Commit 04dccee6 by WeiCong

1.登陆界面得验证码增加了干扰因子

2.登陆密码传输由原来得对称算法,改成了非对称
parent 02d7cc76
...@@ -2,6 +2,7 @@ package cn.com.brilliance.eibs.auth; ...@@ -2,6 +2,7 @@ package cn.com.brilliance.eibs.auth;
import log.Log; import log.Log;
import log.LogFactory; import log.LogFactory;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.dbutils.DbUtils; import org.apache.commons.dbutils.DbUtils;
import org.sss.common.impl.AbstractLoginContext; import org.sss.common.impl.AbstractLoginContext;
import org.sss.common.impl.MenuItemImpl; import org.sss.common.impl.MenuItemImpl;
...@@ -9,11 +10,14 @@ import org.sss.common.model.IContext.DataType; ...@@ -9,11 +10,14 @@ import org.sss.common.model.IContext.DataType;
import org.sss.common.model.IFilter; import org.sss.common.model.IFilter;
import org.sss.common.model.IMenuItem; import org.sss.common.model.IMenuItem;
import org.sss.presentation.noui.api.response.ErrorCode; import org.sss.presentation.noui.api.response.ErrorCode;
import org.sss.presentation.noui.util.AESUtil;
import org.sss.presentation.noui.util.NoUiUtils; import org.sss.presentation.noui.util.NoUiUtils;
import org.sss.presentation.noui.util.StringUtil; import org.sss.presentation.noui.util.StringUtil;
import org.sss.util.ContainerUtils; import org.sss.util.ContainerUtils;
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.*; import java.sql.*;
import java.time.Duration; import java.time.Duration;
import java.time.LocalDateTime; import java.time.LocalDateTime;
...@@ -66,6 +70,8 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext { ...@@ -66,6 +70,8 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
//连续多次输入密码重置 //连续多次输入密码重置
private static int maxfltcnt = 5; private static int maxfltcnt = 5;
private static final String privateKey="MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALTHSCdzrBYyWReFrasVB+ehvfOg/34nTPPNSJsTlr0vqwvVohhqhnlBtIGE1g1//stMcAso8CevpCnN5/cOiwubzFhm1dRsyQmmkiMzH68sNx8+h87X/XeKpWIVSswc2Z3nMMV8zTDK8KhpPJwVRIQ5CqPdiYpQoDhBB5POiWPdAgMBAAECgYAxYCzI+cMK3P2QeyaQD9J05axoGpUt87YE8RDfql4Fljt1pAf9+zp3bAbNSWbdkRQamuoPYkMV09dWw7KTvBklwQe91llTF3eHXKXmI5M+NJtlfmk2aeJCwmb8LtFyIMb3ocgvni5es/jEd/UTzZvzZpbkR+aD5aiXEC/wFCNJUQJBANfQuCDO2d7MIfv36DKbGJ25oqX/e2B/GWDhNGb3F4BqN+3MkFw21MAP3OlW/nu0XgyRLVzw8pm6E6WlBR3GPGMCQQDWcHVWr7fIeQ9sLAKwhe+D4k/kPElaptxoqzMIWNcweG5fc2eMvJ5BHh081B0h4+KiLE6lgvitZU2c8aCm/TK/AkAuJ7U5TwPJYl7iRGKkcAcTtF/UoI8CVCxZS9CpNK8SB6VudhFpp1BYwwu7258RVcHHbkUFW4KG3gTVqDUv6PWBAkEAsuD6sMZB68Q4vkZ0M+Z2JzDI7h3wHuOkZtew6VyanT9I6uysy3SoGq/ROeXDK3samaeWL3DymkowFSRmnAYIpwJABliTTManT9rkQx+sahGwGKInAClxl3Po5XB8ST/75xkSobYAVaV8kgrxE4u4DJxbomBUWeT7oOOhX2vODMhuZg==";
static { static {
init(); init();
} }
...@@ -104,13 +110,28 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext { ...@@ -104,13 +110,28 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
return ""; return "";
} }
try { try {
pwd = AESUtil.decryptAES(pwd,verifycode); // pwd = AESUtil.decryptAES(pwd,verifycode);
pwd = decrypt(pwd);
} catch (Exception e) { } catch (Exception e) {
log.warn("密码解密失败,使用原密码"); log.warn("密码解密失败,使用原密码");
} }
return pwd; return pwd;
} }
public static String decrypt(String pwd) throws Exception{
pwd=pwd.replaceAll("%2B","+");
//64位解码加密后的字符串
byte[] inputByte = org.apache.commons.codec.binary.Base64.decodeBase64(pwd.getBytes("UTF-8"));
//base64编码的私钥
byte[] decoded = Base64.decodeBase64(privateKey);
RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded));
//RSA解密
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, priKey);
String outStr = new String(cipher.doFinal(inputByte),"UTF-8");
return outStr;
}
//偏移 头4 尾7 //偏移 头4 尾7
private static String convert(String str) { private static String convert(String str) {
if(str.length()==1){ if(str.length()==1){
......
...@@ -31,14 +31,18 @@ public class VerifyCodeCreateController { ...@@ -31,14 +31,18 @@ public class VerifyCodeCreateController {
private static final int width = 100;//验证码图片宽度 private static final int width = 100;//验证码图片宽度
private static final int height = 50;//验证码图片高度 private static final int height = 50;//验证码图片高度
private static final int vcsessionout = 120;//验证码超时时间 private static final int vcsessionout = 120;//验证码超时时间
final float yawpRate = 0.05f;// 噪声率
final int area = (int) (yawpRate * width * height);
final int fontSize = height - 4;
final Random r = new Random();
@Autowired @Autowired
private NoUiVersion noUiVersion; private NoUiVersion noUiVersion;
@ResponseBody @ResponseBody
@RequestMapping(value ="/version", method = RequestMethod.GET) @RequestMapping(value = "/version", method = RequestMethod.GET)
public Object version(HttpServletRequest request, HttpServletResponse response) { public Object version(HttpServletRequest request, HttpServletResponse response) {
Map<String,Object> retDatamap=new HashMap<>(); Map<String, Object> retDatamap = new HashMap<>();
retDatamap.put("fieldencode", NoUiUtils.fieldencode); retDatamap.put("fieldencode", NoUiUtils.fieldencode);
return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap, noUiVersion.getVersion()); return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap, noUiVersion.getVersion());
} }
...@@ -52,39 +56,71 @@ public class VerifyCodeCreateController { ...@@ -52,39 +56,71 @@ public class VerifyCodeCreateController {
* 绘画验证码 * 绘画验证码
*/ */
private void drawVerifyCode(HttpServletRequest request, HttpServletResponse response) { private void drawVerifyCode(HttpServletRequest request, HttpServletResponse response) {
Graphics2D g=null; Graphics2D g = null;
try { try {
Random r = new Random();
BufferedImage bi = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); BufferedImage bi = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
g = bi.createGraphics(); g = bi.createGraphics();
g.setBackground(new Color(200, 150, 255)); g.setBackground(new Color(200, 150, 255));
g.fillRect(0, 0, width, height); g.fillRect(0, 0, width, height);
//绘制干扰线
g.setColor(new Color(r.nextInt(88), r.nextInt(188), r.nextInt(255)));
for (int i = 0; i < 20; i++) {
int x = r.nextInt(width - 1);
int y = r.nextInt(height - 1);
int xl = r.nextInt(6) + 1;
int yl = r.nextInt(12) + 1;
g.drawLine(x, y, x + xl + 40, y + yl + 20);
}
// 添加噪点
for (int i = 0; i < area; i++) {
int x = r.nextInt(width);
int y = r.nextInt(height);
int rgb = getRandomIntColor();
bi.setRGB(x, y, rgb);
}
StringBuilder codes = new StringBuilder(); StringBuilder codes = new StringBuilder();
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
String code = STR.charAt(r.nextInt(STR.length())) + ""; String code = STR.charAt(r.nextInt(STR.length())) + "";
g.setColor(new Color(r.nextInt(88), r.nextInt(188), r.nextInt(255))); g.setColor(new Color(r.nextInt(88), r.nextInt(188), r.nextInt(255)));
Font font = new Font("Times New Roman", Font.ITALIC, r.nextInt(1)*7+30); Font font = new Font("Times New Roman", Font.ITALIC, fontSize);
g.setFont(font); g.setFont(font);
g.drawString(code, (i * 18) + 10, 30); g.drawString(code, (i * 18) + 10, 30);
codes.append(code); codes.append(code);
} }
StringBuilder key=new StringBuilder(codes); StringBuilder key = new StringBuilder(codes);
if(!StringUtil.isEmpty(request.getRemoteAddr())){ if (!StringUtil.isEmpty(request.getRemoteAddr())) {
key.append(request.getRemoteAddr()); key.append(request.getRemoteAddr());
} }
String kb=key.toString().toLowerCase(); String kb = key.toString().toLowerCase();
log.info("key==="+kb); log.info("key===" + kb);
RedisUtil.set(kb, codes.toString(),vcsessionout); RedisUtil.set(kb, codes.toString(), vcsessionout);
// request.getSession().setAttribute(Constants.VERIFYCODE, codes.toString()); // request.getSession().setAttribute(Constants.VERIFYCODE, codes.toString());
ImageIO.write(bi, "JPG", response.getOutputStream()); ImageIO.write(bi, "JPG", response.getOutputStream());
} catch (Exception e) { } catch (Exception e) {
log.error("绘制登陆验证码异常", e); log.error("绘制登陆验证码异常", e);
} finally { } finally {
if(g!=null){ if (g != null) {
g.dispose(); g.dispose();
} }
} }
} }
private int getRandomIntColor() {
int[] rgb = getRandomRgb();
int color = 0;
for (int c : rgb) {
color = color << 8;
color = color | c;
}
return color;
}
private int[] getRandomRgb() {
int[] rgb = new int[3];
for (int i = 0; i < 3; i++) {
rgb[i] = r.nextInt(255);
}
return rgb;
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment