处理登录密码验证问题

src/com/yonde/basedata/controller/LoginController.java

@@ -5,11 +5,14 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.yonde.basedata.entity.api.ApiResult;
 import com.yonde.cadpro.bean.CADProUser;
 import com.yonde.cadpro.service.CADProService;
+import com.yonde.cadpro.util.Base64Util;
 import com.yonde.common.LdapUtil;
 import org.springframework.web.bind.annotation.*;
 import wt.method.RemoteAccess;
 import wt.util.WTException;
 
+import javax.servlet.http.HttpServletRequest;
+
 @RestController
 @RequestMapping({"/login"})
 public class LoginController implements RemoteAccess {
@@ -43,7 +46,8 @@ public class LoginController implements RemoteAccess {
     @RequestMapping(method = RequestMethod.POST)
     @ResponseBody
     public ApiResult<CADProUser> cadLoginAuth(@RequestParam String userName,
-                                              @RequestParam(required = false) String clientVersion) throws Exception {
-        return CADProService.cadProLogin(userName, clientVersion);
+                                              @RequestParam(required = false) String clientVersion,
+                                              HttpServletRequest request) throws Exception {
+        return CADProService.cadProLogin(userName, clientVersion,Base64Util.decodeForUserPwd(request));
     }
 }

src/com/yonde/cadpro/service/CADProService.java

@@ -16,8 +16,9 @@ import com.yonde.cadpro.download.factroy.InsertDownloaderFactory;
 import com.yonde.cadpro.download.factroy.NewDownloaderFactory;
 import com.yonde.cadpro.util.*;
 import com.yonde.common.CommonUtil;
+import com.yonde.common.LdapUtil;
+import com.yonde.common.WTUserUtil;
 import org.apache.commons.lang.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.ObjectUtils;
 import wt.epm.EPMDocument;
@@ -26,18 +27,15 @@ import wt.fc.QueryResult;
 import wt.fc.WTObject;
 import wt.method.RemoteAccess;
 import wt.method.RemoteMethodServer;
-import wt.org.WTPrincipal;
 import wt.org.WTUser;
 import wt.part.WTPart;
 import wt.part.WTPartConfigSpec;
 import wt.part.WTPartStandardConfigSpec;
-import wt.session.SessionHelper;
 import wt.session.SessionServerHelper;
 import wt.util.WTException;
 import wt.vc.config.LatestConfigSpec;
 import wt.vc.views.ViewHelper;
 
-import java.io.File;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -46,28 +44,29 @@ import java.util.Map;
 @Service
 public class CADProService implements RemoteAccess {
 
-    public static String PATH_CADPRODOWNLOAD = CADProConstants.codebase_tempDownload + File.separator
-            + "CADProDownload";
-
-    @Autowired
-    private ModelService modelService;
-
     public static String PART_DEFAULT_TYPE = "wt.part.WTPart";
 
-    @SuppressWarnings({ "unchecked" })
-    public static ApiResult<CADProUser> cadProLogin(String userName, String clientVersion) throws Exception {
+    @SuppressWarnings({"unchecked"})
+    public static ApiResult<CADProUser> cadProLogin(String userName, String clientVersion, String pwd) throws Exception {
         System.out.println(">>>cadProLogin login start.....");
         if (!RemoteMethodServer.ServerFlag) {
             return (ApiResult<CADProUser>) RemoteMethodServer.getDefault().invoke("cadProLogin", CADProService.class.getName(), null,
-                    new Class[]{String.class, String.class},
-                    new Object[]{userName, clientVersion});
+                    new Class[]{String.class, String.class, String.class},
+                    new Object[]{userName, clientVersion, pwd});
         }
         boolean enforced = true;
         try {
             CommonUtil.initSessionContext(userName);
+            WTUser user = WTUserUtil.getUser(userName);
+            if (user == null) {
+                return ApiResult.error("用户信息[" + userName + "]不存在");
+            }
+            String userPwd = LdapUtil.getUserPwd(userName);
+            if (!Base64Util.isPwdMatch(userPwd, pwd)) {
+                return ApiResult.error("登录密码错误");
+            }
             enforced = SessionServerHelper.manager.setAccessEnforced(false);
-            WTPrincipal principal = SessionHelper.manager.getPrincipal();
-            CADProUser cadProUser = CADProUser.toCADProUser((WTUser) principal);
+            CADProUser cadProUser = CADProUser.toCADProUser(user);
             if (StringUtils.isBlank(clientVersion)) {
                 return ApiResult.ok(cadProUser, "登录成功！");
             } else {
@@ -77,10 +76,11 @@ public class CADProService implements RemoteAccess {
                 if (configClientVersion.equalsIgnoreCase(clientVersion)) {
                     return ApiResult.ok(cadProUser, "[" + userName + "]登录成功");
                 } else {
-                    return ApiResult.error("CADPro客户端版本[" + clientVersion + "]与服务器端指定版本["
-                            + configClientVersion + "]不匹配，请通过集成桌面更新最新CADPro客户端");
+                    return ApiResult.error("CADPro客户端版本[" + clientVersion + "]与服务器端指定版本[" + configClientVersion + "]不匹配，请通过集成桌面更新最新CADPro客户端");
                 }
             }
+        } catch (Exception e) {
+            return ApiResult.error("登录失败,请联系管理员！");
         } finally {
             SessionServerHelper.manager.setAccessEnforced(enforced);
         }
@@ -146,7 +146,6 @@ public class CADProService implements RemoteAccess {
                 throw new WTException("获取待下载模型失败！");
             }
             SessionServerHelper.manager.setAccessEnforced(enforced);
-            //System.out.println("CAD模型信息:" + modelFiles);
             return modelFiles;
         }
     }
@@ -203,14 +202,6 @@ public class CADProService implements RemoteAccess {
     @SuppressWarnings("unchecked")
     public static List<DxPartModelBomVo> searchModel(String number, List<String> numbers, String name,
                                                      Integer offSet, Integer size, String keyWord, boolean onlyCAD) throws Exception {
-        System.out.println("start searchModel    >>>>");
-        System.out.println("number : " + number);
-        System.out.println("numbers : " + numbers);
-        System.out.println("name : " + name);
-        System.out.println("offSet : " + offSet);
-        System.out.println("size : " + size);
-        System.out.println("keyWord : " + keyWord);
-        System.out.println("onlyCAD : " + onlyCAD);
 
         SearchUtil partSearch = new SearchUtil(WTPart.class);
         partSearch.setAccessEnforced(true);
@@ -238,7 +229,7 @@ public class CADProService implements RemoteAccess {
             partSearch.setName(name);
         }
 
-        List<WTPart> partResult = new ArrayList<WTPart>();
+        List<WTPart> partResult = new ArrayList();
         QueryResult qr = partSearch.queryObjects();
         if (qr != null && qr.size() > 0) {
             partResult.addAll(qr.getObjectVectorIfc().getVector());
@@ -246,11 +237,14 @@ public class CADProService implements RemoteAccess {
 
         Collections.sort(partResult, new WTObjectNumberCompator(false));
 
-        List<DxPartModelBomVo> results = new ArrayList<DxPartModelBomVo>();
-        int total = partResult.size();// 查询结果总数量
+        List<DxPartModelBomVo> results = new ArrayList();
+        // 查询结果总数量
+        int total = partResult.size();
         if (size > 0) {
-            int count = 0;// 添加的数量
-            int currentIndex = (offSet - 1) * size;// 当前下标
+            // 添加的数量
+            int count = 0;
+            // 当前下标
+            int currentIndex = (offSet - 1) * size;
             while (currentIndex < total) {
                 WTPart tempPart = partResult.get(currentIndex);
                 DxPartModelBomVo mbi = getDxPartModelBomVoByPart(tempPart);
@@ -266,7 +260,8 @@ public class CADProService implements RemoteAccess {
                     }
                     results.add(mbi);
                     count++;
-                    if (count == size) {// 判断是否取够一页
+                    // 判断是否取够一页
+                    if (count == size) {
                         break;
                     }
                 }
@@ -278,7 +273,6 @@ public class CADProService implements RemoteAccess {
                 if (mbi != null) {
                     if (onlyCAD) {
                         String partCADId = mbi.getPartId();
-                        System.out.println("partCADId :" + partCADId);
                         Persistable per = CommonUtil.getPersistableByOid(partCADId);
                         if (!(per instanceof EPMDocument)) {
                             System.out.println("Not CAD, continue...");
@@ -290,8 +284,6 @@ public class CADProService implements RemoteAccess {
             }
         }
         Collections.sort(results, new DxPartModelBomVoCompator(false));
-
-        System.out.println("end searchModel    >>>>" + results);
         return results;
     }
 
@@ -503,7 +495,7 @@ public class CADProService implements RemoteAccess {
 //        return url;
 //    }
 
-    
+
 //
 //    /**
 //     * 基于顶层件号获取最新顶层EBOM结构

src/com/yonde/cadpro/util/Base64Util.java

@@ -2,9 +2,11 @@ package com.yonde.cadpro.util;
 
 import com.yonde.cadpro.CADProConstants;
 import sun.misc.BASE64Decoder;
+import wt.util.WTException;
 
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
+import java.security.MessageDigest;
 
 /**
  * Created on 2023/5/8 0008
@@ -21,7 +23,6 @@ public class Base64Util {
      */
     public static String decode(String basic) throws IOException {
         byte[] decodeResult = new BASE64Decoder().decodeBuffer(basic);
-        System.out.println(new String(decodeResult));
         return new String(decodeResult);
     }
 
@@ -33,7 +34,6 @@ public class Base64Util {
      */
     public static String decode(HttpServletRequest request) throws IOException {
         String auth = request.getHeader(CADProConstants.AUTHORIZATION);
-        System.out.println(">>>auth:" + auth);
         auth = auth.replace(CADProConstants.BASIC, "");
         return decode(auth);
     }
@@ -45,4 +45,46 @@ public class Base64Util {
         String[] split =decode(request).split(":");
         return split[0];
     }
+
+    /**
+     * 拆分basic明文信息 获取用户名称
+     */
+    public static String decodeForUserPwd(HttpServletRequest request) throws IOException {
+        String[] split =decode(request).split(":");
+        return split[1];
+    }
+
+    public static boolean isPwdMatch(String digest, String password) throws WTException {
+        try {
+            MessageDigest mDigest = MessageDigest.getInstance("SHA1");
+            byte[] bytes = new BASE64Decoder().decodeBuffer(digest.substring(6));
+            byte[][] hs = split(bytes, 20);
+            byte[] hash = hs[0];
+            byte[] salt = hs[1];
+            mDigest.reset();
+            mDigest.update(password.getBytes());
+            mDigest.update(salt);
+            byte[] mHash = mDigest.digest();
+            return MessageDigest.isEqual(hash, mHash);
+        } catch (Exception e) {
+            System.out.println(e.getLocalizedMessage());
+            throw new WTException(e.getMessage());
+        }
+    }
+
+    private static byte[][] split(byte[] src, int n) {
+        byte[] l;
+        byte[] r;
+        if (src.length <= n) {
+            l = src;
+            r = new byte[0];
+        } else {
+            l = new byte[n];
+            r = new byte[src.length - n];
+            System.arraycopy(src, 0, l, 0, n);
+            System.arraycopy(src, n, r, 0, r.length);
+        }
+        byte[][] lr = {l, r};
+        return lr;
+    }
 }

src/com/yonde/cadpro/util/CadJsonUtils.java

-package com.yonde.cadpro.util;
-
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.*;
-import com.fasterxml.jackson.databind.ser.FilterProvider;
-import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
-import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
-import com.fasterxml.jackson.dataformat.xml.XmlMapper;
-import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
-import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
-import wt.log4j.LogR;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-
-/**
- * @author LiBanggui
- * @description
- * @date 2019/6/12
- */
-public class CadJsonUtils {
-
-    private static Logger log = LogR.getLogger(CadJsonUtils.class.getName());
-
-    private static ObjectMapper objectMapper = null;
-    private static XmlMapper xmlMapper = null;
-
-    static {
-        objectMapper = initObjectMapper();
-        xmlMapper = initXmlMapper();
-    }
-
-    private static ObjectMapper initObjectMapper() {
-        ObjectMapper newObjectMapper = new ObjectMapper();
-        // 设置默认日期格式
-        // newObjectMapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
-
-        newObjectMapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
-        newObjectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
-        newObjectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
-        newObjectMapper.disable(MapperFeature.USE_GETTERS_AS_SETTERS);
-
-        return newObjectMapper;
-    }
-
-    private static XmlMapper initXmlMapper() {
-        XmlMapper newXmlMapper = new XmlMapper();
-
-        //newXmlMapper.findAndRegisterModules();
-        //newXmlMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
-        newXmlMapper.enable(SerializationFeature.INDENT_OUTPUT);
-        newXmlMapper.disable(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES);
-        newXmlMapper.disable(SerializationFeature.FAIL_ON_EMPTY_BEANS);
-        //newXmlMapper.setDefaultUseWrapper(false);
-        newXmlMapper.configure(ToXmlGenerator.Feature.WRITE_XML_DECLARATION, true);
-
-        return newXmlMapper;
-    }
-
-    /**
-     * 将对象转换成json字符串格式（默认将转换所有的属性）
-     *
-     * @param value
-     * @return
-     */
-    public static String toJsonStr(Object value) {
-        try {
-            return objectMapper.writeValueAsString(value);
-        } catch (JsonProcessingException e) {
-            log.error("Json转换失败", e);
-            throw new RuntimeException(e);
-        }
-    }
-
-    /**
-     * 将对象转换成json字符串格式（默认将转换所有的属性）
-     *
-     * @param value
-     * @return
-     */
-    public static byte[] toJsonBytes(Object value) {
-        try {
-            return objectMapper.writeValueAsBytes(value);
-        } catch (JsonProcessingException e) {
-            log.error("Json转换失败", e);
-            throw new RuntimeException(e);
-        }
-    }
-
-    /**
-     * 将对象转换成json字符串格式
-     *
-     * @param value
-     *            需要转换的对象
-     * @param properties
-     *            需要转换的属性
-     */
-    public static String toJsonStr(Object value, String[] properties) {
-        try {
-            SimpleBeanPropertyFilter sbp = SimpleBeanPropertyFilter.filterOutAllExcept(properties);
-            FilterProvider filterProvider = new SimpleFilterProvider()
-                    .addFilter("propertyFilterMixIn", sbp);
-            return objectMapper.writer(filterProvider).writeValueAsString(value);
-        } catch (Exception e) {
-            log.error("Json转换失败", e);
-            throw new RuntimeException(e);
-        }
-
-    }
-
-    /**
-     * 将对象转换成json字符串格式
-     *
-     * @param value
-     *            需要转换的对象
-     * @param properties2Exclude
-     *            需要排除的属性
-     */
-    public static String toJsonStrWithExcludeProperties(Object value, String[] properties2Exclude) {
-        try {
-            SimpleBeanPropertyFilter sbp = SimpleBeanPropertyFilter
-                    .serializeAllExcept(properties2Exclude);
-            FilterProvider filterProvider = new SimpleFilterProvider()
-                    .addFilter("propertyFilterMixIn", sbp);
-            return objectMapper.writer(filterProvider).writeValueAsString(value);
-        } catch (Exception e) {
-            log.error("Json转换失败", e);
-            throw new RuntimeException(e);
-        }
-
-    }
-
-    /**
-     * 将对象json格式直接写出到流对象中（默认将转换所有的属性）
-     *
-     * @param out
-     * @return
-     */
-    public static void writeJsonStr(OutputStream out, Object value) {
-        try {
-            objectMapper.writeValue(out, value);
-        } catch (Exception e) {
-            log.error("Json转换失败", e);
-            throw new RuntimeException(e);
-        }
-    }
-
-    /**
-     * 反序列化POJO或简单Collection如List<String>.
-     *
-     * 如果JSON字符串为Null或"null"字符串, 返回Null. 如果JSON字符串为"[]", 返回空集合.
-     *
-     * 如需反序列化复杂Collection如List<MyBean>, 请使用fromJson(String, JavaType)
-     */
-    public static <T> T fromJson(String jsonString, Class<T> clazz) {
-        if (StringUtils.isEmpty(jsonString)) {
-            return null;
-        }
-
-        try {
-            return objectMapper.readValue(jsonString, clazz);
-        } catch (IOException e) {
-            log.error("parse json string error:" + jsonString, e);
-            return null;
-        }
-    }
-
-    /**
-     * 反序列化POJO或简单Collection如List<String>.
-     *
-     * 如果JSON字符串为Null或"null"字符串, 返回Null. 如果JSON字符串为"[]", 返回空集合.
-     *
-     * 如需反序列化复杂Collection如List<MyBean>, 请使用fromJson(String, JavaType)
-     */
-    public static <T> T fromJson(String jsonString, Class<T> clazz, Class<?>... elementClasses) {
-        if (StringUtils.isEmpty(jsonString)) {
-            return null;
-        }
-
-        try {
-            if (elementClasses.length == 0) {
-                return objectMapper.readValue(jsonString, clazz);
-            } else {
-                return objectMapper.readValue(jsonString, getGenericsType(clazz, elementClasses));
-            }
-        } catch (IOException e) {
-            log.error("parse json string error:" + jsonString, e);
-            return null;
-        }
-    }
-
-    /**
-     * 获取泛型的Collection Type
-     *
-     * @param collectionClass
-     *            泛型的Collection
-     * @param elementClasses
-     *            元素类
-     * @return JavaType Java类型
-     * @since 1.0
-     */
-    public static JavaType getGenericsType(Class<?> collectionClass, Class<?>... elementClasses) {
-        return objectMapper.getTypeFactory().constructParametricType(collectionClass,
-                elementClasses);
-    }
-
-    /**
-     * 对象转为XML字符串
-     * @param value
-     * @return
-     * @throws JsonProcessingException
-     */
-    public static String toXMLStr(Object value) throws JsonProcessingException {
-        return xmlMapper.writeValueAsString(value);
-    }
-
-    /**
-     * 对象转xml写入流
-     * @param value
-     * @return
-     * @throws IOException 
-     */
-    public static void writeXmlStr(OutputStream os, Object value) throws IOException {
-        xmlMapper.writeValue(os, value);
-    }
-
-    /**
-     * xml字符串转为对象
-     * @param <T>
-     * @param xmlString
-     * @param clazz
-     * @return
-     */
-    public static <T> T fromXml(String xmlString, Class<T> clazz) {
-        if (StringUtils.isBlank(xmlString)) {
-            return null;
-        }
-        try {
-            return xmlMapper.readValue(xmlString, clazz);
-        } catch (IOException e) {
-            log.error("parse xml string error:" + xmlString, e);
-            return null;
-        }
-    }
-
-    public static <T> T fromXml(InputStream xmlInput, Class<T> clazz) {
-        if (xmlInput == null) {
-            return null;
-        }
-        try {
-            return xmlMapper.readValue(xmlInput, clazz);
-        } catch (IOException e) {
-            log.error("parse xml input error", e);
-            return null;
-        }
-    }
-
-}