|
|
@@ -0,0 +1,172 @@
|
|
|
+package common;
|
|
|
+
|
|
|
+import beans.parameter.Parameter;
|
|
|
+import com.alibaba.fastjson.JSONObject;
|
|
|
+import common.data.Row;
|
|
|
+import common.data.Rows;
|
|
|
+import common.data.SQLFactory;
|
|
|
+import common.data.db.DBConnect;
|
|
|
+import common.parameter.parameter;
|
|
|
+import common.restful.Basic;
|
|
|
+import restcontroller.ClientUserInfo;
|
|
|
+import utility.tools.Encryption;
|
|
|
+import utility.tools.WebRequest;
|
|
|
+
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
+import javax.servlet.http.HttpServletResponse;
|
|
|
+import javax.servlet.http.HttpSession;
|
|
|
+import javax.ws.rs.POST;
|
|
|
+import javax.ws.rs.Path;
|
|
|
+import javax.ws.rs.Produces;
|
|
|
+import javax.ws.rs.core.Context;
|
|
|
+import javax.ws.rs.core.MediaType;
|
|
|
+import java.util.ArrayList;
|
|
|
+import java.util.Calendar;
|
|
|
+import java.util.HashMap;
|
|
|
+
|
|
|
+@Path("sso")
|
|
|
+public class sso extends Basic {
|
|
|
+
|
|
|
+ /**
|
|
|
+ * sso登陆合法性校验
|
|
|
+ * @param request
|
|
|
+ * @param response
|
|
|
+ * @param RequestContent
|
|
|
+ * @return
|
|
|
+ * @throws YosException
|
|
|
+ */
|
|
|
+ @Path("eorder/logincheck")
|
|
|
+ @POST
|
|
|
+ @Produces(MediaType.APPLICATION_JSON)
|
|
|
+ public JSONObject ssologincheck(@Context HttpServletRequest request, @Context HttpServletResponse response, String RequestContent) throws YosException {
|
|
|
+ JSONObject requestcontent = null;
|
|
|
+ try {
|
|
|
+ requestcontent = JSONObject.parseObject(JSONObject.parseObject(RequestContent).toJSONString());
|
|
|
+ } catch (Exception e) {
|
|
|
+ return new ReturnObject_Err().setErrMsg("请求正文格式错误,必须为JSONObject格式");
|
|
|
+ }
|
|
|
+ String[] mustkeys = {"accesstoken","accountno"};
|
|
|
+ for (String mustkey : mustkeys) {
|
|
|
+ if (!requestcontent.containsKey(mustkey)) {
|
|
|
+ return new ReturnObject_Err().setErrMsg("json缺少KEY" + mustkey);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ String accesstoken = requestcontent.getString("accesstoken");
|
|
|
+ String accountno = requestcontent.getString("accountno");
|
|
|
+
|
|
|
+ JSONObject object = new JSONObject();
|
|
|
+ object.put("code", 0);
|
|
|
+ object.put("status", 0);
|
|
|
+ object.put("msg", "无效的token");
|
|
|
+ if( parameter.tokenlist.containsKey(accesstoken)){
|
|
|
+ Long usersiteid = parameter.tokenlist.get(accesstoken);
|
|
|
+ Row row = parameter.usersiteIdList.get(usersiteid);
|
|
|
+ if(accountno.equals(row.getString("accountno"))){
|
|
|
+ object.put("code", 1);
|
|
|
+ object.put("status", 1);
|
|
|
+ object.put("msg", "token有效");
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return object;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Path("eorder")
|
|
|
+ @POST
|
|
|
+ @Produces(MediaType.APPLICATION_JSON)
|
|
|
+ public JSONObject loginFromCRM(@Context HttpServletRequest request, @Context HttpServletResponse response, String RequestContent) throws YosException {
|
|
|
+ DBConnect connect = new DBConnect();
|
|
|
+ /**
|
|
|
+ * 验证请求正文是否为规范的SONObject格式
|
|
|
+ */
|
|
|
+ JSONObject requestcontent = null;
|
|
|
+ try {
|
|
|
+ requestcontent = JSONObject.parseObject(RequestContent);
|
|
|
+ } catch (Exception e) {
|
|
|
+ return new ReturnObject_Err().setErrMsg("请求正文格式错误,必须为JSONObject格式");
|
|
|
+ }
|
|
|
+ /**
|
|
|
+ * 验证请求正文中是否包含必填的键值
|
|
|
+ */
|
|
|
+ String[] mustkeys = {"accountno", "password", "systemclient"};
|
|
|
+ for (String mustkey : mustkeys) {
|
|
|
+ if (!requestcontent.containsKey(mustkey)) {
|
|
|
+ return new ReturnObject_Err().setErrMsg("json缺少KEY" + mustkey);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ String accountno = requestcontent.getString("accountno");
|
|
|
+ String inputpassword = requestcontent.getString("password");//即营销宝的accesstoken
|
|
|
+
|
|
|
+ String systemclient = requestcontent.getString("systemclient");//登陆操作端
|
|
|
+ if (connect.runSqlQuery("select * from sys_systemclient where systemclient='" + systemclient + "'").isEmpty()) {
|
|
|
+ return new ReturnObject_Err().setErrMsg("不存在的操作端" + systemclient);
|
|
|
+ }
|
|
|
+
|
|
|
+ boolean passwordVerificationPassed = false;//密码校验是否通过,默认不通过
|
|
|
+ JSONObject yxbtokencheck = new JSONObject();
|
|
|
+ yxbtokencheck.put("accesstoken", inputpassword);
|
|
|
+ yxbtokencheck.put("accountno", accountno);
|
|
|
+ System.err.println(yxbtokencheck.toString());
|
|
|
+ HashMap<String, String> headers =new HashMap<>();
|
|
|
+ headers.put("Content-Type","application/json; charset=utf-8");
|
|
|
+ String body = new WebRequest().doPost(yxbtokencheck.toString(), Parameter.get("crm_sso_login_url" )+ "/logincheck",headers);
|
|
|
+ System.err.println("body:"+body);
|
|
|
+ JSONObject jsonObject = JSONObject.parseObject(body);
|
|
|
+ if (jsonObject.getIntValue("code") == 1) {//token验证有效
|
|
|
+ Rows users = connect.runSqlQuery("select userid,status,failedlogins from sys_users where accountno='" + accountno + "'");
|
|
|
+ if (users.isNotEmpty()) {
|
|
|
+ Row user = users.get(0);
|
|
|
+ String status = user.getString("status");
|
|
|
+ if (status.equalsIgnoreCase("ACTIVE")) {
|
|
|
+ passwordVerificationPassed = true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (passwordVerificationPassed) {
|
|
|
+ SQLFactory usersql = new SQLFactory(this, "账号列表查询");
|
|
|
+ usersql.addParameter("accountno", accountno);
|
|
|
+ usersql.addParameter("systemclient", systemclient);
|
|
|
+ Rows userrows = connect.runSqlQuery(usersql.getSQL());
|
|
|
+ if (userrows.isEmpty()) {
|
|
|
+ JSONObject object = new JSONObject();
|
|
|
+ object.put("code", 0);
|
|
|
+ object.put("msg", "没有为当前账号配分配有效的角色");
|
|
|
+ return object;
|
|
|
+ }
|
|
|
+ ArrayList<String> tokensaveList = new ArrayList<>();
|
|
|
+ long userid = 0;
|
|
|
+ HttpSession session = request.getSession(true);
|
|
|
+ for (Row userrow : userrows) {
|
|
|
+ userid = userrow.getLong("userid");//用户id
|
|
|
+ long usersiteid = userrow.getLong("usersiteid");//用户角色id
|
|
|
+ String usertoken = Encryption.Encode_MD5(accountno + inputpassword + userid + usersiteid + Calendar.getInstance().getTimeInMillis());
|
|
|
+
|
|
|
+ userrow.put("token", usertoken);
|
|
|
+ userrow.put("logintime", BaseClass.dateTimeFormat.format(Calendar.getInstance().getTime()));
|
|
|
+ userrow.put("systemclient", systemclient);
|
|
|
+ userrow.put("ip", WebRequest.getRequestIP(request));
|
|
|
+ userrow.put("useragent", WebRequest.getUserAgent(request));
|
|
|
+ userrow.putAll(ClientUserInfo.setLoginReturn(usersiteid, userrow));
|
|
|
+ parameter.usersiteIdList.put(usersiteid, userrow);
|
|
|
+ parameter.tokenlist.put(usertoken, usersiteid);
|
|
|
+ parameter.tokenSessionidlist.put(usertoken, session.getId());
|
|
|
+ parameter.tokensystemclientlist.put(usertoken, systemclient);
|
|
|
+ tokensaveList.add("update sys_usersite set sessionid='" + session.getId() + "', accesstoken='" + usertoken + "',systemclient='" + systemclient + "' where userid=" + userid + " and usersiteid=" + usersiteid);
|
|
|
+ }
|
|
|
+ connect.runSqlUpdate(tokensaveList);
|
|
|
+ connect.runSqlUpdate("update sys_users set failedlogins=0 where accountno='" + accountno + "'");
|
|
|
+ JSONObject object = new JSONObject();
|
|
|
+ object.put("code", 1);
|
|
|
+ object.put("msg", "成功");
|
|
|
+ object.put("account_list", userrows.toJsonArray());
|
|
|
+ return object;
|
|
|
+ } else {
|
|
|
+ JSONObject object = new JSONObject();
|
|
|
+ object.put("code", 0);
|
|
|
+ object.put("msg", "用户名或密码错误");
|
|
|
+ return object;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+}
|
