/** Handles request for saving / updating account */
@RequestMapping(value = "/insert", method = RequestMethod.POST)
public @ResponseBody void insert(
@RequestParam(value = "username", required = true) String username,
@RequestParam(value = "name", required = false) String name,
@RequestParam(value = "surname", required = false) String surname,
@RequestParam(value = "telephoneNumber", required = true) String telephoneNumber,
@RequestParam(value = "verificationText", required = true) String verificationText,
HttpServletRequest request,
HttpServletResponse response) {
logger.debug("Received a request to insert an account");
// validate captcha
Boolean isResponseCorrect = false;
String sessionId = request.getSession().getId();
// Call the Service method
try {
isResponseCorrect = captchaService.validateResponseForID(sessionId, verificationText);
if (isResponseCorrect == false) {
response.sendError(500, "Provided captcha text was wrong.");
return;
}
} catch (Exception e) {
e.printStackTrace();
return;
}
accountService.insert(new Account(username, name, surname, telephoneNumber));
}
@GET
@Path("captcha.jpg")
@Produces("application/octet-stream")
public Response getImage(@QueryParam("token") String token) throws Exception {
BufferedImage image = imageCaptchaService.getImageChallengeForID(token);
ByteArrayOutputStream os = new ByteArrayOutputStream();
ImageIO.write(image, "jpg", os);
final InputStream is = new ByteArrayInputStream(os.toByteArray());
StreamingOutput stream =
new StreamingOutput() {
@Override
public void write(OutputStream os) throws IOException {
IOUtils.copy(is, os);
}
};
return Response.status(Status.OK)
.header("Cache-Control", "no-transform,public,max-age=300,s-maxage=900")
.header("Content-Type", "image/jpeg")
.entity(stream)
.build();
}
/** ��֤�ص�����, ��¼ʱ����. */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
throws AuthenticationException {
CaptchaUsernamePasswordToken token = (CaptchaUsernamePasswordToken) authcToken;
String parm = token.getCaptcha();
try {
if (!imageCaptchaService.validateResponseForID(
SecurityUtils.getSubject().getSession().getId().toString(), parm)) {
throw new IncorrectCaptchaException("��֤�����");
}
} catch (Exception e) {
throw new IncorrectCaptchaException("��֤�����");
}
String username = token.getUsername();
if (username == null) {
throw new AccountException("Null usernames are not allowed by this realm.");
}
Connection conn = null;
AuthenticationInfo info = null;
try {
conn = dataSource.getConnection();
String password = getPasswordForUser(conn, username);
if (password == null) {
throw new UnknownAccountException("No account found for user [" + username + "]");
}
SimpleAuthenticationInfo simpleAuthenticationInfo =
new SimpleAuthenticationInfo(username, password, getName());
simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(username));
info = simpleAuthenticationInfo;
} catch (SQLException e) {
final String message = "There was a SQL error while authenticating user [" + username + "]";
if (log.isErrorEnabled()) {
log.error(message, e);
}
throw new AuthenticationException(message, e);
} finally {
JdbcUtils.closeConnection(conn);
}
return info;
}
/**
* 1:验证码是否为null 2:验证码 是否正确 3:用户是否为NUll 4:密码是否为NUll 5:用户是否正确 6密码是否正确 Md5 纯生Md5 放进Session
* 跳转ReturnUrl
*
* @param buyer
* @param captcha
* @param returnUrl
* @return
*/
@RequestMapping(value = "/shopping/login.shtml", method = RequestMethod.POST)
public String login(
Buyer buyer, String captcha, String returnUrl, ModelMap model, HttpServletRequest request) {
// 验证码是否为null
if (StringUtils.isNotBlank(captcha)) {
// 1:JSESSIONID
// 2验证码
if (imageCaptchaService.validateResponseForID(
sessionProvider.getSessionId(request), captcha)) {
if (null != buyer && StringUtils.isNotBlank(buyer.getUsername())) {
if (StringUtils.isNotBlank(buyer.getPassword())) {
Buyer b = buyerService.getBuyerByKey(buyer.getUsername());
if (null != b) {
//
if (b.getPassword().equals(md5Pwd.encode(buyer.getPassword()))) {
// 把用户对象放在Session
sessionProvider.setAttribute(request, Constants.BUYER_SESSION, b);
if (StringUtils.isNotBlank(returnUrl)) {
return "redirect:" + returnUrl;
} else {
// 个人中心
return "redirect:/buyer/index.shtml";
}
} else {
model.addAttribute("error", "密码错误");
}
} else {
model.addAttribute("error", "用户名输入错误");
}
} else {
model.addAttribute("error", "请输入密码");
}
} else {
model.addAttribute("error", "请输入用户名");
}
} else {
model.addAttribute("error", "验证码输入错误");
}
} else {
model.addAttribute("error", "请填写验证码");
}
return "buyer/login";
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
byte[] captchaChallengeAsJpeg = null;
// the output stream to render the captcha image as jpeg into
ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
try {
// get the session id that will identify the generated captcha.
// the same id must be used to validate the response, the session id
// is a good candidate!
String captchaId = session.getSessionId(request, response);
BufferedImage challenge =
captchaService.getImageChallengeForID(captchaId, request.getLocale());
// Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
} catch (IllegalArgumentException e) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
} catch (CaptchaServiceException e) {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
// catch (JimiException e) {
// response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
// return;
// }
captchaChallengeAsJpeg = jpegOutputStream.toByteArray();
// flush it in the response
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("image/" + CAPTCHA_IMAGE_FORMAT);
ServletOutputStream responseOutputStream = response.getOutputStream();
responseOutputStream.write(captchaChallengeAsJpeg);
responseOutputStream.flush();
responseOutputStream.close();
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
byte[] captchaChallengeAsJpeg = null;
ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
String captchaId = request.getSession(true).getId();
BufferedImage challenge = captchaService.getImageChallengeForID(captchaId, request.getLocale());
ImageIO.write(challenge, "jpeg", jpegOutputStream);
captchaChallengeAsJpeg = jpegOutputStream.toByteArray();
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("image/jpeg");
ServletOutputStream os = response.getOutputStream();
os.write(captchaChallengeAsJpeg);
os.flush();
os.close();
}
@POST
@Path("resolve")
@Produces("application/json")
public Response resolve(@FormParam("token") String token, @FormParam("answer") String answer) {
Map<String, String> ret = new HashMap<String, String>();
boolean validated = false;
try {
validated = imageCaptchaService.validateResponseForID(token, answer);
} catch (Exception e) {
ret.put("exception", e.getMessage());
e.printStackTrace();
}
ret.put("answer", answer);
ret.put("token", token);
ret.put("validated", "" + validated);
return Response.status(Status.OK).entity(ret).build();
}
/**
* 校验验证码
*
* @return 是否正确
*/
public boolean validateCaptcha() {
HttpServletRequest request = ServletActionContext.getRequest();
try {
// log.info(this.captchaCode);
if (!imageCaptchaService.validateResponseForID(
request.getSession().getId(), this.captchaCode.trim())) {
this.addActionError("验证码不正确");
if (this.log.isInfoEnabled()) {
this.log.info("验证码不正确");
}
return false;
}
} catch (CaptchaServiceException e) {
this.addActionError("验证码验证出错");
log.warn("验证码验证出错", e);
return false;
} catch (Exception e) {
this.addActionError("验证码验证出错");
log.error("验证码验证出错");
return false;
}
return true;
}
