private void loadmodule(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { long s = System.currentTimeMillis(); String modid = (String) request.getParameter("modid"); this.modulesMap = this.systemMgm.getModulesMap(); // modname = new String(modname.getBytes("ISO-8859-1"), // Constant.ENCODING); RockPower module = (RockPower) this.modulesMap.get(modid); HttpSession session = request.getSession(); RockUser user = (RockUser) session.getAttribute(Constant.USER); StringBuffer url = new StringBuffer("/"); if (module != null && user != null) { String id = module.getPowerpk(); HashMap userModMap = (HashMap) session.getAttribute(Constant.USERMODULES); RockPower userMod = (RockPower) userModMap.get(id); if (userMod != null) { HashMap moduleActions = this.systemMgm.getUserModuleActions(userModMap, id); session.setAttribute(Constant.ModuleLVL, String.valueOf(userMod.getLvl())); session.setAttribute(Constant.ModuleActions, moduleActions); Map map = request.getParameterMap(); String temp = userMod.getUrl(); if (Constant.propsMap.get("IS_ADD_USEROPERATEMODULELOG") != null && Constant.propsMap.get("IS_ADD_USEROPERATEMODULELOG").equals("1")) { this.systemMgm.saveUserOperateModule(user.getUserid(), this.getIpAddr(request), id); } if (temp != null && (temp.startsWith("/") || temp.toLowerCase().startsWith("http"))) { String remoteURL = temp; if (temp.startsWith("/")) { remoteURL = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + temp; } response.setHeader("Location", remoteURL); response.sendRedirect(remoteURL); } else { temp = temp == null ? Constant.TODOPAGE : temp; url.append(temp); if (temp.indexOf("?") > -1) url.append("&modid="); else url.append("?modid="); url.append(id); Iterator itr = map.entrySet().iterator(); while (itr.hasNext()) { Map.Entry entry = (Map.Entry) itr.next(); url.append("&"); url.append((String) entry.getKey()); url.append("="); String vl = request.getParameter((String) entry.getKey()); // vl = new String(vl.getBytes("ISO-8859-1"), // Constant.ENCODING); url.append(vl); } request.getRequestDispatcher(url.toString()).forward(request, response); } } } else { request.getRequestDispatcher(Constant.LOGINURL).forward(request, response); } long e = System.currentTimeMillis(); log.info("------loadModule costs " + (e - s) + "ms"); }
public void authentication(HttpServletRequest request, HttpServletResponse response) throws IOException { String msg = Constant.SUCCESS; String stackTrace = ""; String username = request.getParameter("username"); String password = request.getParameter("password"); String verifyCode = request.getParameter("verifycode"); // 中煤物资采购系统需要用到验证码 Object codeObject = request.getSession().getAttribute("verifyCode"); /*String sessionCode = (String) request.getSession().getAttribute( "verifyCode"); if (loginAudit.get(username) == null) { LoginEvent event = new LoginEvent(); event.count = 0; loginAudit.put(username, event); } else { System.out.println("The count is " + (loginAudit.get(username)).count); } int failCount = (loginAudit.get(username)).count; int LOGIN_FAIL_LIMIT = BusinessConstants.LOGIN_FAIL_LIMIT;*/ try { /*if (failCount > LOGIN_FAIL_LIMIT) { Date lasttime = (loginAudit.get(username)).time; Date now = new Date(); String str = ""; if ((now.getTime() - lasttime.getTime()) > 86400000 || username.equals("system") || username.equals("Administrator")) { (loginAudit.get(username)).count = 0; failCount = 0; str = "连续登陆失败次数超过" + LOGIN_FAIL_LIMIT + "次,今日内不允许登陆!"; } else { (loginAudit.get(username)).time = new Date(); System.out.println("The lock is " + (loginAudit.get(username)).locked); if (!(loginAudit.get(username)).locked) this.systemMgm.lockUser(username); str = "连续登陆失败次数超过" + LOGIN_FAIL_LIMIT + "次,用户已经被锁定!"; } throw new BusinessException(str); } if (verifyCode == null || !verifyCode.equals(sessionCode)) { // (loginAudit.get(username)).count += 1; throw new BusinessException(BusinessConstants.MSG_USER_VERITY); }*/ // 只有系统配置了NEED_VERIFY_CODE=1才会进行验证码校验,目前用于中煤物资采购系统 if (Constant.propsMap.get("NEED_VERIFY_CODE") != null && Constant.propsMap.get("NEED_VERIFY_CODE").equals("1")) { String sessionCode = (String) codeObject; if (verifyCode == null || !verifyCode.equals(sessionCode)) { throw new BusinessException(BusinessConstants.MSG_USER_VERITY); } } RockUser user = this.systemMgm.authentication(username, password); SgccIniUnit unit = this.systemMgm.getUnitById(user.getPosid()); String unitid = user.getUnitid(); String unitname = this.systemMgm.getUserUnitName(user); SgccIniUnit belongUnit = this.systemMgm.getBelongUnit(user.getUnitid()); String roles = this.systemMgm.getUserRoleType(user); this.systemMgm.userLogon(user); this.systemMgm.saveUserLoginTimeAndIp(user.getUserid(), this.getIpAddr(request)); HttpSession s = request.getSession(); s.setAttribute(Constant.USER, user); s.setAttribute(Constant.USERID, user.getUserid()); s.setAttribute(Constant.USERNAME, user.getRealname()); s.setAttribute(Constant.USERACCOUNT, username); s.setAttribute(Constant.UNITTYPE, unit.getUnitTypeId()); s.setAttribute(Constant.USERUNITID, unitid); s.setAttribute(Constant.USERUNITNAME, unitname); s.setAttribute(Constant.USERBELONGUNITID, belongUnit.getUnitid()); s.setAttribute(Constant.USERBELONGUNITNAME, belongUnit.getUnitname()); s.setAttribute(Constant.USERBELONGUNITTYPEID, belongUnit.getUnitTypeId()); // liangwj(2011-10-24):系统业务不支持用户归属于多个部门,所以所在部门及岗位信息直接从rock_user中读取,而不再从rock_user2dept表中读取 s.setAttribute( Constant.USERDEPTID, (user.getDeptId() == null ? user.getUnitid() : user.getDeptId())); s.setAttribute( Constant.USERPOSID, (user.getPosid() == null ? user.getUnitid() : user.getPosid())); s.setAttribute(Constant.USERMODULES, this.systemMgm.getUserModules(user)); s.setAttribute(Constant.ROLETYPE, roles.split("`")[0]); s.setAttribute(Constant.ISLEADER, roles.split("`")[1]); if (unitid.equals(user.getDeptId()) && unitid.equals(user.getPosid())) { s.setAttribute(Constant.USERDEPTPOSNAME, unitname); } else { s.setAttribute(Constant.USERDEPTPOSNAME, this.systemMgm.getUserDeptPosInfo(user)); } if (roles.split("`")[0].equals("0")) { s.setAttribute(Constant.APPOrgRootID, Constant.DefaultOrgRootID); s.setAttribute(Constant.APPOrgRootNAME, Constant.DefaultOrgRootNAME); } else { s.setAttribute(Constant.APPOrgRootID, unitid); s.setAttribute(Constant.APPOrgRootNAME, unitname); } // 设置当前项目单位及可管理的项目单位 List<SgccIniUnit> pids = this.systemMgm.getPidsByUnitid(belongUnit.getUnitid()); StringBuilder USERPIDS = new StringBuilder(); StringBuilder USERPNAMES = new StringBuilder(); for (int i = 0, j = pids.size(); i < j; i++) { SgccIniUnit hbm = pids.get(i); if (i == 0) { s.setAttribute(Constant.CURRENTAPPPID, hbm.getUnitid()); s.setAttribute(Constant.CURRENTAPPPNAME, hbm.getUnitname()); } else { if ((hbm.getUnitid()).equals(belongUnit.getUnitid())) { s.setAttribute(Constant.CURRENTAPPPID, hbm.getUnitid()); s.setAttribute(Constant.CURRENTAPPPNAME, hbm.getUnitname()); } } USERPIDS.append(hbm.getUnitid()).append(","); USERPNAMES.append(hbm.getUnitname()).append(","); } if (pids.size() > 0) { String userpids = USERPIDS.toString(); String userpnames = USERPNAMES.toString(); s.setAttribute(Constant.USERPIDS, userpids.substring(0, userpids.length() - 1)); s.setAttribute(Constant.USERPNAMES, userpnames.substring(0, userpnames.length() - 1)); } else { s.setAttribute(Constant.USERPIDS, null); s.setAttribute(Constant.USERPNAMES, null); s.setAttribute(Constant.CURRENTAPPPID, null); s.setAttribute(Constant.CURRENTAPPPNAME, null); } // 只有系统配置了NEED_OPERATE_HISTORY=1才会启用日志添加操作,目前用于中煤物资采购系统 if (Constant.propsMap.get("NEED_OPERATE_HISTORY") != null && Constant.propsMap.get("NEED_OPERATE_HISTORY").equals("1")) { OperateHistoryService operateHistoryService = (OperateHistoryService) this.wac.getBean("operateHistoryService"); operateHistoryService.addOperateHistory( user.getUserid(), user.getUnitid(), "LOGIN", "登录" + Constant.DefaultModuleRootName + "成功", "SUCCESS"); } log.info("===== [" + username + " : " + user.getRealname() + "] ========="); } catch (Exception e) { /*failCount++; (loginAudit.get(username)).count = failCount; (loginAudit.get(username)).time = new Date();*/ msg = getSQLErrorMsg(e); stackTrace = getStackTrace(e); } if (request.getParameter("target") != null) { StringBuffer sbf = new StringBuffer(""); if (msg.equals(Constant.SUCCESS)) { /* * sbf.append(Constant.HTMLMETAHEADER); sbf.append("<script>"); * sbf.append(request.getParameter("target")); * sbf.append(".location.href='"); */ // (loginAudit.get(username)).count = 0; if (Constant.indexType == null || Constant.indexType.equals("") || Constant.indexType.equals("0")) { sbf.append(Constant.APPINDEXPAGE + ".jsp"); } else { sbf.append(Constant.APPINDEXPAGE + Constant.indexType + ".jsp"); } sendMsgResponseLogin(msg, stackTrace, sbf.toString(), response); // sbf.append("';</script>"); } else { /* * sbf.append(Constant.HTMLMETAHEADER); sbf.append("<script>alert('"); * sbf.append(msg); sbf.append("');history.back();</script>"); */ sendMsgResponse(msg, stackTrace, 0, response); } // outputString(response, sbf.toString()); } else { sendMsgResponse(msg, stackTrace, 0, response); } }
public void authenticationPortal( HttpServletRequest request, HttpServletResponse response, boolean chkPwd) throws IOException { String msg = Constant.SUCCESS; String stackTrace = ""; String username = request.getParameter("username"); String password = request.getParameter("password"); try { RockUser user = this.systemMgm.authenticationPortal(username, password, chkPwd); SgccIniUnit unit = this.systemMgm.getUnitById(user.getPosid()); this.systemMgm.userLogon(user); this.systemMgm.saveUserLoginTimeAndIp(user.getUserid(), this.getIpAddr(request)); HttpSession s = request.getSession(); s.setAttribute(Constant.USER, user); s.setAttribute(Constant.USERID, user.getUserid()); s.setAttribute(Constant.USERNAME, user.getRealname()); s.setAttribute(Constant.USERACCOUNT, username); s.setAttribute(Constant.UNITTYPE, unit.getUnitTypeId()); String unitid = user.getUnitid(); String unitname = this.systemMgm.getUserUnitName(user); s.setAttribute(Constant.USERUNITID, unitid); s.setAttribute(Constant.USERUNITNAME, unitname); if (unitid.equals(user.getDeptId()) && unitid.equals(user.getPosid())) { s.setAttribute(Constant.USERDEPTPOSNAME, ""); } else { s.setAttribute(Constant.USERDEPTPOSNAME, this.systemMgm.getUserDeptPosInfo(user)); } // liangwj(2011-10-24):系统业务不支持用户归属于多个部门,所以所在部门及岗位信息直接从rock_user中读取,而不再从rock_user2dept表中读取 s.setAttribute( Constant.USERDEPTID, (user.getDeptId() == null ? user.getUnitid() : user.getDeptId())); s.setAttribute( Constant.USERPOSID, (user.getPosid() == null ? user.getUnitid() : user.getPosid())); s.setAttribute(Constant.USERMODULES, this.systemMgm.getUserModules(user)); String roles = this.systemMgm.getUserRoleType(user); s.setAttribute(Constant.ROLETYPE, roles.split("`")[0]); s.setAttribute(Constant.ISLEADER, roles.split("`")[1]); // Constant.APPOrgRootID = Constant.DefaultOrgRootID; if (roles.split("`")[0].equals("0")) { // s.setAttribute(Constant.APPOrgRootID, // Constant.DefaultOrgRootID); // s.setAttribute(Constant.APPOrgRootNAME, // Constant.DefaultOrgRootNAME); Constant.APPOrgRootID = Constant.DefaultOrgRootID; Constant.APPOrgRootNAME = Constant.DefaultOrgRootNAME; } else { // s.setAttribute(Constant.APPOrgRootID, unitid); // s.setAttribute(Constant.APPOrgRootNAME, unitname); Constant.APPOrgRootID = unitid; Constant.APPOrgRootNAME = unitname; } log.info("===== [" + username + " : " + user.getRealname() + "] ========="); } catch (Exception e) { msg = getSQLErrorMsg(e); stackTrace = getStackTrace(e); } if (request.getParameter("target") != null) { StringBuffer sbf = new StringBuffer(""); if (msg.equals(Constant.SUCCESS)) { /* * sbf.append(Constant.HTMLMETAHEADER); sbf.append("<script>"); * sbf.append(request.getParameter("target")); * sbf.append(".location.href='"); */ // (loginAudit.get(username)).count = 0; if (Constant.indexType == null || Constant.indexType.equals("") || Constant.indexType.equals("0")) { sbf.append(Constant.APPINDEXPAGE + ".jsp"); } else { sbf.append(Constant.APPINDEXPAGE + Constant.indexType + ".jsp"); } sendMsgResponseLogin(msg, stackTrace, sbf.toString(), response); // sbf.append("';</script>"); } else { /* * sbf.append(Constant.HTMLMETAHEADER); sbf.append("<script>alert('"); * sbf.append(msg); sbf.append("');history.back();</script>"); */ sendMsgResponse(msg, stackTrace, 0, response); } // outputString(response, sbf.toString()); } else { sendMsgResponse(msg, stackTrace, 0, response); } }