rengp
/
tjBANK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '21a4b5e9b4'
${ noResults }
tjBANK/com/api/login/util/LoginUtil.java

2296 lines
114 KiB
Java
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

package com.api.login.util;
import HT.HTSrvAPI;
import cn.hutool.core.date.DateTime;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.api.hrm.util.ServiceUtil;
import com.api.login.biz.LoginBiz;
import com.cloudstore.dev.api.util.Util_DataMap;
import com.engine.hrm.util.HrmOrganizationVirtualUtil;
import com.engine.integration.biz.CASLogoutUtil;
import com.engine.integration.biz.CASLogoutUtil_ADFS;
import com.api.login.util.HTTPClientUtil;
import weaver.conn.RecordSetTrans;
import weaver.formmode.setup.ModeRightInfo;
import weaver.interfaces.sso.cas.CASLoginUtil;
import ln.LN;
import weaver.common.DateUtil;
import weaver.common.StringUtil;
import weaver.conn.RecordSet;
import weaver.file.Prop;
import weaver.general.*;
import weaver.hrm.HrmUserVarify;
import weaver.hrm.User;
import weaver.hrm.common.DbFunctionUtil;
import weaver.hrm.loginstrategy.LoginStrategyManager;
import weaver.hrm.loginstrategy.exception.LoginStrategyException;
import weaver.hrm.settings.BirthdayReminder;
import weaver.hrm.settings.ChgPasswdReminder;
import weaver.hrm.settings.HrmSettingsComInfo;
import weaver.hrm.settings.RemindSettings;
import weaver.integration.cache.WeaverSSOCache;
import weaver.integration.logging.Logger;
import weaver.integration.logging.LoggerFactory;
import weaver.interfaces.sso.cas.CASRestAPI;
import weaver.interfaces.sso.cas.CasSetting;
import weaver.login.*;
import weaver.login.Base64;
import weaver.sm.SM3Utils;
import weaver.sm.SM4Utils;
import weaver.sms.SMSManager;
import weaver.sms.SMSSaveAndSend;
import weaver.sms.SmsFromMouldEnum;
import weaver.sms.SmsTemplateModuleType;
import weaver.systeminfo.SysMaintenanceLog;
import weaver.systeminfo.SystemEnv;
import weaver.usb.UsbKeyProxy;
import weaver.rsa.security.RSA;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.text.SimpleDateFormat;
import java.util.*;
public class LoginUtil extends BaseBean {
private String isADAccount = "";
private String ipAddress = "";//用于记录日志用的IP地址
private int clientType = 1;//用于记录日志用的客户端类型
private String ldapError = "";
public String[] checkLogin(ServletContext application, HttpServletRequest request, HttpServletResponse response,boolean isnocertified,String isMobile) throws Exception {
//先判断是否是移动端
if(!"1".equals(isMobile)|| isnocertified){
String usercheck = beforeCheckUser(request, response);
if (usercheck.equals("")) {
usercheck = getUserCheck(application, request, response);
if(usercheck.equals("17"))usercheck="16";
}
afterCheckUser(application, request, response, usercheck);
return getErrorMsg(application, request, response, usercheck);
}else{ //("1".equals(isMobile)&& false == isnocertified)
//走统一认证
String usercheck = beforeCertifiedCheckUser(request, response);
if (usercheck.equals("")) {
usercheck = getCertifiedUserCheck(application, request, response);
if (usercheck.equals("17")) usercheck = "16";
}
return getCertifiedErrorMsg(application, request, response, usercheck);
}
}
private String AddToken(HttpServletRequest request, User user, String sessionId) {
String accessuuids = "";
BaseBean bb = new BaseBean();
List lsParams = null;
String status = Util.null2String(bb.getPropValue("weaver_cloudtoken", "status"));
if ("1".equals(status)) {
RecordSet rs = new RecordSet();
String selectsql = "select userid from cloud_logintoken where userid =? ";
rs.executeQuery(selectsql, user.getUID());
String times = System.currentTimeMillis() + "";
if (rs.next()) {
accessuuids = UUID.randomUUID() + "";
lsParams = new ArrayList();
lsParams.add(times);
lsParams.add(accessuuids);
lsParams.add(sessionId);
lsParams.add(user.getUID());
String updatesql = "update cloud_logintoken set updatetimes = ? ,accesstoken=?,sessionid=? where userid=?";
rs.executeUpdate(updatesql, lsParams);
rs.next();
} else {
accessuuids = UUID.randomUUID() + "";
lsParams = new ArrayList();
lsParams.add(user.getUID());
lsParams.add(user.getLoginid());
lsParams.add(accessuuids);
lsParams.add(times);
lsParams.add(times);
lsParams.add(sessionId);
lsParams.add(0);
String insertsql = "insert into cloud_logintoken (userid,loginid,access_token,logintimes,updatetimes,sessionid,status) values(?,?,?,?,?,?,?)";
rs.executeUpdate(insertsql, lsParams);
rs.next();
}
}
return accessuuids;
}
public void checkLogout(ServletContext application, HttpServletRequest request, HttpServletResponse response) {
try {
boolean isEMMobile = LoginBiz.isEMMobile(request.getHeader("user-agent"));
HttpSession session = request.getSession(true);
String weaver_login_type = Util.null2String(session.getAttribute("weaver_login_type"));
String certified_token = Util.null2String(session.getAttribute("certified_token"));
writeLog("获取session中 certified_token的值==="+certified_token);
if(isEMMobile){
writeLog("登出是否进来了="+isEMMobile);
HTTPClientUtil.checkout(certified_token);
}
User user = HrmUserVarify.getUser(request, response);
ChgPasswdReminder reminder = new ChgPasswdReminder();
RemindSettings settings0 = reminder.getRemindSettings();
Map logmessages = (Map) application.getAttribute("logmessages");
String a_logmessage = "";
if (logmessages != null) {
a_logmessage = Util.null2String((String) logmessages.get(user.getUID()));
}
String s_logmessage = Util.null2String((String) session.getAttribute("logmessage"));
if (s_logmessage == null) {
s_logmessage = "";
}
String relogin0 = Util.null2String(settings0.getRelogin());
if (request.getSession(true).getAttribute("layoutStyle") != null) {
request.getSession(true).setAttribute("layoutStyle", null);
}
if ((!relogin0.equals("1")) && (!s_logmessage.equals(a_logmessage))) {
return;
}
logmessages = (Map) application.getAttribute("logmessages");
if (logmessages != null) {
logmessages.remove(user.getUID());
}
new LicenseCheckLogin().updateOnlinFlag("" + user.getUID(),false);
request.getSession(true).removeValue("moniter");
request.getSession(true).removeValue("WeaverMailSet");
request.getSession(true).removeAttribute("weaver_user@bean");
if(isEMMobile){
request.getSession(true).removeAttribute("certified_token");
}
request.getSession(true).removeAttribute("accounts");
Object saml_userassertion = request.getSession(true).getAttribute("dk.itst.oiosaml.userassertion");
if (saml_userassertion != null) {
new CASLogoutUtil_ADFS().checkLogout(request, user, weaver_login_type);
return;
}
request.getSession(true).invalidate();
request.getSession(true).setAttribute("weaver_login_type",weaver_login_type);
try {
response.addHeader("Set-Cookie", "__clusterSessionIDCookieName=" + Util.getCookie(request, "__clusterSessionIDCookieName") + ";expires=Thu, 01-Dec-1994 16:00:00 GMT;Path=/;HttpOnly");
//QC747831
response.addHeader("Set-Cookie","JSESSIONID="+Util.getCookie(request,"JSESSIONID")+";expires=Thu, 01-Dec-1994 16:00:00 GMT;Path=/;HttpOnly");
response.addHeader("Set-Cookie","ecology_JSessionId="+Util.getCookie(request,"ecology_JSessionId")+";expires=Thu, 01-Dec-1994 16:00:00 GMT;Path=/;HttpOnly");
response.addHeader("Set-Cookie","loginidweaver=null;expires=Thu, 01-Dec-1994 16:00:00 GMT;Path=/;HttpOnly");
} catch (Exception e) {
}
//weaver.hrm.HrmUserVarify.invalidateCookie(request,response);
//cas相关
//cas相关
new CASLogoutUtil().checkLogout(request, user, weaver_login_type);
/*记录登出日志*/
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(user.getUID());
sysMaintenanceLog.setRelatedName(user.getLastname());
sysMaintenanceLog.setOperateType("303");
sysMaintenanceLog.setOperateDesc(SystemEnv.getHtmlLabelName(25149, user.getLanguage()));
sysMaintenanceLog.setOperateItem("505");
sysMaintenanceLog.setOperateUserid(user.getUID());
sysMaintenanceLog.setClientAddress(Util.getIpAddr(request));
sysMaintenanceLog.setClientType(1);
sysMaintenanceLog.setSysLogInfo();
/*记录登出日志*/
} catch (Exception localException) {
this.writeLog(localException);
}catch (Throwable e){
this.writeLog(e);
}
}
private static ThreadLocal<String[]> casUrl = new ThreadLocal<>() ;
public static void clearUp(){
casUrl.remove();
currentUserLocal.remove();
}
public static String getCasUrlDetail(){
String[] casinfo = casUrl.get() ;
if(casinfo!=null){
return casinfo[2] ;
}
return null ;
}
private static ThreadLocal<User> currentUserLocal = new ThreadLocal<>() ;
public static void setCurrentUserLocal(User user){
currentUserLocal.set(user);
}
public static User getCurrentUserLocal(){
return currentUserLocal.get() ;
}
private String getUserCheck(ServletContext application, HttpServletRequest request, HttpServletResponse response) throws Exception {
RSA rsa = new RSA();
RecordSet rs = new RecordSet();
char separator = Util.getSeparator();
String message = "";
String login_id = Util.null2String(request.getParameter("loginid"));
String user_password = Util.null2String(request.getParameter("userpassword"));
String isrsaopen = Util.null2String(rs.getPropValue("openRSA", "isrsaopen"));
List<String> decriptList = new ArrayList<>() ;
if("1".equals(isrsaopen)){
decriptList.add(login_id) ;
decriptList.add(user_password) ;
List<String> resultList = rsa.decryptList(request,decriptList,true) ;
login_id = resultList.get(0) ;
user_password = resultList.get(1) ;
if(!rsa.getMessage().equals("0")){
writeLog("rsa.getMessage()", rsa.getMessage());
return "184";
}
}
if (user_password.endsWith("_random_")) {
SM4Utils sm4 = new SM4Utils();
BaseBean bb = new BaseBean();
String key = Util.null2String(bb.getPropValue("weaver_client_pwd", "key"));
if (!"".equals(key)) {
user_password = user_password.substring(0, user_password.lastIndexOf("_random_"));
user_password = sm4.decrypt(user_password, key);
}
}
login_id = LoginBiz.getLoginId(login_id,request);
if(login_id.length()==0){
writeLog("loginid is null");
return "99";
}
String ismobile = Util.null2String(request.getParameter("ismobile")) ;
if(!"".equals(login_id) && login_id.endsWith("_test") && "1".equals(ismobile)){
login_id = login_id.replace("_test","");
}
if(!"1".equals(ismobile)){
try{
LoginStrategyManager.checkLoginStrategy(login_id,Util.getIpAddr(request));
}catch (LoginStrategyException e){
return e.getCode() ;
}
}
String login_file = Util.null2String(request.getParameter("loginfile"));
String login_type = Util.null2String(request.getParameter("logintype"), "1");
String messages = Util.null2String(request.getParameter("messages"));
String usbserver = Prop.getPropValue(GCONST.getConfigFile(), "usbserver.ip");
String serial = Util.null2String(request.getParameter("serial"));
String username = Util.null2String(request.getParameter("username"));
String rnd = Util.null2String(request.getParameter("rnd"));
HrmSettingsComInfo sci = new HrmSettingsComInfo();
Calendar today = Calendar.getInstance();
String currentdate = Util.add0(today.get(1), 4) + "-" + Util.add0(today.get(2) + 1, 2) + "-" + Util.add0(today.get(5), 2);
String currenttime = Util.add0(today.get(11), 2) + ":" + Util.add0(today.get(12), 2) + ":" + Util.add0(today.get(13), 2);
try {
boolean ismutilangua = Util.isEnableMultiLang();
int islanguid = 7;//系统使用语言,未使用多语言的用户默认为中文。
String languid = "7";
if (ismutilangua) {
islanguid = Util.getIntValue(request.getParameter("islanguid"), 0);
if (islanguid == 0) {//如何未选择,则默认系统使用语言为简体中文
islanguid = 7;
}
languid = String.valueOf(islanguid);
Cookie syslanid = new Cookie("Systemlanguid", languid);
syslanid.setMaxAge(-1);
syslanid.setPath("/");
response.addCookie(syslanid);
}
if (login_type.equals("1") || login_type.equals("3")) {
boolean isAdmin = false;
rs.executeQuery("select * from HrmResource where loginid = ?", login_id);
if (rs.next()) {
this.isADAccount = rs.getString("isADAccount");
}else{
//分权管理员走AD逻辑
// rs = new RecordSet();
// rs.executeQuery("select * from HrmResourceManager where loginid=?", login_id);
// if (rs.next()) {
// this.isADAccount = rs.getString("isADAccount");
// }
}
//String mode = Prop.getPropValue(GCONST.getConfigFile(), "authentic");
boolean isAdLogin = Boolean.FALSE;
String adReturnInfo = "";
//writeLog("login_id=="+login_id+"this.isADAccount=="+this.isADAccount);
if ("1".equals(this.isADAccount) && !"sysadmin".equals(login_id)) {
com.weaver.integration.ldap.util.AuthenticUtil au = new com.weaver.integration.ldap.util.AuthenticUtil();
isAdLogin = au.checkType(login_id);
writeLog("isAdLogin=="+isAdLogin);
if (isAdLogin) {
RecordSet rs0 = new RecordSet();
RecordSet rs1 = new RecordSet();
RecordSet rs2 = new RecordSet();
String sql = "select id,needdynapass,mobile,usbstate as passwordstate from HrmResource where loginid=? and (accounttype is null or accounttype=0)";
rs0.executeQuery(sql, login_id);
if ((rs0.next()) && (Util.getIntValue(rs0.getString(1), 0) > 0)) {
String idTemp = rs0.getString(1);
int needdynapass = rs0.getInt(2);
if (needdynapass == 1) {
rs1.executeQuery("select id from hrmpassword where id=?", idTemp);
if (!rs1.next()) {
rs1.executeUpdate("insert into hrmpassword(id,loginid,created) values(?,?,"+DbFunctionUtil.getCurrentFullTimeFunction(rs0.getDBType())+")", idTemp, login_id);
}
int passwordstateip = 1;
if (Util.getIntValue(sci.getNeeddynapass()) == 1) {
sql = "select password,usbstate as passwordstate from HrmResource where loginid=?";
rs2.executeQuery(sql, login_id);
if (rs2.next()){
passwordstateip = rs2.getInt("passwordstate");
}
boolean ipaddress = checkIpSeg(request, login_id, passwordstateip);
int dynapasslen = Util.getIntValue(sci.getDynapasslen());
int needpassword = Util.getIntValue(sci.getNeedpassword());
if((needpassword==0 &&passwordstateip!=1 && (dynapasslen > 0) && (ipaddress)) || ((passwordstateip == 0) || (passwordstateip == 2)) && (dynapasslen > 0) && (ipaddress)) {
rs0.executeQuery("select password,salt from hrmpassword where id=?", idTemp);
String pswd = "";
if (rs0.next()) {
pswd = StringUtil.vString(rs0.getString(1));
String dySalt = rs0.getString("salt");
String dynamicPassword = Util.null2String(request.getParameter("dynamicPassword"));
if (pswd.length() == 0) {
return "730";
} else {
if(PasswordUtil.check(dynamicPassword, pswd, dySalt)){
rs0.executeUpdate("update hrmpassword set password='',created='' where id=?", idTemp);
}else{
return "16";
}
}
}
}
}
}
}
//writeLog("au.checkLogin(login_id,user_password)=="+login_id+"=="+user_password);
String ret = au.checkLogin(login_id, user_password);
writeLog("au.checkLogin(login_id,user_password) ret=="+ret);
if(ret.equals("23997")){
adReturnInfo = ret;
}else if(ret.equals("389488")){
adReturnInfo = ret;
}else{
if (!"100".equalsIgnoreCase(ret)) {
ldapError = ret;
return "16";
}
}
}
}
if (!isAdLogin) {
String[] loginCheck = checkUserPass(request, login_id, user_password, messages);
if (loginCheck[0].equals("-2"))
return "55";
if (loginCheck[0].equals("-1"))
return "17";
if (loginCheck[1].equals("0"))
return "16";
if (loginCheck[1].equals("101"))
return "101";
else if (loginCheck[1].equals("730"))
return "730";
else if (loginCheck[1].equals("57"))
return "57";
else if (loginCheck[1].equals("2"))
return "556";
else if (loginCheck[0].equals("0")) {
rs.executeQuery("select * from HrmResource where status in (0,1,2,3) and loginid=? ", login_id);
rs.next();
} else {
isAdmin = true;
rs.executeQuery("select * from HrmResourceManager where loginid=?", login_id);
rs.next();
}
}
String startdate = rs.getString("startdate");
String enddate = rs.getString("enddate");
String usbScope = rs.getString("usbScope") ;
int status = rs.getInt("status");
if ((status != 0) && (status != 1) && (status != 2) && (status != 3)) {
return "17";
}
// 检查sso是否正常
if(CASLoginUtil.isOpenSSOLogin(request)){
Map<String,String> casParams = CASLoginUtil.ssoLogin(request,login_id,user_password,"1") ;
String casCode = casParams.get("code") ;
if("0".equalsIgnoreCase(casCode)){
String casLoginUrl = casParams.get("casLoginUrl") ;
casUrl.set(new String[]{"0",null,casLoginUrl});
}else{
String casMsg = casParams.get("msg") ;
casUrl.set(new String[]{casCode,casMsg,null}) ;
return "-29" ;
}
}
//验签
String userid = rs.getString("id");
if(!isAdLogin && !PasswordUtil.checkSign(userid,false)){
//验签失败
writeLog("userid:"+userid+"登录信息,验签失败!");
return "99";
}
User user = new User();
user.setUid(rs.getInt("id"));
user.setLoginid(login_id);
user.setPwd(rsa.encrypt(null,user_password,null));
user.setFirstname(rs.getString("firstname"));
user.setLastname(rs.getString("lastname"));
user.setAliasname(rs.getString("aliasname"));
user.setTitle(rs.getString("title"));
user.setTitlelocation(rs.getString("titlelocation"));
user.setSex(rs.getString("sex"));
String languageidweaver = Util.null2String(rs.getString("systemlanguage"), "7");
if (!languid.equalsIgnoreCase(languageidweaver) && ismutilangua) {
User.setUserLang(rs.getInt("id"), Util.getIntValue(languid, 7));
/*
RecordSet rsUp = new RecordSet();
if (isAdmin) {
rsUp.executeUpdate("update hrmresourceManager set systemlanguage = ? where id =?", languid, rs.getInt("id"));
User.setUserLang(rs.getInt("id"), Util.getIntValue(languid, 7));
} else {
rsUp.executeUpdate("update hrmresource set systemlanguage = ? where id =?", languid, rs.getInt("id"));
User.setUserLang(rs.getInt("id"), Util.getIntValue(languid, 7));
}*/
languageidweaver = languid;
}
if ("".equalsIgnoreCase(languageidweaver)) {
writeLog("in rs :" + Util.null2String(rs.getString("systemlanguage"), "7") + ":in request:" + languid + ":in ismutilangua:" + ismutilangua + ":Util.isEnableMultiLang():" + Util.isEnableMultiLang());
}
user.setLanguage(Util.getIntValue(languageidweaver, 7));
user.setTelephone(rs.getString("telephone"));
user.setMobile(rs.getString("mobile"));
user.setMobilecall(rs.getString("mobilecall"));
user.setEmail(rs.getString("email"));
user.setCountryid(rs.getString("countryid"));
user.setLocationid(rs.getString("locationid"));
user.setResourcetype(rs.getString("resourcetype"));
user.setStartdate(startdate);
user.setEnddate(enddate);
user.setContractdate(rs.getString("contractdate"));
user.setJobtitle(rs.getString("jobtitle"));
user.setJobgroup(rs.getString("jobgroup"));
user.setJobactivity(rs.getString("jobactivity"));
user.setJoblevel(rs.getString("joblevel"));
user.setSeclevel(rs.getString("seclevel"));
user.setUserDepartment(Util.getIntValue(rs.getString("departmentid"), 0));
user.setUserSubCompany1(Util.getIntValue(rs.getString("subcompanyid1"), 0));
user.setUserSubCompany2(Util.getIntValue(rs.getString("subcompanyid2"), 0));
user.setUserSubCompany3(Util.getIntValue(rs.getString("subcompanyid3"), 0));
user.setUserSubCompany4(Util.getIntValue(rs.getString("subcompanyid4"), 0));
user.setManagerid(rs.getString("managerid"));
user.setAssistantid(rs.getString("assistantid"));
user.setPurchaselimit(rs.getString("purchaselimit"));
user.setCurrencyid(rs.getString("currencyid"));
user.setLastlogindate(currentdate);
user.setLogintype(login_type);
user.setAccount(rs.getString("account"));
user.setIsAdmin(isAdmin);
user.setADReturnInfo(adReturnInfo);
CheckIpNetWork checkipnetwork = new CheckIpNetWork();
String clientIP = Util.getIpAddr(request);
boolean checktmp = checkipnetwork.checkIpSeg(clientIP);
int needusb = rs.getInt("needusb");
int usbstate = rs.getInt("usbstate");
boolean ismobileLogin = "1".equals(ismobile) ;
if (usbstate != 2) {
if(usbstate == 0){
if(QysLoginManager.checkUsbScopeOn(usbScope,QysLoginManager.isRealMobile(request))){
checktmp = true ;
}else{
checktmp = false ;
}
}else{
checktmp = true;
}
}
String usbType = sci.getUsbType();
String needusbHt = sci.getNeedusbHt();
String needusbDt = sci.getNeedusbDt();
String userUsbType = Util.null2String(rs.getString("userUsbType"));
if (!userUsbType.equals("")) {
usbType = userUsbType;
}
needusb = (userUsbType.equals("2")) || (userUsbType.equals("3")) ? 1 : 0;
if (needusb == 1) {
if ((checktmp) && (usbstate != 1)) {
if ("1".equals(usbType)) {
String serialNo = Util.null2String(rs.getString("serial"));
byte[] bts = Base64.decode(serial);
String serial1 = new String(bts, "ISO8859_1");
long firmcode = Util.getIntValue(sci.getFirmcode());
long usercode = Util.getIntValue(sci.getUsercode());
String serialNo1 = null;
if ((usbserver != null) && (!usbserver.equals(""))) {
UsbKeyProxy proxy = new UsbKeyProxy(usbserver);
serialNo1 = proxy.decrypt(firmcode, usercode, Long.parseLong(rnd), serial1);
} else {
serialNo1 = AuthenticUtil.decrypt(firmcode, usercode, Long.parseLong(rnd), serial1);
}
if (serial.equals("0"))
return "45";
if ((serial.equals("1")) || (serial.equals(serialNo)))
return "46";
if (serialNo.equals(serialNo1)) {
user.setNeedusb(needusb);
user.setSerial(serialNo);
} else {
if (serialNo1.equals("0")) {
return "48";
}
return "47";
}
} else if ((needusbDt.equals("1")) && ("3".equals(usbType))) {
//qc172088 对于绑定了动态令牌的人员的逻辑是,在网段外需要使用动态令牌登录,在网段内不需要直接使用普通用户名、密码登录即可。
// * 当网段策略没有开启的时候正常验证海泰key和动态令牌
// * 当网段策略开启的时候网段内海泰key和动态令牌不做验证
// * 当网段策略开启的时候网段外的海泰key和动态令牌验证
boolean isNeedIp = true;
int forbidLogin = Util.getIntValue(sci.getForbidLogin(), 0);
if (forbidLogin == 0) {
isNeedIp = false;
if (usbstate == 2 && !checktmp) isNeedIp = true;
} else {
isNeedIp = checkIpSegByForbidLogin(request, login_id);
}
if (!isNeedIp) {
String tokenAuthKey = Util.null2String(request.getParameter("tokenAuthKey"));
String tokenKey = Util.null2String(rs.getString("tokenKey"));
if (tokenKey.equals(""))
return "120"; //未绑定令牌
else {
TokenJSCX token = new TokenJSCX();
boolean isTokenAuthKeyPass = false;
RecordSet recordSet = new RecordSet();
String sql = "select * from tokenJscx WHERE tokenKey=?";
recordSet.executeQuery(sql, tokenKey);
if (recordSet.next()) {
if (tokenKey.startsWith("1"))
isTokenAuthKeyPass = token.checkDLKey(tokenKey, tokenAuthKey);
else if (tokenKey.startsWith("2"))
isTokenAuthKeyPass = token.checkDLKey(tokenKey, tokenAuthKey);
else if (tokenKey.startsWith("3"))
isTokenAuthKeyPass = token.checkKey(tokenKey, tokenAuthKey);
if (!isTokenAuthKeyPass)
return "122"; //验证不通过
} else
return "120"; //令牌未进行初始化操作
}
}
} else if ((needusbHt.equals("1")) && (userUsbType.equals("2"))) {
String username1 = Util.null2String(rs.getString("loginid"));
String serialNo = rs.getString("serial");
HTSrvAPI htsrv = new HTSrvAPI();
String sharv = "";
sharv = htsrv.HTSrvSHA1(rnd, rnd.length());
sharv = sharv + "04040404";
String ServerEncData = htsrv.HTSrvCrypt(0, serialNo, 0, sharv);
if (serial.equals("0"))
return "45";
if (!username1.equals(username))
return "17";
if (!ServerEncData.equals(serial)) {
return "16";
}
user.setNeedusb(needusb);
user.setSerial(serialNo);
}
} else
user.setNeedusb(0);
} else {
int needusbnetwork = Util.getIntValue(sci.getNeedusbnetwork());
boolean isSysadmin = false;
RecordSet rs1 = new RecordSet();
rs1.executeQuery("select count(loginid) from HrmResourceManager where loginid = ?", login_id);
if ((rs1.next()) && (rs1.getInt(1) > 0)) {
isSysadmin = true;
}
if ((needusbnetwork == 1) && (!isSysadmin)) {
if (checktmp) {
return "45";
}
user.setNeedusb(0);
} else {
user.setNeedusb(0);
}
}
user.setLoginip(Util.getIpAddr(request));
if(QysLoginManager.isOpenQysLogin(String.valueOf(user.getUID()),request)){
currentUserLocal.set(user);
return "" ;
}
if(!PasswordUtil.checkSign(userid,true)){
//验签失败
writeLog("userid:"+userid+"登录信息,验签失败!");
return "99";
}
//System.out.println(">>>>>>>>>>>>>>begin>>>>>>>>>>>>>>"+request.getSession(true).getId());
String weaver_login_type = Util.null2String(request.getSession(true).getAttribute("weaver_login_type"));
request.getSession(true).invalidate();
//System.out.println(">>>>>>>>>>>>>>after>>>>>>>>>>>>>>"+request.getSession(true).getId());
request.getSession(true).setAttribute("weaver_login_type",weaver_login_type);
request.getSession(true).setAttribute("weaver_user@bean", user);
request.getSession(true).setAttribute("rtxlogin", "1");
// if(login_file.trim().length()>10) {
// Util.setCookie(response, "loginfileweaver", login_file, 172800);
// }
Util.setCookie(response, "loginidweaver", user.getUID() + "", -1);
Util.setCookie(response, "languageidweaver", Util.null2s(languageidweaver, "7"), -1);
ServiceUtil.updateLastDate(rs.getString("id"));
//em自动登录统一认证
try {
String header = request.getHeader("user-agent");
if (header != null && header.toLowerCase().indexOf("e-mobile") >= 0 && CASLoginUtil.isOpenSSOAPPIntegration()) {
CASLoginUtil.WxDingDingLoginSSO(request, response);
}
} catch (Exception e) {
e.printStackTrace();
logger.error("============自动登录统一认证失败!");
}
//判断是否是手机端登录
String isMobile = Util.null2String(request.getParameter("ismobile"));
if(isMobile.equalsIgnoreCase("1")){
request.getSession().setAttribute("@openType","1");
}
SysMaintenanceLog log = new SysMaintenanceLog();
log.resetParameter();
log.setRelatedId(rs.getInt("id"));
log.setRelatedName((rs.getString("firstname") + " " + rs.getString("lastname")).trim());
log.setOperateType("6");
log.setOperateDesc("");
log.setOperateItem("60");
log.setOperateUserid(rs.getInt("id"));
log.setClientAddress(Util.getIpAddr(request));
if (isMobile.equals("1")) {
log.setClientType(2);
} else {
log.setClientType(1);
}
log.setSysLogInfo();
} else if (login_type.equals("2")) {
rs.execute("CRM_CustomerInfo_SByLoginID", login_id);
if (rs.next()) {
if (rs.getString("deleted").equals("1")) {
return "16";
}
String salt = Util.null2String(rs.getString("salt"));
String portalPassword = rs.getString("PortalPassword");
if (salt.equals("")) {
//明文密码对比,兼容历史数据
if (!portalPassword.equals(user_password)) {
return "16";
}
} else {
//加密加盐后的密码对比
if (!portalPassword.equals(SM3Utils.getEncrypt(user_password, salt))) {
return "16";
}
}
if (!rs.getString("PortalStatus").equals("2")) {
return "16";
}
User user = new User();
user.setUid(rs.getInt("id"));
user.setLoginid(login_id);
user.setFirstname(rs.getString("name"));
//user.setLanguage(Util.getIntValue("7", 0));
String languageidweaver = Util.null2String(rs.getString("systemlanguage"), "7");
if (!languid.equalsIgnoreCase(languageidweaver) && ismutilangua) {
RecordSet rs2 = new RecordSet();
rs2.executeUpdate("update CRM_CustomerInfo set language = ? where id =? ", languid, rs.getInt("id"));
languageidweaver = languid;
}
user.setLanguage(Util.getIntValue(languageidweaver, 7));
User.setUserLang4cus(rs.getInt("id"), Util.getIntValue(languid, 7));
user.setUserDepartment(Util.getIntValue(rs.getString("department"), 0));
user.setUserSubCompany1(Util.getIntValue(rs.getString("subcompanyid1"), 0));
user.setManagerid(rs.getString("manager"));
user.setCountryid(rs.getString("country"));
user.setEmail(rs.getString("email"));
user.setAgent(Util.getIntValue(rs.getString("agent"), 0));
user.setType(Util.getIntValue(rs.getString("type"), 0));
user.setParentid(Util.getIntValue(rs.getString("parentid"), 0));
user.setProvince(Util.getIntValue(rs.getString("province"), 0));
user.setCity(Util.getIntValue(rs.getString("city"), 0));
user.setLogintype("2");
user.setSeclevel(rs.getString("seclevel"));
user.setLoginip(request.getRemoteAddr());
request.getSession(true).setAttribute("weaver_user@bean", user);
request.getSession(true).setAttribute("rtxlogin", "1");
// Util.setCookie(response, "loginfileweaver", login_file, 172800);
Util.setCookie(response, "loginidweaver", user.getUID() + "", -1);
Util.setCookie(response, "languageidweaver", "7", -1);
String para = String.valueOf(rs.getInt("id")) + separator + currentdate + separator + currenttime + separator + request.getRemoteAddr();
rs.executeProc("CRM_LoginLog_Insert", para);
} else {
return "16";
}
}else{
return "-1" ;
}
} catch (Exception e) {
writeLog(e);
throw e;
}
return message;
}
private static ThreadLocal<Integer> lnLoginMsgLabelThreadLocal = new ThreadLocal<>() ;
private String beforeCheckUser(HttpServletRequest request, HttpServletResponse response) {
ChgPasswdReminder reminder = new ChgPasswdReminder();
RemindSettings settings = reminder.getRemindSettings();
RecordSet rs = new RecordSet();
StaticObj staticobj = StaticObj.getInstance();
Calendar today = Calendar.getInstance();
String currentdate = Util.add0(today.get(1), 4) + "-" + Util.add0(today.get(2) + 1, 2) + "-" + Util.add0(today.get(5), 2);
try {
String logintype = Util.null2String(request.getParameter("logintype"), "1");
String validatecode = Util.null2String(request.getParameter("validatecode"));
int needvalidate = settings.getNeedvalidate();
String validateRand = Util.null2String((String) request.getSession(true).getAttribute("validateRand")).trim();
if (validateRand.length() == 0) {//从redis缓存中获取验证码
String validateCodeKey = Util.null2String(request.getParameter("validateCodeKey"));
if (validateCodeKey.length() > 0) {
validateRand = Util.null2String(Util_DataMap.getObjVal(validateCodeKey));
Util_DataMap.clearVal(validateCodeKey);
}
}else{
String validateCodeKey = Util.null2String(request.getParameter("validateCodeKey"));
if (validateCodeKey.length() > 0) {
Util_DataMap.clearVal(validateCodeKey);
}
}
int numvalidatewrong = settings.getNumvalidatewrong();
int sumpasswordwrong = 0;
if (logintype.equals("1")) {
if ((needvalidate == 1)) {
if (validateRand.trim().equals("") || "".equals(validatecode.trim())) {
return "52";
} else if ((sumpasswordwrong >= numvalidatewrong) && (!validateRand.toLowerCase().equals(validatecode.trim().toLowerCase()))) {
return "52";
}
}
}
String loginid = Util.null2String(request.getParameter("loginid"));
loginid = LoginBiz.getLoginId(loginid,request);
if (loginid.length()==0) {
writeLog("loginid is null");
return "99";
}
if (!checkLoginType(loginid, logintype)) {
return "16";
}
boolean isEMMobile = LoginBiz.isEMMobile(request.getHeader("user-agent"));
String userUsbType = "";
String usbstate = "";
rs.executeQuery("select userUsbType,usbstate from hrmresource where loginid=?", loginid);
if (rs.next()) {
userUsbType = Util.null2String(rs.getString("userUsbType"));
usbstate = Util.null2String(rs.getString("usbstate"));
}else{
rs.executeQuery("select userUsbType,usbstate from hrmresourcemanager where loginid=?", loginid);
if (rs.next()) {
userUsbType = Util.null2String(rs.getString("userUsbType"));
usbstate = Util.null2String(rs.getString("usbstate"));
}
}
if (settings.getQRCode().equals("1") && userUsbType.equals("6") && usbstate.equals("0") && !isEMMobile) {
return "66";
}
if (!checkIpSegByForbidLogin(request, loginid)) {//判断是否开启了【禁止网段外登录】,如果开启了,判断是否在网段内
if (checkIsNeedIp(loginid)) {
return "88";
}
}
boolean canpass = new VerifyPasswdCheck().getUserCheck(loginid, "", 1);
if (canpass) {
return "110";
}
rs.executeQuery("select isADAccount from hrmresource where loginid=?", loginid);
if (rs.next()) {
this.isADAccount = rs.getString("isADAccount");
}
if ((loginid.indexOf(";") > -1) || (loginid.indexOf("--") > -1) || (loginid.indexOf(" ") > -1) || (loginid.indexOf("'") > -1)) {
return "16";
}
String isLicense = (String) staticobj.getObject("isLicense");
LN ckLicense = new LN();
try {
String lnFlag = ckLicense.CkLicense(currentdate) ;
if (!lnFlag.equals("1")) {
switch (lnFlag){
case "4":
lnLoginMsgLabelThreadLocal.set(517219);
break;
case "5":
lnLoginMsgLabelThreadLocal.set(84760);
break;
}
return "19";
} else {
staticobj.putObject("isLicense", "true");
}
} catch (Exception e) {
return "19";
}
String concurrentFlag = Util.null2String(ckLicense.getConcurrentFlag());
int hrmnumber = Util.getIntValue(ckLicense.getHrmnum());
if ("1".equals(concurrentFlag)) {
LicenseCheckLogin lchl = new LicenseCheckLogin();
if (lchl.getLicUserCheck(loginid, hrmnumber)) {
recordFefuseLogin(loginid); //拒绝登陆记录
return "26";
}
}
String software = (String) staticobj.getObject("software");
String portal = "n";
String multilanguage = "n";
if (software == null) {
rs.executeQuery("select * from license");
if (rs.next()) {
software = rs.getString("software");
if (software.equals("")) {
software = "ALL";
}
staticobj.putObject("software", software);
portal = rs.getString("portal");
if (portal.equals("")) {
portal = "n";
}
staticobj.putObject("portal", portal);
multilanguage = rs.getString("multilanguage");
if (multilanguage.equals("")) {
multilanguage = "n";
}
staticobj.putObject("multilanguage", multilanguage);
}
}
} catch (Exception e) {
return "-1";
}
return "";
}
private void afterCheckUser(ServletContext application, HttpServletRequest request, HttpServletResponse response, String usercheck) {
try {
HttpSession session = request.getSession(true);
session.removeAttribute("validateRand");
session.setAttribute("isie", Util.null2String(request.getParameter("isie")));
session.setAttribute("browser_isie", Util.null2String(request.getParameter("isie")));
String loginid = Util.null2String(request.getParameter("loginid"));
loginid = LoginBiz.getLoginId(loginid,request);
String loginfile = Util.null2String(request.getParameter("loginfile"));
String ismobile = Util.null2String(request.getParameter("ismobile"));
if(!"".equals(loginid) && loginid.endsWith("_test") && "1".equals(ismobile)){
loginid = loginid.replace("_test","");
}
new VerifyPasswdCheck().getUserCheck(loginid, usercheck, 2);
User user = (User) request.getSession(true).getAttribute("weaver_user@bean");
if (user == null)
return;
boolean MOREACCOUNTLANDING = GCONST.getMOREACCOUNTLANDING();
if (MOREACCOUNTLANDING) {
if (user.getUID() != 1) {
VerifyLogin VerifyLogin = new VerifyLogin();
List accounts = VerifyLogin.getAccountsById(user.getUID());
request.getSession(true).setAttribute("accounts", accounts);
}
//Util.setCookie(response, "loginfileweaver", loginfile, 172800);
Util.setCookie(response, "loginidweaver", loginid, -1);
}
Map logmessages = (Map) application.getAttribute("logmessages");
if (logmessages == null) {
logmessages = new WHashMap();
logmessages.put(user.getUID(), "");
application.setAttribute("logmessages", logmessages);
}
if ((user != null) && (!loginid.equals(user.getLoginid())) && usercheck.equals("0")) {
request.getSession(true).removeAttribute("weaver_user@bean");
writeLog("VerifyLogin Error>>>>>>>>>>>>>>>>>>loginid==" + loginid + "user.getLoginid()==" + user.getLoginid());
} else {
RecordSet rs = new RecordSet();
String loginuuids = user.getUID() + "";
rs.executeQuery("select id from hrmresource where status in(0,1,2,3) and belongto = ? ", user.getUID());
if (rs.next()) {
if (loginuuids.length() > 0)
loginuuids = loginuuids + ",";
loginuuids = loginuuids + rs.getInt("id");
}
Util.setCookie(response,"loginuuids",loginuuids,-1);
// Cookie ckloginuuids = new Cookie("loginuuids", loginuuids);
// ckloginuuids.setMaxAge(-1);
// ckloginuuids.setPath("/");
// response.addCookie(ckloginuuids);
//writeLog("VerifyLogin successful>>>>>>>>>>>>>>>>>>loginid==" + loginid + "user.getLoginid()==" + user.getLoginid());
checkUserSessions(application);
String uId = String.valueOf(user.getUID());
List slist = (List) userSessions.get(uId);
slist = slist == null ? new ArrayList() : slist;
slist.add(session);
userSessions.put(uId, slist);
// application.setAttribute("userSessions", userSessions);
}
} catch (Exception localException) {
writeLog("afterCheckUser Error");
writeLog(localException);
}
}
/**
* the value might be removed somewhere in the codes
*/
private static volatile Map userSessions;
private static void checkUserSessions(ServletContext application) {
userSessions = (Map) application.getAttribute("userSessions");
if (userSessions ==null) {
synchronized (LoginUtil.class) {
if (userSessions == null) {
userSessions = new java.util.concurrent.ConcurrentHashMap();
application.setAttribute("userSessions", userSessions);
}
}
}
}
/**
* 是否需要动态密码,
* 开启免密码但是没有开动态密码,则 false
* @param needpassword
* @param passwordstateip
* @param usbscope
* @param ismobile
* @param isDynapasslenRight
* @param ipaddress
* @return
*/
private boolean isNeedDynapassCheck(int needpassword,
int passwordstateip,
String usbscope,
boolean ismobile,
boolean isDynapasslenRight,
boolean ipaddress){
return isDynapasslenRight && ipaddress && (
needpassword ==0 && !(
passwordstateip==1|| passwordstateip==0 && !QysLoginManager.checkUsbScopeOn(usbscope,ismobile))
|| (passwordstateip == 0 && QysLoginManager.checkUsbScopeOn(usbscope,ismobile) || passwordstateip == 2)
) ;
}
private String[] checkUserPass(HttpServletRequest request, String loginid, String pass, String messages) {
String ClientIP = Util.getIpAddr(request);
boolean isMobile = QysLoginManager.isRealMobile(request) ;
String[] returnValue = new String[2];
returnValue[0] = "-1";
returnValue[1] = "-1";
HrmSettingsComInfo sci = new HrmSettingsComInfo();
int needdynapass_sys = Util.getIntValue(sci.getNeeddynapass());
int dynapasslen = Util.getIntValue(sci.getDynapasslen());
boolean isDynapasslenRight = dynapasslen > 0 ;
int needpassword = Util.getIntValue(sci.getNeedpassword());
boolean ipaddress = false;
int passwordstateip = 1;
int needdynapass = 0;
String mobile = "";
RecordSet rs = new RecordSet();
RecordSet rs1 = new RecordSet();
RecordSet rs2 = new RecordSet();
String sql = "";
String idTemp = "0";
String passwordTemp = "";
String usbscope = "" ;
sql = "select id,needdynapass,mobile,usbstate as passwordstate from HrmResource where loginid=? and (accounttype is null or accounttype=0)";
rs.executeQuery(sql, loginid);
if ((rs.next()) && (Util.getIntValue(rs.getString(1), 0) > 0)) {
idTemp = rs.getString(1);
returnValue[0] = "0";
returnValue[1] = "0";
needdynapass = rs.getInt(2);
if (needdynapass == 1) {
rs1.executeQuery("select id from hrmpassword where id=?", idTemp);
if (!rs1.next()) {
rs1.executeUpdate("insert into hrmpassword(id,loginid,created) values(?,?,"+DbFunctionUtil.getCurrentFullTimeFunction(rs.getDBType())+")", idTemp, loginid);
}
}
sql = "select password,usbstate as passwordstate,salt from HrmResource where id= ?";
rs.executeQuery(sql, idTemp);
if (rs.next()) {
passwordTemp = Util.null2String(rs.getString(1));
String salt = rs.getString("salt");
boolean passwordCheck = pass.length()>0 && PasswordUtil.check(pass, passwordTemp, salt);
if (needdynapass != 1) {
if (passwordCheck){
returnValue[1] = "1";
}
} else {
if (needdynapass_sys == 1) {
sql = "select password,usbstate as passwordstate,usbscope from HrmResource where loginid=?";
rs2.executeQuery(sql, loginid);
if (rs2.next()) {
passwordstateip = rs2.getInt("passwordstate");
usbscope = rs2.getString("usbscope") ;
}
}
ipaddress = checkIpSeg(request, loginid, passwordstateip);
if(isNeedDynapassCheck(needpassword,passwordstateip,usbscope,isMobile,isDynapasslenRight,ipaddress)) {
rs.executeQuery("select password,salt from hrmpassword where id=?", idTemp);
String pswd = "";
if (rs.next()) {
pswd = StringUtil.vString(rs.getString(1));
String dySalt = rs.getString("salt");
String dynamicPassword = Util.null2String(request.getParameter("dynamicPassword"));
if (pswd.length() == 0) {
returnValue[1] = "730";
} else {
if(PasswordUtil.check(dynamicPassword, pswd, dySalt)){
if(needpassword==1){
if(passwordCheck){
returnValue[1] = "1";
}
}else{
returnValue[1] = "1";
}
if(returnValue[1].equals("1")){
rs.executeUpdate("update hrmpassword set password='',created=null where id=?", idTemp);
}
}
}
}
} else{
if(passwordCheck){
returnValue[1] = "1";
}
}
}
}
} else {
rs.executeProc("SystemSet_Select", "");
rs.next();
String detachable = Util.null2String(rs.getString("detachable"));
sql = "select count(id),id from HrmResourceManager where loginid=? group by id";
rs.executeQuery(sql, loginid);
if ((rs.next()) && (Util.getIntValue(rs.getString(1), 0) > 0)) {
if ((!detachable.equals("1")) && (!loginid.equalsIgnoreCase("sysadmin"))) {
returnValue[0] = "-1";
returnValue[1] = "0";
return returnValue;
}
idTemp = rs.getString(2);
returnValue[0] = "1";
returnValue[1] = "0";
sql = "select password,userUsbType,usbstate,mobile,salt from HrmResourceManager where id= ?";
rs.executeQuery(sql, idTemp);
if (rs.next()) {
passwordTemp = Util.null2String(rs.getString(1));
String salt = rs.getString("salt");
needdynapass = rs.getInt(2);
boolean passwordCheck = pass.length()>0 && PasswordUtil.check(pass, passwordTemp, salt);
if (needdynapass != 4) {
if (PasswordUtil.check(pass, passwordTemp, salt))
returnValue[1] = "1";
} else {
if (needdynapass_sys == 1) {
sql = "select password,usbstate as passwordstate,usbscope from HrmResourceManager where loginid=?";
rs2.executeQuery(sql, loginid);
if (rs2.next()) {
passwordstateip = rs2.getInt("passwordstate");
usbscope = rs2.getString("usbscope") ;
}
}
ipaddress = checkIpSeg(request, loginid, passwordstateip);
if(isNeedDynapassCheck(needpassword,passwordstateip,usbscope,isMobile,isDynapasslenRight,ipaddress)) {
rs.executeQuery("select password,salt from hrmpassword where id=?", idTemp);
String pswd = "";
if (rs.next()) {
pswd = StringUtil.vString(rs.getString(1));
String dySalt = rs.getString("salt");
String dynamicPassword = Util.null2String(request.getParameter("dynamicPassword"));
if (pswd.length() == 0) {
returnValue[1] = "730";
} else {
if(PasswordUtil.check(dynamicPassword, pswd, dySalt)){
if(needpassword==1){
if(passwordCheck){
returnValue[1] = "1";
}
}else{
returnValue[1] = "1";
}
if(returnValue[1].equals("1")){
rs.executeUpdate("update hrmpassword set password='',created=null where id=?", idTemp);
}
}
}
}
} else{
if(passwordCheck){
returnValue[1] = "1";
}
}
}
}
}
}
return returnValue;
}
public boolean checkIpSeg(HttpServletRequest request, String loginid, int passwordstateip) {
String ClientIP = Util.getIpAddr(request);
boolean ipaddress = true;
HrmSettingsComInfo sci = new HrmSettingsComInfo();
int needdynapass_sys = Util.getIntValue(sci.getNeeddynapass());
if (needdynapass_sys == 1) {
RecordSet rs = new RecordSet();
String inceptipaddress = "";
String endipaddress = "";
String ipAddressType = "";
String sql = "select * from HrmnetworkSegStr";
rs.executeQuery(sql);
while (rs.next()) {
inceptipaddress = rs.getString("inceptipaddress");
endipaddress = rs.getString("endipaddress");
ipAddressType = rs.getString("ipAddressType");
try{
if (ipAddressType.equals("IPv4") && ClientIP.indexOf(".") > -1) {
long ip1 = IpUtils.ip2number(inceptipaddress);
long ip2 = IpUtils.ip2number(endipaddress);
long ip3 = IpUtils.ip2number(ClientIP);
if (passwordstateip == 2) {
if ((ip3 >= ip1) && (ip3 <= ip2)) {
ipaddress = false;
break;
}
if ((ip3 < ip1) || (ip3 > ip2)) {
ipaddress = true;
}
} else if (passwordstateip == 0) {
ipaddress = true;
} else if (passwordstateip == 1) {
ipaddress = false;
break;
}
} else if (ipAddressType.equals("IPv6") && ClientIP.indexOf(":") > -1) {
String ip1 = IpUtils.parseAbbreviationToFullIPv6(inceptipaddress);
String ip2 = IpUtils.parseAbbreviationToFullIPv6(endipaddress);
String ip3 = IpUtils.parseAbbreviationToFullIPv6(ClientIP);
if (passwordstateip == 2) {
if (ip3.compareTo(ip1) >= 0 && ip3.compareTo(ip2) <= 0) {
ipaddress = false;
break;
}
if (ip3.compareTo(ip1) < 0 || ip3.compareTo(ip2) > 0) {
ipaddress = true;
}
} else if (passwordstateip == 0) {
ipaddress = true;
} else if (passwordstateip == 1) {
ipaddress = false;
break;
}
}
}catch (Exception e){
writeLog(e);
}
}
}
return ipaddress;
}
public boolean sendOk(String ln, String sDypadcon, int dynapasslen, String mobile, String time, String tmpid, String sValiditySec, String ip) {
String dypadcon = Util.null2String(sDypadcon);
String dynapass = "";
if (dypadcon.equals("0"))
dynapass = Util.passwordBuilderNo(dynapasslen);
else if (dypadcon.equals("1"))
dynapass = Util.passwordBuilderEn(dynapasslen);
else if (dypadcon.equals("2")) {
dynapass = Util.passwordBuilder(dynapasslen);
}
// SMSManager sm = new SMSManager();
// sm.setFromMould(SmsFromMouldEnum.HRM);
// Rim
SMSSaveAndSend sms=new SMSSaveAndSend();
String msg = ""+SystemEnv.getHtmlLabelName(83612,ThreadVarLanguage.getLang())+""
+ time + ""+SystemEnv.getHtmlLabelName(10003727,ThreadVarLanguage.getLang())+""
+ dynapass + ip ;
sms.setMessage(msg);
sms.setFrommould(SmsFromMouldEnum.HRM);
sms.setSmsTemplateModuleType(SmsTemplateModuleType.COMMON_VERIFICATIONCODE);
sms.setCustomernumber(mobile);
JSONObject jsonParams = new JSONObject() ;
jsonParams.put("time",time) ;
jsonParams.put("code",dynapass) ;
jsonParams.put("IP",ip) ;
sms.setSendParams(jsonParams);
sms.setUserid(1);//系统发送
boolean sendflag = sms.send();
// boolean sendflag = sm.sendSMS(mobile,
// ""+weaver.systeminfo.SystemEnv.getHtmlLabelName(83612,weaver.general.ThreadVarLanguage.getLang())+""
// + time + ""+weaver.systeminfo.SystemEnv.getHtmlLabelName(10003727,weaver.general.ThreadVarLanguage.getLang())+""
// + dynapass + ip);
// System.out.println("您在" + time + "登录系统的动态密码为:" + dynapass + ip);
// sendflag = true;
if (sendflag) {
String[] pwdArr = PasswordUtil.encrypt(dynapass);
RecordSet rs = new RecordSet();
rs.executeUpdate("update hrmpassword set password=? ,salt=?, created="+DbFunctionUtil.getCurrentFullTimeFunction(rs.getDBType())+" where id=?", pwdArr[0], pwdArr[1],tmpid);
upPswdJob(tmpid, sValiditySec);
}
return sendflag;
}
private void upPswdJob(final String arg0, final String arg1) {
final long sleeps = StringUtil.parseToLong(arg1, 120) * 1000;
new Thread(new Runnable() {
@Override
public void run() {
try {
Thread.sleep(sleeps);
new RecordSet().executeUpdate("update hrmpassword set password='',created=null where id=?", arg0);
} catch (InterruptedException e) {
}
}
}).start();
}
/**
* 判断是否开启了【禁止网段外登录】,如果开启了,判断是否在网段内
*
* @param request
* @return 是否被禁止登陆false-不允许登录、true-允许登录
*/
public boolean checkIpSegByForbidLogin(HttpServletRequest request, String loginId) {
RecordSet rs = new RecordSet();
rs.executeQuery("select * from HrmResourceManager where loginid = ?", loginId);
if (rs.next()) return true;
String ClientIP = Util.getIpAddr(request);
if (ClientIP.equals("0:0:0:0:0:0:0:1")) return true;
HrmSettingsComInfo sci = new HrmSettingsComInfo();
int forbidLogin = Util.getIntValue(sci.getForbidLogin(), 0);//是否开启了【禁止网段外登录】0-未开启、1-开启
if (forbidLogin == 0) return true;
boolean ipaddress = false;//是否被禁止登陆false-不允许登录、true-允许登录
String inceptipaddress = "";//网段策略起始地址
String endipaddress = "";//网段策略截止地址
String ipAddressType = "";//网段策略类型:IPv4、IPv6
String sql = "select * from HrmnetworkSegStr";
rs.executeQuery(sql);
if (rs.getCounts() == 0) return false;
while (rs.next()) {
inceptipaddress = rs.getString("inceptipaddress");
endipaddress = rs.getString("endipaddress");
ipAddressType = rs.getString("ipAddressType").equals("IPv6") ? "IPv6" : "IPv4";
if (ipAddressType.equals("IPv4") && ClientIP.indexOf(".") > -1) {
long ip1 = IpUtils.ip2number(inceptipaddress);
long ip2 = IpUtils.ip2number(endipaddress);
long ip3 = IpUtils.ip2number(ClientIP);
if (ip3 >= ip1 && ip3 <= ip2) {
ipaddress = true;
break;
}
} else if (ipAddressType.equals("IPv6") && ClientIP.indexOf(":") > -1) {
String ip1 = IpUtils.parseAbbreviationToFullIPv6(inceptipaddress);
String ip2 = IpUtils.parseAbbreviationToFullIPv6(endipaddress);
String ip3 = IpUtils.parseAbbreviationToFullIPv6(ClientIP);
if (ip3.compareTo(ip1) >= 0 && ip3.compareTo(ip2) <= 0) {
ipaddress = true;
break;
}
}
}
return ipaddress;
}
/**
* 检测当前用户是否开启了辅助简阳方式,是否需要受网段策略控制
*
* @param loginId
* @return
*/
private boolean checkIsNeedIp(String loginId) {
RecordSet rs = new RecordSet();
rs.executeQuery("select userusbtype,usbstate from hrmresource where loginid=?", loginId);
rs.next();
String userusbtype = rs.getString("userusbtype");//辅助检验方式2-海泰KEY、3-动态令牌
String usbstate = rs.getString("usbstate");//辅助检验方式状态0-启用、1-禁止、2-网段策略(位于网段策略内的人可直接登录,无需辅助检验。)
//动态令牌 || 海泰key
if ((userusbtype.equals("3") && !usbstate.equals("1")) || (userusbtype.equals("2") && !usbstate.equals("1"))) {
return false;
}
return true;
}
private String[] getErrorMsg(ServletContext application, HttpServletRequest request, HttpServletResponse response, String msgid) {
RecordSet rs = new RecordSet();
RecordSet rs1 = new RecordSet();
String[] errorMsg = new String[5];
int imsgid = Util.getIntValue(msgid, 0);
String logintype = request.getParameter("logintype") ;
errorMsg[0] = "false";
errorMsg[1] = "" + imsgid;
errorMsg[2] = "";
errorMsg[3] = "";
errorMsg[4] = "";
int languageid = Util.getIntValue(request.getParameter("islanguid"), 0);
if (languageid == 0) {//如何未选择,则默认系统使用语言为简体中文
languageid = 7;
}
BirthdayReminder birth_reminder = new BirthdayReminder();
RemindSettings settings = birth_reminder.getRemindSettings();
if (settings == null) {
return errorMsg;
}
String loginid = Util.null2String(request.getParameter("loginid"));
loginid = LoginBiz.getLoginId(loginid,request);
String ismobile = Util.null2String(request.getParameter("ismobile"));
if(!"".equals(loginid) && loginid.endsWith("_test") && "1".equals(ismobile)){
loginid = loginid.replace("_test","");
}
if(-29 == imsgid) {
String[] casinfo = casUrl.get() ;
casUrl.remove();
String tipmsg = "" ;
if(casinfo != null){
tipmsg = casinfo[1]+"("+casinfo[0]+")" ;
}
errorMsg[2] = SystemEnv.getHtmlLabelName(389490,languageid)+";" + tipmsg ;
}else if (imsgid == 0) {// 登录成功
errorMsg[0] = "true";
errorMsg[2] = ""+SystemEnv.getHtmlLabelName(387270,ThreadVarLanguage.getLang())+"";
User user = (User) request.getSession().getAttribute("weaver_user@bean");
String sessionId = request.getSession().getId();
String access_token = AddToken(request, user, sessionId);
errorMsg[4] = access_token;
} else {
if(imsgid == -1){
errorMsg[2] = SystemEnv.getHtmlLabelName(32513, languageid)+";login_type err!";
}else if (imsgid == 16 || imsgid == 17) {
if (!ldapError.isEmpty() && !"124919".equalsIgnoreCase(ldapError)) {
errorMsg[2] = SystemEnv.getHtmlLabelNames(ldapError, languageid);
} else {
String userpassword = Util.null2String(request.getParameter("userpassword"));
String dynamicPassword = Util.null2String(request.getParameter("dynamicPassword"));
if (userpassword.length() > 0 && dynamicPassword.length() > 0) {
errorMsg[2] = SystemEnv.getHtmlLabelName(508167, languageid);
return errorMsg;
} else if (dynamicPassword.length() > 0) {
errorMsg[2] = SystemEnv.getHtmlLabelName(508177, languageid);
return errorMsg;
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid);
}
if (imsgid == 16) {
//管理员
String sql1 = "select sumpasswordwrong,id from HrmResourceManager where loginid=? ";
rs.executeQuery(sql1, loginid);
String OpenPasswordLock = settings.getOpenPasswordLock();//是否开启密码输入错误自动锁定
if ("1".equals(OpenPasswordLock) && rs.next()) {
String needPasswordLockMin = settings.getNeedPasswordLockMin();//是否需要自动解
String passwordLockReason = needPasswordLockMin.equals("1") ? "C" : "B";//账号锁定原因
String passwordLockMin = settings.getPasswordLockMin();//多少分钟后自动解锁
int sumpasswordwrong = Util.getIntValue(rs.getString(1));
int userId = Util.getIntValue(rs.getString(2), 0);
int sumPasswordLock = Util.getIntValue(settings.getSumPasswordLock(), 3);
int leftChance = sumPasswordLock - sumpasswordwrong;
if (leftChance == 0) {
String now = DateUtil.getFullDate();
String sql = "";
if (rs.getDBType().equalsIgnoreCase("oracle")) {
sql = "update HrmResourceManager set passwordlock=1,sumpasswordwrong=0, passwordlocktime=to_date(?,'yyyy-mm-dd hh24:mi:ss'),passwordLockReason=? where loginid=?";
} else if (rs.getDBType().equalsIgnoreCase("postgresql")) {
sql = "update HrmResourceManager set passwordlock=1,sumpasswordwrong=0, passwordlocktime=?::timestamp,passwordLockReason=? where loginid=?";
} else {
sql = "update HrmResourceManager set passwordlock=1,sumpasswordwrong=0, passwordlocktime=?,passwordLockReason=? where loginid=?";
}
rs1.executeUpdate(sql, now, passwordLockReason, loginid);
/*记录密码锁定的日志*/
setIpAddress(Util.getIpAddr(request));
setClientType(1);
recordPasswordLock(userId, loginid);
/*记录密码锁定的日志*/
if (needPasswordLockMin.equals("1")) {
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid)
+ "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + passwordLockMin + SystemEnv.getHtmlLabelName(504525, languageid)
+ " " + SystemEnv.getHtmlLabelName(504526, languageid);
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid)
+ "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + SystemEnv.getHtmlLabelName(504523, languageid);
}
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(24466, languageid) + leftChance + SystemEnv.getHtmlLabelName(24467, languageid);
}
} else {
//普通员工
int sumPasswordLock = Util.getIntValue(settings.getSumPasswordLock(), 3);
String needPasswordLockMin = settings.getNeedPasswordLockMin();//是否需要自动解
String passwordLockReason = needPasswordLockMin.equals("1") ? "C" : "B";//账号锁定原因
String passwordLockMin = settings.getPasswordLockMin();//多少分钟后自动解锁
sql1 = "select sumpasswordwrong,id from HrmResource where loginid=? and (accounttype is null or accounttype=0)";
rs.executeQuery(sql1, loginid);
OpenPasswordLock = settings.getOpenPasswordLock();//是否开启密码输入错误自动锁定
if ("1".equals(OpenPasswordLock)) {
if (rs.next()) {
int sumpasswordwrong = Util.getIntValue(rs.getString(1));
int userId = Util.getIntValue(rs.getString(2), 0);
int leftChance = sumPasswordLock - sumpasswordwrong;
if (leftChance == 0) {
String now = DateUtil.getFullDate();
String sql = "";
if (rs.getDBType().equalsIgnoreCase("oracle")) {
sql = "update HrmResource set passwordlock=1,sumpasswordwrong=0, passwordlocktime=to_date(?,'yyyy-mm-dd hh24:mi:ss'),passwordLockReason=? where loginid=?";
} else if (rs.getDBType().equalsIgnoreCase("postgresql")) {
sql = "update hrmresource set passwordlock=1,sumpasswordwrong=0, passwordlocktime=?::timestamp,passwordLockReason=? where loginid=?";
} else {
sql = "update hrmresource set passwordlock=1,sumpasswordwrong=0, passwordlocktime=?,passwordLockReason=? where loginid=?";
}
rs1.executeUpdate(sql, now, passwordLockReason, loginid);
/*记录密码锁定的日志*/
setIpAddress(Util.getIpAddr(request));
setClientType(1);
recordPasswordLock(userId, loginid);
/*记录密码锁定的日志*/
if (needPasswordLockMin.equals("1")) {
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid) + "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + passwordLockMin + SystemEnv.getHtmlLabelName(504525, languageid) + " " + SystemEnv.getHtmlLabelName(504526, languageid);
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid) + "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + SystemEnv.getHtmlLabelName(504523, languageid);
}
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(24466, languageid) + leftChance + SystemEnv.getHtmlLabelName(24467, languageid);
}
} else if(!"2".equalsIgnoreCase(logintype)){
// 账号密码不存在
rs1.executeQuery("select * from hrm_resource_login_log where loginid=?", loginid);
if (rs1.next()) {
int sumpasswordwrong = Util.getIntValue(rs1.getString("sumpasswordwrong")) + 1;
int leftChance = sumPasswordLock - sumpasswordwrong;
int passwordlock = Util.getIntValue(rs1.getString("passwordlock"));
String sql = "";
if (passwordlock == 1) {
if (needPasswordLockMin.equals("1")) {
errorMsg[2] = SystemEnv.getHtmlLabelName(24593, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid) + "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + passwordLockMin + SystemEnv.getHtmlLabelName(504525, languageid) + " " + SystemEnv.getHtmlLabelName(504526, languageid);
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(24593, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid) + "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + SystemEnv.getHtmlLabelName(504523, languageid);
}
} else if (leftChance == 0) {
sql = "update hrm_resource_login_log set passwordlock=1,sumpasswordwrong=0, passwordLockReason=? where loginid=?";
rs1.executeUpdate(sql, passwordLockReason, loginid);
if (needPasswordLockMin.equals("1")) {
errorMsg[2] = SystemEnv.getHtmlLabelName(24593, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid) + "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + passwordLockMin + SystemEnv.getHtmlLabelName(504525, languageid) + " " + SystemEnv.getHtmlLabelName(504526, languageid);
} else {
errorMsg[2] = SystemEnv.getHtmlLabelName(24593, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid) + "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + SystemEnv.getHtmlLabelName(504523, languageid);
}
} else {
sql = "update hrm_resource_login_log set sumpasswordwrong=" + sumpasswordwrong + " where loginid=?";
rs1.executeUpdate(sql, loginid);
errorMsg[2] = SystemEnv.getHtmlLabelName(24466, languageid) + leftChance + SystemEnv.getHtmlLabelName(24467, languageid);
}
} else {
String sql = "";
int sumpasswordwrong = 1;
int leftChance = sumPasswordLock - sumpasswordwrong;
sql = "insert into hrm_resource_login_log(loginid,sumpasswordwrong) values (?,?)";
rs1.executeUpdate(sql, loginid, sumpasswordwrong);
errorMsg[2] = SystemEnv.getHtmlLabelName(24466, languageid) + leftChance + SystemEnv.getHtmlLabelName(24467, languageid);
}
}
}
}
}
}
} else if (imsgid == 26) {
errorMsg[2] = SystemEnv.getHtmlLabelName(23656, languageid);
} else if (imsgid == 45) {
errorMsg[2] = SystemEnv.getHtmlLabelName(84259, languageid);
} else if (imsgid == 46) {
errorMsg[2] = SystemEnv.getHtmlLabelName(23656, languageid);
} else if (imsgid == 122) {
errorMsg[2] = SystemEnv.getHtmlLabelName(84268, languageid);
} else if (imsgid == 110) {
int sumPasswordLock = Util.getIntValue(settings.getSumPasswordLock(), 3);//输入密码错误累计多少次锁定账号
int needPasswordLockMin = Util.getIntValue(settings.getNeedPasswordLockMin(), 0);//是否需要自动解锁
String passwordLockMin = settings.getPasswordLockMin();//多少分钟后自动解锁
String passwordLockReason = "-1";//账号被锁定的原因
//管理员
String sql = "select passwordLockReason from HrmResourceManager where loginid=?";
rs1.executeQuery(sql, loginid);
if (rs1.next()) {
passwordLockReason = rs1.getString("passwordLockReason");
}
//普通人员
if(passwordLockReason.equals("-1")){
sql = "select passwordLockReason from HrmResource where loginid=?";
rs1.executeQuery(sql, loginid);
if (rs1.next()) {
passwordLockReason = rs1.getString("passwordLockReason");
}
}
switch (passwordLockReason) {
case "A":
//您的账号已被管理员锁定,请联系系统管理员!
errorMsg[2] = SystemEnv.getHtmlLabelName(504527, languageid);
break;
case "B":
case "C":
if (needPasswordLockMin == 1) {
//您输入密码错误已达到X次账号被锁定Y分钟后自动解锁或联系管理员
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid)
+ "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + passwordLockMin + SystemEnv.getHtmlLabelName(504525, languageid)
+ " " + SystemEnv.getHtmlLabelName(504526, languageid);
} else {
//您输入密码错误已达到X次账号被锁定请联系管理员
errorMsg[2] = SystemEnv.getHtmlLabelName(124919, languageid) + sumPasswordLock + SystemEnv.getHtmlLabelName(18083, languageid)
+ "" + SystemEnv.getHtmlLabelName(504522, languageid) + "" + SystemEnv.getHtmlLabelName(504523, languageid);
}
break;
case "D":
//您长时间未登录系统,账号已被锁定,请联系管理员!
errorMsg[2] = SystemEnv.getHtmlLabelName(504528, languageid);
break;
default:
//您的账号已被管理员锁定,请联系系统管理员!
errorMsg[2] = SystemEnv.getHtmlLabelName(504527, languageid);
break;
}
} else if (imsgid == 730) {
errorMsg[2] = SystemEnv.getHtmlLabelName(23771, languageid);
} else if (imsgid == 19) {
Integer label = lnLoginMsgLabelThreadLocal.get() ;
lnLoginMsgLabelThreadLocal.remove();
if(label != null){
errorMsg[2] = SystemEnv.getHtmlLabelName(label,languageid) ;
}else{
errorMsg[2] = SystemEnv.getHtmlLabelNames("18014,127353", languageid);
}
} else if (imsgid == 88) {
errorMsg[2] = SystemEnv.getHtmlLabelName(81628, languageid);
} else if (imsgid == 99) {
errorMsg[2] = SystemEnv.getHtmlLabelName( 386481, languageid);
} else {
errorMsg[2] = SystemEnv.getErrorMsgName(imsgid, languageid);
}
}
return errorMsg;
}
/**
* 拒绝登录记录
*
* @param loginid 登录人员的loginid
*/
public void recordFefuseLogin(String loginid) {
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
Calendar calendar = Calendar.getInstance();
String currentdate = dateFormat.format(calendar.getTime());
int currentYear = calendar.get(Calendar.YEAR);
int currentMonth = calendar.get(Calendar.MONTH) + 1;
int currentHour = calendar.get(Calendar.HOUR_OF_DAY);
String sql = "select id from HrmRefuseCount where refuse_date=? and refuse_hour=? and refuse_loginid=?";
RecordSet rs = new RecordSet();
rs.executeQuery(sql, currentdate, currentHour, loginid);
if (!rs.next()) {
sql = "insert into HrmRefuseCount(refuse_date,refuse_year,refuse_month,refuse_hour,refuse_loginid)" +
"values(?,?,?,?,?)";
rs.executeUpdate(sql, currentdate, currentYear, currentMonth, currentHour, loginid);
}
}
public boolean checkLoginType(String loginid, String loginType) {
boolean flag = false;
int docUserType = new HrmOrganizationVirtualUtil().getDocUserTypeByLoginid(loginid);
if (loginType.equals("3")) {//公文登录页登录
if (docUserType == 2 || docUserType == 3) {
flag = true;
}
} else if (loginType.equals("1")) {
if (docUserType == 1 || docUserType == 3) {
flag = true;
}
} else {
flag = true;
}
return flag;
}
/**
* 记录登录失败的日志
*
* @param userId 人员ID
* @param loginId 登录账号
* @param desc 登录失败的原因
* @throws Exception
*/
public void recordFailedLogin(int userId,String loginId, String desc) {
try {
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(userId);
sysMaintenanceLog.setRelatedName(loginId);
sysMaintenanceLog.setOperateType("302");
sysMaintenanceLog.setOperateDesc(desc);
sysMaintenanceLog.setOperateItem("503");
sysMaintenanceLog.setOperateUserid(0);
sysMaintenanceLog.setClientAddress(this.ipAddress);
sysMaintenanceLog.setClientType(this.clientType);
sysMaintenanceLog.setSysLogInfo();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 密码被锁定的日志
*
* @param userId 人员ID
* @param loginId 人员登陆账号
* @throws Exception
*/
public void recordPasswordLock(int userId, String loginId) {
try {
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(userId);
sysMaintenanceLog.setRelatedName(loginId);
sysMaintenanceLog.setOperateType("304");
sysMaintenanceLog.setOperateDesc(SystemEnv.getHtmlLabelName(24706, 7));
sysMaintenanceLog.setOperateItem("506");
sysMaintenanceLog.setOperateUserid(0);
sysMaintenanceLog.setClientAddress(this.ipAddress);
sysMaintenanceLog.setClientType(this.clientType);
sysMaintenanceLog.setSysLogInfo();
} catch (Exception e) {
e.printStackTrace();
}
}
public void setIpAddress(String ipAddress) {
this.ipAddress = ipAddress;
}
public void setClientType(int clientType) {
this.clientType = clientType;
}
/**
* 记录登录失败的日志
*
* @param loginId 登录账号
* @param desc 登录失败原因
* @param ipAddress IP地址
*/
public static void recordFailedLogin(String loginId, String desc, String ipAddress) {
try {
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(0);
sysMaintenanceLog.setRelatedName(loginId);
sysMaintenanceLog.setOperateType("302");
sysMaintenanceLog.setOperateDesc(desc);
sysMaintenanceLog.setOperateItem("503");
sysMaintenanceLog.setOperateUserid(0);
sysMaintenanceLog.setClientAddress(ipAddress);
sysMaintenanceLog.setSysLogInfo();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 密码被锁定的日志
*
* @param loginId 登录账号
* @param ipAddress IP地址
*/
public static void recordPasswordLock(String loginId, String ipAddress) {
try {
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(0);
sysMaintenanceLog.setRelatedName(loginId);
sysMaintenanceLog.setOperateType("304");
sysMaintenanceLog.setOperateDesc(SystemEnv.getHtmlLabelName(24706, 7));
sysMaintenanceLog.setOperateItem("506");
sysMaintenanceLog.setOperateUserid(0);
sysMaintenanceLog.setClientAddress(ipAddress);
sysMaintenanceLog.setSysLogInfo();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 记录登出日志
*
* @param user 目前登录人员
* @param ipAddress IP地址
*/
public static void recordLogout(User user, String ipAddress) {
try {
/*记录登出日志*/
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(user.getUID());
sysMaintenanceLog.setRelatedName(user.getLastname());
sysMaintenanceLog.setOperateType("303");
sysMaintenanceLog.setOperateDesc(SystemEnv.getHtmlLabelName(25149, user.getLanguage()));
sysMaintenanceLog.setOperateItem("505");
sysMaintenanceLog.setOperateUserid(user.getUID());
sysMaintenanceLog.setClientAddress(ipAddress);
sysMaintenanceLog.setSysLogInfo();
/*记录登出日志*/
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 记录登录日志
*
* @param hrmResourceId 人员ID
* @param lastname 人员姓名
* @param ipAddress IP地址
*/
public static void recordLogin(int hrmResourceId, String lastname, String ipAddress) {
try {
/*记录登入日志*/
SysMaintenanceLog sysMaintenanceLog = new SysMaintenanceLog();
sysMaintenanceLog.resetParameter();
sysMaintenanceLog.setRelatedId(hrmResourceId);
sysMaintenanceLog.setRelatedName(lastname);
sysMaintenanceLog.setOperateType("6");
sysMaintenanceLog.setOperateDesc("");
sysMaintenanceLog.setOperateItem("60");
sysMaintenanceLog.setOperateUserid(hrmResourceId);
sysMaintenanceLog.setClientAddress(ipAddress);
sysMaintenanceLog.setSysLogInfo();
/*记录登入日志*/
} catch (Exception e) {
e.printStackTrace();
}
}
private void generateCASTGCCookie(String login_id, String user_password, HttpServletRequest request, HttpServletResponse response) {
boolean openCas = false;
WeaverSSOCache weaverSSOCache = new WeaverSSOCache();
if (weaverSSOCache.next()) {
openCas= "1".equals(weaverSSOCache.getId());
}
logger.info("============opencas:"+openCas);
if (openCas) {
CasSetting casSetting = new CasSetting();
//1,开启了CAS也开启移动端认证的情况
boolean isuse = "1".equals(casSetting.getIsuse());
logger.info("============isuse:" + isuse);
boolean appAuth = "1".equals(casSetting.getAppauth());
logger.info("============appAuth:" + appAuth);
if (isuse && appAuth) {
logger.info("=========emobile开启了CAS认证和移动端CAS集成");
CASRestAPI api = new CASRestAPI().getInstance();
//1,获取tgt
logger.info("================正在获取TGT...");
String tgt = api.getTicketGrantingTicket(api.getServer(), login_id, user_password);
logger.info("================获取到的tgt:" + tgt);
if (tgt != null && tgt.length() > 0) {
//写进cookie里
Cookie cookie = new Cookie("CASTGC", tgt);
cookie.setPath("/");
cookie.setMaxAge(365 * 24 * 60 * 60);
response.addCookie(cookie);
}
}
}
}
/**
* @Description:移动端调用统一认证登录接口,判断账号
* @Author: xvshanshan
*/
private String beforeCertifiedCheckUser(HttpServletRequest request, HttpServletResponse response) {
RecordSet rs = new RecordSet();
StaticObj staticobj = StaticObj.getInstance();
Calendar today = Calendar.getInstance();
String currentdate = Util.add0(today.get(1), 4) + "-" + Util.add0(today.get(2) + 1, 2) + "-" + Util.add0(today.get(5), 2);
try {
//1、判断登陆账号
String loginid = Util.null2String(request.getParameter("loginid"));
loginid = LoginBiz.getLoginId(loginid, request);//判断登陆账号 根据logintype 判断是否存在多个匹配账号 存在返回""
if (loginid.length() == 0) {
writeLog("loginid is null");
return "99";
}
String ismobile = Util.null2String(request.getParameter("ismobile"));
if(!"".equals(loginid) && loginid.endsWith("_test") && "1".equals(ismobile)){
loginid = loginid.replace("_test","");
}
if ((loginid.indexOf(";") > -1) || (loginid.indexOf("--") > -1) || (loginid.indexOf(" ") > -1) || (loginid.indexOf("'") > -1)) {
return "16";
}
//校验license
String isLicense = (String) staticobj.getObject("isLicense");
LN ckLicense = new LN();
try {
String lnFlag = ckLicense.CkLicense(currentdate);
if (!lnFlag.equals("1")) {
switch (lnFlag) {
case "4":
lnLoginMsgLabelThreadLocal.set(517219);
break;
case "5":
lnLoginMsgLabelThreadLocal.set(84760);
break;
}
return "19";
} else {
staticobj.putObject("isLicense", "true");
}
} catch (Exception e) {
return "19";
}
String concurrentFlag = Util.null2String(ckLicense.getConcurrentFlag());
int hrmnumber = Util.getIntValue(ckLicense.getHrmnum());
if ("1".equals(concurrentFlag)) {
LicenseCheckLogin lchl = new LicenseCheckLogin();
if (lchl.getLicUserCheck(loginid, hrmnumber)) {
recordFefuseLogin(loginid); //拒绝登陆记录
return "26";
}
}
String software = (String) staticobj.getObject("software");
String portal = "n";
String multilanguage = "n";
if (software == null) {
rs.executeQuery("select * from license");
if (rs.next()) {
software = rs.getString("software");
if (software.equals("")) {
software = "ALL";
}
staticobj.putObject("software", software);
portal = rs.getString("portal");
if (portal.equals("")) {
portal = "n";
}
staticobj.putObject("portal", portal);
multilanguage = rs.getString("multilanguage");
if (multilanguage.equals("")) {
multilanguage = "n";
}
staticobj.putObject("multilanguage", multilanguage);
}
}
} catch (Exception e) {
return "-1";
}
return "";
}
/**
* @Description:调用统一认证登录接口,判断账号
* @Author: xvshanshan
*/
private String getCertifiedUserCheck(ServletContext application, HttpServletRequest request, HttpServletResponse response) throws Exception {
RSA rsa = new RSA();
RecordSet rs = new RecordSet();
BaseBean bb = new BaseBean();
String message = "";
String login_id = Util.null2String(request.getParameter("loginid"));
String user_password = Util.null2String(request.getParameter("userpassword"));
String isrsaopen = Util.null2String(rs.getPropValue("openRSA", "isrsaopen"));
List<String> decriptList = new ArrayList<>();
if ("1".equals(isrsaopen)) {
decriptList.add(login_id);
decriptList.add(user_password);
List<String> resultList = rsa.decryptList(request, decriptList,true);
login_id = resultList.get(0);
user_password = resultList.get(1);
if (!rsa.getMessage().equals("0")) {
writeLog("rsa.getMessage()", rsa.getMessage());
return "184";
}
}
String ismobile = Util.null2String(request.getParameter("ismobile"));
if(!"".equals(login_id) && login_id.endsWith("_test") && "1".equals(ismobile)){
login_id = login_id.replace("_test","");
}
if (user_password.endsWith("_random_")) {
SM4Utils sm4 = new SM4Utils();
//BaseBean bb = new BaseBean();
String key = Util.null2String(bb.getPropValue("weaver_client_pwd", "key"));
if (!"".equals(key)) {
user_password = user_password.substring(0, user_password.lastIndexOf("_random_"));
user_password = sm4.decrypt(user_password, key);
}
}
//判断移动端登录
boolean isEMMobile = LoginBiz.isEMMobile(request.getHeader("user-agent"));
//解密后 明文的账号密码 将明文密码按照统一认证规则SM4加密 调用接口
String API_KEY = "";
String TGT = "";//获取TGT
String ST = "";//获取ST
String clientSecret = "";
String inpmeg ="";
if (isEMMobile) {
API_KEY = Util.null2String(bb.getPropValue("tjbankEMobileSSO", "key"));
}
bb.writeLog("-login-isEMMobile-isEMMobile-:"+isEMMobile);
bb.writeLog("--login-clientId-:"+API_KEY);
//String sm4_password = EncipherAndDecipherUtil.encodeSM4(user_password, clientSecret);
String url = Util.null2String(bb.getPropValue("unified_certification", "login_Url"));
Map map = new HashMap();
//将oa的登录id统一转化为workcode
decriptList = new ArrayList<>();
decriptList.add(login_id);
decriptList.add(user_password);
List<String> resultList = rsa.decryptList(request, decriptList);
String loginId = resultList.get(0);
String userPassword = resultList.get(1);
bb.writeLog("登录名login_id=="+login_id+"======密码user_password===="+user_password);
String msg = HTTPClientUtil.getTGT(loginId,userPassword);
bb.writeLog("获取TGTmsg==="+msg);
org.json.JSONObject resMsg = new org.json.JSONObject(msg);
bb.writeLog("解析过的==="+resMsg);
if(resMsg.has("TGT")){
bb.writeLog("有没有进来TGT"+resMsg);
TGT = Util.null2String(resMsg.get("TGT").toString());
String retmsg=HTTPClientUtil.getST(TGT,loginId);
org.json.JSONObject stMsg = new org.json.JSONObject(retmsg);
bb.writeLog("返回的ST"+stMsg);
if(stMsg.has("ST")){
bb.writeLog("有没有进来ST"+resMsg);
ST = Util.null2String(stMsg.get("ST").toString());
map.put("status","200");
map.put("TGT",TGT);
map.put("ST",ST);
String workcode = getWorkcode(login_id);
rs.execute("select * from HrmResource where workcode ='" + workcode + "'");
int userid=0;
User user = null;
if (rs.next()) {
user = new User();
userid = rs.getInt("id");
user.setUid(rs.getInt("id"));
user.setLoginid(rs.getString("loginid"));
user.setFirstname(rs.getString("firstname"));
user.setLastname(rs.getString("lastname"));
user.setAliasname(rs.getString("aliasname"));
user.setTitle(rs.getString("title"));
user.setTitlelocation(rs.getString("titlelocation"));
user.setSex(rs.getString("sex"));
user.setPwd(rs.getString("password"));
String languageidweaver = rs.getString("systemlanguage");
user.setLanguage(Util.getIntValue(languageidweaver, 0));
user.setTelephone(rs.getString("telephone"));
user.setMobile(rs.getString("mobile"));
user.setMobilecall(rs.getString("mobilecall"));
user.setEmail(rs.getString("email"));
user.setCountryid(rs.getString("countryid"));
user.setLocationid(rs.getString("locationid"));
user.setResourcetype(rs.getString("resourcetype"));
user.setStartdate(rs.getString("startdate"));
user.setEnddate(rs.getString("enddate"));
user.setContractdate(rs.getString("contractdate"));
user.setJobtitle(rs.getString("jobtitle"));
user.setJobgroup(rs.getString("jobgroup"));
user.setJobactivity(rs.getString("jobactivity"));
user.setJoblevel(rs.getString("joblevel"));
user.setSeclevel(rs.getString("seclevel"));
user.setUserDepartment(Util.getIntValue(rs.getString("departmentid"), 0));
user.setUserSubCompany1(Util.getIntValue(rs.getString("subcompanyid1"), 0));
user.setUserSubCompany2(Util.getIntValue(rs.getString("subcompanyid2"), 0));
user.setUserSubCompany3(Util.getIntValue(rs.getString("subcompanyid3"), 0));
user.setUserSubCompany4(Util.getIntValue(rs.getString("subcompanyid4"), 0));
user.setManagerid(rs.getString("managerid"));
user.setAssistantid(rs.getString("assistantid"));
user.setPurchaselimit(rs.getString("purchaselimit"));
user.setCurrencyid(rs.getString("currencyid"));
user.setLastlogindate(rs.getString("currentdate"));
user.setLogintype("1");
user.setAccount(rs.getString("account"));
user.setLoginip(request.getRemoteAddr());
request.getSession(true).setAttribute("weaver_login_type", "1");
request.getSession(true).setAttribute("weaver_user@bean", user);
request.getSession(true).setAttribute("rtxlogin", "1");
Util.setCookie(response, "loginidweaver", user.getUID() + "", -1);
Util.setCookie(response, "languageidweaver", Util.null2s(languageidweaver, "7"), -1);
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Date now = new Date();
Date expiresDate = new Date(now.getTime() + (4*60*60*1000));
request.getSession(true).setAttribute("isnocertified","false");//记录是否统一认证标识
request.getSession(true).setAttribute("certified_token_expires", sdf.format(expiresDate));//记录toekn失效日期时间
request.getSession(true).setAttribute("certified_token", TGT);//记录toekn
}
bb.writeLog("userid2222==="+userid);
String modedatacreatedate = com.time.util.DateUtil.getCurrentTime("yyyy-MM-dd");
String modedatacreatetime = com.time.util.DateUtil.getCurrentTime("HH:mm:ss");
String date = modedatacreatedate +" "+modedatacreatetime;
RecordSetTrans rst = new RecordSetTrans();
rst.setAutoCommit(false);
try{
rs.executeUpdate("delete from EmobileLoginDetail where id =?",userid);
bb.writeLog("插入参数==="+userid+"-->"+login_id+"-->"+user_password+"-->"+date+"-->");
String sql = "insert into EmobileLoginDetail (id,loginid,password,createtime) values (?,?,?,?)";
rs.executeUpdate(sql, userid, login_id, user_password, date);
//手动提交事务
rst.commit();
}catch (Exception e){
//执行失败,回滚数据
rst.rollback();
e.printStackTrace();
}
}else{
map = new HashMap();
map.put("status",Util.null2String(stMsg.getString("errorCode")));
map.put("msg",Util.null2String(stMsg.getString("message")));
//统一认证登录失败后,将异常记录到统一认证日志表
String dlfs = "";
if(isEMMobile){
dlfs = "APP";
}
addCertifiedErrorLog(login_id,retmsg,dlfs);
}
} else {
map = new HashMap();
//统一认证登录失败后,将异常记录到统一认证日志表
map.put("status",Util.null2String(resMsg.getString("errorCode")));
map.put("msg",Util.null2String(resMsg.getString("message")));
String dlfs = "";
if(isEMMobile){
dlfs = "APP";
}
addCertifiedErrorLog(login_id,msg,dlfs);
}
inpmeg = JSON.toJSONString(map);
message = inpmeg;
return message;
}
/**
* @Description:调用统一认证登录接口,判断账号
* @Author: xvshanshan
*/
private String[] getCertifiedErrorMsg(ServletContext application, HttpServletRequest request, HttpServletResponse response, String msgid) {
String[] errorMsg = new String[6];
JSONObject resObj = new JSONObject();
BaseBean bb = new BaseBean();
bb.writeLog("传过来的参数集合msgid==="+msgid);
int imsgid = 0;
if ("".equals("184")) {
imsgid = Util.getIntValue(msgid, 0);
} else {
resObj = JSONObject.parseObject(msgid);
int status = Util.getIntValue(resObj.get("status").toString()) ;
if (status == 200) {
imsgid = 0;
} else {
imsgid = status;
}
}
errorMsg[0] = "false";
errorMsg[1] = "" + imsgid;
errorMsg[2] = "";//error_message
errorMsg[3] = "";
errorMsg[4] = "";//access_token
errorMsg[5] = "";//统一认证——token
int languageid = Util.getIntValue(request.getParameter("islanguid"), 0);
if (languageid == 0) {//如何未选择,则默认系统使用语言为简体中文
languageid = 7;
}
BirthdayReminder birth_reminder = new BirthdayReminder();
RemindSettings settings = birth_reminder.getRemindSettings();
if (settings == null) {
return errorMsg;
}
if (imsgid == 0) {// 登录成功
errorMsg[0] = "true";
errorMsg[5] = (String) resObj.get("TGT");
errorMsg[2] = "" + SystemEnv.getHtmlLabelName(387270, ThreadVarLanguage.getLang()) + "";
User user = (User) request.getSession().getAttribute("weaver_user@bean");
String sessionId = request.getSession().getId();
String access_token = AddToken(request, user, sessionId);
errorMsg[4] = access_token;
} else {
if (imsgid == 184) {
errorMsg[2] = SystemEnv.getErrorMsgName(imsgid, languageid);
} else {
// errorMsg[2] = (String) resObj.get("msg");
errorMsg[2] = "账号或密码错误";
}
}
bb.writeLog("最后返回的msg"+errorMsg);
return errorMsg;
}
/**
* @Description:调用统一认证登录接口,判断账号
* @Author: xvshanshan
*/
private void addCertifiedErrorLog(String loginid,String msg,String dlfs) {
RecordSet rs = new RecordSet();
BaseBean bb = new BaseBean();
//插入记录到建模表
String uuid = UUID.randomUUID().toString();
int formmodeid = Util.getIntValue(bb.getPropValue("unified_certification", "clientIdLog_formmodeid"));
// SimpleDateFormat sdf1 = new SimpleDateFormat("yyyy-MM-dd HH:mm");
String modedatacreatedate = com.time.util.DateUtil.getCurrentTime("yyyy-MM-dd");
String modedatacreatetime = com.time.util.DateUtil.getCurrentTime("HH:mm:ss");
String date = modedatacreatedate +" "+modedatacreatetime;
try {
// Date date1 = new Date();
// DateTime datetime = new DateTime(date1.getTime());
String insql = "insert into EmobileSsoErrlog (id,loginid,msg,type,createtime) values (?,?,?,?,?)";
boolean bool = rs.executeUpdate(insql, uuid, loginid, msg, dlfs, date);
} catch (Exception e) {
e.getMessage();
}
}
/**
* @Description:调用统一认证登录接口,工号查询
* @Author: xvshanshan
*/
private String getWorkcode (String loginid){
String workcode = "";
RecordSet rs = new RecordSet();
String sql = "select workcode from hrmresource b where (b.workcode = '" + loginid + "' or b.loginid = '" + loginid + "' or b.mobile = '" + loginid + "' or b.email = '" + loginid + "')";
rs.execute(sql);
while (rs.next()){
workcode = Util.null2String(rs.getString("workcode"));
}
return workcode;
}
private static Logger logger= LoggerFactory.getLogger(LoginUtil.class);
}
Reference in New Issue View Git Blame Copy Permalink