代码拉取完成,页面将自动刷新
/*******************************************************************************
* Copyright (c) 2005, 2014 springside.github.io
*
* Licensed under the Apache License, Version 2.0 (the "License");
*******************************************************************************/
package net.bat.service.account;
import java.util.List;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.bat.dto.LoginInfo;
import net.bat.entity.User;
import net.bat.repository.TaskDao;
import net.bat.repository.UserDao;
import net.bat.service.ServiceException;
import net.bat.service.account.ShiroDbRealm.ShiroUser;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import org.springside.modules.security.utils.Digests;
import org.springside.modules.utils.Clock;
import org.springside.modules.utils.Encodes;
/**
* 用户管理类.
*
* @author calvin
*/
// Spring Service Bean的标识.
@Component
@Transactional
public class AccountService {
public static final String HASH_ALGORITHM = "SHA-1";
public static final int HASH_INTERATIONS = 1024;
private static final int SALT_SIZE = 8;
private static Logger logger = LoggerFactory.getLogger(AccountService.class);
private UserDao userDao;
private TaskDao taskDao;
private Clock clock = Clock.DEFAULT;
public List<User> getAllUser() {
return (List<User>) userDao.findAll();
}
public User getUser(Long id) {
return userDao.findOne(id);
}
public User findUserByLoginName(String loginName) {
return userDao.findByLoginName(loginName);
}
public User findByEmail(String email) {
return userDao.findByEmail(email);
}
public void registerUser(User user) {
entryptPassword(user);
user.setRoles("user");
user.setRegisterDate(clock.getCurrentDate());
userDao.save(user);
}
public void updateUser(User user) {
if (StringUtils.isNotBlank(user.getPlainPassword())) {
entryptPassword(user);
}
userDao.save(user);
}
public void deleteUser(Long id) {
if (isSupervisor(id)) {
logger.warn("操作员{}尝试删除超级管理员用户", getCurrentUserName());
throw new ServiceException("不能删除超级管理员用户");
}
userDao.delete(id);
taskDao.deleteByUserId(id);
}
/**
* 判断是否超级管理员.
*/
private boolean isSupervisor(Long id) {
return id == 1;
}
/**
* 取出Shiro中的当前用户LoginName.
*/
private String getCurrentUserName() {
ShiroUser user = (ShiroUser) SecurityUtils.getSubject().getPrincipal();
return user.loginName;
}
/**
* 设定安全的密码,生成随机的salt并经过1024次 sha-1 hash
*/
public void entryptPassword(User user) {
byte[] salt = Digests.generateSalt(SALT_SIZE);
user.setSalt(Encodes.encodeHex(salt));
byte[] hashPassword = Digests.sha1(user.getPlainPassword().getBytes(), salt, HASH_INTERATIONS);
user.setPassword(Encodes.encodeHex(hashPassword));
}
@Autowired
public void setUserDao(UserDao userDao) {
this.userDao = userDao;
}
@Autowired
public void setTaskDao(TaskDao taskDao) {
this.taskDao = taskDao;
}
public void setClock(Clock clock) {
this.clock = clock;
}
// c4w
public User login(LoginInfo li) {
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(li.username, li.password);
token.setRememberMe(li.rememberMe);
try {
if (currentUser.isAuthenticated()) {
currentUser.logout();
}
currentUser.login(token);
ShiroUser uinf = (ShiroUser) currentUser.getPrincipal();
User user = findUserByLoginName(uinf.loginName);
Session session = currentUser.getSession();
session.setAttribute("username", li.username);
return user;
} catch (UnknownAccountException ex) {
throw new ServiceException("账号错误");
} catch (IncorrectCredentialsException ex) {
throw new ServiceException("密码错误");
} catch (LockedAccountException ex) {
throw new ServiceException("账号已被锁定,请与系统管理员联系");
}
}
/**
* 设定安全的密码,生成随机的salt并经过1024次 sha-1 hash
*/
public boolean validatePassword(User user,String password) {
String oldpassword = user.getPassword();
String newpassword = Encodes.encodeHex(Digests.sha1(password.getBytes(), Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS));
if(oldpassword.equals(newpassword)){
return true;
}else{
return false;
}
}
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。