上一节讲到登录界面我们只需要调用/login得post请求就可以实现登录,登录需要传得参数有username,password,encrypted(表示密码是否加密了),在fineUI框架中密码加密是通过BI.Providers.getProvider("dec.provider.cipher").getCipher(this.getValue())来加密得。
它得代码如下:
BI.provider("dec.provider.cipher",
function () {
var t = function (e) {
return BI.aesEncrypt(e, Dec.system.frontSeed)
//return Dec.system.transmissionEncryption === DecCst.System.Encryption.Mode.SM4 ? BI.SM4.ecbEncrypt(e, Dec.system.frontSM4Key) : BI.aesEncrypt(e, Dec.system.frontSeed)
}, i = function (e) {
return BI.aesDecrypt(e, Dec.system.frontSeed)
//return Dec.system.transmissionEncryption === DecCst.System.Encryption.Mode.SM4 ? BI.SM4.ecbDecrypt(e, Dec.system.frontSM4Key) : BI.aesDecrypt(e, Dec.system.frontSeed)
};
this.encrypt = function (e) { t = e },
this.decrypt = function (e) { i = e },
this.$get = function () {
return BI.inherit(BI.OB, {
getCipher: function (e) {
return t(e)
},
getPlain: function (e) {
return i(e)
}
})
}
}),
aesEncrypt方法为:
aesEncrypt: function (text, key) {
key = CryptoJS.enc.Utf8.parse(key);
var cipher = CryptoJS.AES.encrypt(text, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
var base64Cipher = cipher.ciphertext.toString(CryptoJS.enc.Base64);
return base64Cipher;
}
当我们参数准备好之后,调用ajax POST请求到/login,就会进入到LoginResource的login方法中,方法如下:
@RequestMapping(
value = {"/login"},
method = {RequestMethod.POST}
)
@ResponseBody
@DeviceBinding(
autoBindFirstDevice = true
)
public Response login(HttpServletRequest req, HttpServletResponse res, @RequestBody LoginRequestInfoBean loginRequestInfoBean) throws Exception {
try {
LoginResponseInfoBean responseInfoBean = LoginService.getInstance().login(req, res, loginRequestInfoBean);
EventDispatcher.fire(LogInOutEvent.LOGIN, new LogInOutResultInfo(req, res, loginRequestInfoBean.getUsername(), true));
return Response.ok(responseInfoBean);
} catch (Exception var5) {
EventDispatcher.fire(LogInOutEvent.LOGIN, new LogInOutResultInfo(req, res, loginRequestInfoBean.getUsername(), false));
throw var5;
}
}
1 调用LoginService的login来登录。它的login方法如下:
@Metrics
public LoginResponseInfoBean login(HttpServletRequest req, HttpServletResponse res, LoginRequestInfoBean loginReqInfo) throws Exception {
String password = TransmissionTool.decrypt(loginReqInfo.isEncrypted(), loginReqInfo.isSupportCustomEncrypt(), loginReqInfo.getPassword());
String username = loginReqInfo.getUsername();
if (WebServiceUtils.containSQLChars(username)) {
throw new SpecialCharProhibitException();
} else {
Device device = NetworkHelper.getDevice(req);
String ip = WebServiceUtils.getIpInfoFromRequest(req);
SliderVerificationService.getInstance().dealWithSliderVerification(device, ip, loginReqInfo.getSliderToken());
User user = UserService.getInstance().getUserByUserName(username);
if (user == null) {
SliderVerificationService.getInstance().addErrorCount(ip);
throw new UserLoginException();
} else {
TerminalHandler terminal = TerminalHandler.getTerminal(req, device);
AuthenticController authenticController = ControllerFactory.getInstance().getAuthenticController(user.getId());
this.doUserAuthentication(authenticController, user, password, device, ip, terminal);
long tokenTimeout = this.getTokenTimeOutByValidity(loginReqInfo.getValidity());
String token = JwtUtils.createDefaultJWT(user.getUserName(), user.getDisplayName(), tokenTimeout);
authenticController.verifySingleLoginStatus(user.getUserName(), terminal, token, loginReqInfo.getMacAddress());
if (authenticController.passwordChangeable(user)) {
PasswordStrategyService.getInstance().checkPasswordNeedUpdate(user, token);
PasswordStrategyService.getInstance().checkPasswordStrength(password, username, token);
}
if (this.needLoginVerification(device)) {
throw new UnverifiedCaptchaException(token);
} else {
RegisterService.getInstance().checkLicExpireSoon(user);
OriginUrlResponseBean url = this.getOriginUrlResponse(loginReqInfo.getOrigin());
LoginClientBean clientBean = new LoginClientBean(req, device, terminal);
clientBean.setUsername(user.getUserName());
clientBean.setToken(token);
clientBean.setValidity(loginReqInfo.getValidity());
clientBean.setUserId(user.getId());
clientBean.setMacAddress(loginReqInfo.getMacAddress());
authenticController.logoutSingleLoginInvalidUser(user.getUserName(), terminal, loginReqInfo.getMacAddress());
this.addLoginStatus(token, clientBean, tokenTimeout);
this.checkServerInitStatus();
this.createLoginMessage(ip, user.getUserName(), user.getId());
if (ServerConfig.getInstance().isTokenFromCookie()) {
this.writeToken2Cookie(res, token, loginReqInfo.getValidity());
}
return new LoginResponseInfoBean(token, url, user.getUserName(), loginReqInfo.getValidity());
}
}
}
}
1 解密密码
2 检查用户名是否有sql注入字符
3 根据用户名获取用户
4 使用JwtUtils来创建token,
5 设置相关信息返回给前端
返回到前端页面,前端做如下处理:
BI.Cache.addCookie(DecCst.Cookie.REMEMBER_LOGIN, e.validity, Dec.loginConfig.cookiePath, i),
BI.Cache.addCookie(DecCst.Cookie.TOKEN, e.accessToken, Dec.loginConfig.cookiePath, i),
window.location.href = e.originUrl
将相关信息写到cookie里,页面定位到最初打开的地址上。
|