1.模糊登录信息提示，修改以sessionId作为验证码的出现基准 (832d47ea) | Commits | 潘钊 / bsth_control

Browse Code »

Commit 832d47eaaaf2db363ad43c356c5f6e3b48dc9b2b

Authored by 王通 2025-09-02 10:20:28 +0800

1 parent fd4d3b50

build: skipped

1.模糊登录信息提示，修改以sessionId作为验证码的出现基准

Inline Side-by-side

Showing 1 changed file with 287 additions and 282 deletions

src/main/java/com/bsth/controller/sys/UserController.java

View file @832d47e

1		-package com.bsth.controller.sys;
2		-
3		-import com.bsth.common.Constants;
4		-import com.bsth.common.ResponseCode;
5		-import com.bsth.controller.BaseController;
6		-import com.bsth.controller.sys.dto.CompanyData;
7		-import com.bsth.controller.sys.util.RSAUtils;
8		-import com.bsth.entity.sys.CompanyAuthority;
9		-import com.bsth.entity.sys.SysUser;
10		-import com.bsth.security.util.SecurityUtils;
11		-import com.bsth.service.sys.CompanyAuthorityService;
12		-import com.bsth.service.sys.SysUserService;
13		-import com.google.common.collect.ArrayListMultimap;
14		-import org.apache.commons.lang3.StringUtils;
15		-import org.slf4j.Logger;
16		-import org.slf4j.LoggerFactory;
17		-import org.springframework.beans.factory.annotation.Autowired;
18		-import org.springframework.security.authentication.BadCredentialsException;
19		-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
20		-import org.springframework.security.web.authentication.session.SessionAuthenticationException;
21		-import org.springframework.web.bind.annotation.RequestMapping;
22		-import org.springframework.web.bind.annotation.RequestMethod;
23		-import org.springframework.web.bind.annotation.RequestParam;
24		-import org.springframework.web.bind.annotation.RestController;
25		-
26		-import javax.servlet.http.HttpServletRequest;
27		-import javax.servlet.http.HttpSession;
28		-import java.util.*;
29		-
30		-@RestController
31		-@RequestMapping("user")
32		-public class UserController extends BaseController<SysUser, Integer> {
33		-
34		- Logger logger = LoggerFactory.getLogger(this.getClass());
35		-
36		- @Autowired
37		- SysUserService sysUserService;
38		-
39		- @Autowired
40		- CompanyAuthorityService companyAuthorityService;
41		-
42		- @RequestMapping(value = "/login/jCryptionKey")
43		- public Map<String, Object> jCryptionKey(HttpServletRequest request) {
44		- //公匙返回页面
45		- Map<String, Object> rs = new HashMap<>();
46		- rs.put("publickey", RSAUtils.generateBase64PublicKey());
47		- return rs;
48		- }
49		-
50		- //需要验证码的账号
51		- public static Map<String, Integer> captchaMap = new HashMap<>();
52		-
53		- @RequestMapping(value = "/login", method = RequestMethod.POST)
54		- public Map<String, Object> login(HttpServletRequest request, @RequestParam String userName,
55		- @RequestParam String password, String captcha) {
56		-
57		- Map<String, Object> rs = new HashMap<>();
58		- rs.put("status", ResponseCode.ERROR);
59		- try {
60		- HttpSession session = request.getSession();
61		- rs.put("captcha", session.getAttribute("captcha"));
62		-
63		- if (captchaMap.get(userName) != null && captchaMap.get(userName) >= 3) {
64		- //校验验证码
65		- String verCode = (String) session
66		- .getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
67		-
68		- if (StringUtils.isBlank(captcha))
69		- return put(rs, "msg", "请输入验证码");
70		-
71		- if (!verCode.equals(captcha))
72		- return put(rs, "msg", "验证码有误，请刷新后重新输入");
73		- }
74		-
75		- //解密RSA
76		- try {
77		- userName = RSAUtils.decryptBase64(userName);
78		- password = RSAUtils.decryptBase64(password);
79		- } catch (RuntimeException e) {
80		- return put(rs, "msg", "decrypt RSA fail！可能页面已过期，尝试刷新页面。");
81		- }
82		-
83		- SysUser user = sysUserService.findByUserName(userName);
84		- if (null == user)
85		- return put(rs, "msg", "不存在的用户");
86		-
87		- if (!user.isEnabled())
88		- return put(rs, "msg", "该用户已被锁定，请联系管理员");
89		-
90		- // 校验密码
91		- boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
92		- if (!matchStatus) {
93		- rs.put("msg", "密码有误");
94		-
95		- Integer captchSize = captchaMap.get(userName);
96		- if (null == captchSize)
97		- captchSize = 0;
98		-
99		- captchSize++;
100		- captchaMap.put(userName, captchSize);
101		- return rs;
102		- }
103		-
104		- // 登录
105		- SecurityUtils.login(user, request);
106		- //session里写入用户名，webSocket连接时标识身份用
107		- session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
108		-
109		- //获取公司权限数据
110		- List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
111		- session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
112		-
113		- captchaMap.remove(userName);
114		- rs.put("status", ResponseCode.SUCCESS);
115		- } catch (Exception e) {
116		- logger.error("", e);
117		- rs.put("msg", "服务器出现异常，请联系管理员");
118		- }
119		- return rs;
120		- }
121		-
122		- @RequestMapping(value = "/change_user", method = RequestMethod.POST)
123		- public Map<String, Object> changeUser(HttpServletRequest request, @RequestParam String userName,
124		- @RequestParam String password) {
125		-
126		- Map<String, Object> rs = new HashMap<>();
127		- rs.put("status", ResponseCode.ERROR);
128		- try {
129		- HttpSession session = request.getSession();
130		-
131		- SysUser user = sysUserService.findByUserName(userName);
132		- if (null == user)
133		- return put(rs, "msg", "不存在的用户");
134		-
135		- if (!user.isEnabled())
136		- return put(rs, "msg", "该用户已被锁定，请联系管理员");
137		-
138		- // 校验密码
139		- boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
140		- if (!matchStatus)
141		- return put(rs, "msg", "密码有误");
142		-
143		- // 登录
144		- SecurityUtils.login(user, request);
145		- //session里写入用户名，webSocket连接时标识身份用
146		- session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
147		-
148		- //获取公司权限数据
149		- List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
150		- session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
151		- rs.put("status", ResponseCode.SUCCESS);
152		- } catch (Exception e) {
153		- logger.error("", e);
154		- rs.put("msg", "服务器出现异常，请联系管理员");
155		- }
156		- return rs;
157		- }
158		-
159		- /**
160		- * 返回当前用户的公司权限数据，用于构建页面级联下拉框
161		- *
162		- * @return
163		- */
164		- @RequestMapping("companyData")
165		- public List<CompanyData> companyData(HttpServletRequest request) {
166		- List<CompanyData> rs = new ArrayList<>();
167		- CompanyData companyData;
168		-
169		- ArrayListMultimap<String, CompanyAuthority> map = ArrayListMultimap.create();
170		- List<CompanyAuthority> cmyAuths = (List<CompanyAuthority>) request.getSession().getAttribute(Constants.COMPANY_AUTHORITYS);
171		-
172		- for (CompanyAuthority cAuth : cmyAuths) {
173		- map.put(cAuth.getCompanyCode() + "_" + cAuth.getCompanyName(), cAuth);
174		- }
175		-
176		- Set<String> keys = map.keySet();
177		- String[] temps;
178		- for (String k : keys) {
179		- temps = k.split("_");
180		-
181		- companyData = new CompanyData();
182		- companyData.setCompanyCode(temps[0]);
183		- companyData.setCompanyName(temps[1]);
184		- companyData.setChildren(new ArrayList<CompanyData.ChildrenCompany>());
185		-
186		- cmyAuths = map.get(k);
187		- for (CompanyAuthority c : cmyAuths) {
188		- companyData.getChildren().add(new CompanyData.ChildrenCompany(c.getSubCompanyCode(), c.getSubCompanyName()));
189		- }
190		-
191		- rs.add(companyData);
192		- }
193		-
194		- return rs;
195		- }
196		-
197		- @RequestMapping(value = "/login/captchaStatus")
198		- public int captchaStatus(String userName) {
199		- Integer size = captchaMap.get(userName);
200		- return size == null ? 0 : size;
201		- }
202		-
203		- public Map<String, Object> put(Map<String, Object> rs, String key, Object val) {
204		- rs.put(key, val);
205		- return rs;
206		- }
207		-
208		- /**
209		- * @Title: loginFailure @Description: TODO(查询登录失败的详细信息) @param @param
210		- * request @return String 返回类型 @throws
211		- */
212		- @RequestMapping("/loginFailure")
213		- public String loginFailure(HttpServletRequest request) {
214		- String msg = "";
215		- HttpSession session = request.getSession();
216		-
217		- Object obj = session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
218		-
219		- if (obj instanceof BadCredentialsException)
220		- msg = "登录失败，用户名或密码错误.";
221		- else if (obj instanceof SessionAuthenticationException)
222		- msg = "登录失败，当前策略不允许重复登录.";
223		- session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
224		- return msg;
225		- }
226		-
227		- @RequestMapping("/currentUser")
228		- public SysUser currentUser() {
229		- return SecurityUtils.getCurrentUser();
230		- }
231		-
232		- /**
233		- * @param id 用户ID
234		- * @param enabled 状态
235		- * @return
236		- * @Title changeEnabled
237		- * @Description: TODO(改变用户状态)
238		- */
239		- @RequestMapping("/changeEnabled")
240		- public int changeEnabled(@RequestParam int id, @RequestParam int enabled) {
241		- return sysUserService.changeEnabled(id, enabled);
242		- }
243		-
244		- /**
245		- * @param oldPWD 原始密码
246		- * @param newPWD 新密码
247		- * @param cnewPWD 确认新密码
248		- * @return
249		- * @Title changePWD
250		- * @Description: TODO(修改密码)
251		- */
252		- @RequestMapping(value = "/changePWD", method = RequestMethod.POST)
253		- public String changePWD(@RequestParam String oldPWD, @RequestParam String newPWD, @RequestParam String cnewPWD) {
254		- SysUser sysUser = SecurityUtils.getCurrentUser();
255		- String msg = "";
256		- if (new BCryptPasswordEncoder(4).matches(oldPWD, sysUser.getPassword())) {
257		- if (oldPWD.equals(newPWD)) {
258		- msg = "新密码不能跟原始密码一样！";
259		- } else {
260		- if (newPWD.equals(cnewPWD)) {
261		- sysUserService.changePWD(sysUser.getId(), newPWD);
262		- msg = "修改成功！";
263		- } else {
264		- msg = "新密码两次输入不一致！";
265		- }
266		- }
267		- } else {
268		- msg = "原始密码错误！";
269		- }
270		- return msg;
271		- }
272		-
273		- @RequestMapping(value = "/register", method = RequestMethod.POST)
274		- public Map<String, Object> register(SysUser u) {
275		- return sysUserService.register(u);
276		- }
277		-
278		- @RequestMapping(value = "/all_distinct")
279		- public List<SysUser> findAll_distinct() {
280		- return sysUserService.findAll_distinct();
281		- }
282		-}
	1	+package com.bsth.controller.sys;
	2	+
	3	+import com.bsth.common.Constants;
	4	+import com.bsth.common.ResponseCode;
	5	+import com.bsth.controller.BaseController;
	6	+import com.bsth.controller.sys.dto.CompanyData;
	7	+import com.bsth.controller.sys.util.RSAUtils;
	8	+import com.bsth.entity.sys.CompanyAuthority;
	9	+import com.bsth.entity.sys.SysUser;
	10	+import com.bsth.security.util.SecurityUtils;
	11	+import com.bsth.service.sys.CompanyAuthorityService;
	12	+import com.bsth.service.sys.SysUserService;
	13	+import com.google.common.collect.ArrayListMultimap;
	14	+import org.apache.commons.lang3.StringUtils;
	15	+import org.slf4j.Logger;
	16	+import org.slf4j.LoggerFactory;
	17	+import org.springframework.beans.factory.annotation.Autowired;
	18	+import org.springframework.security.authentication.BadCredentialsException;
	19	+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	20	+import org.springframework.security.web.authentication.session.SessionAuthenticationException;
	21	+import org.springframework.web.bind.annotation.RequestMapping;
	22	+import org.springframework.web.bind.annotation.RequestMethod;
	23	+import org.springframework.web.bind.annotation.RequestParam;
	24	+import org.springframework.web.bind.annotation.RestController;
	25	+
	26	+import javax.servlet.http.HttpServletRequest;
	27	+import javax.servlet.http.HttpSession;
	28	+import java.util.*;
	29	+
	30	+@RestController
	31	+@RequestMapping("user")
	32	+public class UserController extends BaseController<SysUser, Integer> {
	33	+
	34	+ Logger logger = LoggerFactory.getLogger(this.getClass());
	35	+
	36	+ @Autowired
	37	+ SysUserService sysUserService;
	38	+
	39	+ @Autowired
	40	+ CompanyAuthorityService companyAuthorityService;
	41	+
	42	+ @RequestMapping(value = "/login/jCryptionKey")
	43	+ public Map<String, Object> jCryptionKey(HttpServletRequest request) {
	44	+ //公匙返回页面
	45	+ Map<String, Object> rs = new HashMap<>();
	46	+ rs.put("publickey", RSAUtils.generateBase64PublicKey());
	47	+ return rs;
	48	+ }
	49	+
	50	+ //需要验证码的账号
	51	+ public static Map<String, Integer> captchaMap = new HashMap<>();
	52	+
	53	+ private static void captcha(String sessionId) {
	54	+ Integer captchSize = captchaMap.get(sessionId);
	55	+ if (null == captchSize)
	56	+ captchSize = 0;
	57	+
	58	+ captchSize++;
	59	+ captchaMap.put(sessionId, captchSize);
	60	+ }
	61	+
	62	+ @RequestMapping(value = "/login", method = RequestMethod.POST)
	63	+ public Map<String, Object> login(HttpServletRequest request, @RequestParam String userName,
	64	+ @RequestParam String password, String captcha) {
	65	+
	66	+ Map<String, Object> rs = new HashMap<>();
	67	+ rs.put("status", ResponseCode.ERROR);
	68	+ try {
	69	+ HttpSession session = request.getSession();
	70	+ rs.put("captcha", session.getAttribute("captcha"));
	71	+
	72	+ if (captchaMap.get(session.getId()) != null && captchaMap.get(session.getId()) >= 3) {
	73	+ //校验验证码
	74	+ String verCode = (String) session
	75	+ .getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
	76	+
	77	+ if (StringUtils.isBlank(captcha))
	78	+ return put(rs, "msg", "请输入验证码");
	79	+
	80	+ if (!verCode.equals(captcha))
	81	+ return put(rs, "msg", "验证码有误，请刷新后重新输入");
	82	+ }
	83	+
	84	+ //解密RSA
	85	+ try {
	86	+ userName = RSAUtils.decryptBase64(userName);
	87	+ password = RSAUtils.decryptBase64(password);
	88	+ } catch (RuntimeException e) {
	89	+ return put(rs, "msg", "decrypt RSA fail！可能页面已过期，尝试刷新页面。");
	90	+ }
	91	+
	92	+ SysUser user = sysUserService.findByUserName(userName);
	93	+ if (null == user) {
	94	+ captcha(session.getId());
	95	+ return put(rs, "msg", "用户名或密码错误");
	96	+ }
	97	+
	98	+ if (!user.isEnabled())
	99	+ return put(rs, "msg", "该用户已被锁定，请联系管理员");
	100	+
	101	+ // 校验密码
	102	+ boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
	103	+ if (!matchStatus) {
	104	+ captcha(session.getId());
	105	+ rs.put("msg", "用户名或密码错误");
	106	+ return rs;
	107	+ }
	108	+
	109	+ // 登录
	110	+ SecurityUtils.login(user, request);
	111	+ //session里写入用户名，webSocket连接时标识身份用
	112	+ session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
	113	+
	114	+ //获取公司权限数据
	115	+ List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
	116	+ session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
	117	+
	118	+ captchaMap.remove(session.getId());
	119	+ rs.put("status", ResponseCode.SUCCESS);
	120	+ } catch (Exception e) {
	121	+ logger.error("", e);
	122	+ rs.put("msg", "服务器出现异常，请联系管理员");
	123	+ }
	124	+ return rs;
	125	+ }
	126	+
	127	+ @RequestMapping(value = "/change_user", method = RequestMethod.POST)
	128	+ public Map<String, Object> changeUser(HttpServletRequest request, @RequestParam String userName,
	129	+ @RequestParam String password) {
	130	+
	131	+ Map<String, Object> rs = new HashMap<>();
	132	+ rs.put("status", ResponseCode.ERROR);
	133	+ try {
	134	+ HttpSession session = request.getSession();
	135	+
	136	+ SysUser user = sysUserService.findByUserName(userName);
	137	+ if (null == user)
	138	+ return put(rs, "msg", "不存在的用户");
	139	+
	140	+ if (!user.isEnabled())
	141	+ return put(rs, "msg", "该用户已被锁定，请联系管理员");
	142	+
	143	+ // 校验密码
	144	+ boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
	145	+ if (!matchStatus)
	146	+ return put(rs, "msg", "密码有误");
	147	+
	148	+ // 登录
	149	+ SecurityUtils.login(user, request);
	150	+ //session里写入用户名，webSocket连接时标识身份用
	151	+ session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
	152	+
	153	+ //获取公司权限数据
	154	+ List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
	155	+ session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
	156	+ rs.put("status", ResponseCode.SUCCESS);
	157	+ } catch (Exception e) {
	158	+ logger.error("", e);
	159	+ rs.put("msg", "服务器出现异常，请联系管理员");
	160	+ }
	161	+ return rs;
	162	+ }
	163	+
	164	+ /**
	165	+ * 返回当前用户的公司权限数据，用于构建页面级联下拉框
	166	+ *
	167	+ * @return
	168	+ */
	169	+ @RequestMapping("companyData")
	170	+ public List<CompanyData> companyData(HttpServletRequest request) {
	171	+ List<CompanyData> rs = new ArrayList<>();
	172	+ CompanyData companyData;
	173	+
	174	+ ArrayListMultimap<String, CompanyAuthority> map = ArrayListMultimap.create();
	175	+ List<CompanyAuthority> cmyAuths = (List<CompanyAuthority>) request.getSession().getAttribute(Constants.COMPANY_AUTHORITYS);
	176	+
	177	+ for (CompanyAuthority cAuth : cmyAuths) {
	178	+ map.put(cAuth.getCompanyCode() + "_" + cAuth.getCompanyName(), cAuth);
	179	+ }
	180	+
	181	+ Set<String> keys = map.keySet();
	182	+ String[] temps;
	183	+ for (String k : keys) {
	184	+ temps = k.split("_");
	185	+
	186	+ companyData = new CompanyData();
	187	+ companyData.setCompanyCode(temps[0]);
	188	+ companyData.setCompanyName(temps[1]);
	189	+ companyData.setChildren(new ArrayList<CompanyData.ChildrenCompany>());
	190	+
	191	+ cmyAuths = map.get(k);
	192	+ for (CompanyAuthority c : cmyAuths) {
	193	+ companyData.getChildren().add(new CompanyData.ChildrenCompany(c.getSubCompanyCode(), c.getSubCompanyName()));
	194	+ }
	195	+
	196	+ rs.add(companyData);
	197	+ }
	198	+
	199	+ return rs;
	200	+ }
	201	+
	202	+ @RequestMapping(value = "/login/captchaStatus")
	203	+ public int captchaStatus(String userName, HttpServletRequest request) {
	204	+ Integer size = captchaMap.get(request.getSession().getId());
	205	+ return size == null ? 0 : size;
	206	+ }
	207	+
	208	+ public Map<String, Object> put(Map<String, Object> rs, String key, Object val) {
	209	+ rs.put(key, val);
	210	+ return rs;
	211	+ }
	212	+
	213	+ /**
	214	+ * @Title: loginFailure @Description: TODO(查询登录失败的详细信息) @param @param
	215	+ * request @return String 返回类型 @throws
	216	+ */
	217	+ @RequestMapping("/loginFailure")
	218	+ public String loginFailure(HttpServletRequest request) {
	219	+ String msg = "";
	220	+ HttpSession session = request.getSession();
	221	+
	222	+ Object obj = session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
	223	+
	224	+ if (obj instanceof BadCredentialsException)
	225	+ msg = "登录失败，用户名或密码错误.";
	226	+ else if (obj instanceof SessionAuthenticationException)
	227	+ msg = "登录失败，当前策略不允许重复登录.";
	228	+ session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
	229	+ return msg;
	230	+ }
	231	+
	232	+ @RequestMapping("/currentUser")
	233	+ public SysUser currentUser() {
	234	+ return SecurityUtils.getCurrentUser();
	235	+ }
	236	+
	237	+ /**
	238	+ * @param id 用户ID
	239	+ * @param enabled 状态
	240	+ * @return
	241	+ * @Title changeEnabled
	242	+ * @Description: TODO(改变用户状态)
	243	+ */
	244	+ @RequestMapping("/changeEnabled")
	245	+ public int changeEnabled(@RequestParam int id, @RequestParam int enabled) {
	246	+ return sysUserService.changeEnabled(id, enabled);
	247	+ }
	248	+
	249	+ /**
	250	+ * @param oldPWD 原始密码
	251	+ * @param newPWD 新密码
	252	+ * @param cnewPWD 确认新密码
	253	+ * @return
	254	+ * @Title changePWD
	255	+ * @Description: TODO(修改密码)
	256	+ */
	257	+ @RequestMapping(value = "/changePWD", method = RequestMethod.POST)
	258	+ public String changePWD(@RequestParam String oldPWD, @RequestParam String newPWD, @RequestParam String cnewPWD) {
	259	+ SysUser sysUser = SecurityUtils.getCurrentUser();
	260	+ String msg = "";
	261	+ if (new BCryptPasswordEncoder(4).matches(oldPWD, sysUser.getPassword())) {
	262	+ if (oldPWD.equals(newPWD)) {
	263	+ msg = "新密码不能跟原始密码一样！";
	264	+ } else {
	265	+ if (newPWD.equals(cnewPWD)) {
	266	+ sysUserService.changePWD(sysUser.getId(), newPWD);
	267	+ msg = "修改成功！";
	268	+ } else {
	269	+ msg = "新密码两次输入不一致！";
	270	+ }
	271	+ }
	272	+ } else {
	273	+ msg = "原始密码错误！";
	274	+ }
	275	+ return msg;
	276	+ }
	277	+
	278	+ @RequestMapping(value = "/register", method = RequestMethod.POST)
	279	+ public Map<String, Object> register(SysUser u) {
	280	+ return sysUserService.register(u);
	281	+ }
	282	+
	283	+ @RequestMapping(value = "/all_distinct")
	284	+ public List<SysUser> findAll_distinct() {
	285	+ return sysUserService.findAll_distinct();
	286	+ }
	287	+}
...	...

潘钊 / bsth_control · Commits

GitLab

1.模糊登录信息提示，修改以sessionId作为验证码的出现基准