登录密码输错次数，上次登录时间，拦截

sso-server/pom.xml

@@ -138,13 +138,16 @@
 				</configuration>
 			</plugin>
 			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-compiler-plugin</artifactId>
-				<configuration>
-					<encoding>${project.build.sourceEncoding}</encoding>
-					<source>1.7</source>
-					<target>1.7</target>
-				</configuration>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.7</source>
+                    <target>1.7</target>
+                    <compilerArguments>
+                        <verbose />
+                        <bootclasspath>${java.home}\lib\rt.jar;${java.home}\lib\jce.jar</bootclasspath>
+                    </compilerArguments>
+                </configuration>
 			</plugin>
 			<plugin>
 				<artifactId>maven-resources-plugin</artifactId>

sso-server/src/main/java/com/uas/sso/SSOConfiguration.java

@@ -0,0 +1,81 @@
+package com.uas.sso;
+
+import com.uas.sso.profile.Test;
+import com.uas.sso.web.AccountConfigurer;
+import com.uas.sso.filter.SSOInterceptor;
+import com.uas.sso.profile.Dev;
+import com.uas.sso.profile.Prod;
+import com.uas.sso.util.ContextUtils;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+import java.util.Properties;
+
+
+/**
+ * SSOconfig 配置
+ *
+ * @author hejq
+ */
+@Configuration
+public class SSOConfiguration extends WebMvcConfigurerAdapter {
+
+    @Autowired
+    private SSOInterceptor ssoInterceptor;
+
+    private Logger logger = Logger.getLogger(this.getClass());
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+
+        /**
+         * SSO过滤, 这个地方拦截配置
+         */
+        registry.addInterceptor(ssoInterceptor).addPathPatterns("/**").
+                excludePathPatterns("/sso/*/register/**", "/sso/login/**", "/api/user/**", "/api/userspace/**");
+
+    }
+
+    @Bean
+    @Dev
+    public AccountConfigurer devAccountConfigurer() {
+        return accountConfigurer("dev");
+    }
+
+    @Bean
+    @Test
+    public AccountConfigurer testAccountConfigurer() {
+        return accountConfigurer("test");
+    }
+
+    @Bean
+    @Prod
+    public AccountConfigurer prodAccountConfigurer() {
+        return accountConfigurer("prod");
+    }
+
+    /**
+     * 获取当前环境下的配置
+     *
+     * @param profile
+     * @return
+     */
+    private AccountConfigurer accountConfigurer(String profile) {
+        AccountConfigurer accountConfigurer = new AccountConfigurer();
+        accountConfigurer.setApplicationContext(ContextUtils.getApplicationContext());
+        Properties properties = new Properties();
+        String configPath = profile + "/account.properties";
+        logger.info("***: " + configPath);
+        try {
+            properties.load(this.getClass().getClassLoader().getResourceAsStream(configPath));
+        } catch (Throwable e) {
+            throw new IllegalStateException("配置加载失败" + configPath);
+        }
+        accountConfigurer.initProperties(properties);
+        return accountConfigurer;
+    }
+}

sso-server/src/main/java/com/uas/sso/controller/LoginController.java

@@ -23,7 +23,6 @@ import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.ServletException;
@@ -52,7 +51,6 @@ public class LoginController extends BaseController {
     private UserAccountService userAccountService;
 
     @RequestMapping(method = RequestMethod.POST)
-    @ResponseBody
     public ModelMap login() {
         // 获取登录信息
         WafRequestWrapper wr = new WafRequestWrapper(request);
@@ -108,7 +106,7 @@ public class LoginController extends BaseController {
         // 校验密码
         String encryPwd = userService.getEncryPassword(Const.ENCRY_FORMAT, password, user.getSalt());
         if (!encryPwd.equals(user.getPassword())) {
-            inputErrorPwd(user);
+            inputErrorPwd(user.getUserRecord());
             return error("您输入的账号或密码有误");
         }
 
@@ -128,7 +126,7 @@ public class LoginController extends BaseController {
 
             // 应用允许个人账号，并且账号未绑定企业，或者只绑定了一个企业，直接登录
             if (userAccounts.size() == 1) {
-                return loginByUser(userAccounts.get(0), returnUrl);
+                return loginByUser(userAccounts.get(0), returnUrl, user.getUserRecord());
             }
 
             // 返回企业id和名称
@@ -136,22 +134,37 @@ public class LoginController extends BaseController {
         } else if (spaceUU.equals(Const.SPACEUU_PERSONAL)) {
             // 使用个人账号登录
             UserAccount userAccount = getUserAccountByUserName(controlApp.getUid(), username, null);
-            return loginByUser(userAccount, returnUrl);
+            return loginByUser(userAccount, returnUrl, user.getUserRecord());
         } else {
             // 带企业登录
             UserAccount userAccount = getUserAccountByUserName(controlApp.getUid(), username, spaceUU);
-            return loginByUser(userAccount, returnUrl);
+            return loginByUser(userAccount, returnUrl, user.getUserRecord());
         }
     }
 
-    private void inputErrorPwd(User user) {
-        UserRecord userRecord = user.getUserRecord();
+    /**
+     * 密码输错处理
+     *
+     * @param userRecord 用户登录记录
+     * @return
+     */
+    private int inputErrorPwd(UserRecord userRecord) {
+        // 密码输错次数+1
         int pwdErrorCount = userRecord.getPwdErrorCount();
         userRecord.setPwdErrorCount(++pwdErrorCount);
         userService.save(userRecord);
-    }
 
+        // 设置返回值
+        return pwdErrorCount;
+    }
 
+    /**
+     * 根据用户名获得用户账号信息
+     *
+     * @param appId 应用
+     * @param username 用户名
+     * @return
+     */
     private List<UserAccount> getUserAccountByUserName(String appId, String username) {
         String type = AccountTypeUtils.getAccountType(username);
         if (AccountTypeUtils.MOBILE.equals(type)) {
@@ -171,6 +184,14 @@ public class LoginController extends BaseController {
         return null;
     }
 
+    /**
+     * 根据用户名和企业uu找到用户信息
+     *
+     * @param appId 应用
+     * @param username 用户名
+     * @param spaceUU 企业uu号
+     * @return
+     */
     private UserAccount getUserAccountByUserName(String appId, String username, String spaceUU) {
         String type = AccountTypeUtils.getAccountType(username);
         if (AccountTypeUtils.MOBILE.equals(type)) {
@@ -195,34 +216,31 @@ public class LoginController extends BaseController {
      *
      * @param userAccount 用户账号信息
      * @param returnUrl 跳转url
+     * @param userRecord 用户登录记录，便于记录登录时间，不能直接new出来
      * @return
      */
-    private ModelMap loginByUser(UserAccount userAccount, String returnUrl) {
-        if (StringUtils.isEmpty((userAccount.getPassword()))) {
-            // 使用错误码100来判断
-            return error("100", "未设置密码");
-        } else {
-            // 登录
-            /*
-             * 设置登录 Cookie 最后一个参数 true 时添加 cookie 同时销毁当前 JSESSIONID
-             * 创建信任的 JSESSIONID
-             */
-            SSOToken st = new SSOToken(request, userAccount.getMobile());
-            st.setData(JSON.toJSONString(userAccount));
-            SSOHelper.setSSOCookie(request, response, st, true);
-
-            // 通知各个应用用户已经登录
-            ModelMap data = new ModelMap();
-            data = addOtherAppRequestData(userAccount, data, request.getSession().getAttribute("baseUrl"), true);
-            data.put("returnUrl", HttpUtil.decodeURL(returnUrl));
-            return success(data);
-        }
+    private ModelMap loginByUser(UserAccount userAccount, String returnUrl, UserRecord userRecord) {
+        /*
+         * 设置登录 Cookie 最后一个参数 true 时添加 cookie 同时销毁当前 JSESSIONID
+         * 创建信任的 JSESSIONID
+         */
+        SSOToken st = new SSOToken(request, userAccount.getMobile());
+        st.setData(JSON.toJSONString(userAccount));
+        SSOHelper.setSSOCookie(request, response, st, true);
+
+        // 设置登录时间
+        userRecord.setLastLoginTime(System.currentTimeMillis());
+        userService.save(userRecord);
+
+        // 设置返回值，通知各个应用用户已经登录
+        ModelMap data = new ModelMap();
+        data = addOtherAppRequestData(userAccount, data, request.getSession().getAttribute("baseUrl"), true);
+        data.put("returnUrl", HttpUtil.decodeURL(returnUrl));
+        return success(data);
     }
 
     private ModelMap addOtherAppRequestData(UserAccount userAccount, ModelMap data, Object loginUrl,
                                             boolean isLoginAll) {
-        // 需要通知的应用数量
-        int count = 0;
         List<App> apps = appService.findAll();
         List<String> loginUrls = new ArrayList<>();
         boolean hasLoginUrl = false;
@@ -235,17 +253,14 @@ public class LoginController extends BaseController {
                     hasLoginUrl = true;
                 }
                 loginUrls.add(app.getLoginUrl());
-                count++;
             }
         }
 
         // 添加baseUrl
         if (!hasLoginUrl && !StringUtils.isEmpty(loginUrl)) {
             loginUrls.add(loginUrl.toString());
-            count++;
         }
 
-        data.put("count", count);
         data.put("loginUrls", loginUrls);
 
         // 添加传递数据
@@ -282,8 +297,7 @@ public class LoginController extends BaseController {
         return new ModelMap("spaces", spaces);
     }
 
-    @RequestMapping(value = "/checkcode", method = RequestMethod.GET)
-    @ResponseBody
+    @RequestMapping(value = "/checkCode", method = RequestMethod.GET)
     public void checkCode() {
         try {
             CaptchaUtil.outputCaptcha(request, response);
@@ -293,4 +307,18 @@ public class LoginController extends BaseController {
             e.printStackTrace();
         }
     }
+
+    /**
+     * 获得密码输错次数
+     *
+     * @param username 用户名
+     * @return
+     */
+    @RequestMapping(value = "/getPwdErrorCount", method = RequestMethod.GET)
+    public ModelMap getPwdErrorCount(String username) {
+        if (StringUtils.isEmpty(username)) {
+            return error("用户名不能为空");
+        }
+        return success(userService.getPwdErrorCount(username));
+    }
 }

sso-server/src/main/java/com/uas/sso/controller/ResetPasswordController.java

@@ -0,0 +1,22 @@
+package com.uas.sso.controller;
+
+import com.uas.sso.service.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * 重置密码controller
+ *
+ * @author wangmh
+ * @date 2018/1/9.
+ */
+@RestController
+@RequestMapping(name = "/sso/resetPwd")
+public class ResetPasswordController extends BaseController {
+
+    @Autowired
+    private UserService userService;
+
+
+}

sso-server/src/main/java/com/uas/sso/entity/UserRecord.java

@@ -24,6 +24,10 @@ public class UserRecord implements Serializable {
     @Column(name = "pwd_error_count", nullable = false)
     private int pwdErrorCount;
 
+    public UserRecord() {
+        this.pwdErrorCount = 0;
+    }
+
     public Long getId() {
         return id;
     }
@@ -32,12 +36,12 @@ public class UserRecord implements Serializable {
         this.id = id;
     }
 
-    public Timestamp getLastLoginTime() {
-        return lastLoginTime;
+    public long getLastLoginTime() {
+        return lastLoginTime.getTime();
     }
 
-    public void setLastLoginTime(Timestamp lastLoginTime) {
-        this.lastLoginTime = lastLoginTime;
+    public void setLastLoginTime(long lastLoginTime) {
+        this.lastLoginTime = new Timestamp(lastLoginTime);
     }
 
     public int getPwdErrorCount() {

sso-server/src/main/java/com/uas/sso/filter/SSOInterceptor.java

@@ -0,0 +1,58 @@
+package com.uas.sso.filter;
+
+import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
+import com.uas.sso.entity.UserAccount;
+import com.uas.sso.support.SystemSession;
+import com.uas.sso.util.FastjsonUtils;
+import com.uas.sso.web.spring.AbstractSSOInterceptor;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 登录拦截
+ *
+ * @author wangmh
+ * @date 2018/1/9.
+ */
+@Component
+public class SSOInterceptor extends AbstractSSOInterceptor {
+
+    @Override
+    protected boolean onAuthenticateFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
+        return false;
+    }
+
+    @Override
+    protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
+        UserAccount userAccount = (UserAccount) request.getSession().getAttribute("userAccount");
+        if (userAccount == null) {
+            SSOToken token = SSOHelper.attrToken(request);
+            userAccount = getUserByToken(token);
+            if (userAccount != null) {
+                request.getSession().setAttribute("userAccount", userAccount);
+            }
+        }
+        if (userAccount != null) {
+            SystemSession.setUserAccount(userAccount);
+        }
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+            throws Exception {
+        super.afterCompletion(request, response, handler, ex);
+        SystemSession.clear();
+    }
+
+    private UserAccount getUserByToken(SSOToken token) {
+        UserAccount userAccount = null;
+        if (token != null && !StringUtils.isEmpty(token.getData())) {
+            userAccount = FastjsonUtils.fromJson(token.getData(), UserAccount.class);
+        }
+        return userAccount;
+    }
+}

sso-server/src/main/java/com/uas/sso/profile/Dev.java

@@ -0,0 +1,11 @@
+package com.uas.sso.profile;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Target;
+
+/**
+ * created by shicr on 2017/11/23
+ **/
+@Target({ElementType.TYPE,ElementType.METHOD})
+public @interface Dev {
+}

sso-server/src/main/java/com/uas/sso/profile/Prod.java

@@ -0,0 +1,7 @@
+package com.uas.sso.profile;
+
+/**
+ * created by shicr on 2017/11/23
+ **/
+public @interface Prod {
+}

sso-server/src/main/java/com/uas/sso/profile/Test.java

@@ -0,0 +1,7 @@
+package com.uas.sso.profile;
+
+/**
+ * created by shicr on 2017/11/23
+ **/
+public @interface Test {
+}

sso-server/src/main/java/com/uas/sso/service/impl/UserServiceImpl.java

@@ -80,6 +80,7 @@ public class UserServiceImpl implements UserService {
         user.setEmailValidCode((short) Status.NOT_APPLYING.getCode());
         user.setIdentityValidCode((short) Status.NOT_APPLYING.getCode());
         user.setPassword(getEncryPassword(Const.ENCRY_FORMAT, user.getPassword(), user.getSalt()));
+        user.setUserRecord(new UserRecord());
 
         userDao.save(user);
         userLog.info(user, Type.UPDATE_REGISTER.getValue());
@@ -149,10 +150,11 @@ public class UserServiceImpl implements UserService {
 
     @Override
     public int getPwdErrorCount(String username) {
-        String type = AccountTypeUtils.getAccountType(username);
-        User user = null;
-
-        if (user == null || user.getUserRecord() == null) {
+        User user = findByUsername(username);
+        if (user == null) {
+            throw new VisibleError("用户名不存在");
+        }
+        if (user.getUserRecord() == null) {
             return 0;
         }
         return user.getUserRecord().getPwdErrorCount();

sso-server/src/main/java/com/uas/sso/util/CaptchaUtil.java

@@ -87,10 +87,6 @@ public class CaptchaUtil {
         g.fillRect(0, 0, width, height);
         g.setColor(reverse);
         g.drawString(randomString, 18, 20);
-//        for (int i = 0, n = random.nextInt(100); i < n; i++)
-//        {
-//            g.drawRect(random.nextInt(width), random.nextInt(height), 1, 1);
-//        }
 
         // 转成JPEG格式
         ServletOutputStream out = response.getOutputStream();

sso-server/src/main/resources/dev/account.properties

@@ -0,0 +1,12 @@
+### sso config
+sso.app=sso
+# token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+#sso.cookie.domain=ubtob.com
+sso.cookie.secure=false
+sso.login.url=/sso/login
+
+### crossdomain verify
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==
+sso.center.private_key=MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvaDsIR+49m0QPLsjPkAvqLBsdl7BYZQFhRbEqcUDABbiVjyYxq+fkp7mYHbl4qPlu9SwHjyvyBZO8k2wpEYTDwIDAQABAj9Ts7SG6nm6TGneZLwpvitLSpSVqz2w1KWbGXG1fkDUyIJbNbyLmFTNAlfAgM4eC3EzVHVC3FrC+5sl4Fwn2PECIQDn9zz0xFmSQt8csMhu7jyh4UNDA3P11C9AkzaLykYNtwIhANFGtu9TJH2wZNfSA0qBNCgcyJJHXx59VTtih0R+6SVpAiEAmknpwoiDZ3SRQF0ZxCc0LxxNB9rZG475qwMACfUNqXsCIQCWLpAjSWA7jrWfp8fS1MvQKW/KgcuB/uGGf1uhTQ4VWQIhAJ6xJuj+eJAV2gsRDDjNSkD+Jm4qNaZ5ec/XnM7w2YcZ

sso-server/src/main/resources/prod/account.properties

@@ -0,0 +1,12 @@
+### sso config
+sso.app=sso
+# token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.domain=ubtob.com
+sso.cookie.secure=false
+sso.login.url=/sso/login
+
+### crossdomain verify
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==
+sso.center.private_key=MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvaDsIR+49m0QPLsjPkAvqLBsdl7BYZQFhRbEqcUDABbiVjyYxq+fkp7mYHbl4qPlu9SwHjyvyBZO8k2wpEYTDwIDAQABAj9Ts7SG6nm6TGneZLwpvitLSpSVqz2w1KWbGXG1fkDUyIJbNbyLmFTNAlfAgM4eC3EzVHVC3FrC+5sl4Fwn2PECIQDn9zz0xFmSQt8csMhu7jyh4UNDA3P11C9AkzaLykYNtwIhANFGtu9TJH2wZNfSA0qBNCgcyJJHXx59VTtih0R+6SVpAiEAmknpwoiDZ3SRQF0ZxCc0LxxNB9rZG475qwMACfUNqXsCIQCWLpAjSWA7jrWfp8fS1MvQKW/KgcuB/uGGf1uhTQ4VWQIhAJ6xJuj+eJAV2gsRDDjNSkD+Jm4qNaZ5ec/XnM7w2YcZ

sso-server/src/main/resources/test/account.properties

@@ -0,0 +1,12 @@
+### sso config
+sso.app=sso
+# token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+#sso.cookie.domain=ubtob.com
+sso.cookie.secure=false
+sso.login.url=/sso/login
+
+### crossdomain verify
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==
+sso.center.private_key=MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvaDsIR+49m0QPLsjPkAvqLBsdl7BYZQFhRbEqcUDABbiVjyYxq+fkp7mYHbl4qPlu9SwHjyvyBZO8k2wpEYTDwIDAQABAj9Ts7SG6nm6TGneZLwpvitLSpSVqz2w1KWbGXG1fkDUyIJbNbyLmFTNAlfAgM4eC3EzVHVC3FrC+5sl4Fwn2PECIQDn9zz0xFmSQt8csMhu7jyh4UNDA3P11C9AkzaLykYNtwIhANFGtu9TJH2wZNfSA0qBNCgcyJJHXx59VTtih0R+6SVpAiEAmknpwoiDZ3SRQF0ZxCc0LxxNB9rZG475qwMACfUNqXsCIQCWLpAjSWA7jrWfp8fS1MvQKW/KgcuB/uGGf1uhTQ4VWQIhAJ6xJuj+eJAV2gsRDDjNSkD+Jm4qNaZ5ec/XnM7w2YcZ