package com.bonus.sys.controller; import java.io.File; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.bonus.core.BackstageApplication; import com.bonus.core.jwt.JwtUtil; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.ExcessiveAttemptsException; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; import com.bonus.sys.BaseController; import com.bonus.sys.GlobalConst; import com.bonus.sys.PageData; @Controller public class LoginController extends BaseController { /** * 跳转登录 * * @return */ @ExceptionHandler(Exception.class) @RequestMapping(value = "/loginIndex") public ModelAndView toLogin(HttpServletRequest request, HttpSession session) { ModelAndView mv = new ModelAndView(); try { //session.invalidate(); mv.setViewName("login/login"); } catch (Exception e) { System.err.println(e.toString()); } return mv; } public static String filterInput(String input) { // 定义允许的字符集:字母、数字、下划线、连字符 String regex = "[^a-zA-Z0-9_-]"; // 替换所有非法字符为空字符串 return input.replaceAll(regex, ""); } /** * 登录 */ @RequestMapping(value = "/system_login", method = RequestMethod.POST) @ResponseBody public Map login(HttpServletRequest req, HttpServletResponse res, HttpSession sess) { Map map = new HashMap(); try { String requestLine = req.getMethod() + " " + req.getRequestURI() + " " + req.getProtocol(); String filteredInput = filterInput(requestLine); System.out.println("Filtered Input: " + filteredInput); String safePath = new File(BackstageApplication.getFileurlprefix(), requestLine).getCanonicalPath(); if (!safePath.startsWith(BackstageApplication.getFileurlprefix())) { filteredInput = filterInput(safePath); System.out.println("Filtered safePath: " + filteredInput); } String errInfo = ""; String uuId = req.getParameter("uuId"); if (uuId != null && !"".equals(uuId)){ // logout1(req, sess); PageData pd = this.getPageData(); if(pd!=null){ String keyData = pd.getString("KEYDATA"); if(keyData != null){ int result1 = keyData.indexOf(",jy,"); if(result1 != -1){ String KEYDATA[] = keyData.split(",jy,"); if (null != KEYDATA && KEYDATA.length == 3) { // shiro Subject currentUser = SecurityUtils.getSubject(); // Session session = currentUser.getSession(); // String sessionCode = (String) session.getAttribute(GlobalConst.SESSION_SECURITY_CODE); // // String code = KEYDATA[2]; String username = KEYDATA[0]; String password = KEYDATA[1]; KEYDATA[0] = ""; KEYDATA[2] = ""; KEYDATA[1] = ""; /* * if (null != code || "".equals(code)){ errInfo = "nullcode"; // * } else */ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { errInfo = "nullup"; // } else { if (StringUtils.isNotEmpty(password) /* && sessionCode.equalsIgnoreCase(code) */) { // shiro UsernamePasswordToken token = new UsernamePasswordToken(username, password.toUpperCase()); token.setRememberMe(true); try { if (!currentUser.isAuthenticated()) { currentUser.getSession(false).stop(); currentUser.getSession(true); currentUser.login(token); } } catch (UnknownAccountException uae) { errInfo = "usererror";// } catch (IncorrectCredentialsException ice) { errInfo = "usererror"; // } catch (LockedAccountException lae) { errInfo = "inactive";// } catch (ExcessiveAttemptsException eae) { errInfo = "attemptserror";// } catch (AuthenticationException ae) { errInfo = "codeerror";// } // if (!currentUser.isAuthenticated()) { token.clear(); } } else { errInfo = "codeerror"; // } if (StringUtils.isEmpty(errInfo)) { errInfo = "success"; // // session.removeAttribute(GlobalConst.SESSION_SECURITY_CODE);// JwtUtil jwtUtil = new JwtUtil(); map.put("token", jwtUtil.generateToken(username)); } else { map.put("token",""); } } } else { errInfo = "error"; // } }else{ errInfo = "error"; // System.out.println("字符串str中不包含子串"+result1); } } } }else { errInfo = "error";// 缺少uuid } map.put("result", errInfo); } catch (Exception e) { System.err.println(e.toString()); } return map; } /** * 登出 * * @return */ @RequestMapping("/system_logout") public String logout(HttpServletRequest request, HttpSession session) { Subject currentUser = SecurityUtils.getSubject(); currentUser.logout(); session = request.getSession(true); session.removeAttribute(GlobalConst.SESSION_USER); session.removeAttribute(GlobalConst.SESSION_MENULIST); return "redirect:loginIndex.html"; } /** * 登录前先注销防止浏览器返回 * */ public void logout1(HttpServletRequest request, HttpSession session) { Subject currentUser = SecurityUtils.getSubject(); currentUser.logout(); request.changeSessionId(); session = request.getSession(true); } }