importjava.io.IOException;importjava.security.MessageDigest;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importorg.apache.commons.lang.StringUtils;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Component;importcn.evun.tms.common.dto.LoginSysUser;importcn.evun.tms.system.service.SysUserService;import sun.misc.*;/*** basic Auth 认证方式
*
*@authorGeely
**/@Componentpublic classBasicAuthenticationUtil {
@AutowiredprivateSysUserService sysUserService;/***
*@paramrequest
*@paramresponse
*@paramsessionName
*@return
*/
public booleancheckHeaderAuth(HttpServletRequest request, String sessionName) {
String authorization= request.getHeader("Authorization");if (StringUtils.isBlank(authorization) || authorization.length() < 6) {return false;
}
authorization= authorization.substring(6, authorization.length());
String decodedAuth=base64Decode(authorization);if (decodedAuth == null || "".equals(decodedAuth)) {
decodedAuth= "";
}
String[] useAuth= decodedAuth.split(":");if (useAuth.length < 2) {return false;
}
LoginSysUser sysUser= sysUserService.getUserByLogin(useAuth[0], encoderByMd5(useAuth[1]));if (sysUser == null) {return false;
}if(StringUtil.isNotBlank(sessionName)) {
request.getSession().setAttribute(sessionName, decodedAuth);
}return true;
}/***
*@paramrequest
*@paramresponse
*@paramsessionName
*@return
*/
public booleancheckUserAuth(HttpServletRequest request, String sessionName) {
String sessionAuth= null;if(StringUtil.isNotBlank(sessionName)) {
sessionAuth=(String) request.getSession().getAttribute(sessionName);if (sessionAuth == null || "".equals(sessionAuth)) {return false;
}
String[] useAuth= sessionAuth.split(":");if (useAuth.length < 2) {return false;
}else{
LoginSysUser sysUser= sysUserService.getUserByLogin(useAuth[0], encoderByMd5(useAuth[1]));if (sysUser != null) {return true;
}
}return false;
}return true;
}public static voidredirect(HttpServletResponse response) {
response.setStatus(401);
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("WWW-authenticate", "Basic Realm=\"test\"");
}/*** 编码
*
*@parambstr
*@returnString*/@SuppressWarnings("restriction")public static String base64Encode(byte[] bstr) {
String strEncode= newBASE64Encoder().encode(bstr);returnstrEncode;
}/*** 解码
*
*@paramstr
*@return
*/@SuppressWarnings("restriction")public staticString base64Decode(String str) {if(StringUtil.isBlank(str)) {return null;
}
String s= null;try{
BASE64Decoder decoder= newBASE64Decoder();byte[] b =decoder.decodeBuffer(str);
s= new String(b, "UTF8");
}catch(IOException e) {
s= null;
}returns;
}/*** 对字符串md5加密(大写+数字)
*
*@paramstr
* 传入要加密的字符串
*@returnMD5加密后的字符串*/
public staticString encoderByMd5(String s) {char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
String strMd5= null;try{byte[] bt = s.getBytes("UTF8");//获得MD5摘要算法的 MessageDigest 对象
MessageDigest md = MessageDigest.getInstance("MD5");//使用指定的字节更新摘要
md.update(bt);//获得密文
byte[] mdt =md.digest();//把密文转换成十六进制的字符串形式
int j =mdt.length;char str[] = new char[j * 2];int k = 0;for (int i = 0; i < j; i++) {byte byte0 =mdt[i];
str[k++] = hexDigits[byte0 >>> 4 & 0xf];
str[k++] = hexDigits[byte0 & 0xf];
}
strMd5= newString(str).toLowerCase();
}catch(Exception e) {
strMd5= null;
}returnstrMd5;
}
}