Java tutorial
/* * Copyright 2015-2016 http://hsweb.me * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.hsweb.web.controller.login; import org.apache.commons.beanutils.BeanUtilsBean; import org.hsweb.commons.MD5; import org.hsweb.web.bean.po.user.User; import org.hsweb.web.core.authorize.annotation.Authorize; import org.hsweb.web.core.exception.AuthorizeForbiddenException; import org.hsweb.web.core.exception.NotFoundException; import org.hsweb.web.core.logger.annotation.AccessLogger; import org.hsweb.web.core.message.ResponseMessage; import org.hsweb.web.core.session.HttpSessionManager; import org.hsweb.web.core.utils.WebUtil; import org.hsweb.web.service.config.ConfigService; import org.hsweb.web.service.user.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cache.Cache; import org.springframework.cache.CacheManager; import org.springframework.cache.concurrent.ConcurrentMapCacheManager; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import javax.annotation.PostConstruct; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; /** * ?, */ @RestController public class AuthorizeController { /** * ? */ @Autowired(required = false) private CacheManager cacheManager; /** * ? */ @Resource private UserService userService; /** * ?? */ @Resource private ConfigService configService; /** * httpSession? */ @Autowired private HttpSessionManager httpSessionManager; /** * ?? * * @return ? */ @RequestMapping(value = "/online/total", method = RequestMethod.GET) @AccessLogger("?") @Authorize public ResponseMessage onlineTotal() { return ResponseMessage.ok(httpSessionManager.getUserTotal()); } /** * ??ID? * * @return ID? */ @RequestMapping(value = "/online", method = RequestMethod.GET) @AccessLogger("?ID") @Authorize public ResponseMessage online() { return ResponseMessage.ok(httpSessionManager.getUserIdList()); } /** * ???? * * @return ?? */ @RequestMapping(value = "/online/list", method = RequestMethod.GET) @AccessLogger("?") @Authorize public ResponseMessage onlineInfo() { return ResponseMessage.ok(httpSessionManager.tryGetAllUser()).include(User.class, "id", "username", "name", "phone", "email"); } /** * * * @return ? */ @RequestMapping(value = "/exit", method = RequestMethod.POST) @AccessLogger("") public ResponseMessage exit(HttpSession session) { User user = WebUtil.getLoginUser(); if (user != null) { httpSessionManager.removeUser(user.getId()); //redis,removeUser,removeSession?? httpSessionManager.removeSession(session.getId()); } return ResponseMessage.ok(); } /** * ,?,?. * <ul> * <li> * ???{@link ConfigService#getInt(String, String, int)}:login,error.max_number,5 * </li> * <li> * ???{@link ConfigService#getInt(String, String, int)}:login,error.wait_minutes,10 * <p> * </li> * </ul> * * @param username ?? * @param password ? * @param request {@link HttpServletRequest} * @return * @throws AuthorizeForbiddenException ?? * @throws NotFoundException ? * @throws Exception */ @RequestMapping(value = "/login", method = RequestMethod.POST) @AccessLogger("") public ResponseMessage login(@RequestParam String username, @RequestParam String password, HttpServletRequest request) throws Exception { //?? String userIp = WebUtil.getIpAddr(request); int maxErrorNumber = configService.getInt("login", "error.max_number", 5); int waitMinutes = configService.getInt("login", "error.wait_minutes", 10); Cache cache = cacheManager.getCache("login.error"); String cachePrefix = username.concat("@").concat(userIp); String timeCacheKey = cachePrefix.concat("-time"); String numberCacheKey = cachePrefix.concat("-number"); Integer error_number = cache.get(numberCacheKey, Integer.class); Long error_time = cache.get(timeCacheKey, Long.class); long now_time = System.currentTimeMillis(); if (error_number != null && error_time != null) { if ((now_time - error_time) / 1000 / 60d > waitMinutes) { cache.evict(timeCacheKey); cache.evict(numberCacheKey); error_number = 0; error_time = 0l; } if (error_number >= maxErrorNumber) throw new AuthorizeForbiddenException("?," + (waitMinutes - ((now_time - error_time) / 1000 / 60)) + "??!"); } User user = userService.selectByUserName(username); if (user == null || user.getStatus() != 1) throw new NotFoundException("?"); //? if (!user.getPassword().equals(MD5.encode(password))) { if (error_number == null) error_number = 0; cache.put(timeCacheKey, System.currentTimeMillis()); cache.put(numberCacheKey, ++error_number); throw new AuthorizeForbiddenException( "?,??" + (maxErrorNumber - error_number) + ""); } cache.evict(timeCacheKey); cache.evict(numberCacheKey); user.setPassword("");//? if (user.getUsername().equals("admin")) userService.initAdminUser(user); else user.initRoleInfo(); User newUser = new User(); BeanUtilsBean.getInstance().getPropertyUtils().copyProperties(newUser, user); httpSessionManager.addUser(newUser, request.getSession()); return ResponseMessage.ok(); } @PostConstruct public void init() { //?cacheManager,ConcurrentMapCacheManager if (cacheManager == null) { cacheManager = new ConcurrentMapCacheManager(); } } }