shiro+token登陆验证
导入相应的类
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
/**
* 用户登录
* 。
*
* @param userName
* @param passWord
* @param validateCode
* @param userType
* @param session
* @return
* @throws Exception
*/
@SystemControllerLog(description="用户登录")
@ResponseBody()
@RequestMapping(value = "userLogin",method = RequestMethod.POST)
public Object userLogin(
@RequestParam(value="userName",required=true,defaultValue="") String userName,
@RequestParam(value="passWord",required=true,defaultValue="") String passWord,
@RequestParam(value="validateCode",required=false,defaultValue="") String validateCode,
@RequestParam(value="userType",required=true,defaultValue="") String userType,
HttpSession session,
HttpServletRequest request
) throws Exception{
String error=null;
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(userName, passWord);
try {
subject.login(token);
} catch (UnknownAccountException e) {
error = "用户名/密码错误";
} catch (IncorrectCredentialsException e) {
error = "用户名/密码错误";
} catch (AuthenticationException e) {
//其他错误,比如锁定,如果想单独处理请单独catch处理
error = "其他错误:" + e.getMessage();
}
Map<Object, Object> result = new HashMap<Object, Object>();
if(error != null ){
result.put("success", false);
result.put("message", error);
}else{
UserDto userDto = this.authoxManagerService.getUserInfoByUserName(userName);
if(userDto.getAccount().getIsEnterprise()==1){
result.put("message", "登录失败");
result.put("success", false);
}else{
Session sessions = subject.getSession();
sessions.setAttribute("userDto",userDto );
result.put("success", true);
}
}
return result;
}
/**
* 用户注销
* @return
* @throws Exception
*/
@SystemControllerLog(description="用户注销")
@RequestMapping(value = "userLogout")
public Object userLogout(
HttpServletRequest request,HttpServletResponse response
) throws Exception{
Subject subject = SecurityUtils.getSubject();
subject.logout();
ModelAndView mView = new ModelAndView("login");
return mView;
}
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
附TokenAPI
package cn.xydata.ots.api.v1;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Resource;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import cn.xydata.ots.service.system.SystemTokenService;
@Controller
@RequestMapping(value="api/v1/token")
public class TokenAPI {
@Resource
private SystemTokenService systemTokenService;
@RequestMapping(value="get",method = RequestMethod.GET)
@ResponseBody
public Object doGetToken(
@RequestParam(value="corpcode")String corpCode,
@RequestParam(value="corpsecret")String corpSecret
){
Map<String,Object> result = new HashMap<String,Object>();
try {
String token = systemTokenService.GenerateToken();
result.put("access_token", token);
result.put("expires_in", "7200");
} catch (Exception e) {
if("1001".equals(e.getMessage())){
result.put("errcode", 1001);
result.put("errmsg", "invalid corpcode");
}
else if("1002".equals(e.getMessage())){
result.put("errcode", 1002);
result.put("errmsg", "invalid corpsecret");
}
else{
result.put("errcode", 4001);
result.put("errmsg", "internal error");
}
}
return result;
}
@RequestMapping(value="extend",method = RequestMethod.GET)
@ResponseBody
public Object doExtendToken(
@RequestParam(value="access_token")String accessToken
){
Map<String,Object> result = new HashMap<String,Object>();
boolean isValid = false;
try {
isValid = systemTokenService.CheckToken(accessToken);
if(!isValid){
result.put("errcode", 1004);
result.put("errmsg", "invalid access_token");
return result;
}
} catch (Exception e) {
result.put("errcode", 1004);
result.put("errmsg", "invalid access_token");
return result;
}
try {
boolean ret = systemTokenService.ExtendToken(accessToken);
if(ret){
result.put("errcode", 0);
result.put("errmsg", "ok");
return result;
}
} catch (Exception e) {
e.printStackTrace();
}
result.put("errcode", 4001);
result.put("errmsg", "internal error");
return result;
}
}
-------------------------------------------------------
业务逻辑层
package cn.xydata.ots.service.impl.system;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.annotation.Resource;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import cn.xydata.ots.dao.system.SystemTokenDao;
import cn.xydata.ots.model.system.SystemToken;
import cn.xydata.ots.service.system.SystemTokenService;
@Service(value="systemTokenService")
@Transactional(rollbackFor = Exception.class)
public class SystemTokenServiceImpl implements SystemTokenService {
@Resource
private SystemTokenDao systemTokenDao;
@Override
public String GenerateToken()
throws Exception {
SystemToken st = new SystemToken();
String token = UUID.randomUUID().toString().replaceAll("-", "");
st.setAccessToken(token);
st.setAccessCount(0);
st.setCorpCode("NA");
st.setCreateTime(new Date());
st.setUpdateTime(new Date());
st.setCorpSecret("NA");
systemTokenDao.add(st);
return token;
}
@Override
public boolean CheckToken(String accessToken) throws Exception {
List<SystemToken> stList =systemTokenDao.findByToken(accessToken);
if(stList.size()>0){
SystemToken st = stList.get(0);
if(Math.abs(st.getUpdateTime().getTime()/1000 - new Date().getTime()/1000)<7200){
return true;
}else{
systemTokenDao.delete(st);
}
}
return false;
}
@Override
public boolean ExtendToken(String accessToken) throws Exception {
List<SystemToken> stList =systemTokenDao.findByToken(accessToken);
if(stList.size()>0){
SystemToken st = stList.get(0);
if(Math.abs(st.getUpdateTime().getTime()/1000 - new Date().getTime()/1000)<7200){
st.setUpdateTime(new Date());
if(Math.abs(st.getUpdateTime().getTime()/1000 - new Date().getTime()/1000)<300){
st.setAccessCount(st.getAccessCount()+1);
}
systemTokenDao.edit(st);
return true;
}
}
return false;
}
}
