Skip to content

C
cas
Commit ef727ce5 by chentianzhong
Options

ca修改

parent cab2c295
Showing with 287 additions and 143 deletions
src/main/java/com/zq/cas/controller/CAVerifyController.java
......@@ -33,6 +33,7 @@ public class CAVerifyController {
}
if (LocalDateTime.now().isAfter(caInfo.getCertStartTime()) && LocalDateTime.now().isBefore(caInfo.getCertEndTime())){
OrgCaInfo newCaInfo = new OrgCaInfo();
newCaInfo.setXm(caInfo.getXm());
newCaInfo.setYouxiang(caInfo.getYouxiang());
return ResultVo.success(newCaInfo);
}
......
src/main/java/com/zq/cas/handler/MyAuthenticationHandler.java
......@@ -59,6 +59,7 @@ public class MyAuthenticationHandler extends AbstractPreAndPostProcessingAuthent
if (!username.contains("@gxfy.com")) {
username += "@gxfy.com";
}
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = servletRequestAttributes.getRequest();
String ipAddr = ServletUtil.getClientIP(request);
......
src/main/resources/static/app/js/ca/mToken.js 0 → 100644
This source diff could not be displayed because it is too large. You can view the blob instead.
src/main/resources/static/app/js/myself/ca.js
// var strServerCert;
// var strServerRan;
// var strServerSignedData;
//验证是否插入key
function getCAKeyAuth() {
SetUserCertList("certUser", CERT_TYPE_HARD);
setTimeout(function () {
var certUser = $("#certUser option:selected").val();
console.log("certUser",certUser)
if (!certUser){
layer.open({
title: '提示',
content: '获取CA用户失败,请检查是否插入UKey!'
});
$('#btn_login').attr("disabled",false);
var bCheckTimer = null; //定时任务
var bCheckTimer1; //定时任务
var deviceName = ""; //key设备名称
var deviceYOUXIANG = ""; //key设备绑定邮箱
var mTokenPlugin;
//CA驱动插件
//验证是否安装驱动
function isInstallDrive() {
try {
//if (mTokenPlugin == null) {
var token = new mToken("mTokenPlugin");
if (token) {
var ret = token.SOF_LoadLibrary(token.GM3000);
if (ret != 0) {
throw new Error("加载控件失败,请检查是否安装CA驱动程序!");
}else {
mTokenPlugin = token;
// var device1 = mTokenPlugin.SOF_EnumDevice();
// if (device1) {
//
// }
}
} else {
throw new Error("加载控件失败,请重新安装驱动!");
}
return true;
} catch (e) {
layer.msg(e.message);
//btnStopExist();
return false;
}
}, 800);
}
//获取strServerSignedData、strServerRan和strServerCert
function certLoginVerify(strCertID, pin, loginType, username, password){
console.log("strCertID",strCertID,"pin",pin)
$.get("ca/param", function(res){
if (res && res.success) {
var strServerCert = res.strServerCert;
var strServerRan = res.strServerRan;
var strServerSignedData = res.strServerSignedData;
//验证是否插key,发生异常或者nRet!=1 就是没有插入key
function isKey(val) {
console.log("isKey-------", val)
try {
var token = new mToken("mTokenPlugin");
var ret = token.SOF_LoadLibrary(token.GM3000);
if (ret != 0) {
throw new Error("加载控件失败,请检查是否安装CA驱动程序!");
}
var device = token.SOF_EnumDevice();
console.log("device", device)
if (device) {
if (device[0] != deviceName) {
console.log("前后插入key不相等")
console.log(deviceName)
console.log(device)
deviceName = device[0];
getKeyAuth(deviceName, val);
if(strServerSignedData === "" || strServerRan === "" || strServerCert === ""){
layer.open({
title: '提示1',
content: '连接CA服务器失败,请刷新页面重试无效后联系管理员!'
});
$('#btn_login').attr("disabled",false);
return false;
} else {
console.log("前后插入key相等")
}
//2.校验证书密码
VerifyUserPIN(strCertID, pin, function(retObj) {
if (!retObj.retVal) { //校验失败
//2.1获取PIN剩余次数
GetUserPINRetryCount(strCertID, function (retObj){
var retryCount = Number(retObj.retVal);
if (retryCount > 0) {
layer.open({
title: '提示',
content: '校验证书密码失败!您还有' + retryCount + '次机会重试!'
});
$('#btn_login').attr("disabled",false);
return;
} else if (retryCount == 0) {
layer.open({
title: '提示',
content: '您的证书密码已被锁死,请联系管理员进行解锁!'
});
$('#btn_login').attr("disabled",false);
return;
} else {
console.log("没插key")
$("#certUser").empty();
deviceName = "";
$("#certUser").empty();
$("#username").val("");
$("#password").val("");
$("#certPwd").val("");
}
}catch (e){
deviceName = "";
$("#certUser").empty();
$("#username").val("");
$("#password").val("");
$("#certPwd").val("");
layer.msg(e.message);
btnStopExist();
}
}
//开启定时器
function btnStartExist(val) {
//将定时按钮启用
bCheckTimer = setInterval(isKey, 1000, val);
}
//取掉定时
function btnStopExist() {
//将定时按钮启用
clearInterval(bCheckTimer);
}
//获取key绑定用户
function getKeyAuth(deviceSId, type){
if (deviceName) {
var formData = new FormData()
formData.append('KeyDeviceId', deviceName);
$.ajax({
type: 'post',
url: '/cas/ca/verifyByDeviceId',
dataType: 'json',
data: formData,
contentType: false,
processData: false,
success: function (res) {
if (res && res.success) {
var data1 = res.data;
if (type == 2){
$("#username").val(data1.youxiang);
$("#password").val(randomString(10));
}
$("#hideUserId").val(data1.youxiang);
$("#certUser").empty();
$("#certUser").append('<option value="' + data1.youxiang + '" selected>' + data1.xm + '</option>')
//$("#certUser").val(1);
deviceYOUXIANG = data1.youxiang;
} else {
layer.open({
title: '提示',
content: '证书服务错误,登录失败!'
content: res.message
});
$('#btn_login').attr("disabled",false);
return;
}
});
} else{
//3、获取用户证书
GetSignCert(strCertID, function(retObj){
var UserCert = retObj.retVal;
if (UserCert == "") {
layer.open({
title: '提示1',
content: '获取签名证书失败,请联系管理员!'
});
$('#btn_login').attr("disabled",false);
return;
}else {
//4.验证服务端签名
VerifySignedData(strServerCert,strServerRan,strServerSignedData,function(retObj){
if (!retObj.retVal) {
layer.open({
title: '提示1',
content: '验证服务端签名失败,请联系管理员!'
});
$('#btn_login').attr("disabled",false);
return;
}else{
//5、客户端对服务器随机数签名
SignedData(strCertID, strServerRan, function(retObj){
if (retObj.retVal == "") {
},
error: function (e) {
//请求失败
layer.open({
title: '提示1',
content: '客户端签名失败,请联系管理员!'
title: '提示',
content: '服务连接失败。' + e.message
});
$('#btn_login').attr("disabled",false);
return;
}else{
var UserSignedData = retObj.retVal;
}
})
}
}
$.post("ca/verify",
function verifyKeyPinAndLogin(){
$(document).unbind("keyup");
//关闭定时器
try {
var certUser = $("#certUser").val();
if (certUser) {
layer.prompt(
{
"userCert": UserCert,
"strServerRan": strServerRan,
"userSignedData":UserSignedData,
"loginType":loginType,
"username": username,
"password":password
},
function (result) {
if (result){
if (result.success){
console.log("result", result)
console.log("loginType", loginType)
$('#username').val(result.username);
if (loginType == 2) {
$('#password').val(result.password);
$("#loginForm").submit();
}else if (loginType == 3) {
$("#loginForm").submit();
title: '密令输入框',
formType: 1,
btn2: function(){
bindKeyup();
$('#btn_login').removeAttr("disabled");
},cancel: function(){
bindKeyup();
$('#btn_login').removeAttr("disabled");
}
}else{
alert(result.errMsg);
$('#btn_login').attr("disabled",false);
}, function (pass, index) {
var token = new mToken("mTokenPlugin");
var ret = token.SOF_LoadLibrary(token.GM3000);
if (ret != 0) {
layer.close(index);
throw new Error("加载控件失败,请检查是否安装CA驱动程序!");
}
var device = token.SOF_EnumDevice();
if (!device) {
throw new Error("请插入UKey!");
}
}).error(function (xhr, status, info) {
alert("服务连接失败......");
$('#btn_login').attr("disabled",false);
});
//在此处写你的代码,把UserCert,strServerRan,UserSignedData等传到后台验证
//6、通过ajax把 UserCert,strServerRan,UserSignedData传到后台,由后台解析验证,判断用户是否有权限登陆系统
//alert("通过ajax把 UserCert,strServerRan,UserSignedData传到后台,由后台解析验证,判断用户是否有权限登陆系统");
if (device[0] != deviceName) {
throw new Error("当前插入UKey不符合,请刷新页面后重试!");
}
});
ret = token.SOF_GetDeviceInstance(deviceName, "");
if (ret != 0) {
throw new Error("绑定应用失败,确定是否初始化Key,错误码:" + token.SOF_GetLastError());
}
});
btnStopExist();
if (pass) {
ret = token.SOF_Login(pass);
if (ret != 0) {
var retryCount = token.SOF_GetPinRetryCount();
layer.msg("验证密码错误,剩余次数:"+retryCount);
} else {
layer.close(index);
$("#loginForm").submit();
}
}else{
layer.msg("请输入密码");
return ;
}
});
}else{
$("#msg").html("请先插入UKey");
$('#btn_login').removeAttr("disabled");
}
})
}catch (e){
layer.msg(e.message);
btnStartExist();
bindKeyup();
$('#btn_login').removeAttr("disabled");
}
}
}else {
layer.open({
title: '提示2',
content: '连接CA服务器失败,请刷新页面重试无效后联系管理员!'
});
$('#btn_login').attr("disabled",false);
function randomString(e) {
e = e || 32;
var t = "ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678",
a = t.length,
n = "";
for (i = 0; i < e; i++) {
n += t.charAt(Math.floor(Math.random() * a));
}
}).error(function (xhr, status, info) {
alert("服务连接失败......");
$('#btn_login').attr("disabled",false);
});
return n
}
src/main/resources/static/app/js/myself/login.js
......@@ -17,10 +17,10 @@ function validAndLogin(){
userPwdLogin();
break;
case "2":
certLogin(loginType);
certLogin(2);
break;
case "3":
PwdAndCertLogin(loginType);
PwdAndCertLogin(3);
break;
default:
userPwdLogin();
......
src/main/resources/static/app/js/myself/login_new.js
......@@ -89,14 +89,81 @@ function userPwdLogin(){
//CA证书登录
function certLogin(loginType){
$("#msg").html("暂支持证书登录,待CA研发");
$('#btn_login').removeAttr("disabled");
verifyKeyPinAndLogin(loginType);
}
//密码+证书登录
function PwdAndCertLogin(loginType){
$("#msg").html("暂支持证书登录,待CA研发");
//获取ukey、再检验用户密码,最后检验ukey密码
let certUser = $("#certUser").val();
if (certUser) {
var hideUserId = $('#hideUserId').val();
var username = $('#username').val();
var password = $('#password').val();
if (!checkUserPwd(username, password)){
$("#msg").html("用户名或密码不能为空");
$('#btn_login').removeAttr("disabled");
return false;
}
if (!username.endsWith("@gxfy.com")){
username = username+"@gxfy.com";
}
if (hideUserId != username){
$("#msg").html("证书用户和输入的账号不一致");
$('#btn_login').removeAttr("disabled");
return false;
}
var formData = {"username":username,"password":password};
$.ajax({
type: 'post',
url: "/cas/user/checkExpirePwd",
dataType: 'json',
data: formData,
shadeClose: false,
success:function(res){
if (res.success){
if (res.code == 8888){
var rdata = res.data;
console.log("rdata------------", rdata);
layer.open({
type: 2,
title:'您的密码是初始密码,需要先修改密码后才能登录门户',
area: ['680px', '520px'],
content: '/cas/updatePasswd?username='+rdata.username+"&useKey="+rdata.useKey,
fixed: false, // 不固定
maxmin: true,
closeBtn: 1,
maxmin:false, //开启最大化最小化按钮 false关闭状态
//btn: ['获取表单值', '取消'],
btnAlign: 'c',
cancel:function(index, layero){
$('#btn_login').removeAttr("disabled");
},
end: function(){
window.parent.location.reload();//关闭open打开的页面时,刷新父页面
}
});
}else {
verifyKeyPinAndLogin(loginType);
}
$('#btn_login').removeAttr("disabled");
}else {
$("#msg").html(res.message);
$('#btn_login').removeAttr("disabled");
}
},
error:function (e){
$("#msg").html("网络异常.请求失败");
$('#btn_login').removeAttr("disabled");
}
})
}else {
$("#msg").html("请先插入UKey");
$('#btn_login').removeAttr("disabled");
}
}
//检查用户名密码非空
......@@ -125,6 +192,9 @@ function loginTypeFunc(){
$("#certPwd-block").hide();
$('#btn_login').removeAttr("disabled");
$("#msg").html("");
btnStopExist();
break;
case "2":
$('#username').val("");
......@@ -132,10 +202,13 @@ function loginTypeFunc(){
$("#username-block").hide();
$("#password-block").hide();
$("#certUser-block").show();
$("#certPwd-block").show();
$("#certPwd-block").hide();
$('#btn_login').removeAttr("disabled");
getCAKeyAuth();
$("#msg").html("");
btnStartExist(2);
break;
case "3":
$('#username').val("");
......@@ -144,8 +217,11 @@ function loginTypeFunc(){
$("#password-block").show();
$("#certUser-block").show();
$("#certPwd-block").hide();
$('#btn_login').removeAttr("disabled");
getCAKeyAuth();
$("#msg").html("");
btnStartExist(3);
break;
default:
//alert("叫你没事别瞎几把点!");
......
src/main/resources/templates/app/casLoginView.html
......@@ -11,8 +11,8 @@
<script type="text/javascript" src="./app/js/jquery/jquery.min.js"></script>
<script type="text/javascript" src="./app/js/jquery/jquery.cookie.js"></script>
<script type="text/javascript" src="./app/js/pintuer.js"></script>
<script type="text/javascript" src="./app/js/ca/mToken.js"></script>
<script type="text/javascript" src="./app/js/myself/cookie.js"></script>
<script type="text/javascript" src="./app/js/myself/ca.js"></script>
<style>
.after_css {
height: 20px;
......@@ -98,7 +98,7 @@
<span class="icon icon-user"></span>
<select class="required input" id="certUser" name="certUser"
style="width:235px;overflow:hidden;"
title="请选择登录用户">
title="请选择证书用户">
</select>
</div>
</div>
......@@ -194,16 +194,14 @@
</div>
</div>
<script src="./app/layui/layui.js"></script>
<script type="text/javascript" src="./app/js/myself/ca.js"></script>
<script type="text/javascript" src="./app/js/myself/messenger.js"></script>
<script type="text/javascript" src="./app/js/myself/SelectGXFYUsers.js"></script>
<!--<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script>-->
<script type="text/javascript" src="./app/js/myself/login_new.js"></script>
<script type="text/javascript">
// SelectGXFYUsers.init("selectUser", "username", "hideUserId", 3, false);
let enterEnd = false, keyDownCount = 0, leftMouseDownCount = 0, rightMouseDownCount = 0;
bindKeyup();
$(function (){
$("#username-block").show();
......@@ -213,12 +211,15 @@
$("#certPwd-block").hide();
})
function bindKeyup(){
$(document).keyup(function(e){
var curKey = e.which;
if(curKey==13){
validAndLogin();
}
})
}
function queryAccount(){
layer.open({
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment