Skip to content

N
nouiWithSpringMVC
Commit cf5cfb9b by WeiCong
Options

用户登陆密码校验改为AES加解密

parent 92bd8783
Showing with 64 additions and 14 deletions
src/main/java/cn/com/brilliance/eibs/auth/DatabaseLoginContextForELCS.java
......@@ -9,12 +9,11 @@ import org.sss.common.model.IContext.DataType;
import org.sss.common.model.IFilter;
import org.sss.common.model.IMenuItem;
import org.sss.presentation.noui.api.response.ErrorCode;
import org.sss.presentation.noui.util.AESUtil;
import org.sss.presentation.noui.util.NoUiUtils;
import org.sss.presentation.noui.util.StringUtil;
import org.sss.util.ContainerUtils;
import sun.misc.BASE64Decoder;
import java.nio.charset.StandardCharsets;
import java.sql.*;
import java.time.Duration;
import java.time.LocalDateTime;
......@@ -96,18 +95,16 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
/**
* 用户原文密码解密,先传统base64解密,然后对解密后的字符串的首位字符串进行偏移【头4 尾7】
*
* @param verifycode 验证码
* @param pwd 待解签串
* @return 解签后的字符串
*/
public static String pwdDecode(String pwd) {
public static String pwdDecode(String verifycode,String pwd) {
if (StringUtil.isEmpty(pwd)) {
return "";
}
BASE64Decoder decoder = new BASE64Decoder();
try {
pwd = new String(decoder.decodeBuffer(pwd), StandardCharsets.UTF_8);
pwd = convert(pwd);
pwd = AESUtil.decryptAES(pwd,verifycode);
} catch (Exception e) {
log.warn("密码解密失败,使用原密码");
}
......@@ -216,8 +213,8 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
return sessionTimeout;
}
public String checkPassword(String userName, String dbPassword, String password) {
password=pwdDecode(password);
public String checkPassword(String userName,String verifycode, String dbPassword, String password) {
password=pwdDecode(verifycode,password);
IFilter passwordFilter = NoUiUtils.passwordFilter;
if (NoUiUtils.passwordFilter == null) {
log.info("请在eibs.xml为NoUiUtils配置passwordFilter项");
......@@ -242,8 +239,8 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
String password = getParameter(parameterMap, "j_password");
String sendcode = getParameter(parameterMap, "j_sendcode");
String verifycode = getParameter(parameterMap, "j_verifycode");
// String dncode = getParameter(parameterMap, "j_dncode");
if (userName == null || password == null /*|| dncode==null*/) {
String dncode = getParameter(parameterMap, "j_dncode");
if (userName == null || password == null || dncode==null) {
parameterMap.put(ERROR, ErrorCode.LOGIN_PARAMETER_CHECK);
return setLogon(false, userName, ERROR_USERNAME_PASSWORD, "用户名或密码为空.", null, null);
}
......@@ -282,7 +279,7 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
ukey = rs.getString(8);
DbUtils.closeQuietly(stmt);
DbUtils.closeQuietly(rs);
String errorStr = checkPassword(userName, dbPassword, password);
String errorStr = checkPassword(userName,sendcode, dbPassword, password);
if (STATUS_LOCKED.equals(userState)) {
parameterMap.put(ERROR, ErrorCode.LOGIN_LOCK_USR);
return setLogon(false, userName, ERROR_USER_LOCKED, "用户已被锁定.", stmt, rs);
......@@ -292,10 +289,10 @@ public class DatabaseLoginContextForELCS extends AbstractLoginContext {
} else if (!STATUS_NORMAL.equals(userState)) {//非0:正常;1:注销;2:锁定,不可登录,
parameterMap.put(ERROR, ErrorCode.LOGIN_STATE_ABNORMAL_ERROR);
return setLogon(false, userName, ErrorCode.LOGIN_STATE_ABNORMAL_ERROR.getCode(), ErrorCode.LOGIN_STATE_ABNORMAL_ERROR.getMessage(), stmt, rs);
} /*else if (!Objects.equals(ukey,dncode)) {//dn码错误
} else if (!Objects.equals(ukey,dncode)) {//dn码错误
parameterMap.put(ERROR, ErrorCode.LOGIN_DN_ERROR);
return setLogon(false, userName, ErrorCode.LOGIN_DN_ERROR.getCode(), ErrorCode.LOGIN_DN_ERROR.getMessage(), stmt, rs);
}*/ else if (Objects.nonNull(errorStr)) {
} else if (Objects.nonNull(errorStr)) {
// 校验密码
sql = "UPDATE usr SET fltcnt=?,sta=?,lstfltdattim=? WHERE inr=?";
stmt = conn.prepareStatement(sql);
......
src/main/java/org/sss/presentation/noui/util/AESUtil.java 0 → 100644
package org.sss.presentation.noui.util;
import sun.misc.BASE64Decoder;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
public class AESUtil {
private final static String password = "1qaz@Wsx#eDC";//目前使用
private final static String IV = "#EdcxSW@1qaz3rfv";//目前使用
private final static String patten = "^[0-9]+$";
public static String decryptAES(String content,String code) throws Exception {
//int len=content.length()-1;
SecretKeySpec skeySpec = new SecretKeySpec(getKey(code).getBytes(StandardCharsets.UTF_8), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec iv = new IvParameterSpec(IV.getBytes());
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
/*if(content.substring(len,len+1).matches("^[0-9]+$")){
int cnt=Integer.parseInt(content.substring(len,len+1));
content=content.substring(0,len);
for(int i=0;i<cnt;i++){
content+="=";
}
}*/
byte[] encrypted1 = new BASE64Decoder().decodeBuffer(content);// 先用bAES64解密
return new String(cipher.doFinal(encrypted1));
}
public static String getKey(String code) {
String key = password;
for (int i = 0; i < code.length(); i++) {
String subStr = code.substring(i, i + 1);
if (subStr.matches(patten)) {
key = subStr + key;
} else {
key = key + subStr;
}
}
return key;
}
public static void main(String[] args) {
try {
System.out.println(decryptAES("L2eRe4wOLeyqvUIayLs1NA==","7d9t"));
} catch (Exception e) {
e.printStackTrace();
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment