此登陆模块主要分为两点:
1.加密解密:在前端加密,后端解密。2.生成随机码并验证。这里先介绍加密解密部分。
/**
* 检查用户名称
*
* @param user
* @param req
* @return
*/
@RequestMapping(params = "checkuser")
@ResponseBody
public AjaxJson checkuser(TSUser user, HttpServletRequest req) {
HttpSession session = req.getSession();
AjaxJson j = new AjaxJson();
// 语言选择
if (req.getParameter("langCode") != null) {
req.getSession().setAttribute("lang", req.getParameter("langCode"));
}
try {
Thread.sleep(200);
} catch (InterruptedException e) {
e.printStackTrace();
}
// 首先是验证码的非空校验
String randCode = req.getParameter("randCode");
log.debug("页面输入的验证码,randCode:" + randCode);
if (StringUtils.isEmpty(randCode)) {
j.setMsg(mutiLangService.getLang("common.enter.verifycode"));
j.setSuccess(false);
return j;
}
//然后是验证码正确性校验
String sessionRandCode = String.valueOf(session.getAttribute("randCode"));
log.debug("session中获取的验证码,sessionRandCode:" + sessionRandCode);
session.removeAttribute("randCode");
if (!randCode.equalsIgnoreCase(sessionRandCode)) {
j.setMsg(mutiLangService.getLang("common.verifycode.error"));
j.setSuccess(false);
log.debug("randCode与sessionRandCode比较:" + false);
return j;
}
TSUser u = userService.checkUserExits(user);
if (u == null) {
//此时后台接收的账号密码已经加密
if (StringUtils.isNotEmpty(user.getPassword())) {
log.debug("原始>>>>>" + user.getUserName());
log.debug("原始>>>>>" + user.getPassword());
// Base64解密
String username = new String(Base64.decode(user.getUserName()));
String pwd = new String(Base64.decode(user.getPassword()));
log.debug("解密>>>>>" + username);
// log.debug("解密>>>>>" + pwd);
if ((pwd.length() - 14) < 1) {
log.debug(">>密码有问题.");
j.setMsg(mutiLangService.getLang("common.username.or.password.error"));
j.setSuccess(false);
return j;
}
// 截取密码
String prev = pwd.substring(0, pwd.length() - 14);
// 获取真实密码LoginVerify工具类工具类放在后面介绍,实际上就是逻辑解密
String realpwd = LoginVerify.getRealPwd(prev);
// 对象重置密码LoginVerify工具类放在后面介绍,实际上就是逻辑解密
user.setPassword(realpwd);
user.setUserName(LoginVerify.getRealPwd(username));
// 截取后14位,验证请求日期
String lastStr = pwd.substring(pwd.length() - 14);
String hour = lastStr.substring(0, 2);
String day = lastStr.substring(6, 8);
String month = lastStr.substring(12);
// 获取当前时间,时间验证
Calendar