
.
getParaToInt
(
"systemId"
);
String
username
=
this
.
getAttrForStr
(
"username"
);
System
system
=
System
.
dao
.
findById
(
systemId
);
String
token
=
JwtUtils
.
generateToken
(
system
,
username
);
this
.
renderJson
(
Ret
.
ok
(
"token"
,
token
).
set
(
"url"
,
system
.
getUrl
()));
}
}
src/main/java/com/archser/aserver/util/JwtUtils.java
0 → 100644
View file @
cc0c82c6
package
com
.
archser
.
aserver
.
util
;
import
com.archser.aserver.controller.IndexController
;
import
com.archser.aserver.interceptor.JwtInterceptor
;
import
com.archser.aserver.model.System
;
import
com.sun.deploy.util.URLUtil
;
import
io.jsonwebtoken.JwsHeader
;
import
io.jsonwebtoken.Jwts
;
import
io.jsonwebtoken.SignatureAlgorithm
;
import
io.undertow.util.URLUtils
;
import
java.net.MalformedURLException
;
import
java.net.URL
;
import
java.util.Date
;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
/**
* @Auther: huwenbin
* @Date: 2020/11/6 18:16
*/
public
class
JwtUtils
{
public
static
String
generateToken
(
System
system
,
String
username
)
{
URL
url
=
null
;
try
{
url
=
new
URL
(
system
.
getUrl
());
String
host
=
url
.
getHost
();
return
generateToken
(
system
.
getKeyid
(),
system
.
getPrivatekey
(),
system
.
getName
(),
username
,
host
);
}
catch
(
MalformedURLException
ignored
)
{
}
return
null
;
}
public
static
void
main
(
String
[]
args
)
throws
MalformedURLException
{
URL
url
=
new
URL
(
"http://39.104.28.145:11028"
);
String
host
=
url
.
getHost
();
java
.
lang
.
System
.
out
.
println
(
host
);
}
/**
* 生成Token
* @param keyId 系统keyid
* @param privateKey 系统私钥
* @param app 系统名称
* @param username 用户名
* @param ip ip地址
* @return token
*/
public
static
String
generateToken
(
String
keyId
,
String
privateKey
,
String
app
,
String
username
,
String
ip
)
{
return
Jwts
.
builder
()
// 设置密匙ID
.
setHeaderParam
(
JwsHeader
.
KEY_ID
,
keyId
)
// 赋予应用
.
setSubject
(
app
)
// 签发时间
.
setIssuedAt
(
new
Date
())
// 超期时间
.
setExpiration
(
new
Date
(
java
.
lang
.
System
.
currentTimeMillis
()
+
IndexController
.
EXPIRATION
))
// 用户名
.
claim
(
"name"
,
username
).
claim
(
"ip"
,
ip
)
// 签名
.
signWith
(
KeysUtil
.
privatekey
(
privateKey
),
SignatureAlgorithm
.
RS256
).
compact
();
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment