1.模糊登录信息提示，修改以sessionId作为验证码的出现基准 (832d47ea) | Commits | 潘钊 / bsth_control

Browse Code »

Commit 832d47eaaaf2db363ad43c356c5f6e3b48dc9b2b

Authored by 王通 2025-09-02 10:20:28 +0800

1 parent fd4d3b50

build: skipped

1.模糊登录信息提示，修改以sessionId作为验证码的出现基准

Inline Side-by-side

Showing 1 changed file with 287 additions and 282 deletions

src/main/java/com/bsth/controller/sys/UserController.java

View file @832d47e

1	-package com.bsth.controller.sys;
2	-
3	-import com.bsth.common.Constants;
4	-import com.bsth.common.ResponseCode;
5	-import com.bsth.controller.BaseController;
6	-import com.bsth.controller.sys.dto.CompanyData;
7	-import com.bsth.controller.sys.util.RSAUtils;
8	-import com.bsth.entity.sys.CompanyAuthority;
9	-import com.bsth.entity.sys.SysUser;
10	-import com.bsth.security.util.SecurityUtils;
11	-import com.bsth.service.sys.CompanyAuthorityService;
12	-import com.bsth.service.sys.SysUserService;
13	-import com.google.common.collect.ArrayListMultimap;
14	-import org.apache.commons.lang3.StringUtils;
15	-import org.slf4j.Logger;
16	-import org.slf4j.LoggerFactory;
17	-import org.springframework.beans.factory.annotation.Autowired;
18	-import org.springframework.security.authentication.BadCredentialsException;
19	-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
20	-import org.springframework.security.web.authentication.session.SessionAuthenticationException;
21	-import org.springframework.web.bind.annotation.RequestMapping;
22	-import org.springframework.web.bind.annotation.RequestMethod;
23	-import org.springframework.web.bind.annotation.RequestParam;
24	-import org.springframework.web.bind.annotation.RestController;
25	-
26	-import javax.servlet.http.HttpServletRequest;
27	-import javax.servlet.http.HttpSession;
28	-import java.util.*;
29	-
30	-@RestController
31	-@RequestMapping("user")
32	-public class UserController extends BaseController<SysUser, Integer> {
33	-
34	- Logger logger = LoggerFactory.getLogger(this.getClass());
35	-
36	- @Autowired
37	- SysUserService sysUserService;
38	-
39	- @Autowired
40	- CompanyAuthorityService companyAuthorityService;
41	-
42	- @RequestMapping(value = "/login/jCryptionKey")
43	- public Map<String, Object> jCryptionKey(HttpServletRequest request) {
44	- //公匙返回页面
45	- Map<String, Object> rs = new HashMap<>();
46	- rs.put("publickey", RSAUtils.generateBase64PublicKey());
47	- return rs;
48	- }
49	-
50	- //需要验证码的账号
51	- public static Map<String, Integer> captchaMap = new HashMap<>();
52	-
53	- @RequestMapping(value = "/login", method = RequestMethod.POST)
54	- public Map<String, Object> login(HttpServletRequest request, @RequestParam String userName,
55	- @RequestParam String password, String captcha) {
56	-
57	- Map<String, Object> rs = new HashMap<>();
58	- rs.put("status", ResponseCode.ERROR);
59	- try {
60	- HttpSession session = request.getSession();
61	- rs.put("captcha", session.getAttribute("captcha"));
62	-
63	- if (captchaMap.get(userName) != null && captchaMap.get(userName) >= 3) {
64	- //校验验证码
65	- String verCode = (String) session
66	- .getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
67	-
68	- if (StringUtils.isBlank(captcha))
69	- return put(rs, "msg", "请输入验证码");
70	-
71	- if (!verCode.equals(captcha))
72	- return put(rs, "msg", "验证码有误，请刷新后重新输入");
73	- }
74	-
75	- //解密RSA
76	- try {
77	- userName = RSAUtils.decryptBase64(userName);
78	- password = RSAUtils.decryptBase64(password);
79	- } catch (RuntimeException e) {
80	- return put(rs, "msg", "decrypt RSA fail！可能页面已过期，尝试刷新页面。");
81	- }
82	-
83	- SysUser user = sysUserService.findByUserName(userName);
84	- if (null == user)
85	- return put(rs, "msg", "不存在的用户");
86	-
87	- if (!user.isEnabled())
88	- return put(rs, "msg", "该用户已被锁定，请联系管理员");
89	-
90	- // 校验密码
91	- boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
92	- if (!matchStatus) {
93	- rs.put("msg", "密码有误");
94	-
95	- Integer captchSize = captchaMap.get(userName);
96	- if (null == captchSize)
97	- captchSize = 0;
98	-
99	- captchSize++;
100	- captchaMap.put(userName, captchSize);
101	- return rs;
102	- }
103	-
104	- // 登录
105	- SecurityUtils.login(user, request);
106	- //session里写入用户名，webSocket连接时标识身份用
107	- session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
108	-
109	- //获取公司权限数据
110	- List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
111	- session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
112	-
113	- captchaMap.remove(userName);
114	- rs.put("status", ResponseCode.SUCCESS);
115	- } catch (Exception e) {
116	- logger.error("", e);
117	- rs.put("msg", "服务器出现异常，请联系管理员");
118	- }
119	- return rs;
120	- }
121	-
122	- @RequestMapping(value = "/change_user", method = RequestMethod.POST)
123	- public Map<String, Object> changeUser(HttpServletRequest request, @RequestParam String userName,
124	- @RequestParam String password) {
125	-
126	- Map<String, Object> rs = new HashMap<>();
127	- rs.put("status", ResponseCode.ERROR);
128	- try {
129	- HttpSession session = request.getSession();
130	-
131	- SysUser user = sysUserService.findByUserName(userName);
132	- if (null == user)
133	- return put(rs, "msg", "不存在的用户");
134	-
135	- if (!user.isEnabled())
136	- return put(rs, "msg", "该用户已被锁定，请联系管理员");
137	-
138	- // 校验密码
139	- boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
140	- if (!matchStatus)
141	- return put(rs, "msg", "密码有误");
142	-
143	- // 登录
144	- SecurityUtils.login(user, request);
145	- //session里写入用户名，webSocket连接时标识身份用
146	- session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
147	-
148	- //获取公司权限数据
149	- List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
150	- session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
151	- rs.put("status", ResponseCode.SUCCESS);
152	- } catch (Exception e) {
153	- logger.error("", e);
154	- rs.put("msg", "服务器出现异常，请联系管理员");
155	- }
156	- return rs;
157	- }
158	-
159	- /**
160	- * 返回当前用户的公司权限数据，用于构建页面级联下拉框
161	- *
162	- * @return
163	- */
164	- @RequestMapping("companyData")
165	- public List<CompanyData> companyData(HttpServletRequest request) {
166	- List<CompanyData> rs = new ArrayList<>();
167	- CompanyData companyData;
168	-
169	- ArrayListMultimap<String, CompanyAuthority> map = ArrayListMultimap.create();
170	- List<CompanyAuthority> cmyAuths = (List<CompanyAuthority>) request.getSession().getAttribute(Constants.COMPANY_AUTHORITYS);
171	-
172	- for (CompanyAuthority cAuth : cmyAuths) {
173	- map.put(cAuth.getCompanyCode() + "_" + cAuth.getCompanyName(), cAuth);
174	- }
175	-
176	- Set<String> keys = map.keySet();
177	- String[] temps;
178	- for (String k : keys) {
179	- temps = k.split("_");
180	-
181	- companyData = new CompanyData();
182	- companyData.setCompanyCode(temps[0]);
183	- companyData.setCompanyName(temps[1]);
184	- companyData.setChildren(new ArrayList<CompanyData.ChildrenCompany>());
185	-
186	- cmyAuths = map.get(k);
187	- for (CompanyAuthority c : cmyAuths) {
188	- companyData.getChildren().add(new CompanyData.ChildrenCompany(c.getSubCompanyCode(), c.getSubCompanyName()));
189	- }
190	-
191	- rs.add(companyData);
192	- }
193	-
194	- return rs;
195	- }
196	-
197	- @RequestMapping(value = "/login/captchaStatus")
198	- public int captchaStatus(String userName) {
199	- Integer size = captchaMap.get(userName);
200	- return size == null ? 0 : size;
201	- }
202	-
203	- public Map<String, Object> put(Map<String, Object> rs, String key, Object val) {
204	- rs.put(key, val);
205	- return rs;
206	- }
207	-
208	- /**
209	- * @Title: loginFailure @Description: TODO(查询登录失败的详细信息) @param @param
210	- * request @return String 返回类型 @throws
211	- */
212	- @RequestMapping("/loginFailure")
213	- public String loginFailure(HttpServletRequest request) {
214	- String msg = "";
215	- HttpSession session = request.getSession();
216	-
217	- Object obj = session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
218	-
219	- if (obj instanceof BadCredentialsException)
220	- msg = "登录失败，用户名或密码错误.";
221	- else if (obj instanceof SessionAuthenticationException)
222	- msg = "登录失败，当前策略不允许重复登录.";
223	- session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
224	- return msg;
225	- }
226	-
227	- @RequestMapping("/currentUser")
228	- public SysUser currentUser() {
229	- return SecurityUtils.getCurrentUser();
230	- }
231	-
232	- /**
233	- * @param id 用户ID
234	- * @param enabled 状态
235	- * @return
236	- * @Title changeEnabled
237	- * @Description: TODO(改变用户状态)
238	- */
239	- @RequestMapping("/changeEnabled")
240	- public int changeEnabled(@RequestParam int id, @RequestParam int enabled) {
241	- return sysUserService.changeEnabled(id, enabled);
242	- }
243	-
244	- /**
245	- * @param oldPWD 原始密码
246	- * @param newPWD 新密码
247	- * @param cnewPWD 确认新密码
248	- * @return
249	- * @Title changePWD
250	- * @Description: TODO(修改密码)
251	- */
252	- @RequestMapping(value = "/changePWD", method = RequestMethod.POST)
253	- public String changePWD(@RequestParam String oldPWD, @RequestParam String newPWD, @RequestParam String cnewPWD) {
254	- SysUser sysUser = SecurityUtils.getCurrentUser();
255	- String msg = "";
256	- if (new BCryptPasswordEncoder(4).matches(oldPWD, sysUser.getPassword())) {
257	- if (oldPWD.equals(newPWD)) {
258	- msg = "新密码不能跟原始密码一样！";
259	- } else {
260	- if (newPWD.equals(cnewPWD)) {
261	- sysUserService.changePWD(sysUser.getId(), newPWD);
262	- msg = "修改成功！";
263	- } else {
264	- msg = "新密码两次输入不一致！";
265	- }
266	- }
267	- } else {
268	- msg = "原始密码错误！";
269	- }
270	- return msg;
271	- }
272	-
273	- @RequestMapping(value = "/register", method = RequestMethod.POST)
274	- public Map<String, Object> register(SysUser u) {
275	- return sysUserService.register(u);
276	- }
277	-
278	- @RequestMapping(value = "/all_distinct")
279	- public List<SysUser> findAll_distinct() {
280	- return sysUserService.findAll_distinct();
281	- }
282	-}	1	+package com.bsth.controller.sys;
		2	+
		3	+import com.bsth.common.Constants;
		4	+import com.bsth.common.ResponseCode;
		5	+import com.bsth.controller.BaseController;
		6	+import com.bsth.controller.sys.dto.CompanyData;
		7	+import com.bsth.controller.sys.util.RSAUtils;
		8	+import com.bsth.entity.sys.CompanyAuthority;
		9	+import com.bsth.entity.sys.SysUser;
		10	+import com.bsth.security.util.SecurityUtils;
		11	+import com.bsth.service.sys.CompanyAuthorityService;
		12	+import com.bsth.service.sys.SysUserService;
		13	+import com.google.common.collect.ArrayListMultimap;
		14	+import org.apache.commons.lang3.StringUtils;
		15	+import org.slf4j.Logger;
		16	+import org.slf4j.LoggerFactory;
		17	+import org.springframework.beans.factory.annotation.Autowired;
		18	+import org.springframework.security.authentication.BadCredentialsException;
		19	+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
		20	+import org.springframework.security.web.authentication.session.SessionAuthenticationException;
		21	+import org.springframework.web.bind.annotation.RequestMapping;
		22	+import org.springframework.web.bind.annotation.RequestMethod;
		23	+import org.springframework.web.bind.annotation.RequestParam;
		24	+import org.springframework.web.bind.annotation.RestController;
		25	+
		26	+import javax.servlet.http.HttpServletRequest;
		27	+import javax.servlet.http.HttpSession;
		28	+import java.util.*;
		29	+
		30	+@RestController
		31	+@RequestMapping("user")
		32	+public class UserController extends BaseController<SysUser, Integer> {
		33	+
		34	+ Logger logger = LoggerFactory.getLogger(this.getClass());
		35	+
		36	+ @Autowired
		37	+ SysUserService sysUserService;
		38	+
		39	+ @Autowired
		40	+ CompanyAuthorityService companyAuthorityService;
		41	+
		42	+ @RequestMapping(value = "/login/jCryptionKey")
		43	+ public Map<String, Object> jCryptionKey(HttpServletRequest request) {
		44	+ //公匙返回页面
		45	+ Map<String, Object> rs = new HashMap<>();
		46	+ rs.put("publickey", RSAUtils.generateBase64PublicKey());
		47	+ return rs;
		48	+ }
		49	+
		50	+ //需要验证码的账号
		51	+ public static Map<String, Integer> captchaMap = new HashMap<>();
		52	+
		53	+ private static void captcha(String sessionId) {
		54	+ Integer captchSize = captchaMap.get(sessionId);
		55	+ if (null == captchSize)
		56	+ captchSize = 0;
		57	+
		58	+ captchSize++;
		59	+ captchaMap.put(sessionId, captchSize);
		60	+ }
		61	+
		62	+ @RequestMapping(value = "/login", method = RequestMethod.POST)
		63	+ public Map<String, Object> login(HttpServletRequest request, @RequestParam String userName,
		64	+ @RequestParam String password, String captcha) {
		65	+
		66	+ Map<String, Object> rs = new HashMap<>();
		67	+ rs.put("status", ResponseCode.ERROR);
		68	+ try {
		69	+ HttpSession session = request.getSession();
		70	+ rs.put("captcha", session.getAttribute("captcha"));
		71	+
		72	+ if (captchaMap.get(session.getId()) != null && captchaMap.get(session.getId()) >= 3) {
		73	+ //校验验证码
		74	+ String verCode = (String) session
		75	+ .getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
		76	+
		77	+ if (StringUtils.isBlank(captcha))
		78	+ return put(rs, "msg", "请输入验证码");
		79	+
		80	+ if (!verCode.equals(captcha))
		81	+ return put(rs, "msg", "验证码有误，请刷新后重新输入");
		82	+ }
		83	+
		84	+ //解密RSA
		85	+ try {
		86	+ userName = RSAUtils.decryptBase64(userName);
		87	+ password = RSAUtils.decryptBase64(password);
		88	+ } catch (RuntimeException e) {
		89	+ return put(rs, "msg", "decrypt RSA fail！可能页面已过期，尝试刷新页面。");
		90	+ }
		91	+
		92	+ SysUser user = sysUserService.findByUserName(userName);
		93	+ if (null == user) {
		94	+ captcha(session.getId());
		95	+ return put(rs, "msg", "用户名或密码错误");
		96	+ }
		97	+
		98	+ if (!user.isEnabled())
		99	+ return put(rs, "msg", "该用户已被锁定，请联系管理员");
		100	+
		101	+ // 校验密码
		102	+ boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
		103	+ if (!matchStatus) {
		104	+ captcha(session.getId());
		105	+ rs.put("msg", "用户名或密码错误");
		106	+ return rs;
		107	+ }
		108	+
		109	+ // 登录
		110	+ SecurityUtils.login(user, request);
		111	+ //session里写入用户名，webSocket连接时标识身份用
		112	+ session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
		113	+
		114	+ //获取公司权限数据
		115	+ List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
		116	+ session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
		117	+
		118	+ captchaMap.remove(session.getId());
		119	+ rs.put("status", ResponseCode.SUCCESS);
		120	+ } catch (Exception e) {
		121	+ logger.error("", e);
		122	+ rs.put("msg", "服务器出现异常，请联系管理员");
		123	+ }
		124	+ return rs;
		125	+ }
		126	+
		127	+ @RequestMapping(value = "/change_user", method = RequestMethod.POST)
		128	+ public Map<String, Object> changeUser(HttpServletRequest request, @RequestParam String userName,
		129	+ @RequestParam String password) {
		130	+
		131	+ Map<String, Object> rs = new HashMap<>();
		132	+ rs.put("status", ResponseCode.ERROR);
		133	+ try {
		134	+ HttpSession session = request.getSession();
		135	+
		136	+ SysUser user = sysUserService.findByUserName(userName);
		137	+ if (null == user)
		138	+ return put(rs, "msg", "不存在的用户");
		139	+
		140	+ if (!user.isEnabled())
		141	+ return put(rs, "msg", "该用户已被锁定，请联系管理员");
		142	+
		143	+ // 校验密码
		144	+ boolean matchStatus = new BCryptPasswordEncoder(4).matches(password, user.getPassword());
		145	+ if (!matchStatus)
		146	+ return put(rs, "msg", "密码有误");
		147	+
		148	+ // 登录
		149	+ SecurityUtils.login(user, request);
		150	+ //session里写入用户名，webSocket连接时标识身份用
		151	+ session.setAttribute(Constants.SESSION_USERNAME, user.getUserName());
		152	+
		153	+ //获取公司权限数据
		154	+ List<CompanyAuthority> cmyAuths = companyAuthorityService.findByUser(user);
		155	+ session.setAttribute(Constants.COMPANY_AUTHORITYS, cmyAuths);
		156	+ rs.put("status", ResponseCode.SUCCESS);
		157	+ } catch (Exception e) {
		158	+ logger.error("", e);
		159	+ rs.put("msg", "服务器出现异常，请联系管理员");
		160	+ }
		161	+ return rs;
		162	+ }
		163	+
		164	+ /**
		165	+ * 返回当前用户的公司权限数据，用于构建页面级联下拉框
		166	+ *
		167	+ * @return
		168	+ */
		169	+ @RequestMapping("companyData")
		170	+ public List<CompanyData> companyData(HttpServletRequest request) {
		171	+ List<CompanyData> rs = new ArrayList<>();
		172	+ CompanyData companyData;
		173	+
		174	+ ArrayListMultimap<String, CompanyAuthority> map = ArrayListMultimap.create();
		175	+ List<CompanyAuthority> cmyAuths = (List<CompanyAuthority>) request.getSession().getAttribute(Constants.COMPANY_AUTHORITYS);
		176	+
		177	+ for (CompanyAuthority cAuth : cmyAuths) {
		178	+ map.put(cAuth.getCompanyCode() + "_" + cAuth.getCompanyName(), cAuth);
		179	+ }
		180	+
		181	+ Set<String> keys = map.keySet();
		182	+ String[] temps;
		183	+ for (String k : keys) {
		184	+ temps = k.split("_");
		185	+
		186	+ companyData = new CompanyData();
		187	+ companyData.setCompanyCode(temps[0]);
		188	+ companyData.setCompanyName(temps[1]);
		189	+ companyData.setChildren(new ArrayList<CompanyData.ChildrenCompany>());
		190	+
		191	+ cmyAuths = map.get(k);
		192	+ for (CompanyAuthority c : cmyAuths) {
		193	+ companyData.getChildren().add(new CompanyData.ChildrenCompany(c.getSubCompanyCode(), c.getSubCompanyName()));
		194	+ }
		195	+
		196	+ rs.add(companyData);
		197	+ }
		198	+
		199	+ return rs;
		200	+ }
		201	+
		202	+ @RequestMapping(value = "/login/captchaStatus")
		203	+ public int captchaStatus(String userName, HttpServletRequest request) {
		204	+ Integer size = captchaMap.get(request.getSession().getId());
		205	+ return size == null ? 0 : size;
		206	+ }
		207	+
		208	+ public Map<String, Object> put(Map<String, Object> rs, String key, Object val) {
		209	+ rs.put(key, val);
		210	+ return rs;
		211	+ }
		212	+
		213	+ /**
		214	+ * @Title: loginFailure @Description: TODO(查询登录失败的详细信息) @param @param
		215	+ * request @return String 返回类型 @throws
		216	+ */
		217	+ @RequestMapping("/loginFailure")
		218	+ public String loginFailure(HttpServletRequest request) {
		219	+ String msg = "";
		220	+ HttpSession session = request.getSession();
		221	+
		222	+ Object obj = session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
		223	+
		224	+ if (obj instanceof BadCredentialsException)
		225	+ msg = "登录失败，用户名或密码错误.";
		226	+ else if (obj instanceof SessionAuthenticationException)
		227	+ msg = "登录失败，当前策略不允许重复登录.";
		228	+ session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
		229	+ return msg;
		230	+ }
		231	+
		232	+ @RequestMapping("/currentUser")
		233	+ public SysUser currentUser() {
		234	+ return SecurityUtils.getCurrentUser();
		235	+ }
		236	+
		237	+ /**
		238	+ * @param id 用户ID
		239	+ * @param enabled 状态
		240	+ * @return
		241	+ * @Title changeEnabled
		242	+ * @Description: TODO(改变用户状态)
		243	+ */
		244	+ @RequestMapping("/changeEnabled")
		245	+ public int changeEnabled(@RequestParam int id, @RequestParam int enabled) {
		246	+ return sysUserService.changeEnabled(id, enabled);
		247	+ }
		248	+
		249	+ /**
		250	+ * @param oldPWD 原始密码
		251	+ * @param newPWD 新密码
		252	+ * @param cnewPWD 确认新密码
		253	+ * @return
		254	+ * @Title changePWD
		255	+ * @Description: TODO(修改密码)
		256	+ */
		257	+ @RequestMapping(value = "/changePWD", method = RequestMethod.POST)
		258	+ public String changePWD(@RequestParam String oldPWD, @RequestParam String newPWD, @RequestParam String cnewPWD) {
		259	+ SysUser sysUser = SecurityUtils.getCurrentUser();
		260	+ String msg = "";
		261	+ if (new BCryptPasswordEncoder(4).matches(oldPWD, sysUser.getPassword())) {
		262	+ if (oldPWD.equals(newPWD)) {
		263	+ msg = "新密码不能跟原始密码一样！";
		264	+ } else {
		265	+ if (newPWD.equals(cnewPWD)) {
		266	+ sysUserService.changePWD(sysUser.getId(), newPWD);
		267	+ msg = "修改成功！";
		268	+ } else {
		269	+ msg = "新密码两次输入不一致！";
		270	+ }
		271	+ }
		272	+ } else {
		273	+ msg = "原始密码错误！";
		274	+ }
		275	+ return msg;
		276	+ }
		277	+
		278	+ @RequestMapping(value = "/register", method = RequestMethod.POST)
		279	+ public Map<String, Object> register(SysUser u) {
		280	+ return sysUserService.register(u);
		281	+ }
		282	+
		283	+ @RequestMapping(value = "/all_distinct")
		284	+ public List<SysUser> findAll_distinct() {
		285	+ return sysUserService.findAll_distinct();
		286	+ }
		287	+}

潘钊 / bsth_control · Commits

GitLab

1.模糊登录信息提示，修改以sessionId作为验证码的出现基准