diff --git a/src_app_fresh/apx/com/amarsoft/als/user/pwd/controller/AppUserPwdController.java b/src_app_fresh/apx/com/amarsoft/als/user/pwd/controller/AppUserPwdController.java index 69785f91d..ea2c35b77 100644 --- a/src_app_fresh/apx/com/amarsoft/als/user/pwd/controller/AppUserPwdController.java +++ b/src_app_fresh/apx/com/amarsoft/als/user/pwd/controller/AppUserPwdController.java @@ -1,72 +1,96 @@ -package apx.com.amarsoft.als.user.pwd.controller; - -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.core.Context; - -import apx.com.amarsoft.als.user.pwd.service.GesturePwdService; -import apx.com.amarsoft.als.user.pwd.service.impl.GesturePwdServiceImpl; - -import com.amarsoft.are.ARE; -import com.amarsoft.are.jbo.JBOTransaction; -import com.amarsoft.awe.util.Transaction; -import com.base.util.ReturnMapUtil; - -@Path("/user/center/manager") -public class AppUserPwdController { - GesturePwdService gesturePwdService = new GesturePwdServiceImpl(); - - @Path("/setup/gesture") - @GET - public Map setupGesture( - @Context HttpServletRequest request, @Context Transaction sqlca, - @Context JBOTransaction tx) throws Exception { - ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); - try { - ARE.getLog().info( - "[CONTROLLER] AppUserPwdController run ................."); - ARE.getLog() - .info("[Path] /user/center/manager/setup/gesture run ................."); - return gesturePwdService.setupGesture(request, tx, ReturnMapUtil); - } catch (Exception e) { - return ReturnMapUtil.rollback(e); - } - } - - @Path("/close/gesture") - @GET - public Map closeGesture( - @Context HttpServletRequest request, @Context Transaction sqlca, - @Context JBOTransaction tx) throws Exception { - ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); - try { - ARE.getLog().info( - "[CONTROLLER] AppUserPwdController run ................."); - ARE.getLog() - .info("[Path] /user/center/manager/close/gesture run ................."); - return gesturePwdService.closeGesture(request, tx, ReturnMapUtil); - } catch (Exception e) { - return ReturnMapUtil.rollback(e); - } - } - - @Path("/acquisition/gesture") - @GET - public Map acquisitionGesture( - @Context HttpServletRequest request, @Context Transaction sqlca, - @Context JBOTransaction tx) throws Exception { - ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); - try { - ARE.getLog().info( - "[CONTROLLER] AppUserPwdController run ................."); - ARE.getLog() - .info("[Path] /user/center/manager/acquisition/gesture run ................."); - return gesturePwdService.acquisitionGesture(request, ReturnMapUtil); - } catch (Exception e) { - return ReturnMapUtil.rollback(e); - } - } -} +package apx.com.amarsoft.als.user.pwd.controller; + +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.core.Context; + +import apx.com.amarsoft.als.user.change.center.service.ApplyArchiveService; +import apx.com.amarsoft.als.user.change.center.service.impl.ApplyArchiveServiceImpl; +import apx.com.amarsoft.als.user.pwd.service.GesturePwdService; +import apx.com.amarsoft.als.user.pwd.service.impl.GesturePwdServiceImpl; + +import com.amarsoft.are.ARE; +import com.amarsoft.are.jbo.JBOTransaction; +import com.amarsoft.awe.util.Transaction; +import com.base.util.ReturnMapUtil; + +@Path("/user/center/manager") +public class AppUserPwdController { + GesturePwdService gesturePwdService = new GesturePwdServiceImpl(); + + @Path("/setup/gesture") + @GET + public Map setupGesture( + @Context HttpServletRequest request, @Context Transaction sqlca, + @Context JBOTransaction tx) throws Exception { + ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); + try { + ARE.getLog().info( + "[CONTROLLER] AppUserPwdController run ................."); + ARE.getLog() + .info("[Path] /user/center/manager/setup/gesture run ................."); + return gesturePwdService.setupGesture(request, tx, ReturnMapUtil); + } catch (Exception e) { + return ReturnMapUtil.rollback(e); + } + } + + @Path("/close/gesture") + @GET + public Map closeGesture( + @Context HttpServletRequest request, @Context Transaction sqlca, + @Context JBOTransaction tx) throws Exception { + ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); + try { + ARE.getLog().info( + "[CONTROLLER] AppUserPwdController run ................."); + ARE.getLog() + .info("[Path] /user/center/manager/close/gesture run ................."); + return gesturePwdService.closeGesture(request, tx, ReturnMapUtil); + } catch (Exception e) { + return ReturnMapUtil.rollback(e); + } + } + + @Path("/acquisition/gesture") + @GET + public Map acquisitionGesture( + @Context HttpServletRequest request, @Context Transaction sqlca, + @Context JBOTransaction tx) throws Exception { + ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); + try { + ARE.getLog().info( + "[CONTROLLER] AppUserPwdController run ................."); + ARE.getLog() + .info("[Path] /user/center/manager/acquisition/gesture run ................."); + return gesturePwdService.acquisitionGesture(request, ReturnMapUtil); + } catch (Exception e) { + return ReturnMapUtil.rollback(e); + } + } + + + //修改密码 + @Path("/updatePwd") + @POST + public Map SaveFeedback(@Context HttpServletRequest request, + @Context HttpServletResponse response, @Context JBOTransaction tx, + @Context Transaction sqlca) throws Exception { + ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(tx, sqlca); + ARE.getLog().info( + "[CONTROLLER] ApplyChangeController run ................."); + ARE.getLog().info("[Path] /change/save/courier" + " run ................."); + + try { + return gesturePwdService.SaveFeedback(request, response, tx, sqlca, ReturnMapUtil); + } catch (Exception e) { + return ReturnMapUtil.rollback(e); + } + } + +} diff --git a/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/GesturePwdService.java b/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/GesturePwdService.java index c11fb4678..d58736efd 100644 --- a/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/GesturePwdService.java +++ b/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/GesturePwdService.java @@ -1,20 +1,27 @@ -package apx.com.amarsoft.als.user.pwd.service; - -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.core.Context; - -import com.amarsoft.are.jbo.JBOTransaction; -import com.base.util.ReturnMapUtil; - -public interface GesturePwdService { - Map setupGesture(@Context HttpServletRequest request, - @Context JBOTransaction tx, ReturnMapUtil ReturnMapUtil); - - Map closeGesture(@Context HttpServletRequest request, - @Context JBOTransaction tx, ReturnMapUtil ReturnMapUtil); - - Map acquisitionGesture(@Context HttpServletRequest request, - ReturnMapUtil ReturnMapUtil); -} +package apx.com.amarsoft.als.user.pwd.service; + +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.Context; + +import com.amarsoft.are.jbo.JBOTransaction; +import com.amarsoft.awe.util.Transaction; +import com.base.util.ReturnMapUtil; + +public interface GesturePwdService { + Map setupGesture(@Context HttpServletRequest request, + @Context JBOTransaction tx, ReturnMapUtil ReturnMapUtil); + + Map closeGesture(@Context HttpServletRequest request, + @Context JBOTransaction tx, ReturnMapUtil ReturnMapUtil); + + Map acquisitionGesture(@Context HttpServletRequest request, + ReturnMapUtil ReturnMapUtil); + + + + Map SaveFeedback(HttpServletRequest request, HttpServletResponse response, JBOTransaction tx, + Transaction sqlca, ReturnMapUtil returnMapUtil) throws Exception; +} diff --git a/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/impl/GesturePwdServiceImpl.java b/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/impl/GesturePwdServiceImpl.java index 187952046..3b884bbc7 100644 --- a/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/impl/GesturePwdServiceImpl.java +++ b/src_app_fresh/apx/com/amarsoft/als/user/pwd/service/impl/GesturePwdServiceImpl.java @@ -1,105 +1,180 @@ -package apx.com.amarsoft.als.user.pwd.service.impl; - -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import apx.com.amarsoft.als.user.pwd.service.GesturePwdService; - -import com.amarsoft.are.ARE; -import com.amarsoft.are.jbo.JBOException; -import com.amarsoft.are.jbo.JBOTransaction; -import com.base.constant.RestfullConstant; -import com.base.helper.UserHelper; -import com.base.util.DES; -import com.base.util.MD5Util; -import com.base.util.ReturnMapUtil; - -public class GesturePwdServiceImpl implements GesturePwdService { - // ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(); - public Map setupGesture(HttpServletRequest request, - JBOTransaction tx, ReturnMapUtil ReturnMapUtil) { - String sUserId = request.getParameter("userid"); - sUserId = sUserId == null ? request.getSession().getAttribute("userid") == null ? null - : request.getSession().getAttribute("userid").toString() - : sUserId; - String sPwd = request.getParameter("pwd"); - if (null == sPwd) - sPwd = ""; -// DES.decrypt(sPwd); - sPwd = DES.decrypt(sPwd); - sPwd = MD5Util.getMD5EncodedPassword(sPwd); - Map map = new HashMap(); - map.put("ENABLE_GESTURE", "1"); - map.put("GESTURE_PASSWORD", sPwd); - try { - UserHelper.edit(tx, sUserId, map); - } catch (JBOException e) { - ARE.getLog().error(e); - ReturnMapUtil.setReturnMap(null, - (String) RestfullConstant.baseProperty.get("FAIL" - .toLowerCase()), "设置手钥密码数据操作失败!"); - return ReturnMapUtil.getReturnMap(); - } - ReturnMapUtil.setReturnMap(null, (String) RestfullConstant.baseProperty - .get("SUCCESS".toLowerCase()), "成功设置或重设手钥密码!"); - return ReturnMapUtil.getReturnMap(); - } - - public Map closeGesture(HttpServletRequest request, - JBOTransaction tx, ReturnMapUtil ReturnMapUtil) { - // NO CHECK URI - String sUserId = request.getParameter("userid"); - sUserId = sUserId == null ? request.getSession().getAttribute("userid") == null ? null - : request.getSession().getAttribute("userid").toString() - : sUserId; - if (null == sUserId) - sUserId = ""; - Map map = new HashMap(); - map.put("ENABLE_GESTURE", ""); - map.put("GESTURE_PASSWORD", ""); - try { - UserHelper.edit(tx, sUserId, map); - } catch (JBOException e) { - ARE.getLog().error(e); - ReturnMapUtil.setReturnMap(null, - (String) RestfullConstant.baseProperty.get("FAIL" - .toLowerCase()), "关闭手钥密码数据操作失败!"); - return ReturnMapUtil.getReturnMap(); - } - ReturnMapUtil.setReturnMap(null, (String) RestfullConstant.baseProperty - .get("SUCCESS".toLowerCase()), "成功关闭手钥密码!"); - return ReturnMapUtil.getReturnMap(); - } - - public Map acquisitionGesture(HttpServletRequest request, - ReturnMapUtil ReturnMapUtil) { - - // NO CHECK URI - String sUserId = request.getParameter("userid"); - sUserId = sUserId == null ? request.getSession().getAttribute("userid") == null ? null - : request.getSession().getAttribute("userid").toString() - : sUserId; - if (null == sUserId) - sUserId = ""; - Map userMap = UserHelper.getUser(sUserId); - if (userMap == null) { - ReturnMapUtil.setReturnMap(null, - (String) RestfullConstant.baseProperty.get("FAIL" - .toLowerCase()), "没用找到该用户!"); - return ReturnMapUtil.getReturnMap(); - } - Map body = new HashMap(); - body.put("loginid", userMap.get("loginid")); - body.put("username", userMap.get("username")); - body.put("userid", userMap.get("userid")); - String sEnable = (String) userMap.get("ENABLE_GESTURE".toLowerCase()); - - body.put("enablegesture", sEnable); - body.put("enableGestureName", "1".equals(sEnable) ? "开启" : "关闭"); - ReturnMapUtil.setReturnMap(body, (String) RestfullConstant.baseProperty - .get("SUCCESS".toLowerCase()), ""); - return ReturnMapUtil.getReturnMap(); - } -} +package apx.com.amarsoft.als.user.pwd.service.impl; + +import java.util.HashMap; +import java.util.Map; +import java.util.Map.Entry; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import apx.com.amarsoft.als.user.pwd.service.GesturePwdService; + +import com.amarsoft.are.ARE; +import com.amarsoft.are.jbo.BizObject; +import com.amarsoft.are.jbo.BizObjectManager; +import com.amarsoft.are.jbo.JBOException; +import com.amarsoft.are.jbo.JBOFactory; +import com.amarsoft.are.jbo.JBOTransaction; +import com.amarsoft.are.lang.DateX; +import com.amarsoft.are.security.MessageDigest; +import com.amarsoft.are.util.DataConvert; +import com.amarsoft.awe.security.LogonUser; +import com.amarsoft.awe.security.SecurityAudit; +import com.amarsoft.awe.security.SecurityAuditConstants; +import com.amarsoft.awe.security.SecurityOptionManager; +import com.amarsoft.awe.security.UserMarkInfo; +import com.amarsoft.awe.security.pwdrule.ALSPWDRules; +import com.amarsoft.awe.security.pwdrule.ComparePasswordRule; +import com.amarsoft.awe.security.pwdrule.PasswordRuleManager; +import com.amarsoft.awe.util.Transaction; +import com.amarsoft.context.ASUser; +import com.base.constant.RestfullConstant; +import com.base.helper.UserHelper; +import com.base.util.DES; +import com.base.util.MD5Util; +import com.base.util.MultipartDataUtil; +import com.base.util.ReturnMapUtil; + +public class GesturePwdServiceImpl implements GesturePwdService { + // ReturnMapUtil ReturnMapUtil = new ReturnMapUtil(); + public Map setupGesture(HttpServletRequest request, + JBOTransaction tx, ReturnMapUtil ReturnMapUtil) { + String sUserId = request.getParameter("userid"); + sUserId = sUserId == null ? request.getSession().getAttribute("userid") == null ? null + : request.getSession().getAttribute("userid").toString() + : sUserId; + String sPwd = request.getParameter("pwd"); + if (null == sPwd) + sPwd = ""; +// DES.decrypt(sPwd); + sPwd = DES.decrypt(sPwd); + sPwd = MD5Util.getMD5EncodedPassword(sPwd); + Map map = new HashMap(); + map.put("ENABLE_GESTURE", "1"); + map.put("GESTURE_PASSWORD", sPwd); + try { + UserHelper.edit(tx, sUserId, map); + } catch (JBOException e) { + ARE.getLog().error(e); + ReturnMapUtil.setReturnMap(null, + (String) RestfullConstant.baseProperty.get("FAIL" + .toLowerCase()), "设置手钥密码数据操作失败!"); + return ReturnMapUtil.getReturnMap(); + } + ReturnMapUtil.setReturnMap(null, (String) RestfullConstant.baseProperty + .get("SUCCESS".toLowerCase()), "成功设置或重设手钥密码!"); + return ReturnMapUtil.getReturnMap(); + } + + public Map closeGesture(HttpServletRequest request, + JBOTransaction tx, ReturnMapUtil ReturnMapUtil) { + // NO CHECK URI + String sUserId = request.getParameter("userid"); + sUserId = sUserId == null ? request.getSession().getAttribute("userid") == null ? null + : request.getSession().getAttribute("userid").toString() + : sUserId; + if (null == sUserId) + sUserId = ""; + Map map = new HashMap(); + map.put("ENABLE_GESTURE", ""); + map.put("GESTURE_PASSWORD", ""); + try { + UserHelper.edit(tx, sUserId, map); + } catch (JBOException e) { + ARE.getLog().error(e); + ReturnMapUtil.setReturnMap(null, + (String) RestfullConstant.baseProperty.get("FAIL" + .toLowerCase()), "关闭手钥密码数据操作失败!"); + return ReturnMapUtil.getReturnMap(); + } + ReturnMapUtil.setReturnMap(null, (String) RestfullConstant.baseProperty + .get("SUCCESS".toLowerCase()), "成功关闭手钥密码!"); + return ReturnMapUtil.getReturnMap(); + } + + public Map acquisitionGesture(HttpServletRequest request, + ReturnMapUtil ReturnMapUtil) { + + // NO CHECK URI + String sUserId = request.getParameter("userid"); + sUserId = sUserId == null ? request.getSession().getAttribute("userid") == null ? null + : request.getSession().getAttribute("userid").toString() + : sUserId; + if (null == sUserId) + sUserId = ""; + Map userMap = UserHelper.getUser(sUserId); + if (userMap == null) { + ReturnMapUtil.setReturnMap(null, + (String) RestfullConstant.baseProperty.get("FAIL" + .toLowerCase()), "没用找到该用户!"); + return ReturnMapUtil.getReturnMap(); + } + Map body = new HashMap(); + body.put("loginid", userMap.get("loginid")); + body.put("username", userMap.get("username")); + body.put("userid", userMap.get("userid")); + String sEnable = (String) userMap.get("ENABLE_GESTURE".toLowerCase()); + + body.put("enablegesture", sEnable); + body.put("enableGestureName", "1".equals(sEnable) ? "开启" : "关闭"); + ReturnMapUtil.setReturnMap(body, (String) RestfullConstant.baseProperty + .get("SUCCESS".toLowerCase()), ""); + return ReturnMapUtil.getReturnMap(); + } + + + + public Map SaveFeedback(HttpServletRequest request, HttpServletResponse response, JBOTransaction tx, + Transaction sqlca, ReturnMapUtil ReturnMapUtil) throws Exception { + Map testMap = (Map) MultipartDataUtil + .readRequestParam(request, "UTF-8"); + Map fieldMap = (Map) testMap.get("fieldMap"); + String userid = fieldMap.get("userid") == null ? "" : fieldMap.get("userid").toString(); + String oldPwd = fieldMap.get("oldPassword") == null ? "" : fieldMap.get("oldPassword").toString(); + String newPwd = fieldMap.get("newPassword") == null ? "" : fieldMap.get("newPassword").toString(); + //加密处理 + String sEncOldPassword = MessageDigest.getDigestAsUpperHexString("MD5", oldPwd ); + String sEncNewPassword = MessageDigest.getDigestAsUpperHexString("MD5", newPwd); + + BizObjectManager bm = JBOFactory.getBizObjectManager("jbo.awe.USER_INFO"); + BizObject bo1 = bm.createQuery("UserID=:UserID and Password=:Password") + .setParameter("UserID", userid).setParameter("Password", sEncOldPassword).getSingleResult(true); + Map bo = new HashMap(); + if(bo1 == null) { + ReturnMapUtil.setReturnMap(null,RestfullConstant.baseProperty.get("fail").toString(), "原密码错误,请重新输入!!"); + return ReturnMapUtil.getReturnMap(); + } + SecurityAudit securityAudit = new SecurityAudit(new LogonUser(ASUser.getUser(userid, sqlca).getUserName(), userid, oldPwd));//安全审计里面可能需要判断密码是否包含大小写等问题,所以构建用户的时候,使用明码 + UserMarkInfo userMarkInfo = securityAudit.getUserMarkInfo(sqlca); + PasswordRuleManager pwm = new PasswordRuleManager(); + ComparePasswordRule compareRule = new ComparePasswordRule(); + Map ruleMap = SecurityOptionManager.getRules(sqlca); + ALSPWDRules alsPWDRules = new ALSPWDRules(ruleMap); + pwm.addRule(compareRule); + pwm.addRule(alsPWDRules); + + if(!securityAudit.modifyPassword(newPwd,pwm)){ + if(securityAudit.getErrorCode()==SecurityAuditConstants.CODE_RULE_ERROR_LENGTH){ + Map ruleMap2 = new HashMap(); + for(Entry e : ruleMap.entrySet()){ + ruleMap2.put(DataConvert.toInt(e.getKey()), e.getValue()); + } + String pwdLength = ruleMap2.get(securityAudit.getErrorCode()); + System.out.println("密码长度至少为"+pwdLength+"位,请重新输入!!!"); + }else{ + System.out.println(securityAudit.getErrorMessage()+",请重新输入!!!"); + } + } + //校验通过后,更新为新的密码 + bo1.setAttributeValue("Password", sEncNewPassword); + bm.saveObject(bo1); + + //保存用户痕迹信息 + userMarkInfo.setPasswordState("0"); + userMarkInfo.setPassWordUpdateDate(DateX.format(new java.util.Date())); + userMarkInfo.saveMarkInfo(sqlca); + + ReturnMapUtil.setReturnMap(bo,RestfullConstant.baseProperty.get("success").toString(), ""); + return ReturnMapUtil.getReturnMap(); + } +}