@Override
@Transactional
public User createUser(User user) throws UserExistsException, DatabaseException {
if (userRepository.findByEmailAddress(user.getEmailAddress()) != null) {
throw new UserExistsException();
}
if (user.isNew()) {
String hash = new Sha512Hash(user.getPassword(), getSalt(), HASH_ITERATIONS).toBase64();
user.setDbPassword(hash);
user.setActive(true);
}
try {
userRepository.save(user);
} catch (Exception e) {
throw new DatabaseException(e);
}
Subject currentUserSubject = SecurityUtils.getSubject();
if (!currentUserSubject.isAuthenticated()) {
UsernamePasswordToken token =
new UsernamePasswordToken(user.getEmailAddress(), user.getPassword());
token.setRememberMe(false);
try {
currentUserSubject.login(token);
} catch (AuthenticationException ae) {
throw new LoginException();
}
}
return currentUser = user;
}
@ValidateParams({
@ValidateParam(value = "user.name", minLen = 4, maxLen = 12),
@ValidateParam(value = "user.password", minLen = 6, maxLen = 20),
@ValidateParam(value = "captcha", defaultValue = "@@@@", maxLen = 4, minLen = 4),
@ValidateParam(value = "rememberMe", type = Boolean.class)
})
@RequestMethod(Method.POST)
public void signin() {
User user = getModel(User.class, "user");
Sys_Common_Variable captcha = ComVarService.service.getComVarByName(Key.CAPTCHA);
if (captcha != null
&& captcha.getToBoolean(Sys_Common_Variable.S_VALUE)
&& !validateCaptcha(getPara("captcha"))) {
renderJson(new Message(captcha.getStr(Sys_Common_Variable.S_ERROR)));
return;
}
Subject subject = SecurityUtils.getSubject();
if (!subject.isAuthenticated()) {
UsernamePasswordToken token =
new UsernamePasswordToken(user.getStr(User.S_NAME), user.getStr(User.S_PASSWORD));
token.setRememberMe(getParaToBoolean("rememberMe"));
subject.login(token);
if (subject.isAuthenticated()) {
subject.getSession().setAttribute(Lc4eCaptchaRender.captcha_code, Const.DEFAULT_NONE);
} else {
renderJson(new Message("Login failed"));
}
}
renderJson(new Message(true, "Login Success"));
}
@RequestMapping("/login")
public ModelAndView login(
HttpServletRequest request,
HttpServletResponse response,
@RequestParam String userName,
@RequestParam String password,
Boolean isRemeberMe)
throws Exception {
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
Subject subject = SecurityUtils.getSubject();
subject.login(token);
if (null != isRemeberMe && isRemeberMe) token.setRememberMe(true);
if (subject.isAuthenticated()) {
AuthenticationInfo info = new SimpleAuthenticationInfo(userName, password, userName);
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
User user = new User();
user.setUserName(userName);
user.setPassword(password);
Env env = new Env();
env.setUser(user);
session.setAttribute("env", env);
GlobalConfigHolder.setEnv(env);
ModelAndView view = createLayoutView("admin/index", request, response);
return view;
} else return createSingleView("login/login", request, response);
}
/** 用户登陆 */
@RequestMapping(
path = "/login",
produces = {"application/json;charset=UTF-8"})
public JsonResult login(String loginName, String password, Boolean rememberMe) {
JsonResult result = new JsonResult();
SecurityUtils.setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(loginName, password);
if (rememberMe != null && rememberMe) {
token.setRememberMe(true);
}
try {
subject.login(token);
} catch (AuthenticationException e) {
subject.logout();
log.info("登录失败");
result.setResult(false);
return result;
}
if (subject.isAuthenticated()) {
result.setResult(true);
} else {
result.setResult(false);
}
return result;
}
/**
* 根据角色id获取角色菜单关系测试方法.
*
* @throws Exception 普通异常.
*/
@Test
public final void testQueryRoleMenuItemMap() throws Exception {
Subject currentUser = ShiroHelper.getSubject(this.request, this.response);
UsernamePasswordToken token =
new UsernamePasswordToken("user1", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
token.setRememberMe(true);
try {
currentUser.login(token);
UserPo uPo = new UserPo();
uPo.setUserId(Long.valueOf("1"));
uPo.setLoginName("user1");
uPo.setPassword("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
Date date = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse("2012-01-12 23:30:20");
uPo.setCreateTime(date);
uPo.setCreatorId(Long.valueOf("1"));
uPo.setIsDelete(false);
uPo.setIsLockUp(false);
uPo.setVersion(Long.valueOf("0"));
currentUser.getSession().setAttribute("user", uPo);
} catch (Exception se) {
se.printStackTrace();
}
request.setParameter("roleMenuItemMap", "{\"roleId\":\"2\"}");
String resultMessage = executeAction("/SuperW/queryRoleMenuItemMap.action");
boolean rs =
-1
!= resultMessage.indexOf(
"{\"userToken\":true,\"serviceResult\":true," + "\"resultInfo\":\"查询角色菜单关系列表成功\"");
assertTrue("返回服務信息錯誤失敗", rs);
}
public void login(String username, String password) {
UsernamePasswordToken token;
token = new UsernamePasswordToken(username, password);
// ”Remember Me” built-in, just do this:
token.setRememberMe(true);
// With most of Shiro, you'll always want to make sure you're working with the currently
// executing user,
// referred to as the subject
Subject currentUser = SecurityUtils.getSubject();
// Authenticate
currentUser.login(token);
}
/**
* 实际的登录代码 如果登录成功,跳转至首页;登录失败,则将失败信息反馈对用户
*
* @param request
* @param model
* @return
*/
@RequestMapping(value = "/dologin.do")
public String doLogin(HttpServletRequest request, Model model) {
String msg = "";
String userName = request.getParameter("userName");
String password = request.getParameter("password");
System.out.println(userName);
System.out.println(password);
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
token.setRememberMe(true);
Subject subject = SecurityUtils.getSubject();
try {
subject.login(token);
if (subject.isAuthenticated()) {
return "index";
} else {
return "login";
}
} catch (IncorrectCredentialsException e) {
msg = "登录密码错误. Password for account " + token.getPrincipal() + " was incorrect.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (ExcessiveAttemptsException e) {
msg = "登录失败次数过多";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (LockedAccountException e) {
msg = "帐号已被锁定. The account for username " + token.getPrincipal() + " was locked.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (DisabledAccountException e) {
msg = "帐号已被禁用. The account for username " + token.getPrincipal() + " was disabled.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (ExpiredCredentialsException e) {
msg = "帐号已过期. the account for username " + token.getPrincipal() + " was expired.";
model.addAttribute("message", msg);
System.out.println(msg);
} catch (UnknownAccountException e) {
msg = "帐号不存在. There is no user with username of " + token.getPrincipal();
model.addAttribute("message", msg);
System.out.println(msg);
} catch (UnauthorizedException e) {
msg = "您没有得到相应的授权!" + e.getMessage();
model.addAttribute("message", msg);
System.out.println(msg);
}
return "login";
}
@Override
@Transactional
public User login(String username, String password, boolean rememberMe) throws LoginException {
LOG.info(String.format("Logging User {0} in to the application.", username));
Subject currentUserSubject = SecurityUtils.getSubject();
if (!currentUserSubject.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(rememberMe);
try {
currentUserSubject.login(token);
} catch (AuthenticationException ae) {
throw new LoginException();
}
}
currentUser = userRepository.findByEmailAddress(username);
return currentUser;
}
@RequestMapping("/login")
public ModelAndView login(HttpServletRequest request) {
ModelAndView mav = new ModelAndView();
String username = request.getParameter("username");
String password = request.getParameter("password");
// 获取HttpSession中的验证码
String verifyCode = (String) request.getSession().getAttribute("verifyCode");
// 获取用户请求表单中输入的验证码
String submitCode = WebUtils.getCleanParam(request, "verifyCode");
Logger.info(username + "," + password + " login......");
// System.out.println("用户[" + username + "]登录时输入的验证码为[" + submitCode + "],HttpSession中的验证码为[" +
// verifyCode + "]");
if (StringUtils.isEmpty(submitCode)
|| !StringUtils.equals(verifyCode, submitCode.toLowerCase())) {
mav.setViewName("login");
mav.addObject("msg", "验证码错误!");
return mav;
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
mav.setViewName("login");
mav.addObject("msg", "用户名/密码 不能为空!");
return mav;
}
User user = authService.getUserByUserName(username);
if (null == user) {
mav.setViewName("login");
mav.addObject("msg", "用户不存在!");
return mav;
}
if (!user.getPassword().equals(password)) {
mav.setViewName("login");
mav.addObject("msg", "账号密码错误!");
return mav;
}
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(true);
// System.out.println("为了验证登录用户而封装的token为" + ReflectionToStringBuilder.toString(token,
// ToStringStyle.MULTI_LINE_STYLE));
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
// 验证是否登录成功
if (currentUser.isAuthenticated()) {
Logger.debug("用户[" + username + "]通过身份验证登录通过");
} else {
token.clear();
mav.setViewName("login");
mav.addObject("msg", "验证未通过!");
return mav;
}
// mav.setViewName("index");
mav.setViewName(InternalResourceViewResolver.REDIRECT_URL_PREFIX + "/jsp/index.jsp");
return mav;
}
