登陆

src/com/ejweb/modules/sys/service/SystemService.java

@@ -3,18 +3,6 @@
  */
 package com.ejweb.modules.sys.service;
 
-import java.net.URLEncoder;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-
-import org.apache.log4j.Logger;
-import org.apache.shiro.session.Session;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.ejweb.core.conf.GConstants;
@@ -25,11 +13,7 @@ import com.ejweb.core.security.Digests;
 import com.ejweb.core.security.shiro.session.SessionDAO;
 import com.ejweb.core.service.BaseService;
 import com.ejweb.core.service.ServiceException;
-import com.ejweb.core.utils.Util;
-import com.ejweb.core.utils.CacheUtils;
-import com.ejweb.core.utils.Encodes;
-import com.ejweb.core.utils.IdWorker;
-import com.ejweb.core.utils.StringUtils;
+import com.ejweb.core.utils.*;
 import com.ejweb.core.web.Servlets;
 import com.ejweb.modules.sys.dao.MenuDao;
 import com.ejweb.modules.sys.dao.RoleDao;
@@ -43,6 +27,15 @@ import com.ejweb.modules.sys.utils.UserUtils;
 import com.github.pagehelper.PageHelper;
 import com.hnatourism.b2b.util.DESPlus;
 import com.jdair.util.http.client.HTTPClientUtil;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.net.URLEncoder;
+import java.util.Date;
+import java.util.List;
 
 /**
  * 系统管理，安全相关实体的管理类,包括用户、角色、菜单.
@@ -446,48 +439,59 @@ public class SystemService extends BaseService implements InitializingBean {
 	
 	@Transactional(readOnly = false)
     public boolean validateServerPassword(String loginName, String password) {
-        long startTime = System.nanoTime();// 开始计时时间
+		long startTime = System.nanoTime();
 		try {
-            if(GConstants.getBoolean("use.new.login.api", false)){// 使用新的登录地址，默认使用旧地址
-                
-                boolean isSuccess = HTTPClientUtil.callLogin(loginName, password);// 进行秘密校验
-                long endTime = System.nanoTime();// 结束计时时间
+			// 使用新的登录地址，默认使用旧地址
+			if (GConstants.getBoolean("use.new.login.api", false)) {
+				// 进行秘密校验
+				boolean isSuccess = HTTPClientUtil.callLogin(loginName, password);
+				long endTime = System.nanoTime();
 				long duration = endTime - startTime;
-                LOG.debug("[UserService login][validateServerPassword]["+isSuccess+"]总共用时:" + Util.getDurationTime(duration));
+				LOG.info("[UserService login][validateServerPassword][" + isSuccess + "]总共用时:" + Util.getDurationTime(duration));
 				return isSuccess;
 			}
 			StringBuilder buf = new StringBuilder(GConstants.getValue("hn.api.base.url", "https://dsp.jdair.net"));
 			buf.append("/flightinterface/uss/json/hnauser/hnauserLoginWithInfo.json?");
 			buf.append(GConstants.getValue("hn.api.base.param", "ai.cc=7&ai.cp=10.68.26.52"));
-            buf.append("&loginId=");
-            buf.append(URLEncoder.encode(loginName, "UTF-8"));
-            buf.append("&password=");
-            buf.append(password);
-            
-            LOG.debug("[UserService login][validateServerPassword][URL]:" + buf.toString());
+			//用户名密码使用DESPlus中的加密方法加密后，再urlencode
+			com.jdair.util.security.DESPlus plus = new com.jdair.util.security.DESPlus();
+			String loginNamePlus = plus.encrypt(loginName);
+			String passwordPlus = plus.encrypt(password);
+			LOG.info("账号encrypt后；" + loginNamePlus);
+			LOG.info("密码encrypt后；" + passwordPlus);
+			LOG.info("[UserService login][validateServerPassword][URL]:" + buf.toString());
+
+			buf.append("&loginIdSecure=");
+			buf.append(URLEncoder.encode(loginNamePlus, "UTF-8"));
+			buf.append("&passwordSecure=");
+			buf.append(URLEncoder.encode(passwordPlus, "UTF-8"));
+			LOG.info("密码encode后；" + URLEncoder.encode(password, "UTF-8"));
+			LOG.info("[UserService login][validateServerPassword][URL]:" + buf.toString());
 
 			HCFetcher fetcher = HCFetcher.getInstance();
 			FetchEntity entity = fetcher.get(buf.toString());
-            if (entity == null) {// 再次重新尝试获取内容
+			// 再次重新尝试获取内容
+			if (entity == null) {
 
 				entity = fetcher.get(buf.toString());
 			}
 			if (entity != null) {
 				String text = entity.getContent("UTF-8");
-                LOG.debug("[UserService validateServerPassword][result]:" + text);
+				LOG.info("[UserService validateServerPassword][result]:" + text);
 				JSONObject response = JSON.parseObject(text);
 				if (response.get("result") == null) {
 					long endTime = System.nanoTime();
 					long duration = endTime - startTime;
-                    LOG.debug("[UserService login][validateServerPassword][FAILD]总共用时:" + Util.getDurationTime(duration));
+					LOG.info("[UserService login][validateServerPassword][FAILD]总共用时:" + Util.getDurationTime(duration));
 					return false;
 				}
 				JSONObject result = response.getJSONObject("result");
-                if ("1000".equals(result.getString("resultCode"))) { // 远程服务器登陆成功，更改数据库密码
+				// 远程服务器登陆成功，更改数据库密码
+				if ("1000".equals(result.getString("resultCode"))) {
 
 					long endTime = System.nanoTime();
 					long duration = endTime - startTime;
-                    LOG.debug("[UserService login][validateServerPassword][SUCCESS]总共用时:" + Util.getDurationTime(duration));
+					LOG.info("[UserService login][validateServerPassword][SUCCESS]总共用时:" + Util.getDurationTime(duration));
 					return true;
 				}
 			}
@@ -499,7 +503,7 @@ public class SystemService extends BaseService implements InitializingBean {
 		}
 		long endTime = System.nanoTime();
 		long duration = endTime - startTime;
-        LOG.debug("[UserService validateServerPassword][FAILD]总共用时:" + Util.getDurationTime(duration));
+		LOG.info("[UserService validateServerPassword][FAILD]总共用时:" + Util.getDurationTime(duration));
 		return false;
     }