bonus
/
GZMachinesWeb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
GZMachinesWeb/.svn/pristine/50/50ca9d19b65a8daef9a1789ac2e...

226 lines
6.7 KiB
Plaintext
Raw Permalink Blame History

package com.bonus.sys.controller;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.bonus.core.BackstageApplication;
import com.bonus.core.jwt.JwtUtil;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import com.bonus.sys.BaseController;
import com.bonus.sys.GlobalConst;
import com.bonus.sys.PageData;
@Controller
public class LoginController extends BaseController<Object> {
/**
* 跳转登录
*
* @return
*/
@ExceptionHandler(Exception.class)
@RequestMapping(value = "/loginIndex")
public ModelAndView toLogin(HttpServletRequest request, HttpSession session) {
ModelAndView mv = new ModelAndView();
try {
//session.invalidate();
mv.setViewName("login/login");
} catch (Exception e) {
System.err.println(e.toString());
}
return mv;
}
public static String filterInput(String input) {
// 定义允许的字符集:字母、数字、下划线、连字符
String regex = "[^a-zA-Z0-9_-]";
// 替换所有非法字符为空字符串
return input.replaceAll(regex, "");
}
/**
* 登录
*/
@RequestMapping(value = "/system_login", method = RequestMethod.POST)
@ResponseBody
public Map<String, Object> login(HttpServletRequest req, HttpServletResponse res, HttpSession sess) {
Map<String, Object> map = new HashMap<String, Object>();
try {
String requestLine = req.getMethod() + " " + req.getRequestURI() + " " + req.getProtocol();
String filteredInput = filterInput(requestLine);
System.out.println("Filtered Input: " + filteredInput);
String safePath = new File(BackstageApplication.getFileurlprefix(), requestLine).getCanonicalPath();
if (!safePath.startsWith(BackstageApplication.getFileurlprefix())) {
filteredInput = filterInput(safePath);
System.out.println("Filtered safePath: " + filteredInput);
}
String errInfo = "";
String uuId = req.getParameter("uuId");
if (uuId != null && !"".equals(uuId)){
// logout1(req, sess);
PageData pd = this.getPageData();
if(pd!=null){
String keyData = pd.getString("KEYDATA");
if(keyData != null){
int result1 = keyData.indexOf(",jy,");
if(result1 != -1){
String KEYDATA[] = keyData.split(",jy,");
if (null != KEYDATA && KEYDATA.length == 3) {
// shiro
Subject currentUser = SecurityUtils.getSubject();
// Session session = currentUser.getSession();
// String sessionCode = (String) session.getAttribute(GlobalConst.SESSION_SECURITY_CODE); //
// String code = KEYDATA[2];
String username = KEYDATA[0];
String password = KEYDATA[1];
KEYDATA[0] = "";
KEYDATA[2] = "";
KEYDATA[1] = "";
/*
* if (null != code || "".equals(code)){ errInfo = "nullcode"; //
* } else
*/
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
errInfo = "nullup"; //
} else {
if (StringUtils.isNotEmpty(password)
/* && sessionCode.equalsIgnoreCase(code) */) {
// shiro
UsernamePasswordToken token = new UsernamePasswordToken(username, password.toUpperCase());
token.setRememberMe(true);
try {
if (!currentUser.isAuthenticated()) {
currentUser.getSession(false).stop();
currentUser.getSession(true);
currentUser.login(token);
}
} catch (UnknownAccountException uae) {
errInfo = "usererror";//
} catch (IncorrectCredentialsException ice) {
errInfo = "usererror"; //
} catch (LockedAccountException lae) {
errInfo = "inactive";//
} catch (ExcessiveAttemptsException eae) {
errInfo = "attemptserror";//
} catch (AuthenticationException ae) {
errInfo = "codeerror";//
}
//
if (!currentUser.isAuthenticated()) {
token.clear();
}
} else {
errInfo = "codeerror"; //
}
if (StringUtils.isEmpty(errInfo)) {
errInfo = "success"; //
// session.removeAttribute(GlobalConst.SESSION_SECURITY_CODE);//
JwtUtil jwtUtil = new JwtUtil();
map.put("token", jwtUtil.generateToken(username));
} else {
map.put("token","");
}
}
} else {
errInfo = "error"; //
}
}else{
errInfo = "error"; //
System.out.println("字符串str中不包含子串"+result1);
}
}
}
}else {
errInfo = "error";// 缺少uuid
}
map.put("result", errInfo);
} catch (Exception e) {
System.err.println(e.toString());
}
return map;
}
/**
* 登出
*
* @return
*/
@RequestMapping("/system_logout")
public String logout(HttpServletRequest request, HttpSession session) {
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
session = request.getSession(true);
session.removeAttribute(GlobalConst.SESSION_USER);
session.removeAttribute(GlobalConst.SESSION_MENULIST);
return "redirect:loginIndex.html";
}
/**
* 登录前先注销防止浏览器返回
* */
public void logout1(HttpServletRequest request, HttpSession session) {
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
request.changeSessionId();
session = request.getSession(true);
}
}
Reference in New Issue View Git Blame Copy Permalink