package com.minpay.common.action; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.Arrays; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import com.min.sha1.SHA1; import com.min.util.CommonUtil; import com.min.util.DateUtil; import com.minpay.common.bean.AuthRule; import com.minpay.common.bean.User; import com.minpay.common.constant.Constant; import com.minpay.common.exception.BusinessCodeException; import com.minpay.common.service.ICommonService; import com.minpay.common.service.IPublicService; import com.minpay.common.service.impl.PublicServiceImpl; import com.minpay.db.table.mapper.ImEntryCtrlMapper; import com.minpay.db.table.mapper.ImLogMapper; import com.minpay.db.table.mapper.ImRoleMapper; import com.minpay.db.table.mapper.ImUserMapper; import com.minpay.db.table.mapper.PubSendDetailMapper; import com.minpay.db.table.model.ImEntryCtrl; import com.minpay.db.table.model.ImEntryCtrlExample; import com.minpay.db.table.model.ImLog; import com.minpay.db.table.model.ImRole; import com.minpay.db.table.model.ImUser; import com.minpay.db.table.model.ImUserExample; import com.minpay.db.table.model.PubSendDetail; import com.minpay.db.table.model.PubSendDetailExample; import com.minpay.db.table.own.mapper.AuthMapper; import com.minpay.db.table.own.mapper.ImPckgLogonMapper.ImPckgLogonUserLogonOut; import com.minpay.db.table.own.mapper.SequenceMapper; import com.minpay.db.table.procedure.ImPackLogon; import com.rrtx.jedis.RedisUtil; import com.startup.minpay.frame.business.IMINAction; import com.startup.minpay.frame.business.MINHttpServletRequestContext; import com.startup.minpay.frame.business.res.MINActionResult; import com.startup.minpay.frame.constant.IMINBusinessConstant; import com.startup.minpay.frame.constant.IMINTransactionEnum; import com.startup.minpay.frame.exception.MINBusinessException; import com.startup.minpay.frame.service.MINServiceLocator; import com.startup.minpay.frame.service.base.IMINDataBaseService; import com.startup.minpay.frame.service.base.IMINSessionService; import com.startup.minpay.frame.service.base.Service; import com.startup.minpay.frame.session.MINSession; import com.startup.minpay.frame.target.MINAction; import com.startup.minpay.frame.target.MINComponent; import com.startup.minpay.frame.target.MINParam; import com.startup.minpay.util.DateTime; import com.startup.minpay.util.Env; import com.startup.minpay.util.Log; import com.startup.minpay.util.RandomUtil; /** * 登录处理类 * * @author lixj */ @MINComponent public class SystemAction implements IMINAction { private IMINDataBaseService db; private static String LAST_MOBILE_TIME = "LAST_MOBILE_TIME"; private static String MOBILE_RANDOM = "MOBILE_RANDOM"; private static String MOBILE_NO = "MOBILE_NO"; @MINAction(value = "test", session = false) public MINActionResult login( HttpServletRequest request, HttpServletResponse response) { MINActionResult res = new MINActionResult(); res.set("key", "vale11111"); return res; } @MINAction(value = "isCheckSMS", session = false, transaction = IMINTransactionEnum.CMT) public MINActionResult isCheckSMS( MINHttpServletRequestContext request ) throws MINBusinessException { MINActionResult res = new MINActionResult(); // 判断是否验证短信验证码 String regVal = Service.lookup(IPublicService.class).getSysParValue("CHECK_LOGIN_MOBILE"); res.set("isCheckSms", regVal); return res; } /** * 发送手机短信 * @param userName * @return * @throws MINBusinessException */ @MINAction(value = "sendSMSMessage", session = false, transaction = IMINTransactionEnum.CMT) public MINActionResult sendSMSMessage( @MINParam(key = "userName") String userName, MINHttpServletRequestContext request ) throws MINBusinessException { MINActionResult res = new MINActionResult(); db = Service.lookup(IMINDataBaseService.class); // 判断是否验证短信验证码 String regVal = Service.lookup(IPublicService.class).getSysParValue("CHECK_LOGIN_MOBILE"); // 不检查短信验证码 if("false".equals(regVal)) { return res; } // 验证是否已经发送验证码 HttpSession httpSession = request.getSession(); String lastMobileTime = (String)httpSession.getAttribute(LAST_MOBILE_TIME); // 如果已经发送过短信验证码,并且在60S以内,稍后再发送 if(StringUtils.isNotBlank(lastMobileTime) && DateUtil.getDifferentTimeByMinute(-1).compareTo(lastMobileTime) < 0) { throw new MINBusinessException("JA000035", "请勿频繁发送验证码!"); } // 查询用户 ImUserExample userExample = new ImUserExample(); userExample.createCriteria().andLogonnameEqualTo(userName).andSttNotEqualTo("5"); userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttNotEqualTo("5")); List delList = db.selectByExample(ImUserMapper.class, userExample); if(delList.size() == 0) { throw new MINBusinessException("请检查用户名输入的是否正确!");//用户名不存在 } // 获取手机号 String mobileNo = delList.get(0).getPhone(); // 是否一分钟内已经有短信验证码 PubSendDetailExample deExp = new PubSendDetailExample(); deExp.createCriteria().andUseridEqualTo(mobileNo).andLasttimeGreaterThan(DateUtil.getDifferentTimeByMinute(-1)); List deList = Service.lookup(IMINDataBaseService.class).getMybatisMapper(PubSendDetailMapper.class).selectByExample(deExp); if(deList.size() > 0) { throw new MINBusinessException("发送验证码过于频繁,请稍后重试!"); } // 获取随机数 String random = PublicServiceImpl.generateNumber(6); // 获取验证码时间 httpSession.setAttribute(LAST_MOBILE_TIME, DateUtil.getCurrentDateTimeString()); // 验证码 httpSession.setAttribute(MOBILE_RANDOM, random); // 手机号 httpSession.setAttribute(MOBILE_NO, mobileNo); // 验证码:@,如非本人操作,请忽略本短信【国贸铝业】 String msgVal = Service.lookup(IPublicService.class).getSysParValue("COMM_MOBILE_MODE"); res.set("mobileLastNum", mobileNo.substring(6)); String msg = msgVal.replaceAll("@", random); // TODO // SmsSendUtil.sendSms(mobileNo, msg); PubSendDetail sendDetail = new PubSendDetail(); sendDetail.setCode(random); sendDetail.setUserid(mobileNo); sendDetail.setLasttime(DateUtil.getCurrentDateTimeString()); sendDetail.setStatus("0"); Service.lookup(IMINDataBaseService.class).getMybatisMapper(PubSendDetailMapper.class).insertSelective(sendDetail); return res; } @MINAction(value = "login", session = false, transaction = IMINTransactionEnum.CMT) public MINActionResult login( HttpServletRequest request, HttpServletResponse response, MINSession session, @MINParam(key = "userName") String userName, @MINParam(key = "userPwd") String userPwd, @MINParam(key = "mbCode") String mbCode ) throws MINBusinessException { MINActionResult res = new MINActionResult(); db = Service.lookup(IMINDataBaseService.class); // 判断是否验证短信验证码 String regVal = Service.lookup(IPublicService.class).getSysParValue("CHECK_LOGIN_MOBILE"); if("true".equals(regVal)) { // 验证是否已经发送验证码 HttpSession httpSession = request.getSession(); // 验证码 String sessionCode = (String)httpSession.getAttribute(MOBILE_RANDOM); // 手机号 String sessionMobileNo = (String)httpSession.getAttribute(MOBILE_NO); // 非法数据 if(CommonUtil.isEmpty(sessionCode) || CommonUtil.isEmpty(sessionMobileNo)) { throw new MINBusinessException("JA000035", "验证码异常!"); } // 查询用户 ImUserExample userExample = new ImUserExample(); userExample.createCriteria().andLogonnameEqualTo(userName).andSttNotEqualTo("5"); userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttNotEqualTo("5")); List delList = db.selectByExample(ImUserMapper.class, userExample); if(delList.size() == 0) { throw new BusinessCodeException("请检查用户名输入的是否正确!");//用户名不存在 } // 获取手机号 String mobileNo = delList.get(0).getPhone(); // 非法数据 if(CommonUtil.isEmpty(sessionCode) || CommonUtil.isEmpty(sessionMobileNo) || !sessionMobileNo.equals(mobileNo) || !sessionCode.equals(mbCode)) { throw new MINBusinessException("JA000035", "验证码不正确!"); } httpSession.setAttribute(MOBILE_RANDOM, ""); } userName=userName.trim(); //查看是否注销 ImUserExample userExample = new ImUserExample(); userExample.createCriteria().andLogonnameEqualTo(userName).andSttEqualTo("5"); userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttEqualTo("5")); List delList = db.selectByExample(ImUserMapper.class, userExample); if (delList.size() ==1) { throw new BusinessCodeException("JINM0016");//用户已注销 } // 查询操作员 userExample = new ImUserExample(); userExample.createCriteria().andLogonnameEqualTo(userName).andSttNotEqualTo("5").andProjectCodeEqualTo(Constant.PROJECT_CODE); userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttNotEqualTo("5").andProjectCodeEqualTo(Constant.PROJECT_CODE)); List userList = db.selectByExample(ImUserMapper.class, userExample); if (userList.size() <= 0) { throw new BusinessCodeException("JINM0019");//用户名不存在 } ImUser user = (ImUser) userList.get(0); String userId = user.getId(); String companyId = user.getCompanyId(); //add itemid // 柜员密码加密 String encryedPwd = SHA1.enCoded(userId + userPwd); InetAddress inet = null; String serverIp = ""; String serverPort = ""; try { inet = InetAddress.getLocalHost(); serverIp = inet.getHostAddress(); } catch (UnknownHostException e) { serverIp = "127.0.0.1"; } // 校验登录密码,获取用户信息 ImPackLogon logon = new ImPackLogon(); ImPckgLogonUserLogonOut logonOut = logon.userLogon(userId, encryedPwd); String retCode = logonOut.getOutRetcode(); Log.info("checkLog retCode:"+retCode); if (!"0".equals(retCode)) { String dateTime = (new DateTime()).toDateTimeString(); String errorCode = "11111111";//密码输错,登陆失败标志 String logNo = db.getMybatisMapper(SequenceMapper.class).getSequence("IM_LOG_NO"); ImLog imLog = new ImLog(); imLog.setLogno(logNo); imLog.setUserid(userId); imLog.setBsncode("00000000"); imLog.setDatetime(dateTime); imLog.setResult(errorCode); imLog.setInfo("操作员姓名:"+user.getName()+ " , 登录名:"+user.getLogonname()); imLog.setIp(Service.lookup(ICommonService.class).getIPAddress(request)); db.insert(ImLogMapper.class, imLog); throw new BusinessCodeException(retCode); } //判断此用户上次修改密码的时间是否为空,为空说明此用户第一次登录,否则不是 if(user.getLastmodpwdcgdate()!=null&&!"".equals(user.getLastmodpwdcgdate())){ //确认登录成功后查看此用户上次修改密码的时间是否大于一个月 if(DateUtil.getCurrentDate().getTime()-DateUtil.parseDate(user.getLastmodpwdcgdate(), "yyyyMMddhhmmss").getTime()>((long)3*30*24*60*60*1000)){ //大于一个月的情况下设置用户需要强行修改密码 user.setInitpwd("0"); db.updateByPrimaryKeySelective(ImUserMapper.class, user); } }else{ //上次修改密码时间为空的情况下强求要求用户修改密码 user.setInitpwd("0"); db.updateByPrimaryKeySelective(ImUserMapper.class, user); } String isSingleSignOn = Env.get(IMINBusinessConstant.F_SINGLESIGNON); if( isSingleSignOn.equals("true") ) { //是否控制单点登录, 在config文件中配置 //如果已经登录,则踢下线 ImEntryCtrlExample example = new ImEntryCtrlExample(); example.createCriteria().andUseridEqualTo(userId); List records = Service.lookup(IMINDataBaseService.class).selectByExample(ImEntryCtrlMapper.class, example); if( records.size()>0 ) { Service.lookup(IMINDataBaseService.class).deleteByExample(ImEntryCtrlMapper.class,example ); for(ImEntryCtrl record : records) { MINServiceLocator.getInstance().lookup(IMINSessionService.class).unRegisterSession(null, new MINSession(null, record.getSessionid())); } } } //session信息记录数据库 String dateTime = new DateTime().toDateTimeString(); String sessionId = request.getSession().getId(); String serverAddress = serverIp+serverPort; //判断当前用户是否登录状态,登录则更新 ImEntryCtrlExample example = new ImEntryCtrlExample(); example.createCriteria().andUseridEqualTo(userId).andSessionidEqualTo(sessionId); List records = Service.lookup(IMINDataBaseService.class).selectByExample(ImEntryCtrlMapper.class, example); if(records.size() == 0){//当前用户会话不存在,需要增加一条记录 ImEntryCtrl imEntryCtrl = new ImEntryCtrl(); imEntryCtrl.setUserid(userId); imEntryCtrl.setLogontime(dateTime); imEntryCtrl.setSessionid(sessionId); imEntryCtrl.setServer(serverAddress); Service.lookup(IMINDataBaseService.class).insert(ImEntryCtrlMapper.class, imEntryCtrl); }else{//更新当前数据 ImEntryCtrl imEntryCtrl = records.get(0); imEntryCtrl.setSessionid(sessionId); imEntryCtrl.setUserid(userId); imEntryCtrl.setLogontime(dateTime); imEntryCtrl.setServer(serverAddress); Service.lookup(IMINDataBaseService.class).updateByPrimaryKeySelective(ImEntryCtrlMapper.class, imEntryCtrl); } String roleId = logonOut.getOutUserroleid(); String name = logonOut.getOutName(); String lastDate = logonOut.getOutLastlogon(); String branchId = logonOut.getOutBranchid(); String initPwd = logonOut.getOutInitpwd(); String initAuthPwd = logonOut.getOutInitauthpwd(); // 查询角色名称 ImRole role = db.selectByPrimaryKey(ImRoleMapper.class, roleId); String roleName = role.getName(); // 创建session String ip = Service.lookup(ICommonService.class).getIPAddress(request); User sessionUser = new User(db.selectByPrimaryKey(ImUserMapper.class, userId)); sessionUser.setAuthpwd(userPwd); res.setSessionId(MINServiceLocator.getInstance().lookup(IMINSessionService.class).registerSession(request, sessionUser)); sessionUser.setLastLoginTime(lastDate); sessionUser.setName(name); sessionUser.setRoleId(roleId); sessionUser.setRoleName(roleName); sessionUser.setBranchId(branchId); sessionUser.setBranchid(branchId); sessionUser.setIP(ip); sessionUser.setCompanyId(companyId); sessionUser.setInitPwd(initPwd); sessionUser.setInitAuthPwd(initAuthPwd); // 主页 sessionUser.setIndexPage(logonOut.getIndexPage()); sessionUser.getAuth().clear(); List> ls = Service.lookup(IMINDataBaseService.class).getMybatisMapper(AuthMapper.class).roleAuth(roleId); for (Map m : ls) { AuthRule rule = new AuthRule(); rule.setUrl(m.get("url")); rule.setAuthType(m.get("authtype")); rule.setAuthShape(m.get("authshape")); rule.setItemId(m.get("itemid")); if (m.get("authrole") != null) rule.setAuthRole(Arrays.asList(m.get("authrole").split(","))); sessionUser.setAuth(m.get("url"), rule); } // // 如果是站长,需要获取站长的商户号 // ZhMerchantExample mercherExp = new ZhMerchantExample(); // mercherExp.createCriteria().andPhoneEqualTo(sessionUser.getMobile()).andStatusEqualTo("0"); // // List merList = Service.lookup(IMINDataBaseService.class) // .getMybatisMapper(ZhMerchantMapper.class).selectByExample(mercherExp); // // 如果存在站长 // if(merList.size() > 0) { // sessionUser.setTuanzhangId(merList.get(0).getId()); // } String logInfo = "登录系统:".concat(name); String logNo = db.getMybatisMapper(SequenceMapper.class).getSequence("IM_LOG_NO"); ImLog imLog = new ImLog(); imLog.setLogno(logNo); imLog.setUserid(userId); imLog.setBsncode("00000001"); imLog.setDatetime(dateTime); imLog.setResult("00000000"); imLog.setInfo(logInfo); imLog.setIp(ip); db.insert(ImLogMapper.class, imLog); //传递登录操作员IDs res.set("loginUserId", sessionUser.getId()); res.set("logincompanyId", sessionUser.getCompanyId()); res.set("branchId", sessionUser.getBranchId()); res.set("roleId", sessionUser.getRoleId()); // redis集成 String token = RandomUtil.generateString(50); RedisUtil.setString(token, com.alibaba.fastjson.JSONArray.toJSON(sessionUser).toString(), 3600); sessionUser.setToken(token); res.set("token", sessionUser.getToken()); return res; } /** * 退出登录 * @param request * @param response * @param session * @return */ @MINAction(value = "loginOut", session = false) public MINActionResult loginOut(HttpServletRequest request, HttpServletResponse response, MINSession session) { MINActionResult res = new MINActionResult(); try { //处理正常状态 if( session != null ){ MINServiceLocator.getInstance() .lookup(IMINSessionService.class) .unRegisterSession(request, session); } } catch (Exception ex){ } return res; } @MINAction(value = "checkPassword", session = false) public MINActionResult checkPassword(HttpServletRequest request, HttpServletResponse response, MINSession session) { MINActionResult res = new MINActionResult(); res.set("MINStatus", 3); return res; } }