//==================================验证码=====controller
@CrossOrigin @ResponseBody @GetMapping("/code") @ApiOperation(value = "验证码", notes = "jpg,Junit_CK_Key,Junit_CK_Value值") public String getCheckCode(HttpServletRequest request, HttpServletResponse response) { try { CheckCodeVo checkCodeVo = checkCodeService.getCheckCode(); response.setHeader("content-type", "application/x-javascript; charset=utf8"); // forbid the cache pic response.setHeader("Pragma", "no-cache"); response.setHeader("Cache-Control", "no-cache"); response.setDateHeader("Expires", 0); response.setContentType("image/jpeg"); // gen code String codeKey = checkCodeService.setCheckCode(checkCodeVo.getCode()); String codeValue = checkCodeService.getCheckCode(codeKey.trim()); // set cookie Cookie cookie = new Cookie(JunConstantsUtil.RES_CK_KEY,codeKey); cookie.setPath(JunConstantsUtil.DOMAIN_ROOT); cookie.setMaxAge(JunConstantsUtil.MAX_AGE); cookie.setHttpOnly(false); Cookie cookie2 = new Cookie(JunConstantsUtil.RES_CK_VALUE,checkCodeVo.getCode()); cookie2.setPath(JunConstantsUtil.DOMAIN_ROOT); cookie2.setMaxAge(JunConstantsUtil.MAX_AGE); // set res response.setHeader(JunConstantsUtil.RES_CK_KEY,codeKey); response.setHeader(JunConstantsUtil.RES_CK_VALUE,checkCodeVo.getCode()); response.addCookie(cookie); response.addCookie(cookie2); // set out ImageIO.write(checkCodeVo.getBImage(), JunConstantsUtil.PIC_JPG, response.getOutputStream()); request.getSession().setAttribute(JunConstantsUtil.CHECK_CODE, checkCodeVo.getCode()); response.getOutputStream().print(JunConstantsUtil.RES_HTML_COOKIE); return checkCodeVo.getCode().toString(); } catch (Exception e) { return ""; } } /** * 生成二维码 * @param res */ @GetMapping("/tCode.jun") public void genQTCode(HttpServletResponse res){ QrConfig config = new QrConfig(300, 300); // 高纠错级别 config.setErrorCorrection(ErrorCorrectionLevel.H); // 设置边距,既二维码和背景之间的边距 config.setMargin(3); // 设置前景色,既二维码颜色 config.setForeColor(Color.WHITE.getRGB()); // 设置背景色 config.setBackColor(Color.BLACK.getRGB()); // 生成二维码到文件,写入流 try { QrCodeUtil.generate("Lu.Li.Junit", config, "jpg",res.getOutputStream()); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } }
//===============================登录处理=============== @RestController @CrossOrigin @Api(value = "登录" ,tags = "登录") public class SysLoginController extends BaseController{ @Autowired private AuthenticationManager authenticationManager; @Autowired protected UserDetailsService userDetailsService; @Autowired private CheckCodeService checkCodeService; protected Logger logger = LoggerFactory.getLogger(this.getClass()); private Integer alertCode; @ConsoleLog(object = "登录", module = "用户登录", description = "用户登录") @PostMapping(value = "/auth") @ApiOperation(value = "用户登录",notes = "用户登录") public Response login(String username, String password, String checkKey,String checkCode, String language, Device device) { Response response = new Response(); /************************************** *@Desc: check user protocol and security Code *@Author: Lu.Li.Junit ***************************************/ // if(StringUtils.isBlank(checkCode) && StringUtils.isBlank(checkKey)){ // response.put("code","4002"); // response.put("msg","验证码无效"); // return response; // } // // String codeValue = checkCodeService.getCheckCode(checkKey.trim()); // if(!checkCode.equalsIgnoreCase(codeValue)){ // response.put("code","4002"); // response.put("msg","验证码错误,请重新输入"); // return response; // } /*********************** END *************/ Cookie cookie = new Cookie("username",username); logger.info("into the login.username:"+username +" pwd:"+password); Locale locale = LocaleContextHolder.getLocale(); if (language.equals("en_US")) { locale = locale.US; }else { locale = locale.SIMPLIFIED_CHINESE; } Md5PasswordEncoder md5 = new Md5PasswordEncoder(); String result = md5.encodePassword(password, "Startimes"); /************************************** *@Desc: 重新处理 *@Author: Lu.Li.Junit ***************************************/ User domain = userService.findUserByNameAndPwd(username,password); if (null != domain){ /** * 获取当前用户状态 */ /** * 正常用户 */ final Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken(username, domain.getPassword()) ); SecurityContextHolder.getContext().setAuthentication(authentication); logger.info("|Login|User authentication={}", authentication); JwtUser user = null; logger.info("|Login|User request {} by DB ", username+" and "+password); // 加载用户信息,生成token final UserDetails userDetails = userDetailsService.loadUserByUsername(username); final String token = jwtTokenUtil.generateToken(userDetails, device); response = Response.ok().put("token", token); user = (JwtUser) userDetails; try { userService.updateLastLoginDate(user.getId()); } catch (Exception e) { logger.error("Update user lastLoginDate error ", e); } logger.info("|Login|User {} response {}", username+" and "+password, response); return response; } else { alertCode = 401; Response.error(401, messageSource.getMessage("login.usernameEmpty", null, locale)); logger.info("Not found user.", username+" and "+password, response); } return response; /********************** END ************/ /* //1.获取超级管理员的信息 //2.判断随机密码日期是否超时5分钟 //3.未超时,则判断登录用户信息 //4.如果登录用户是超级管理员,则分别判断随机密码和password User userdto = userService.getUser(1L); if (userdto.getUsername().equals(username)) { SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); String randomTime = simpleDateFormat.format(userdto.getLastPasswordResetDate()); String nowTime = simpleDateFormat.format(new Date()); Long randomTimeL = String2Timestamp(randomTime); Long nowTimeL = String2Timestamp(nowTime); if (nowTimeL < randomTimeL + 299999) { if (userdto.getSalt().equals(password)) { // 用随机密码登录成功 final Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( username, userdto.getPassword() ) ); SecurityContextHolder.getContext().setAuthentication(authentication); logger.info("|Login|User authentication={}", authentication); JwtUser user = null; logger.info("|Login|User request {} by DB ", username+" and "+password); // 加载用户信息,生成token final UserDetails userDetails = userDetailsService.loadUserByUsername(username); final String token = jwtTokenUtil.generateToken(userDetails, device); response = Response.ok().put("token", token); user = (JwtUser) userDetails; try { userService.updateLastLoginDate(user.getId()); } catch (Exception e) { logger.error("Update user lastLoginDate error ", e); } logger.info("|Login|User {} response {}", username+" and "+password, response); return response; }else { try { final Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, result)); SecurityContextHolder.getContext().setAuthentication(authentication); logger.info("|Login|User authentication={}", authentication); JwtUser user = null; logger.info("|Login|User request {} by DB ", username+" and "+password); // 加载用户信息,生成token final UserDetails userDetails = userDetailsService.loadUserByUsername(username); final String token = jwtTokenUtil.generateToken(userDetails, device); response = Response.ok().put("token", token); user = (JwtUser) userDetails; try { userService.updateLastLoginDate(user.getId()); } catch (Exception e) { logger.error("Update user lastLoginDate error ", e); } } catch (UsernameNotFoundException e) { logger.error("|Login|User {} is not found", username, e); alertCode = 401; response = Response.error(401, messageSource.getMessage("login.usernameEmpty", null, locale)); } catch (BadCredentialsException e) { logger.error("|Login|User {} password error", username, e); if (username.equals("startimesterminal")){ alertCode = 402; response = Response.error(402, messageSource.getMessage("login.superUserPasswordError", null, locale)); }else { boolean usernameIsTrue = judgeIsUsername(username); if (usernameIsTrue){ alertCode = 4020; response = Response.error(4020, messageSource.getMessage("login.userPasswordError", null, locale)); }else { alertCode = 4021; response = Response.error(4021, messageSource.getMessage("login.usernameError", null, locale)); } } } catch (DisabledException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(403, "帐号被停用"); } catch (LockedException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(404, "帐号被停用"); } catch (AuthenticationCredentialsNotFoundException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(405, "该用户不允许登录运营控系统"); } catch (Exception e) { logger.error("|Login|User {} login error", username, e); response = Response.error(500, "未知错误,请联系管理员"); } logger.info("|Login|User {} response {}", username+" and "+password, response); return response; } }else { try { final Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( username, result ) ); SecurityContextHolder.getContext().setAuthentication(authentication); logger.info("|Login|User authentication={}", authentication); JwtUser user = null; logger.info("|Login|User request {} by DB ", username+" and "+password); // 加载用户信息,生成token final UserDetails userDetails = userDetailsService.loadUserByUsername(username); final String token = jwtTokenUtil.generateToken(userDetails, device); response = Response.ok().put("token", token); user = (JwtUser) userDetails; try { userService.updateLastLoginDate(user.getId()); } catch (Exception e) { logger.error("Update user lastLoginDate error ", e); } } catch (UsernameNotFoundException e) { logger.error("|Login|User {} is not found", username, e); alertCode = 401; response = Response.error(401, messageSource.getMessage("login.usernameEmpty", null, locale)); } catch (BadCredentialsException e) { logger.error("|Login|User {} password error", username, e); if (username.equals("startimesterminal")){ alertCode = 402; response = Response.error(402, messageSource.getMessage("login.superUserPasswordError", null, locale)); }else { boolean usernameIsTrue = judgeIsUsername(username); if (usernameIsTrue){ alertCode = 4020; response = Response.error(4020, messageSource.getMessage("login.userPasswordError", null, locale)); }else { alertCode = 4021; response = Response.error(4021, messageSource.getMessage("login.usernameError", null, locale)); } } } catch (DisabledException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(403, "帐号被停用"); } catch (LockedException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(404, "帐号被停用"); } catch (AuthenticationCredentialsNotFoundException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(405, "该用户不允许登录运营控系统"); } catch (Exception e) { logger.error("|Login|User {} login error", username, e); response = Response.error(500, "未知错误,请联系管理员"); } logger.info("|Login|User {} response {}", username+" and "+password, response); return response; } } try { final Authentication authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken(username, result)); SecurityContextHolder.getContext().setAuthentication(authentication); logger.info("|Login|User authentication={}", authentication); JwtUser user = null; logger.info("|Login|User request {} by DB ", username+" and "+password); // 加载用户信息,生成token final UserDetails userDetails = userDetailsService.loadUserByUsername(username); final String token = jwtTokenUtil.generateToken(userDetails, device); response = Response.ok().put("token", token); user = (JwtUser) userDetails; try { userService.updateLastLoginDate(user.getId()); } catch (Exception e) { logger.error("Update user lastLoginDate error ", e); } } catch (UsernameNotFoundException e) { logger.error("|Login|User {} is not found", username, e); alertCode = 401; response = Response.error(401, messageSource.getMessage("login.usernameEmpty", null, locale)); } catch (BadCredentialsException e) { logger.error("|Login|User {} password error", username, e); if (username.equals("startimesterminal")){ alertCode = 402; response = Response.error(402, messageSource.getMessage("login.superUserPasswordError", null, locale)); }else { boolean usernameIsTrue = judgeIsUsername(username); if (usernameIsTrue){ alertCode = 4020; response = Response.error(4020, messageSource.getMessage("login.userPasswordError", null, locale)); }else { alertCode = 4021; response = Response.error(4021, messageSource.getMessage("login.usernameError", null, locale)); } } } catch (DisabledException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(403, "帐号被停用"); } catch (LockedException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(404, "帐号被停用"); } catch (AuthenticationCredentialsNotFoundException e) { logger.error("|Login|User {} password error", username, e); response = Response.error(405, "该用户不允许登录运营控系统"); } catch (Exception e) { logger.error("|Login|User {} login error", username, e); response = Response.error(500, "未知错误,请联系管理员"); } logger.info("|Login|User {} response {}", username+" and "+password, response); return response; */ } @RequestMapping(value = "${jwt.route.authentication.refresh}", method = RequestMethod.GET) @ApiOperation(value = "Token认证",notes = "Token认证") public Response refreshAndGetAuthenticationToken(HttpServletRequest request) { Response response = new Response(); String token = request.getHeader(tokenHeader); Long userId = jwtTokenUtil.getUserIdFromToken(token); logger.info("refreshAndGetAuthenticationToken userId " + userId); String userName = jwtTokenUtil.getUsernameFromToken(token); logger.info("refreshAndGetAuthenticationToken userName " + userName); User user = userService.getUser(userName); //JwtUser user = (JwtUser)userService.loadUserById(userId); /* if (jwtTokenUtil.canTokenBeRefreshed(token, user.getLastPasswordResetDate())) { String refreshedToken = jwtTokenUtil.refreshToken(token); response = Response.ok().put("token", refreshedToken); } else { response.put("code", 400); }*/ logger.info("|RefreshToken|Response={}", response); return response; } private Long String2Timestamp(String time) { DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); long timestamp = 0; if (StringUtils.isNotBlank(time)) { try { Date date = format.parse(time); timestamp = date.getTime(); // milliseconds } catch (ParseException e) { e.printStackTrace(); } return timestamp; } else { return null; } } private Boolean judgeIsUsername(String username){ List<String> list=userService.findAllUser(); for (String name:list) { if (name.equals(username)) { return true; } } return false; } @ConsoleLog(object = "切换语言", module = "切换语言", description = "切换语言") @RequestMapping(value = "/auth/languageChange", method = RequestMethod.GET) @ApiOperation(value = "切换语言",notes = "切换语言") public Response languageChange(Long id) { Locale locale = LocaleContextHolder.getLocale(); Response response = new Response(); if (id == 1) { locale = locale.US; }else { locale = locale.SIMPLIFIED_CHINESE; } if (alertCode == 401){ response = Response.error(401, messageSource.getMessage("login.usernameEmpty", null, locale)); }else if (alertCode == 402){ response = Response.error(402, messageSource.getMessage("login.superUserPasswordError", null, locale)); }else if (alertCode == 4020){ response = Response.error(4020, messageSource.getMessage("login.userPasswordError", null, locale)); }else if (alertCode == 4021){ response = Response.error(4021, messageSource.getMessage("login.usernameError", null, locale)); }else { response = Response.error(402, messageSource.getMessage("login.superUserPasswordError", null, locale)); } return response; } }