Skip to content

B
BasicAPI
Commit 98b943bb authored by hanson.yao's avatar hanson.yao
Browse files
Options

处理登录密码验证问题

parent ee6bf74d
Expand all Show whitespace changes
Inline Side-by-side
Showing with 83 additions and 523 deletions
src/com/yonde/basedata/controller/LoginController.java
View file @ 98b943bb
......@@ -5,11 +5,14 @@ import com.fasterxml.jackson.core.JsonProcessingException;
import com.yonde.basedata.entity.api.ApiResult;
import com.yonde.cadpro.bean.CADProUser;
import com.yonde.cadpro.service.CADProService;
import com.yonde.cadpro.util.Base64Util;
import com.yonde.common.LdapUtil;
import org.springframework.web.bind.annotation.*;
import wt.method.RemoteAccess;
import wt.util.WTException;
import javax.servlet.http.HttpServletRequest;
@RestController
@RequestMapping({"/login"})
public class LoginController implements RemoteAccess {
......@@ -43,7 +46,8 @@ public class LoginController implements RemoteAccess {
@RequestMapping(method = RequestMethod.POST)
@ResponseBody
public ApiResult<CADProUser> cadLoginAuth(@RequestParam String userName,
@RequestParam(required = false) String clientVersion) throws Exception {
return CADProService.cadProLogin(userName, clientVersion);
@RequestParam(required = false) String clientVersion,
HttpServletRequest request) throws Exception {
return CADProService.cadProLogin(userName, clientVersion,Base64Util.decodeForUserPwd(request));
}
}
src/com/yonde/cadpro/service/CADProService.java
View file @ 98b943bb
......@@ -16,8 +16,9 @@ import com.yonde.cadpro.download.factroy.InsertDownloaderFactory;
import com.yonde.cadpro.download.factroy.NewDownloaderFactory;
import com.yonde.cadpro.util.*;
import com.yonde.common.CommonUtil;
import com.yonde.common.LdapUtil;
import com.yonde.common.WTUserUtil;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.ObjectUtils;
import wt.epm.EPMDocument;
......@@ -26,18 +27,15 @@ import wt.fc.QueryResult;
import wt.fc.WTObject;
import wt.method.RemoteAccess;
import wt.method.RemoteMethodServer;
import wt.org.WTPrincipal;
import wt.org.WTUser;
import wt.part.WTPart;
import wt.part.WTPartConfigSpec;
import wt.part.WTPartStandardConfigSpec;
import wt.session.SessionHelper;
import wt.session.SessionServerHelper;
import wt.util.WTException;
import wt.vc.config.LatestConfigSpec;
import wt.vc.views.ViewHelper;
import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
......@@ -46,28 +44,29 @@ import java.util.Map;
@Service
public class CADProService implements RemoteAccess {
public static String PATH_CADPRODOWNLOAD = CADProConstants.codebase_tempDownload + File.separator
+ "CADProDownload";
@Autowired
private ModelService modelService;
public static String PART_DEFAULT_TYPE = "wt.part.WTPart";
@SuppressWarnings({ "unchecked" })
public static ApiResult<CADProUser> cadProLogin(String userName, String clientVersion) throws Exception {
@SuppressWarnings({"unchecked"})
public static ApiResult<CADProUser> cadProLogin(String userName, String clientVersion, String pwd) throws Exception {
System.out.println(">>>cadProLogin login start.....");
if (!RemoteMethodServer.ServerFlag) {
return (ApiResult<CADProUser>) RemoteMethodServer.getDefault().invoke("cadProLogin", CADProService.class.getName(), null,
new Class[]{String.class, String.class},
new Object[]{userName, clientVersion});
new Class[]{String.class, String.class, String.class},
new Object[]{userName, clientVersion, pwd});
}
boolean enforced = true;
try {
CommonUtil.initSessionContext(userName);
WTUser user = WTUserUtil.getUser(userName);
if (user == null) {
return ApiResult.error("用户信息[" + userName + "]不存在");
}
String userPwd = LdapUtil.getUserPwd(userName);
if (!Base64Util.isPwdMatch(userPwd, pwd)) {
return ApiResult.error("登录密码错误");
}
enforced = SessionServerHelper.manager.setAccessEnforced(false);
WTPrincipal principal = SessionHelper.manager.getPrincipal();
CADProUser cadProUser = CADProUser.toCADProUser((WTUser) principal);
CADProUser cadProUser = CADProUser.toCADProUser(user);
if (StringUtils.isBlank(clientVersion)) {
return ApiResult.ok(cadProUser, "登录成功!");
} else {
......@@ -77,10 +76,11 @@ public class CADProService implements RemoteAccess {
if (configClientVersion.equalsIgnoreCase(clientVersion)) {
return ApiResult.ok(cadProUser, "[" + userName + "]登录成功");
} else {
return ApiResult.error("CADPro客户端版本[" + clientVersion + "]与服务器端指定版本["
+ configClientVersion + "]不匹配,请通过集成桌面更新最新CADPro客户端");
return ApiResult.error("CADPro客户端版本[" + clientVersion + "]与服务器端指定版本[" + configClientVersion + "]不匹配,请通过集成桌面更新最新CADPro客户端");
}
}
} catch (Exception e) {
return ApiResult.error("登录失败,请联系管理员!");
} finally {
SessionServerHelper.manager.setAccessEnforced(enforced);
}
......@@ -146,7 +146,6 @@ public class CADProService implements RemoteAccess {
throw new WTException("获取待下载模型失败!");
}
SessionServerHelper.manager.setAccessEnforced(enforced);
//System.out.println("CAD模型信息:" + modelFiles);
return modelFiles;
}
}
......@@ -203,14 +202,6 @@ public class CADProService implements RemoteAccess {
@SuppressWarnings("unchecked")
public static List<DxPartModelBomVo> searchModel(String number, List<String> numbers, String name,
Integer offSet, Integer size, String keyWord, boolean onlyCAD) throws Exception {
System.out.println("start searchModel >>>>");
System.out.println("number : " + number);
System.out.println("numbers : " + numbers);
System.out.println("name : " + name);
System.out.println("offSet : " + offSet);
System.out.println("size : " + size);
System.out.println("keyWord : " + keyWord);
System.out.println("onlyCAD : " + onlyCAD);
SearchUtil partSearch = new SearchUtil(WTPart.class);
partSearch.setAccessEnforced(true);
......@@ -238,7 +229,7 @@ public class CADProService implements RemoteAccess {
partSearch.setName(name);
}
List<WTPart> partResult = new ArrayList<WTPart>();
List<WTPart> partResult = new ArrayList();
QueryResult qr = partSearch.queryObjects();
if (qr != null && qr.size() > 0) {
partResult.addAll(qr.getObjectVectorIfc().getVector());
......@@ -246,11 +237,14 @@ public class CADProService implements RemoteAccess {
Collections.sort(partResult, new WTObjectNumberCompator(false));
List<DxPartModelBomVo> results = new ArrayList<DxPartModelBomVo>();
int total = partResult.size();// 查询结果总数量
List<DxPartModelBomVo> results = new ArrayList();
// 查询结果总数量
int total = partResult.size();
if (size > 0) {
int count = 0;// 添加的数量
int currentIndex = (offSet - 1) * size;// 当前下标
// 添加的数量
int count = 0;
// 当前下标
int currentIndex = (offSet - 1) * size;
while (currentIndex < total) {
WTPart tempPart = partResult.get(currentIndex);
DxPartModelBomVo mbi = getDxPartModelBomVoByPart(tempPart);
......@@ -266,7 +260,8 @@ public class CADProService implements RemoteAccess {
}
results.add(mbi);
count++;
if (count == size) {// 判断是否取够一页
// 判断是否取够一页
if (count == size) {
break;
}
}
......@@ -278,7 +273,6 @@ public class CADProService implements RemoteAccess {
if (mbi != null) {
if (onlyCAD) {
String partCADId = mbi.getPartId();
System.out.println("partCADId :" + partCADId);
Persistable per = CommonUtil.getPersistableByOid(partCADId);
if (!(per instanceof EPMDocument)) {
System.out.println("Not CAD, continue...");
......@@ -290,8 +284,6 @@ public class CADProService implements RemoteAccess {
}
}
Collections.sort(results, new DxPartModelBomVoCompator(false));
System.out.println("end searchModel >>>>" + results);
return results;
}
......
src/com/yonde/cadpro/util/Base64Util.java
View file @ 98b943bb
......@@ -2,9 +2,11 @@ package com.yonde.cadpro.util;
import com.yonde.cadpro.CADProConstants;
import sun.misc.BASE64Decoder;
import wt.util.WTException;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.security.MessageDigest;
/**
* Created on 2023/5/8 0008
......@@ -21,7 +23,6 @@ public class Base64Util {
*/
public static String decode(String basic) throws IOException {
byte[] decodeResult = new BASE64Decoder().decodeBuffer(basic);
System.out.println(new String(decodeResult));
return new String(decodeResult);
}
......@@ -33,7 +34,6 @@ public class Base64Util {
*/
public static String decode(HttpServletRequest request) throws IOException {
String auth = request.getHeader(CADProConstants.AUTHORIZATION);
System.out.println(">>>auth:" + auth);
auth = auth.replace(CADProConstants.BASIC, "");
return decode(auth);
}
......@@ -45,4 +45,46 @@ public class Base64Util {
String[] split =decode(request).split(":");
return split[0];
}
/**
* 拆分basic明文信息 获取用户名称
*/
public static String decodeForUserPwd(HttpServletRequest request) throws IOException {
String[] split =decode(request).split(":");
return split[1];
}
public static boolean isPwdMatch(String digest, String password) throws WTException {
try {
MessageDigest mDigest = MessageDigest.getInstance("SHA1");
byte[] bytes = new BASE64Decoder().decodeBuffer(digest.substring(6));
byte[][] hs = split(bytes, 20);
byte[] hash = hs[0];
byte[] salt = hs[1];
mDigest.reset();
mDigest.update(password.getBytes());
mDigest.update(salt);
byte[] mHash = mDigest.digest();
return MessageDigest.isEqual(hash, mHash);
} catch (Exception e) {
System.out.println(e.getLocalizedMessage());
throw new WTException(e.getMessage());
}
}
private static byte[][] split(byte[] src, int n) {
byte[] l;
byte[] r;
if (src.length <= n) {
l = src;
r = new byte[0];
} else {
l = new byte[n];
r = new byte[src.length - n];
System.arraycopy(src, 0, l, 0, n);
System.arraycopy(src, n, r, 0, r.length);
}
byte[][] lr = {l, r};
return lr;
}
}
src/com/yonde/cadpro/util/CadJsonUtils.java deleted 100644 → 0
View file @ ee6bf74d
package com.yonde.cadpro.util;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.*;
import com.fasterxml.jackson.databind.ser.FilterProvider;
import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import com.fasterxml.jackson.dataformat.xml.XmlMapper;
import com.fasterxml.jackson.dataformat.xml.ser.ToXmlGenerator;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import wt.log4j.LogR;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* @author LiBanggui
* @description
* @date 2019/6/12
*/
public class CadJsonUtils {
private static Logger log = LogR.getLogger(CadJsonUtils.class.getName());
private static ObjectMapper objectMapper = null;
private static XmlMapper xmlMapper = null;
static {
objectMapper = initObjectMapper();
xmlMapper = initXmlMapper();
}
private static ObjectMapper initObjectMapper() {
ObjectMapper newObjectMapper = new ObjectMapper();
// 设置默认日期格式
// newObjectMapper.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
newObjectMapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
newObjectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
newObjectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
newObjectMapper.disable(MapperFeature.USE_GETTERS_AS_SETTERS);
return newObjectMapper;
}
private static XmlMapper initXmlMapper() {
XmlMapper newXmlMapper = new XmlMapper();
//newXmlMapper.findAndRegisterModules();
//newXmlMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
newXmlMapper.enable(SerializationFeature.INDENT_OUTPUT);
newXmlMapper.disable(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES);
newXmlMapper.disable(SerializationFeature.FAIL_ON_EMPTY_BEANS);
//newXmlMapper.setDefaultUseWrapper(false);
newXmlMapper.configure(ToXmlGenerator.Feature.WRITE_XML_DECLARATION, true);
return newXmlMapper;
}
/**
* 将对象转换成json字符串格式(默认将转换所有的属性)
*
* @param value
* @return
*/
public static String toJsonStr(Object value) {
try {
return objectMapper.writeValueAsString(value);
} catch (JsonProcessingException e) {
log.error("Json转换失败", e);
throw new RuntimeException(e);
}
}
/**
* 将对象转换成json字符串格式(默认将转换所有的属性)
*
* @param value
* @return
*/
public static byte[] toJsonBytes(Object value) {
try {
return objectMapper.writeValueAsBytes(value);
} catch (JsonProcessingException e) {
log.error("Json转换失败", e);
throw new RuntimeException(e);
}
}
/**
* 将对象转换成json字符串格式
*
* @param value
* 需要转换的对象
* @param properties
* 需要转换的属性
*/
public static String toJsonStr(Object value, String[] properties) {
try {
SimpleBeanPropertyFilter sbp = SimpleBeanPropertyFilter.filterOutAllExcept(properties);
FilterProvider filterProvider = new SimpleFilterProvider()
.addFilter("propertyFilterMixIn", sbp);
return objectMapper.writer(filterProvider).writeValueAsString(value);
} catch (Exception e) {
log.error("Json转换失败", e);
throw new RuntimeException(e);
}
}
/**
* 将对象转换成json字符串格式
*
* @param value
* 需要转换的对象
* @param properties2Exclude
* 需要排除的属性
*/
public static String toJsonStrWithExcludeProperties(Object value, String[] properties2Exclude) {
try {
SimpleBeanPropertyFilter sbp = SimpleBeanPropertyFilter
.serializeAllExcept(properties2Exclude);
FilterProvider filterProvider = new SimpleFilterProvider()
.addFilter("propertyFilterMixIn", sbp);
return objectMapper.writer(filterProvider).writeValueAsString(value);
} catch (Exception e) {
log.error("Json转换失败", e);
throw new RuntimeException(e);
}
}
/**
* 将对象json格式直接写出到流对象中(默认将转换所有的属性)
*
* @param out
* @return
*/
public static void writeJsonStr(OutputStream out, Object value) {
try {
objectMapper.writeValue(out, value);
} catch (Exception e) {
log.error("Json转换失败", e);
throw new RuntimeException(e);
}
}
/**
* 反序列化POJO或简单Collection如List<String>.
*
* 如果JSON字符串为Null或"null"字符串, 返回Null. 如果JSON字符串为"[]", 返回空集合.
*
* 如需反序列化复杂Collection如List<MyBean>, 请使用fromJson(String, JavaType)
*/
public static <T> T fromJson(String jsonString, Class<T> clazz) {
if (StringUtils.isEmpty(jsonString)) {
return null;
}
try {
return objectMapper.readValue(jsonString, clazz);
} catch (IOException e) {
log.error("parse json string error:" + jsonString, e);
return null;
}
}
/**
* 反序列化POJO或简单Collection如List<String>.
*
* 如果JSON字符串为Null或"null"字符串, 返回Null. 如果JSON字符串为"[]", 返回空集合.
*
* 如需反序列化复杂Collection如List<MyBean>, 请使用fromJson(String, JavaType)
*/
public static <T> T fromJson(String jsonString, Class<T> clazz, Class<?>... elementClasses) {
if (StringUtils.isEmpty(jsonString)) {
return null;
}
try {
if (elementClasses.length == 0) {
return objectMapper.readValue(jsonString, clazz);
} else {
return objectMapper.readValue(jsonString, getGenericsType(clazz, elementClasses));
}
} catch (IOException e) {
log.error("parse json string error:" + jsonString, e);
return null;
}
}
/**
* 获取泛型的Collection Type
*
* @param collectionClass
* 泛型的Collection
* @param elementClasses
* 元素类
* @return JavaType Java类型
* @since 1.0
*/
public static JavaType getGenericsType(Class<?> collectionClass, Class<?>... elementClasses) {
return objectMapper.getTypeFactory().constructParametricType(collectionClass,
elementClasses);
}
/**
* 对象转为XML字符串
* @param value
* @return
* @throws JsonProcessingException
*/
public static String toXMLStr(Object value) throws JsonProcessingException {
return xmlMapper.writeValueAsString(value);
}
/**
* 对象转xml写入流
* @param value
* @return
* @throws IOException
*/
public static void writeXmlStr(OutputStream os, Object value) throws IOException {
xmlMapper.writeValue(os, value);
}
/**
* xml字符串转为对象
* @param <T>
* @param xmlString
* @param clazz
* @return
*/
public static <T> T fromXml(String xmlString, Class<T> clazz) {
if (StringUtils.isBlank(xmlString)) {
return null;
}
try {
return xmlMapper.readValue(xmlString, clazz);
} catch (IOException e) {
log.error("parse xml string error:" + xmlString, e);
return null;
}
}
public static <T> T fromXml(InputStream xmlInput, Class<T> clazz) {
if (xmlInput == null) {
return null;
}
try {
return xmlMapper.readValue(xmlInput, clazz);
} catch (IOException e) {
log.error("parse xml input error", e);
return null;
}
}
}
src/com/yonde/cadpro/util/ContentUtil.java
View file @ 98b943bb
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment