Skip to content

C
cas
Commit ef727ce5 by chentianzhong
Options

ca修改

parent cab2c295
Showing with 309 additions and 165 deletions
src/main/java/com/zq/cas/controller/CAVerifyController.java
...@@ -33,6 +33,7 @@ public class CAVerifyController { ...@@ -33,6 +33,7 @@ public class CAVerifyController {
} }
if (LocalDateTime.now().isAfter(caInfo.getCertStartTime()) && LocalDateTime.now().isBefore(caInfo.getCertEndTime())){ if (LocalDateTime.now().isAfter(caInfo.getCertStartTime()) && LocalDateTime.now().isBefore(caInfo.getCertEndTime())){
OrgCaInfo newCaInfo = new OrgCaInfo(); OrgCaInfo newCaInfo = new OrgCaInfo();
newCaInfo.setXm(caInfo.getXm());
newCaInfo.setYouxiang(caInfo.getYouxiang()); newCaInfo.setYouxiang(caInfo.getYouxiang());
return ResultVo.success(newCaInfo); return ResultVo.success(newCaInfo);
} }
......
src/main/java/com/zq/cas/handler/MyAuthenticationHandler.java
...@@ -59,6 +59,7 @@ public class MyAuthenticationHandler extends AbstractPreAndPostProcessingAuthent ...@@ -59,6 +59,7 @@ public class MyAuthenticationHandler extends AbstractPreAndPostProcessingAuthent
if (!username.contains("@gxfy.com")) { if (!username.contains("@gxfy.com")) {
username += "@gxfy.com"; username += "@gxfy.com";
} }
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = servletRequestAttributes.getRequest(); HttpServletRequest request = servletRequestAttributes.getRequest();
String ipAddr = ServletUtil.getClientIP(request); String ipAddr = ServletUtil.getClientIP(request);
......
src/main/resources/static/app/js/ca/mToken.js 0 → 100644
This source diff could not be displayed because it is too large. You can view the blob instead.
src/main/resources/static/app/js/myself/ca.js
// var strServerCert;
// var strServerRan; var bCheckTimer = null; //定时任务
// var strServerSignedData; var bCheckTimer1; //定时任务
var deviceName = ""; //key设备名称
//验证是否插入key var deviceYOUXIANG = ""; //key设备绑定邮箱
function getCAKeyAuth() { var mTokenPlugin;
SetUserCertList("certUser", CERT_TYPE_HARD); //CA驱动插件
setTimeout(function () {
var certUser = $("#certUser option:selected").val(); //验证是否安装驱动
console.log("certUser",certUser) function isInstallDrive() {
if (!certUser){ try {
layer.open({ //if (mTokenPlugin == null) {
title: '提示', var token = new mToken("mTokenPlugin");
content: '获取CA用户失败,请检查是否插入UKey!' if (token) {
}); var ret = token.SOF_LoadLibrary(token.GM3000);
$('#btn_login').attr("disabled",false); if (ret != 0) {
return false; throw new Error("加载控件失败,请检查是否安装CA驱动程序!");
}else {
mTokenPlugin = token;
// var device1 = mTokenPlugin.SOF_EnumDevice();
// if (device1) {
//
// }
}
} else {
throw new Error("加载控件失败,请重新安装驱动!");
}
return true;
} catch (e) {
layer.msg(e.message);
//btnStopExist();
return false;
}
}
//验证是否插key,发生异常或者nRet!=1 就是没有插入key
function isKey(val) {
console.log("isKey-------", val)
try {
var token = new mToken("mTokenPlugin");
var ret = token.SOF_LoadLibrary(token.GM3000);
if (ret != 0) {
throw new Error("加载控件失败,请检查是否安装CA驱动程序!");
} }
}, 800); var device = token.SOF_EnumDevice();
console.log("device", device)
if (device) {
if (device[0] != deviceName) {
console.log("前后插入key不相等")
console.log(deviceName)
console.log(device)
deviceName = device[0];
getKeyAuth(deviceName, val);
} else {
console.log("前后插入key相等")
}
} else {
console.log("没插key")
$("#certUser").empty();
deviceName = "";
$("#certUser").empty();
$("#username").val("");
$("#password").val("");
$("#certPwd").val("");
}
}catch (e){
deviceName = "";
$("#certUser").empty();
$("#username").val("");
$("#password").val("");
$("#certPwd").val("");
layer.msg(e.message);
btnStopExist();
}
} }
//获取strServerSignedData、strServerRan和strServerCert
function certLoginVerify(strCertID, pin, loginType, username, password){
console.log("strCertID",strCertID,"pin",pin)
$.get("ca/param", function(res){
if (res && res.success) {
var strServerCert = res.strServerCert;
var strServerRan = res.strServerRan;
var strServerSignedData = res.strServerSignedData;
if(strServerSignedData === "" || strServerRan === "" || strServerCert === ""){
//开启定时器
function btnStartExist(val) {
//将定时按钮启用
bCheckTimer = setInterval(isKey, 1000, val);
}
//取掉定时
function btnStopExist() {
//将定时按钮启用
clearInterval(bCheckTimer);
}
//获取key绑定用户
function getKeyAuth(deviceSId, type){
if (deviceName) {
var formData = new FormData()
formData.append('KeyDeviceId', deviceName);
$.ajax({
type: 'post',
url: '/cas/ca/verifyByDeviceId',
dataType: 'json',
data: formData,
contentType: false,
processData: false,
success: function (res) {
if (res && res.success) {
var data1 = res.data;
if (type == 2){
$("#username").val(data1.youxiang);
$("#password").val(randomString(10));
}
$("#hideUserId").val(data1.youxiang);
$("#certUser").empty();
$("#certUser").append('<option value="' + data1.youxiang + '" selected>' + data1.xm + '</option>')
//$("#certUser").val(1);
deviceYOUXIANG = data1.youxiang;
} else {
layer.open({
title: '提示',
content: res.message
});
}
},
error: function (e) {
//请求失败
layer.open({ layer.open({
title: '提示1', title: '提示',
content: '连接CA服务器失败,请刷新页面重试无效后联系管理员!' content: '服务连接失败。' + e.message
}); });
$('#btn_login').attr("disabled",false);
return false;
} }
})
}
}
//2.校验证书密码 function verifyKeyPinAndLogin(){
VerifyUserPIN(strCertID, pin, function(retObj) { $(document).unbind("keyup");
if (!retObj.retVal) { //校验失败 //关闭定时器
//2.1获取PIN剩余次数 try {
GetUserPINRetryCount(strCertID, function (retObj){ var certUser = $("#certUser").val();
var retryCount = Number(retObj.retVal); if (certUser) {
if (retryCount > 0) { layer.prompt(
layer.open({ {
title: '提示', title: '密令输入框',
content: '校验证书密码失败!您还有' + retryCount + '次机会重试!' formType: 1,
}); btn2: function(){
$('#btn_login').attr("disabled",false); bindKeyup();
return; $('#btn_login').removeAttr("disabled");
} else if (retryCount == 0) {
layer.open({ },cancel: function(){
title: '提示', bindKeyup();
content: '您的证书密码已被锁死,请联系管理员进行解锁!' $('#btn_login').removeAttr("disabled");
}); }
$('#btn_login').attr("disabled",false); }, function (pass, index) {
return; var token = new mToken("mTokenPlugin");
var ret = token.SOF_LoadLibrary(token.GM3000);
if (ret != 0) {
layer.close(index);
throw new Error("加载控件失败,请检查是否安装CA驱动程序!");
}
var device = token.SOF_EnumDevice();
if (!device) {
throw new Error("请插入UKey!");
}
if (device[0] != deviceName) {
throw new Error("当前插入UKey不符合,请刷新页面后重试!");
}
ret = token.SOF_GetDeviceInstance(deviceName, "");
if (ret != 0) {
throw new Error("绑定应用失败,确定是否初始化Key,错误码:" + token.SOF_GetLastError());
}
btnStopExist();
if (pass) {
ret = token.SOF_Login(pass);
if (ret != 0) {
var retryCount = token.SOF_GetPinRetryCount();
layer.msg("验证密码错误,剩余次数:"+retryCount);
} else { } else {
layer.open({ layer.close(index);
title: '提示', $("#loginForm").submit();
content: '证书服务错误,登录失败!'
});
$('#btn_login').attr("disabled",false);
return;
} }
}); }else{
} else{ layer.msg("请输入密码");
//3、获取用户证书 return ;
GetSignCert(strCertID, function(retObj){ }
var UserCert = retObj.retVal; });
if (UserCert == "") { }else{
layer.open({ $("#msg").html("请先插入UKey");
title: '提示1', $('#btn_login').removeAttr("disabled");
content: '获取签名证书失败,请联系管理员!' }
}); }catch (e){
$('#btn_login').attr("disabled",false); layer.msg(e.message);
return; btnStartExist();
}else { bindKeyup();
//4.验证服务端签名 $('#btn_login').removeAttr("disabled");
VerifySignedData(strServerCert,strServerRan,strServerSignedData,function(retObj){ }
if (!retObj.retVal) { }
layer.open({
title: '提示1',
content: '验证服务端签名失败,请联系管理员!'
});
$('#btn_login').attr("disabled",false);
return;
}else{
//5、客户端对服务器随机数签名
SignedData(strCertID, strServerRan, function(retObj){
if (retObj.retVal == "") {
layer.open({
title: '提示1',
content: '客户端签名失败,请联系管理员!'
});
$('#btn_login').attr("disabled",false);
return;
}else{
var UserSignedData = retObj.retVal;
$.post("ca/verify",
{
"userCert": UserCert,
"strServerRan": strServerRan,
"userSignedData":UserSignedData,
"loginType":loginType,
"username": username,
"password":password
},
function (result) {
if (result){
if (result.success){
console.log("result", result)
console.log("loginType", loginType)
$('#username').val(result.username);
if (loginType == 2) {
$('#password').val(result.password);
$("#loginForm").submit();
}else if (loginType == 3) {
$("#loginForm").submit();
}
}else{
alert(result.errMsg);
$('#btn_login').attr("disabled",false);
}
}
}).error(function (xhr, status, info) {
alert("服务连接失败......");
$('#btn_login').attr("disabled",false);
});
//在此处写你的代码,把UserCert,strServerRan,UserSignedData等传到后台验证
//6、通过ajax把 UserCert,strServerRan,UserSignedData传到后台,由后台解析验证,判断用户是否有权限登陆系统
//alert("通过ajax把 UserCert,strServerRan,UserSignedData传到后台,由后台解析验证,判断用户是否有权限登陆系统");
}
});
}
});
}
});
}
})
}else { function randomString(e) {
layer.open({ e = e || 32;
title: '提示2', var t = "ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678",
content: '连接CA服务器失败,请刷新页面重试无效后联系管理员!' a = t.length,
}); n = "";
$('#btn_login').attr("disabled",false); for (i = 0; i < e; i++) {
} n += t.charAt(Math.floor(Math.random() * a));
}).error(function (xhr, status, info) { }
alert("服务连接失败......"); return n
$('#btn_login').attr("disabled",false);
});
} }
src/main/resources/static/app/js/myself/login.js
...@@ -17,10 +17,10 @@ function validAndLogin(){ ...@@ -17,10 +17,10 @@ function validAndLogin(){
userPwdLogin(); userPwdLogin();
break; break;
case "2": case "2":
certLogin(loginType); certLogin(2);
break; break;
case "3": case "3":
PwdAndCertLogin(loginType); PwdAndCertLogin(3);
break; break;
default: default:
userPwdLogin(); userPwdLogin();
......
src/main/resources/static/app/js/myself/login_new.js
...@@ -89,14 +89,81 @@ function userPwdLogin(){ ...@@ -89,14 +89,81 @@ function userPwdLogin(){
//CA证书登录 //CA证书登录
function certLogin(loginType){ function certLogin(loginType){
$("#msg").html("暂支持证书登录,待CA研发"); verifyKeyPinAndLogin(loginType);
$('#btn_login').removeAttr("disabled");
} }
//密码+证书登录 //密码+证书登录
function PwdAndCertLogin(loginType){ function PwdAndCertLogin(loginType){
$("#msg").html("暂支持证书登录,待CA研发"); //获取ukey、再检验用户密码,最后检验ukey密码
$('#btn_login').removeAttr("disabled"); let certUser = $("#certUser").val();
if (certUser) {
var hideUserId = $('#hideUserId').val();
var username = $('#username').val();
var password = $('#password').val();
if (!checkUserPwd(username, password)){
$("#msg").html("用户名或密码不能为空");
$('#btn_login').removeAttr("disabled");
return false;
}
if (!username.endsWith("@gxfy.com")){
username = username+"@gxfy.com";
}
if (hideUserId != username){
$("#msg").html("证书用户和输入的账号不一致");
$('#btn_login').removeAttr("disabled");
return false;
}
var formData = {"username":username,"password":password};
$.ajax({
type: 'post',
url: "/cas/user/checkExpirePwd",
dataType: 'json',
data: formData,
shadeClose: false,
success:function(res){
if (res.success){
if (res.code == 8888){
var rdata = res.data;
console.log("rdata------------", rdata);
layer.open({
type: 2,
title:'您的密码是初始密码,需要先修改密码后才能登录门户',
area: ['680px', '520px'],
content: '/cas/updatePasswd?username='+rdata.username+"&useKey="+rdata.useKey,
fixed: false, // 不固定
maxmin: true,
closeBtn: 1,
maxmin:false, //开启最大化最小化按钮 false关闭状态
//btn: ['获取表单值', '取消'],
btnAlign: 'c',
cancel:function(index, layero){
$('#btn_login').removeAttr("disabled");
},
end: function(){
window.parent.location.reload();//关闭open打开的页面时,刷新父页面
}
});
}else {
verifyKeyPinAndLogin(loginType);
}
$('#btn_login').removeAttr("disabled");
}else {
$("#msg").html(res.message);
$('#btn_login').removeAttr("disabled");
}
},
error:function (e){
$("#msg").html("网络异常.请求失败");
$('#btn_login').removeAttr("disabled");
}
})
}else {
$("#msg").html("请先插入UKey");
$('#btn_login').removeAttr("disabled");
}
} }
//检查用户名密码非空 //检查用户名密码非空
...@@ -125,6 +192,9 @@ function loginTypeFunc(){ ...@@ -125,6 +192,9 @@ function loginTypeFunc(){
$("#certPwd-block").hide(); $("#certPwd-block").hide();
$('#btn_login').removeAttr("disabled"); $('#btn_login').removeAttr("disabled");
$("#msg").html("");
btnStopExist();
break; break;
case "2": case "2":
$('#username').val(""); $('#username').val("");
...@@ -132,10 +202,13 @@ function loginTypeFunc(){ ...@@ -132,10 +202,13 @@ function loginTypeFunc(){
$("#username-block").hide(); $("#username-block").hide();
$("#password-block").hide(); $("#password-block").hide();
$("#certUser-block").show(); $("#certUser-block").show();
$("#certPwd-block").show(); $("#certPwd-block").hide();
$('#btn_login').removeAttr("disabled"); $('#btn_login').removeAttr("disabled");
getCAKeyAuth();
$("#msg").html("");
btnStartExist(2);
break; break;
case "3": case "3":
$('#username').val(""); $('#username').val("");
...@@ -144,8 +217,11 @@ function loginTypeFunc(){ ...@@ -144,8 +217,11 @@ function loginTypeFunc(){
$("#password-block").show(); $("#password-block").show();
$("#certUser-block").show(); $("#certUser-block").show();
$("#certPwd-block").hide(); $("#certPwd-block").hide();
$('#btn_login').removeAttr("disabled"); $('#btn_login').removeAttr("disabled");
getCAKeyAuth(); $("#msg").html("");
btnStartExist(3);
break; break;
default: default:
//alert("叫你没事别瞎几把点!"); //alert("叫你没事别瞎几把点!");
......
src/main/resources/templates/app/casLoginView.html
...@@ -11,8 +11,8 @@ ...@@ -11,8 +11,8 @@
<script type="text/javascript" src="./app/js/jquery/jquery.min.js"></script> <script type="text/javascript" src="./app/js/jquery/jquery.min.js"></script>
<script type="text/javascript" src="./app/js/jquery/jquery.cookie.js"></script> <script type="text/javascript" src="./app/js/jquery/jquery.cookie.js"></script>
<script type="text/javascript" src="./app/js/pintuer.js"></script> <script type="text/javascript" src="./app/js/pintuer.js"></script>
<script type="text/javascript" src="./app/js/ca/mToken.js"></script>
<script type="text/javascript" src="./app/js/myself/cookie.js"></script> <script type="text/javascript" src="./app/js/myself/cookie.js"></script>
<script type="text/javascript" src="./app/js/myself/ca.js"></script>
<style> <style>
.after_css { .after_css {
height: 20px; height: 20px;
...@@ -98,7 +98,7 @@ ...@@ -98,7 +98,7 @@
<span class="icon icon-user"></span> <span class="icon icon-user"></span>
<select class="required input" id="certUser" name="certUser" <select class="required input" id="certUser" name="certUser"
style="width:235px;overflow:hidden;" style="width:235px;overflow:hidden;"
title="请选择登录用户"> title="请选择证书用户">
</select> </select>
</div> </div>
</div> </div>
...@@ -194,16 +194,14 @@ ...@@ -194,16 +194,14 @@
</div> </div>
</div> </div>
<script src="./app/layui/layui.js"></script> <script src="./app/layui/layui.js"></script>
<script type="text/javascript" src="./app/js/myself/ca.js"></script>
<script type="text/javascript" src="./app/js/myself/messenger.js"></script> <script type="text/javascript" src="./app/js/myself/messenger.js"></script>
<script type="text/javascript" src="./app/js/myself/SelectGXFYUsers.js"></script> <script type="text/javascript" src="./app/js/myself/SelectGXFYUsers.js"></script>
<!--<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script>-->
<script type="text/javascript" src="./app/js/myself/login_new.js"></script> <script type="text/javascript" src="./app/js/myself/login_new.js"></script>
<script type="text/javascript"> <script type="text/javascript">
// SelectGXFYUsers.init("selectUser", "username", "hideUserId", 3, false); // SelectGXFYUsers.init("selectUser", "username", "hideUserId", 3, false);
bindKeyup();
let enterEnd = false, keyDownCount = 0, leftMouseDownCount = 0, rightMouseDownCount = 0;
$(function (){ $(function (){
$("#username-block").show(); $("#username-block").show();
...@@ -213,12 +211,15 @@ ...@@ -213,12 +211,15 @@
$("#certPwd-block").hide(); $("#certPwd-block").hide();
}) })
$(document).keyup(function(e){ function bindKeyup(){
var curKey = e.which; $(document).keyup(function(e){
if(curKey==13){ var curKey = e.which;
validAndLogin(); if(curKey==13){
} validAndLogin();
}) }
})
}
function queryAccount(){ function queryAccount(){
layer.open({ layer.open({
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment