<%@page import="com.amarsoft.are.util.SpecialTools"%> <%@page contentType="text/html; charset=GBK" session="false"%> <%@page import="com.amarsoft.are.util.StringFunction"%> <%@page import="com.amarsoft.awe.Configure"%> <%@page import="com.amarsoft.awe.RuntimeContext"%> <%@page import="com.amarsoft.awe.control.SessionListener"%> <%@page import="com.amarsoft.awe.control.model.ComponentSession"%> <%@page import="com.amarsoft.awe.security.*"%> <%@page import="com.amarsoft.awe.security.pwdrule.ALSPWDRules"%><%@ page import="com.amarsoft.awe.security.pwdrule.IsPasswordOverdueRule"%><%@ page import="com.amarsoft.awe.security.pwdrule.PasswordRuleManager"%><%@ page import="com.amarsoft.awe.util.ASResultSet"%><%@ page import="com.amarsoft.awe.util.SqlObject"%><%@ page import="com.amarsoft.awe.util.Transaction"%><%@ page import="com.amarsoft.context.ASPreference"%> <%@ page import="com.amarsoft.context.ASUser" %> <%@ page import="com.amarsoft.dict.als.manage.NameManager" %> <%! //检验验证码 public boolean vaildCheckCode(HttpServletRequest request, HttpSession session) { String sCheckCode = request.getParameter("CheckCode"); if (session == null) return true; String sSaveCheckCode = (String)session.getAttribute("CheckCode"); if (sSaveCheckCode==null || sCheckCode==null) return true; else if (sCheckCode.equalsIgnoreCase(sSaveCheckCode)) return true; else return false; } public String getUserId(String lognid,Transaction Sqlca) throws Exception{ String userinfo=""; ASResultSet rs = null; String sql="SELECT userid FROM user_info WHERE loginid=:loginid "; SqlObject asql = new SqlObject(sql); asql.setParameter("loginid", lognid); rs = Sqlca.getASResultSet(asql); if(rs.next()){ userinfo=rs.getString("userid"); }else{ throw new Exception("用户["+lognid+"]是无效用户"); } return userinfo; } public String getCurUseMainPath(String lognid,Transaction Sqlca) throws Exception{ String userinfo=""; ASResultSet rs = null; String sql="SELECT fi.itemdescribe mainpath FROM user_info ui LEFT OUTER JOIN ( "; sql=sql+" SELECT itemno,itemdescribe FROM CODE_LIBRARY WHERE codeno='FirstPage') fi ON ui.mainpath=fi.itemno "; sql=sql+" WHERE ui.userid=:loginid "; SqlObject asql = new SqlObject(sql); asql.setParameter("loginid", lognid); rs = Sqlca.getASResultSet(asql); String mainPath="/Main.jsp"; if(rs.next()){ mainPath=rs.getString("mainpath"); if(mainPath==null||mainPath.length()==0){mainPath="/Main.jsp";} } return mainPath; } //用户登录检查与密码验证性检查 public boolean validUserPassword(HttpServletRequest request, Transaction Sqlca,String sUserID,String sPWD) throws Exception { String userName = NameManager.getUserName(sUserID); System.out.println(userName); System.out.println(userName+":"+sUserID+":"+sPWD); LogonUser user = new LogonUser(userName, sUserID, sPWD); SecurityAudit securityAudit = new SecurityAudit(user); String requestMessage = request.getRemoteAddr() + "," + request.getRemoteAddr() + "," + request.getServerName() + "," + request.getServerPort();//将request请求信息拼接一下，传进去 if(securityAudit.isLogonSuccessful(Sqlca, null, requestMessage)){//目前这步不需要别的登录验证 //登录成功，还需进一步进行密码验证 PasswordRuleManager pwm = new PasswordRuleManager(); IsPasswordOverdueRule isPWDOverdueRule = new IsPasswordOverdueRule(sUserID, SecurityOptionManager.getPWDLimitDays(Sqlca), Sqlca);//该规则只是验证性规则，不是登录成功失败的必要条件 ALSPWDRules alsRules = new ALSPWDRules(SecurityOptionManager.getRules(Sqlca)); pwm.addRule(isPWDOverdueRule);//该规则比ALSPWDRules更重要，先添加进去 pwm.addRule(alsRules); securityAudit.isValidateSuccessful(Sqlca, pwm); return true; } else return false; } %><% HttpSession session = request.getSession(false); if (!vaildCheckCode(request,session)) { %><% return; } if (session!= null) { com.amarsoft.awe.RuntimeContext CurARCTemp = (com.amarsoft.awe.RuntimeContext) session.getAttribute("CurARC"); String sUserIDCom = request.getParameter("UserID"); if (sUserIDCom == null || sUserIDCom.equals("")) { String sUserIDSelectedCom = request.getParameter("UserIDSelected"); sUserIDCom = sUserIDSelectedCom; } if(sUserIDCom != null && !sUserIDCom.equals("") && CurARCTemp != null && CurARCTemp.getUser()!=null && !sUserIDCom.equals(CurARCTemp.getUser().getUserID())){ %><% return; } java.util.Enumeration attrs = session.getAttributeNames(); while (attrs.hasMoreElements()) {session.removeAttribute(attrs.nextElement());} if (!session.isNew()) { session.invalidate(); } } Transaction Sqlca = null; String sUserID = null; String sPWD = null; String sScreenWidth = null; String logonId = null; try { //获得传入的参数：用户登录账号、口令、界面风格 sUserID = request.getParameter("UserID"); logonId = sUserID; sPWD = request.getParameter("Password"); sScreenWidth = request.getParameter("ScreenWidth"); //下拉选框用户快速登陆，系统正式运行后可删除 String sUserIDSelected = ""; if (sUserID == null || sUserID.equals("")) { sUserIDSelected = request.getParameter("UserIDSelected"); sUserID = sUserIDSelected; } Configure CurConfig = Configure.getInstance(application); CurConfig.setContextPath(request.getContextPath()); Sqlca = Transaction.createTransaction(CurConfig.getConfigure("DataSource")); sUserID=getUserId(sUserID,Sqlca);//根据登陆ID获得用户的ID if (!validUserPassword(request, Sqlca, sUserID, sPWD)) throw new Exception("用户["+sUserID+"]登录失败:用户密码检验失败"); Sqlca.commit(); //取当前用户和机构，并将其放入 Session ASUser CurUser = ASUser.getUser(SpecialTools.real2Amarsoft(sUserID),Sqlca); //读取上下文单点登陆配置 String singleSignon = pageContext.getServletContext().getInitParameter("singleSignon"); String loginType = request.getParameter("loginType"); if(!"compulsive".equals(loginType) && "true".equals(singleSignon)){ StringBuffer sql = new StringBuffer(); sql.append("select count(1) num from user_list where userid='"); sql.append(sUserID); sql.append("' and (endtime is null or endtime = '') group by userid"); String num = Sqlca.getString(new SqlObject(sql.toString())); if(null != num && !"80009U00000001".equals(sUserID) && !"administrator".equals(sUserID)){ throw new Exception("false"); } }else if("compulsive".equals(loginType)){ StringBuffer updateSql = new StringBuffer(); updateSql.append("update user_list set endtime='"); updateSql.append(StringFunction.getTodayNow().replaceAll(":", "△")); updateSql.append("' where userid='"); updateSql.append(sUserID); updateSql.append("'"); SqlObject so = new SqlObject(updateSql.toString()); so.setDebugSql(so.getDebugSql().replaceAll("△", ":")); so.setOriginalSql(so.getOriginalSql().replaceAll("△", ":")); so.setRunSql(so.getRunSql().replaceAll("△", ":")); Sqlca.executeSQL(so); Sqlca.commit(); } //设置运行上下文参数 CurARC　在IncludeBegin.jsp中使用 RuntimeContext CurARC = new RuntimeContext(); CurARC.setAttribute("ScreenWidth",sScreenWidth); CurARC.setUser(CurUser); CurARC.setPref(new ASPreference(CurUser.getUserID())); CurARC.setCompSession(new ComponentSession()); session = request.getSession(true); session.setAttribute("CurARC",CurARC); //用户登陆成功，记录登陆信息 SessionListener sessionListener=new SessionListener(request,session,CurUser,CurConfig.getConfigure("DataSource")); session.setAttribute("listener",sessionListener); %> <% } catch (Exception e) { %> <% } finally { if(Sqlca!=null) { //断掉当前数据连接 Sqlca.commit(); Sqlca.disConnect(); Sqlca = null; } } %>