|
@@ -3,9 +3,12 @@ package cn.iselab.mooctest.site.web.ctrl;
|
|
|
import cn.iselab.mooctest.site.common.constant.UrlConstants;
|
|
import cn.iselab.mooctest.site.common.constant.UrlConstants;
|
|
|
import cn.iselab.mooctest.site.configure.realm.DefaultUsernamepasswordToken;
|
|
import cn.iselab.mooctest.site.configure.realm.DefaultUsernamepasswordToken;
|
|
|
import cn.iselab.mooctest.site.dao.MobileVerificationDao;
|
|
import cn.iselab.mooctest.site.dao.MobileVerificationDao;
|
|
|
|
|
+import cn.iselab.mooctest.site.models.ManagerProperty;
|
|
|
import cn.iselab.mooctest.site.models.MobileVerification;
|
|
import cn.iselab.mooctest.site.models.MobileVerification;
|
|
|
import cn.iselab.mooctest.site.models.User;
|
|
import cn.iselab.mooctest.site.models.User;
|
|
|
|
|
+import cn.iselab.mooctest.site.service.ManagerPropertyService;
|
|
|
import cn.iselab.mooctest.site.service.OpenId2UserIdService;
|
|
import cn.iselab.mooctest.site.service.OpenId2UserIdService;
|
|
|
|
|
+import cn.iselab.mooctest.site.service.RecordService;
|
|
|
import cn.iselab.mooctest.site.service.UserService;
|
|
import cn.iselab.mooctest.site.service.UserService;
|
|
|
import cn.iselab.mooctest.site.web.data.ManagerPropertyVO;
|
|
import cn.iselab.mooctest.site.web.data.ManagerPropertyVO;
|
|
|
import cn.iselab.mooctest.site.web.data.UserVO;
|
|
import cn.iselab.mooctest.site.web.data.UserVO;
|
|
@@ -56,6 +59,12 @@ public class UserController {
|
|
|
@Autowired
|
|
@Autowired
|
|
|
private OpenId2UserIdService openId2UserIdService;
|
|
private OpenId2UserIdService openId2UserIdService;
|
|
|
|
|
|
|
|
|
|
+ @Autowired
|
|
|
|
|
+ private ManagerPropertyService managerPropertyService;
|
|
|
|
|
+
|
|
|
|
|
+ @Autowired
|
|
|
|
|
+ private RecordService recordService;
|
|
|
|
|
+
|
|
|
private Logger LOG = LoggerFactory.getLogger(getClass());
|
|
private Logger LOG = LoggerFactory.getLogger(getClass());
|
|
|
|
|
|
|
|
@RequiresPermissions("personInfo:update")
|
|
@RequiresPermissions("personInfo:update")
|
|
@@ -107,7 +116,7 @@ public class UserController {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
@RequestMapping(value = "/api/mobileLogin", method = RequestMethod.POST)
|
|
@RequestMapping(value = "/api/mobileLogin", method = RequestMethod.POST)
|
|
|
- public UserVO loginByMobile(@RequestBody UserVO userVO, BindingResult bindingResult, RedirectAttributes redirectAttributes) {
|
|
|
|
|
|
|
+ public UserVO loginByMobile(@RequestBody UserVO userVO, BindingResult bindingResult, RedirectAttributes redirectAttributes,HttpServletRequest request) {
|
|
|
if (bindingResult.hasErrors()) {
|
|
if (bindingResult.hasErrors()) {
|
|
|
throw new HttpUnauthorizedException("unauthorized");
|
|
throw new HttpUnauthorizedException("unauthorized");
|
|
|
|
|
|
|
@@ -122,38 +131,45 @@ public class UserController {
|
|
|
//获取当前的Subject
|
|
//获取当前的Subject
|
|
|
Subject currentUser = SecurityUtils.getSubject();
|
|
Subject currentUser = SecurityUtils.getSubject();
|
|
|
LOG.info("session过期时间 +" + SecurityUtils.getSubject().getSession().getTimeout());
|
|
LOG.info("session过期时间 +" + SecurityUtils.getSubject().getSession().getTimeout());
|
|
|
- try {
|
|
|
|
|
- //在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
|
|
|
|
|
- //每个Realm都能在必要时对提交的AuthenticationTokens作出反应
|
|
|
|
|
- //所以这一步在调用login(token)方法时,它会走到MyRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
|
|
|
|
|
- currentUser.login(token);
|
|
|
|
|
- } catch (UnknownAccountException uae) {
|
|
|
|
|
- System.out.println("对用户[" + username + "]进行登录验证..验证未通过,未知账户");
|
|
|
|
|
- redirectAttributes.addFlashAttribute("message", "未知账户");
|
|
|
|
|
- } catch (IncorrectCredentialsException ice) {
|
|
|
|
|
- System.out.println("对用户[" + username + "]进行登录验证..验证未通过,错误的凭证");
|
|
|
|
|
- redirectAttributes.addFlashAttribute("message", "密码不正确");
|
|
|
|
|
- } catch (LockedAccountException lae) {
|
|
|
|
|
- System.out.println("对用户[" + username + "]进行登录验证..验证未通过,账户已锁定");
|
|
|
|
|
- redirectAttributes.addFlashAttribute("message", "账户已锁定");
|
|
|
|
|
- } catch (ExcessiveAttemptsException eae) {
|
|
|
|
|
- System.out.println("对用户[" + username + "]进行登录验证..验证未通过,错误次数过多");
|
|
|
|
|
- redirectAttributes.addFlashAttribute("message", "用户名或密码错误次数过多");
|
|
|
|
|
- } catch (AuthenticationException ae) {
|
|
|
|
|
- //通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景
|
|
|
|
|
- System.out.println("对用户[" + username + "]进行登录验证..验证未通过,堆栈轨迹如下");
|
|
|
|
|
- ae.printStackTrace();
|
|
|
|
|
- redirectAttributes.addFlashAttribute("message", "用户名或密码不正确");
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ currentUser.login(token);
|
|
|
|
|
+// try {
|
|
|
|
|
+// //在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
|
|
|
|
|
+// //每个Realm都能在必要时对提交的AuthenticationTokens作出反应
|
|
|
|
|
+// //所以这一步在调用login(token)方法时,它会走到MyRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
|
|
|
|
|
+// currentUser.login(token);
|
|
|
|
|
+// } catch (UnknownAccountException uae) {
|
|
|
|
|
+// System.out.println("对用户[" + username + "]进行登录验证..验证未通过,未知账户");
|
|
|
|
|
+// redirectAttributes.addFlashAttribute("message", "未知账户");
|
|
|
|
|
+// } catch (IncorrectCredentialsException ice) {
|
|
|
|
|
+// System.out.println("对用户[" + username + "]进行登录验证..验证未通过,错误的凭证");
|
|
|
|
|
+// redirectAttributes.addFlashAttribute("message", "密码不正确");
|
|
|
|
|
+// } catch (LockedAccountException lae) {
|
|
|
|
|
+// System.out.println("对用户[" + username + "]进行登录验证..验证未通过,账户已锁定");
|
|
|
|
|
+// redirectAttributes.addFlashAttribute("message", "账户已锁定");
|
|
|
|
|
+// } catch (ExcessiveAttemptsException eae) {
|
|
|
|
|
+// System.out.println("对用户[" + username + "]进行登录验证..验证未通过,错误次数过多");
|
|
|
|
|
+// redirectAttributes.addFlashAttribute("message", "用户名或密码错误次数过多");
|
|
|
|
|
+// } catch (AuthenticationException ae) {
|
|
|
|
|
+// //通过处理Shiro的运行时AuthenticationException就可以控制用户登录失败或密码错误时的情景
|
|
|
|
|
+// System.out.println("对用户[" + username + "]进行登录验证..验证未通过,堆栈轨迹如下");
|
|
|
|
|
+// ae.printStackTrace();
|
|
|
|
|
+// redirectAttributes.addFlashAttribute("message", "用户名或密码不正确");
|
|
|
|
|
+// }
|
|
|
//验证是否登录成功
|
|
//验证是否登录成功
|
|
|
if (currentUser.isAuthenticated()) {
|
|
if (currentUser.isAuthenticated()) {
|
|
|
System.out.println("用户[" + username + "]登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)");
|
|
System.out.println("用户[" + username + "]登录认证通过(这里可以进行一些认证通过后的一些系统参数初始化操作)");
|
|
|
|
|
+ recordService.recordLoginAction(request,userVO.getId());
|
|
|
User user = userService.findByMobile(userVO.getMobile());
|
|
User user = userService.findByMobile(userVO.getMobile());
|
|
|
userVO = userVOWrapper.wrap(user);
|
|
userVO = userVOWrapper.wrap(user);
|
|
|
userVO.setPassword("");
|
|
userVO.setPassword("");
|
|
|
userVO.setMenuVOs(menuLogic.getMenuListByUserId(user.getId()));
|
|
userVO.setMenuVOs(menuLogic.getMenuListByUserId(user.getId()));
|
|
|
userVO.setOpenId(openId2UserIdService.findOpenIdByUserId(userVO.getId()));
|
|
userVO.setOpenId(openId2UserIdService.findOpenIdByUserId(userVO.getId()));
|
|
|
currentUser.getSession().setAttribute("User", user);
|
|
currentUser.getSession().setAttribute("User", user);
|
|
|
|
|
+
|
|
|
|
|
+ if (managerPropertyService.getManagerPropertyByUserId(user.getId()) != null){
|
|
|
|
|
+ ManagerProperty managerProperty = managerPropertyService.getManagerPropertyByUserId(user.getId());
|
|
|
|
|
+ userVO.setExpireTime(Long.valueOf(managerProperty.getExpireTime().getTime()));
|
|
|
|
|
+ }
|
|
|
return userVO;
|
|
return userVO;
|
|
|
} else {
|
|
} else {
|
|
|
token.clear();
|
|
token.clear();
|
huangyong