Commit cc0c82c6 authored by 胡文斌's avatar 胡文斌

修改消息跳转

parent 94e0a86f
package com.archser.aserver.controller; package com.archser.aserver.controller;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Map.Entry; import java.util.Map.Entry;
import java.util.Optional; import java.util.Optional;
import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils; import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSON;
import com.archser.aserver.interceptor.JwtInterceptor; import com.archser.aserver.interceptor.JwtInterceptor;
import com.archser.aserver.model.System; import com.archser.aserver.model.System;
import com.archser.aserver.model.User; import com.archser.aserver.model.User;
import com.archser.aserver.service.LogService; import com.archser.aserver.service.LogService;
import com.archser.aserver.service.UserService; import com.archser.aserver.service.UserService;
import com.archser.aserver.util.HttpRequestUtil; import com.archser.aserver.util.HttpRequestUtil;
import com.archser.aserver.util.KeysUtil; import com.archser.aserver.util.KeysUtil;
import com.archser.aserver.util.gm.BCECUtil; import com.archser.aserver.util.gm.BCECUtil;
import com.archser.aserver.util.gm.SM2Util; import com.archser.aserver.util.gm.SM2Util;
import com.jfinal.aop.Clear; import com.jfinal.aop.Clear;
import com.jfinal.aop.Inject; import com.jfinal.aop.Inject;
import com.jfinal.core.Controller; import com.jfinal.core.Controller;
import com.jfinal.kit.HashKit; import com.jfinal.kit.HashKit;
import com.jfinal.kit.Kv; import com.jfinal.kit.Kv;
import com.jfinal.kit.PropKit; import com.jfinal.kit.PropKit;
import com.jfinal.kit.Ret; import com.jfinal.kit.Ret;
import com.jfinal.kit.StrKit; import com.jfinal.kit.StrKit;
import com.jfinal.log.Log; import com.jfinal.log.Log;
import com.jfinal.plugin.activerecord.Db; import com.jfinal.plugin.activerecord.Db;
import com.jfinal.plugin.activerecord.Record; import com.jfinal.plugin.activerecord.Record;
import com.jfinal.plugin.redis.Redis; import com.jfinal.plugin.redis.Redis;
import com.spbportal.sso.SsoToken; import com.spbportal.sso.SsoToken;
import io.jsonwebtoken.JwsHeader; import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.SignatureAlgorithm;
/** /**
* IndexController 指向系统访问首页 * IndexController 指向系统访问首页
* *
* @author jbolt.cn * @author jbolt.cn
* @email 909854136@qq.com * @email 909854136@qq.com
* @date 2018年11月4日 下午9:02:52 * @date 2018年11月4日 下午9:02:52
*/ */
public class IndexController extends Controller { public class IndexController extends Controller {
/** /**
* 登陆用户名,密码解密 * 登陆用户名,密码解密
*/ */
public static final String PRIVATE_KEY_D = "38627fffe8003e6d2faa76d4eae2f74fd9cd7be257ab36c356c4f01bbc17e41d"; public static final String PRIVATE_KEY_D = "38627fffe8003e6d2faa76d4eae2f74fd9cd7be257ab36c356c4f01bbc17e41d";
public static final ECPrivateKeyParameters USER_PRIVATE_KEY = BCECUtil.createECPrivateKeyParameters( public static final ECPrivateKeyParameters USER_PRIVATE_KEY = BCECUtil.createECPrivateKeyParameters(
new BigInteger(ByteUtils.fromHexString(PRIVATE_KEY_D)), SM2Util.DOMAIN_PARAMS); new BigInteger(ByteUtils.fromHexString(PRIVATE_KEY_D)), SM2Util.DOMAIN_PARAMS);
private static Log log = Log.getLog(IndexController.class); private static Log log = Log.getLog(IndexController.class);
/** /**
* 超期时间:24小时,即:24 * 60 * 60 * 1000 * 超期时间:24小时,即:24 * 60 * 60 * 1000
*/ */
private static int EXPIRATION = 24 * 60 * 60 * 1000; public static final int EXPIRATION = 24 * 60 * 60 * 1000;
private static int permitLoginTimes = 5;// 允许登陆次数 private static int permitLoginTimes = 5;// 允许登陆次数
private static int hour = 2; // 两小时内不可登录 private static int hour = 2; // 两小时内不可登录
@Inject @Inject
private LogService logService; private LogService logService;
@Inject @Inject
private UserService userService; private UserService userService;
/** /**
* 首页Action * 首页Action
*/ */
public void index() { public void index() {
render("index.html"); render("index.html");
} }
/** /**
* 修改密码 * 修改密码
*/ */
public void updatePassword() { public void updatePassword() {
String username = this.getPara("username"); String username = this.getPara("username");
String password = this.getPara("newPwd"); String password = this.getPara("newPwd");
password = HashKit.sha256(password); password = HashKit.sha256(password);
int a = userService.updatePwd(password, username); int a = userService.updatePwd(password, username);
if (a == 0) { if (a == 0) {
this.renderJson(Ret.fail("msg", "修改失败")); this.renderJson(Ret.fail("msg", "修改失败"));
logService.saveAsLog("operate", username, JwtInterceptor.getIpAddr(getRequest()), logService.saveAsLog("operate", username, JwtInterceptor.getIpAddr(getRequest()),
username + "修改密码操作:修改密码失败", "aserver"); username + "修改密码操作:修改密码失败", "aserver");
return; return;
} }
this.renderJson(Ret.ok("msg", "修改成功")); this.renderJson(Ret.ok("msg", "修改成功"));
logService.saveAsLog("operate", username, JwtInterceptor.getIpAddr(getRequest()), username + "修改密码操作:修改密码成功", logService.saveAsLog("operate", username, JwtInterceptor.getIpAddr(getRequest()), username + "修改密码操作:修改密码成功",
"aserver"); "aserver");
} }
private String decrypt(String sm2Cipher) throws InvalidCipherTextException { private String decrypt(String sm2Cipher) throws InvalidCipherTextException {
return new String(SM2Util.decrypt(USER_PRIVATE_KEY, ByteUtils.fromHexString("04" + sm2Cipher))); return new String(SM2Util.decrypt(USER_PRIVATE_KEY, ByteUtils.fromHexString("04" + sm2Cipher)));
} }
/** /**
* 登录验证 * 登录验证
*/ */
@Clear(JwtInterceptor.class) @Clear(JwtInterceptor.class)
// @Before(LoginValidator.class) // @Before(LoginValidator.class)
public void login() { public void login() {
String app = this.getPara("app"); String app = this.getPara("app");
String username = this.getPara("username"); String username = this.getPara("username");
String password = this.getPara("password"); String password = this.getPara("password");
String callback = this.getPara("callback"); String callback = this.getPara("callback");
// 解密用户名和密码 // 解密用户名和密码
try { try {
username = decrypt(username); username = decrypt(username);
password = decrypt(password); password = decrypt(password);
} catch (Exception e1) { } catch (Exception e1) {
e1.printStackTrace(); e1.printStackTrace();
username = this.getPara("username"); username = this.getPara("username");
password = this.getPara("password"); password = this.getPara("password");
} }
//校验密码是否符合强度设置 //校验密码是否符合强度设置
String verify = password; String verify = password;
password = HashKit.sha256(password); password = HashKit.sha256(password);
User user = User.dao.template("getUser", username).findFirst(); User user = User.dao.template("getUser", username).findFirst();
if (user == null) { if (user == null) {
this.renderJson(Ret.fail("msg", "用户名或密码不存在: " + username)); this.renderJson(Ret.fail("msg", "用户名或密码不存在: " + username));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "该用户非本系统用户正在非法登录", app); logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "该用户非本系统用户正在非法登录", app);
return; return;
} }
// 一旦开启三员 admin用户不能使用 // 一旦开启三员 admin用户不能使用
if ("admin".equals(user.getUsername())) { if ("admin".equals(user.getUsername())) {
Integer userCount = Db.queryInt(Db.getSql("hasThreeMemberUsersCount")); Integer userCount = Db.queryInt(Db.getSql("hasThreeMemberUsersCount"));
boolean isExistThreeMemberUsers = userCount == null ? false : (userCount.intValue() > 0 ? true : false); boolean isExistThreeMemberUsers = userCount == null ? false : (userCount.intValue() > 0 ? true : false);
if (isExistThreeMemberUsers) { if (isExistThreeMemberUsers) {
this.renderJson(Ret.fail("msg", "已开启三员管理,admin失效了。")); this.renderJson(Ret.fail("msg", "已开启三员管理,admin失效了。"));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:已开启三员管理", app); logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:已开启三员管理", app);
return; return;
} }
} }
if (Integer.valueOf(user.getLocked()) == 1) { if (Integer.valueOf(user.getLocked()) == 1) {
this.renderJson(Ret.fail("msg", "当前账户已被锁定")); this.renderJson(Ret.fail("msg", "当前账户已被锁定"));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:该用户已被锁定", app); logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:该用户已被锁定", app);
return; return;
} }
if (!password.equals(user.getPassword())) { if (!password.equals(user.getPassword())) {
if (this.checkErrorCount(user)) { if (this.checkErrorCount(user)) {
this.renderJson(Ret.fail("msg", "您的错误次数已达5次以上,请稍后再试!")); this.renderJson(Ret.fail("msg", "您的错误次数已达5次以上,请稍后再试!"));
return; return;
} else { } else {
int errorCount = permitLoginTimes - (user.getErrorcount() == null ? 0 : user.getErrorcount()) - 1; int errorCount = permitLoginTimes - (user.getErrorcount() == null ? 0 : user.getErrorcount()) - 1;
if (user.getErrorcount() == 4) { if (user.getErrorcount() == 4) {
this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您的账户于两小时后才可登录!")); this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您的账户于两小时后才可登录!"));
return; return;
} else { } else {
this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您还有" + errorCount + "次机会!")); this.renderJson(Ret.fail("msg", "用户名或密码验证失败,您还有" + errorCount + "次机会!"));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:密码验证错误", logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:密码验证错误",
app); app);
return; return;
} }
} }
} }
Integer errorcount = user.getErrorcount(); Integer errorcount = user.getErrorcount();
if (errorcount != null && errorcount != 0) { if (errorcount != null && errorcount != 0) {
if (!this.checkWhenPwdOk(user)) { if (!this.checkWhenPwdOk(user)) {
Date date = new Date(); Date date = new Date();
long hour1 = 2 * 60 * 60; long hour1 = 2 * 60 * 60;
long begin = date.getTime(); long begin = date.getTime();
long end = user.getLastLoginTime().getTime(); long end = user.getLastLoginTime().getTime();
long between = (begin - end) / 1000; long between = (begin - end) / 1000;
long hour2 = (hour1 - between) % (24 * 3600) / 3600; long hour2 = (hour1 - between) % (24 * 3600) / 3600;
long minute = (hour1 - between) % 3600 / 60; long minute = (hour1 - between) % 3600 / 60;
long second = (hour1 - between) % 60; long second = (hour1 - between) % 60;
if (between < hour1) { if (between < hour1) {
this.renderJson(Ret.fail("msg", "您的账户还剩" + hour2 + "小时" + minute + "分" + second + "秒才可登录!")); this.renderJson(Ret.fail("msg", "您的账户还剩" + hour2 + "小时" + minute + "分" + second + "秒才可登录!"));
return; return;
} }
} }
} }
if (!"admin".equals(user.getUsername())) { if (!"admin".equals(user.getUsername())) {
Integer noLockedRolesCount = Db.queryInt(Db.getSql("hasNoLockedRolesCount"), user.getUsername()); Integer noLockedRolesCount = Db.queryInt(Db.getSql("hasNoLockedRolesCount"), user.getUsername());
boolean noLockedRolesFlag = noLockedRolesCount == null ? false boolean noLockedRolesFlag = noLockedRolesCount == null ? false
: (noLockedRolesCount.intValue() > 0 ? true : false); : (noLockedRolesCount.intValue() > 0 ? true : false);
if (!noLockedRolesFlag) { if (!noLockedRolesFlag) {
this.renderJson(Ret.fail("msg", "拥有的角色全部被锁定,不能登录系统了。")); this.renderJson(Ret.fail("msg", "拥有的角色全部被锁定,不能登录系统了。"));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:该用户拥有的角色全部被锁定", logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:该用户拥有的角色全部被锁定",
app); app);
return; return;
} }
} }
System system = System.dao.template("getSystemPrivatekey", app).findFirst(); System system = System.dao.template("getSystemPrivatekey", app).findFirst();
if (system == null) { if (system == null) {
this.renderJson(Ret.fail("msg", "没有找到应用:" + app)); this.renderJson(Ret.fail("msg", "没有找到应用:" + app));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:没有找到应用" + app, logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:没有找到应用" + app,
app); app);
return; return;
} }
if (StrKit.isBlank(system.getPrivatekey()) || StrKit.isBlank(system.getKeyid())) { if (StrKit.isBlank(system.getPrivatekey()) || StrKit.isBlank(system.getKeyid())) {
this.renderJson(Ret.fail("msg", "没有找到应用的密钥:" + app)); this.renderJson(Ret.fail("msg", "没有找到应用的密钥:" + app));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:没有找到应用的密钥" + app, logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:没有找到应用的密钥" + app,
app); app);
return; return;
} }
//查询用户是否有该系统的权限 //查询用户是否有该系统的权限
// boolean homeAuth = userService.checkUserSystemPermission(user.getId(), app); // boolean homeAuth = userService.checkUserSystemPermission(user.getId(), app);
// if (!homeAuth) { // if (!homeAuth) {
// this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统")); // this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
// logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:您没有权限登录此系统" + app, // logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "登录失败,原因:您没有权限登录此系统" + app,
// app); // app);
// return; // return;
// } // }
List<System> systemList = userService.findSystemWithUserPermission(user.getId()); List<System> systemList = userService.findSystemWithUserPermission(user.getId());
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 start */ /** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 start */
if (!"admin".equals(user.getUsername())) { if (!"admin".equals(user.getUsername())) {
if ((systemList == null || systemList.isEmpty())) { if ((systemList == null || systemList.isEmpty())) {
this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统")); this.renderJson(Ret.fail("msg", "您没有权限登录" + system.getTitle() + "系统"));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()),
"登录失败,原因:您没有权限登录此系统" + app, app); "登录失败,原因:您没有权限登录此系统" + app, app);
return; return;
} }
Optional<System> systemOptional = userService.getSystemByName(app, systemList); Optional<System> systemOptional = userService.getSystemByName(app, systemList);
if (!systemOptional.isPresent()) {// 没有当前系统的权限 if (!systemOptional.isPresent()) {// 没有当前系统的权限
system = systemList.get(0); system = systemList.get(0);
app = system.getName(); app = system.getName();
callback = system.getUrl(); callback = system.getUrl();
} }
} }
/** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 end */ /** 修改如果登陆用户为admin用户则直接登陆 huwenbin 2020/5/20 end */
try { try {
String jws = Jwts.builder() String jws = Jwts.builder()
// 设置密匙ID // 设置密匙ID
.setHeaderParam(JwsHeader.KEY_ID, system.getKeyid()) .setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 赋予应用 // 赋予应用
.setSubject(app) .setSubject(app)
// 签发时间 // 签发时间
.setIssuedAt(new Date()) .setIssuedAt(new Date())
// 超期时间 // 超期时间
.setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION)) .setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION))
// 用户名 // 用户名
.claim("name", username).claim("ip", JwtInterceptor.getIpAddr(getRequest())) .claim("name", username).claim("ip", JwtInterceptor.getIpAddr(getRequest()))
// 签名 // 签名
.signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact(); .signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact();
if (errorcount != null && errorcount != 0) { if (errorcount != null && errorcount != 0) {
this.setErrZero(user); this.setErrZero(user);
} }
/** /**
* 20200706 lidecai 将用户信息保存到Redis start * 20200706 lidecai 将用户信息保存到Redis start
*/ */
Map<Object, Object> userInfo = new HashMap<>(); Map<Object, Object> userInfo = new HashMap<>();
Iterator<Entry<String, Object>> userIterator = user._getAttrsEntrySet().iterator(); Iterator<Entry<String, Object>> userIterator = user._getAttrsEntrySet().iterator();
Entry<String, Object> nextAttr = null; Entry<String, Object> nextAttr = null;
while(userIterator.hasNext()) { while(userIterator.hasNext()) {
nextAttr = userIterator.next(); nextAttr = userIterator.next();
userInfo.put(nextAttr.getKey().trim().toLowerCase(), nextAttr.getValue()); userInfo.put(nextAttr.getKey().trim().toLowerCase(), nextAttr.getValue());
} }
try { try {
Redis.use().hmset(username + "_INFO", userInfo); Redis.use().hmset(username + "_INFO", userInfo);
// 设置过期时间 // 设置过期时间
Redis.use().expire(username, 60 * 60 * 24); Redis.use().expire(username, 60 * 60 * 24);
}catch (Exception e) { }catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
Boolean aBoolean = userService.verifyPassword(verify); Boolean aBoolean = userService.verifyPassword(verify);
this.renderJson(Ret.ok("token", jws).set("callback", callback).set("verify",aBoolean)); this.renderJson(Ret.ok("token", jws).set("callback", callback).set("verify",aBoolean));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), username + "登录" + app + "成功", app); logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), username + "登录" + app + "成功", app);
/** /**
* 20200706 lidecai 将用户信息保存到Redis end * 20200706 lidecai 将用户信息保存到Redis end
*/ */
} catch (Exception e) { } catch (Exception e) {
log.error("生成登录票据失败", e); log.error("生成登录票据失败", e);
this.renderJson(Ret.fail("msg", "生成登录票据失败")); this.renderJson(Ret.fail("msg", "生成登录票据失败"));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "生成登录票据失败", app); logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), "生成登录票据失败", app);
} }
} }
/** /**
* @Description: 验证密码强度 * @Description: 验证密码强度
* @authorAndDate: ChengYaqing create on 2020/10/30 10:38 * @authorAndDate: ChengYaqing create on 2020/10/30 10:38
* @return void * @return void
*/ */
public void verifyPassword() { public void verifyPassword() {
String password = getPara("password"); String password = getPara("password");
if(password==null||"".equals(password)||"null".equals(password)) { if(password==null||"".equals(password)||"null".equals(password)) {
renderJson(Ret.fail("msg","密码不能为空")); renderJson(Ret.fail("msg","密码不能为空"));
return; return;
} }
try { try {
password = decrypt(password); password = decrypt(password);
} catch (Exception e1) { } catch (Exception e1) {
e1.printStackTrace(); e1.printStackTrace();
password = this.getPara("password"); password = this.getPara("password");
} }
try { try {
String verify = userService.verifyPasswordInfo(password); String verify = userService.verifyPasswordInfo(password);
if("".equals(verify)) { if("".equals(verify)) {
renderJson(Ret.ok()); renderJson(Ret.ok());
} else { } else {
renderJson(Ret.fail("msg",verify)); renderJson(Ret.fail("msg",verify));
} }
} catch (Exception e) { } catch (Exception e) {
renderJson(Ret.fail("error",e.getMessage())); renderJson(Ret.fail("error",e.getMessage()));
} }
} }
// 密码正确时错误次数清零 // 密码正确时错误次数清零
private void setErrZero(User user) { private void setErrZero(User user) {
Db.update(Db.getSqlPara("updateForOk", Kv.by("id", user.getId()))); Db.update(Db.getSqlPara("updateForOk", Kv.by("id", user.getId())));
} }
//密码错误时判断错误次数是否为5次 //密码错误时判断错误次数是否为5次
private boolean checkErrorCount(User user) { private boolean checkErrorCount(User user) {
Kv cond = Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes); Kv cond = Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes);
List<Record> currentList = Db.find(Db.getSqlPara("getErrorCount", cond)); List<Record> currentList = Db.find(Db.getSqlPara("getErrorCount", cond));
int currentNum = 0; int currentNum = 0;
for (Record record : currentList) { for (Record record : currentList) {
currentNum = Integer.parseInt(record.get("flag").toString()); currentNum = Integer.parseInt(record.get("flag").toString());
} }
if (currentNum >= permitLoginTimes) { if (currentNum >= permitLoginTimes) {
return true; return true;
} else { } else {
//执行+1或=1的操作 //执行+1或=1的操作
Db.update(Db.getSqlPara("updateForErr", cond)); Db.update(Db.getSqlPara("updateForErr", cond));
return false; return false;
} }
} }
//密码正确时判断次数和锁定时间是否在指定范围内 //密码正确时判断次数和锁定时间是否在指定范围内
private boolean checkWhenPwdOk(User user) { private boolean checkWhenPwdOk(User user) {
List<Record> currentList = Db.find(Db.getSqlPara("checkWhenPwdOk", List<Record> currentList = Db.find(Db.getSqlPara("checkWhenPwdOk",
Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes))); Kv.by("id", user.getId()).set("hour", hour).set("permitLoginTimes", permitLoginTimes)));
int currentNum = 0; int currentNum = 0;
if (currentList == null || currentList.size() == 0) { if (currentList == null || currentList.size() == 0) {
return true; return true;
} }
for (Record record : currentList) { for (Record record : currentList) {
currentNum = Integer.parseInt(record.get("flag").toString()); currentNum = Integer.parseInt(record.get("flag").toString());
} }
if (currentNum >= permitLoginTimes) { if (currentNum >= permitLoginTimes) {
return false; return false;
} else { } else {
return true; return true;
} }
} }
/** /**
* 通过门户系统单点登录 * 通过门户系统单点登录
* *
* @author Guo XJ * @author Guo XJ
* @date 2019-12-13 15:08:00 * @date 2019-12-13 15:08:00
*/ */
public void ssoByPortalSystem() { public void ssoByPortalSystem() {
try { try {
//获取app //获取app
String app = getPara("app", null); String app = getPara("app", null);
if (app == null) { if (app == null) {
renderJson(Ret.fail("msg", "获取服务信息失败")); renderJson(Ret.fail("msg", "获取服务信息失败"));
return; return;
} }
//获取到门户系统的Token //获取到门户系统的Token
String ssotoken = getPara("ssotoken"); String ssotoken = getPara("ssotoken");
//获取到personCode(用户唯一标识) //获取到personCode(用户唯一标识)
SsoToken st = new SsoToken(); SsoToken st = new SsoToken();
st.initialise(ssotoken); st.initialise(ssotoken);
String personCode = st.getTokenId(); String personCode = st.getTokenId();
//获取用户 //获取用户
Record user = userService.getUserInfoByPersonCode(personCode); Record user = userService.getUserInfoByPersonCode(personCode);
System system = System.dao.template("getSystemPrivatekey", app).findFirst(); System system = System.dao.template("getSystemPrivatekey", app).findFirst();
if (system == null) { if (system == null) {
renderJson(Ret.fail("msg", "获取服务信息失败")); renderJson(Ret.fail("msg", "获取服务信息失败"));
return; return;
} }
//判断用户是否存在 //判断用户是否存在
if (user != null && user.getStr("username") != null) { if (user != null && user.getStr("username") != null) {
String jws = Jwts.builder() String jws = Jwts.builder()
// 设置密匙ID // 设置密匙ID
.setHeaderParam(JwsHeader.KEY_ID, system.getKeyid()) .setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 赋予应用 // 赋予应用
.setSubject(app) .setSubject(app)
// 签发时间 // 签发时间
.setIssuedAt(new Date()) .setIssuedAt(new Date())
// 超期时间 // 超期时间
.setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION)) .setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION))
// 用户名 // 用户名
.claim("name", user.getStr("username")).claim("ip", JwtInterceptor.getIpAddr(getRequest())) .claim("name", user.getStr("username")).claim("ip", JwtInterceptor.getIpAddr(getRequest()))
// 签名 // 签名
.signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact(); .signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact();
this.renderJson(Ret.ok("token", jws)); this.renderJson(Ret.ok("token", jws));
return; return;
} else { } else {
this.renderJson(Ret.fail("msg", "没有找到当前用户")); this.renderJson(Ret.fail("msg", "没有找到当前用户"));
return; return;
} }
} catch (Exception e) { } catch (Exception e) {
// TODO: handle exception // TODO: handle exception
e.printStackTrace(); e.printStackTrace();
this.renderJson(Ret.fail("msg", "登录出错!")); this.renderJson(Ret.fail("msg", "登录出错!"));
} }
} }
/** /**
* 根据邮政门户传回的code 获取用户信息 * 根据邮政门户传回的code 获取用户信息
* *
* @Title: getUserInfoForH5 * @Title: getUserInfoForH5
* @author LDC * @author LDC
* @date 2019-11-19 03:22:34 * @date 2019-11-19 03:22:34
*/ */
@Clear @Clear
public void getUserInfoForH5() { public void getUserInfoForH5() {
String code = getPara("code", null); String code = getPara("code", null);
if (code == null) { if (code == null) {
renderJson(Ret.fail("msg", "获取用户信息失败")); renderJson(Ret.fail("msg", "获取用户信息失败"));
return; return;
} }
String app = getPara("app", null); String app = getPara("app", null);
if (app == null) { if (app == null) {
renderJson(Ret.fail("msg", "获取服务信息失败")); renderJson(Ret.fail("msg", "获取服务信息失败"));
return; return;
} }
Map<String, String> paramMap = new LinkedHashMap<String, String>(); Map<String, String> paramMap = new LinkedHashMap<String, String>();
paramMap.put("client_id", "MmEepJkH7Hiz7EtS"); paramMap.put("client_id", "MmEepJkH7Hiz7EtS");
paramMap.put("code", code); paramMap.put("code", code);
paramMap.put("state", "1"); paramMap.put("state", "1");
paramMap.put("grant_type", "authorization_code"); paramMap.put("grant_type", "authorization_code");
paramMap.put("scope", "scope"); paramMap.put("scope", "scope");
paramMap.put("redirect_uri", PropKit.get("redirect_uri")); paramMap.put("redirect_uri", PropKit.get("redirect_uri"));
Iterator<Entry<String, String>> entrySet = paramMap.entrySet().iterator(); Iterator<Entry<String, String>> entrySet = paramMap.entrySet().iterator();
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();
while (entrySet.hasNext()) { while (entrySet.hasNext()) {
Entry<String, String> next = entrySet.next(); Entry<String, String> next = entrySet.next();
builder.append(next.getKey()).append("=").append(next.getValue()).append("&"); builder.append(next.getKey()).append("=").append(next.getValue()).append("&");
} }
String param = builder.deleteCharAt(builder.length() - 1).toString(); String param = builder.deleteCharAt(builder.length() - 1).toString();
Kv header = Kv.by("Content-type", "application/x-www-form-urlencoded"); Kv header = Kv.by("Content-type", "application/x-www-form-urlencoded");
String result = HttpRequestUtil.sendPost(PropKit.get("authUrl"), param,header); String result = HttpRequestUtil.sendPost(PropKit.get("authUrl"), param,header);
Kv parseObject = JSON.parseObject(result, Kv.class); Kv parseObject = JSON.parseObject(result, Kv.class);
Object access_token = parseObject.get("access_token"); Object access_token = parseObject.get("access_token");
if (access_token == null) { if (access_token == null) {
renderJson(Ret.fail("msg", "获取授权失败,请重新登录")); renderJson(Ret.fail("msg", "获取授权失败,请重新登录"));
return; return;
} }
String sendPost = HttpRequestUtil.sendPost(PropKit.get("userInfoUrl"), String sendPost = HttpRequestUtil.sendPost(PropKit.get("userInfoUrl"),
"access_token=" + access_token.toString(),header); "access_token=" + access_token.toString(),header);
Kv userObj = JSON.parseObject(sendPost, Kv.class); Kv userObj = JSON.parseObject(sendPost, Kv.class);
Object uuid = userObj.get("uuid"); Object uuid = userObj.get("uuid");
if (uuid == null) { if (uuid == null) {
renderJson(Ret.fail("msg", "获取用户信息失败")); renderJson(Ret.fail("msg", "获取用户信息失败"));
return; return;
} }
System system = System.dao.template("getSystemPrivatekey", app).findFirst(); System system = System.dao.template("getSystemPrivatekey", app).findFirst();
if (system == null) { if (system == null) {
renderJson(Ret.fail("msg", "获取服务信息失败")); renderJson(Ret.fail("msg", "获取服务信息失败"));
return; return;
} }
Record userInfo = Db.findById("AS_USER", "UUID", uuid.toString()); Record userInfo = Db.findById("AS_USER", "UUID", uuid.toString());
if (userInfo == null) { if (userInfo == null) {
renderJson(Ret.fail("msg", "没有找到当前用户")); renderJson(Ret.fail("msg", "没有找到当前用户"));
return; return;
} }
String userName = userInfo.getStr("USERNAME"); String userName = userInfo.getStr("USERNAME");
if (userName == null) { if (userName == null) {
renderJson(Ret.fail("msg", "获取用户名失败")); renderJson(Ret.fail("msg", "获取用户名失败"));
return; return;
} }
try { try {
String jws = Jwts.builder() String jws = Jwts.builder()
// 设置密匙ID // 设置密匙ID
.setHeaderParam(JwsHeader.KEY_ID, system.getKeyid()) .setHeaderParam(JwsHeader.KEY_ID, system.getKeyid())
// 赋予应用 // 赋予应用
.setSubject(app) .setSubject(app)
// 签发时间 // 签发时间
.setIssuedAt(new Date()) .setIssuedAt(new Date())
// 超期时间 // 超期时间
.setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION)) .setExpiration(new Date(java.lang.System.currentTimeMillis() + EXPIRATION))
// 用户名 // 用户名
.claim("name", userName).claim("ip", JwtInterceptor.getIpAddr(getRequest())) .claim("name", userName).claim("ip", JwtInterceptor.getIpAddr(getRequest()))
// 签名 // 签名
.signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact(); .signWith(KeysUtil.privatekey(system.getPrivatekey()), SignatureAlgorithm.RS256).compact();
this.renderJson(Ret.ok("token", jws)); this.renderJson(Ret.ok("token", jws));
logService.saveAsLog("login", userName, JwtInterceptor.getIpAddr(getRequest()), logService.saveAsLog("login", userName, JwtInterceptor.getIpAddr(getRequest()),
userName + "登录" + app + "成功", app); userName + "登录" + app + "成功", app);
} catch (Exception e) { } catch (Exception e) {
log.error("生成登录票据失败", e); log.error("生成登录票据失败", e);
this.renderJson(Ret.fail("msg", "生成登录票据失败")); this.renderJson(Ret.fail("msg", "生成登录票据失败"));
logService.saveAsLog("login", userName, JwtInterceptor.getIpAddr(getRequest()), "生成登录票据失败", app); logService.saveAsLog("login", userName, JwtInterceptor.getIpAddr(getRequest()), "生成登录票据失败", app);
} }
} }
/** /**
* 退出系统,清空Redis 中的用户信息 * 退出系统,清空Redis 中的用户信息
* @Time:2020年7月6日 - 下午5:19:58 * @Time:2020年7月6日 - 下午5:19:58
* @author:李德才 * @author:李德才
* @param: * @param:
* @return: void * @return: void
* @throws * @throws
*/ */
public void loginOut() { public void loginOut() {
String userName = getAttrForStr("username"); String userName = getAttrForStr("username");
Redis.use().del(userName + "_INFO"); Redis.use().del(userName + "_INFO");
renderJson(Ret.ok()); renderJson(Ret.ok());
} }
} }
package com.archser.aserver.controller; package com.archser.aserver.controller;
import java.util.List;
import com.archser.aserver.interceptor.JwtInterceptor; import com.archser.aserver.interceptor.JwtInterceptor;
import com.archser.aserver.model.System; import com.archser.aserver.model.System;
import com.archser.aserver.service.LogService; import com.archser.aserver.service.LogService;
import com.archser.aserver.service.SystemService; import com.archser.aserver.service.SystemService;
import com.archser.aserver.util.JwtUtils;
import com.jfinal.aop.Before; import com.jfinal.aop.Before;
import com.jfinal.aop.Clear; import com.jfinal.aop.Clear;
import com.jfinal.aop.Inject; import com.jfinal.aop.Inject;
...@@ -14,6 +13,8 @@ import com.jfinal.kit.Ret; ...@@ -14,6 +13,8 @@ import com.jfinal.kit.Ret;
import com.jfinal.kit.StrKit; import com.jfinal.kit.StrKit;
import com.jfinal.plugin.activerecord.tx.Tx; import com.jfinal.plugin.activerecord.tx.Tx;
import java.util.List;
/** /**
* 应用相关 * 应用相关
* *
...@@ -150,4 +151,15 @@ public class SystemController extends Controller { ...@@ -150,4 +151,15 @@ public class SystemController extends Controller {
this.renderJson(Ret.ok("system", system)); this.renderJson(Ret.ok("system", system));
} }
/**
* 获取系统url和生成用户token
*/
public void getTokenAndUrl() {
Integer systemId = this.getParaToInt("systemId");
String username = this.getAttrForStr("username");
System system = System.dao.findById(systemId);
String token = JwtUtils.generateToken(system, username);
this.renderJson(Ret.ok("token", token).set("url", system.getUrl()));
}
} }
package com.archser.aserver.util;
import com.archser.aserver.controller.IndexController;
import com.archser.aserver.interceptor.JwtInterceptor;
import com.archser.aserver.model.System;
import com.sun.deploy.util.URLUtil;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.undertow.util.URLUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* @Auther: huwenbin
* @Date: 2020/11/6 18:16
*/
public class JwtUtils {
public static String generateToken(System system, String username) {
URL url = null;
try {
url = new URL(system.getUrl());
String host = url.getHost();
return generateToken(system.getKeyid(), system.getPrivatekey(), system.getName(), username, host);
} catch (MalformedURLException ignored) {
}
return null;
}
public static void main(String[] args) throws MalformedURLException {
URL url = new URL("http://39.104.28.145:11028");
String host = url.getHost();
java.lang.System.out.println(host);
}
/**
* 生成Token
* @param keyId 系统keyid
* @param privateKey 系统私钥
* @param app 系统名称
* @param username 用户名
* @param ip ip地址
* @return token
*/
public static String generateToken(String keyId, String privateKey, String app, String username, String ip) {
return Jwts.builder()
// 设置密匙ID
.setHeaderParam(JwsHeader.KEY_ID, keyId)
// 赋予应用
.setSubject(app)
// 签发时间
.setIssuedAt(new Date())
// 超期时间
.setExpiration(new Date(java.lang.System.currentTimeMillis() + IndexController.EXPIRATION))
// 用户名
.claim("name", username).claim("ip", ip)
// 签名
.signWith(KeysUtil.privatekey(privateKey), SignatureAlgorithm.RS256).compact();
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment