apzl_leasing/WebContent/Logon.jsp

<%@page import="com.amarsoft.dict.als.manage.NameManager"%>
<%@page contentType="text/html; charset=GBK" session="false"%>
<%@page import="com.amarsoft.are.util.*"%>
<%@page import="com.amarsoft.awe.util.*"%>
<%@page import="com.amarsoft.context.*"%>
<%@page import="com.amarsoft.web.*"%>
<%@page import="com.amarsoft.web.dw.*"%>
<%@page import="java.util.*"%>
<%@page import="com.amarsoft.awe.*"%><%@
page import="com.amarsoft.awe.control.SessionListener"%><%@
page import="com.amarsoft.awe.control.model.*"%><%@
page import="com.amarsoft.awe.util.*"%><%@
page import="com.amarsoft.awe.Configure"%><%@
page import="com.amarsoft.awe.security.*"%><%@
page import="com.amarsoft.awe.security.pwdrule.*"%><%!
//检验验证码
public boolean vaildCheckCode(HttpServletRequest request, HttpSession session) {
	String sCheckCode = request.getParameter("CheckCode");
	if (session == null) return true;
	String sSaveCheckCode = (String)session.getAttribute("CheckCode");
	if (sSaveCheckCode==null || sCheckCode==null) return true;
	else if (sCheckCode.equalsIgnoreCase(sSaveCheckCode)) return true;
	else return false;
}
public String getUserId(String lognid,Transaction Sqlca) throws Exception{
        String userinfo="";
        ASResultSet rs = null;
		String sql="SELECT userid FROM user_info WHERE loginid=:loginid ";
		SqlObject asql = new SqlObject(sql);
		asql.setParameter("loginid", lognid); 
		rs = Sqlca.getASResultSet(asql);
		if(rs.next()){
			userinfo=rs.getString("userid");
		}else{
			throw new Exception("用户["+lognid+"]是无效用户");
		}
		return userinfo;
}
public String getCurUseMainPath(String lognid,Transaction Sqlca) throws Exception{
	   String userinfo="";
        ASResultSet rs = null;
		String sql="SELECT fi.itemdescribe mainpath FROM user_info ui LEFT OUTER JOIN ( ";
		sql=sql+" SELECT itemno,itemdescribe FROM CODE_LIBRARY WHERE codeno='FirstPage') fi ON ui.mainpath=fi.itemno ";
		sql=sql+" WHERE ui.userid=:loginid ";
		SqlObject asql = new SqlObject(sql);
		asql.setParameter("loginid", lognid); 
		rs = Sqlca.getASResultSet(asql);
		String mainPath="/Main.jsp";
		if(rs.next()){
			mainPath=rs.getString("mainpath");
			if(mainPath==null||mainPath.length()==0){mainPath="/Main.jsp";}
		}
	 
		return mainPath;
}
//用户登录检查与密码验证性检查
public boolean validUserPassword(HttpServletRequest request, Transaction Sqlca,String sUserID,String sPWD) throws Exception {
    String userName = NameManager.getUserName(sUserID);
    
    System.out.println(userName);
    System.out.println(userName+":"+sUserID+":"+sPWD);
    LogonUser user = new LogonUser(userName, sUserID, sPWD);
	SecurityAudit securityAudit = new SecurityAudit(user);
	String requestMessage = request.getRemoteAddr() + "," + request.getRemoteAddr() + "," + request.getServerName() + "," + request.getServerPort();//将request请求信息拼接一下，传进去
	if(securityAudit.isLogonSuccessful(Sqlca, null, requestMessage)){//目前这步不需要别的登录验证
		//登录成功，还需进一步进行密码验证
		PasswordRuleManager pwm = new PasswordRuleManager();
		IsPasswordOverdueRule isPWDOverdueRule = new IsPasswordOverdueRule(sUserID, SecurityOptionManager.getPWDLimitDays(Sqlca), Sqlca);//该规则只是验证性规则，不是登录成功失败的必要条件
		ALSPWDRules alsRules = new ALSPWDRules(SecurityOptionManager.getRules(Sqlca));
		pwm.addRule(isPWDOverdueRule);//该规则比ALSPWDRules更重要，先添加进去
		pwm.addRule(alsRules);
		securityAudit.isValidateSuccessful(Sqlca, pwm);
		return true;
	}
	else return false;
}
%><%
    HttpSession session = request.getSession(false);
	if (!vaildCheckCode(request,session)) {
	%><script type="text/javascript">
		alert("登录失败,验证码检验错误。");
		window.open("index.html","_top");
	</script><%
	return;
	}

	if (session!= null) {
		java.util.Enumeration<String> attrs = session.getAttributeNames();
		while (attrs.hasMoreElements()) {session.removeAttribute(attrs.nextElement());}
		if (!session.isNew()) {
			session.invalidate();
		}
	}

	Transaction Sqlca = null;
	String sUserID = null;
	String sPWD = null;
	String sScreenWidth = null;
	String logonId = null;
	try {
		//获得传入的参数：用户登录账号、口令、界面风格
		sUserID = request.getParameter("UserID");
		logonId = sUserID;
		sPWD = request.getParameter("Password");
		sScreenWidth = request.getParameter("ScreenWidth");

		//下拉选框用户快速登陆，系统正式运行后可删除
		String sUserIDSelected = "";
		if (sUserID == null || sUserID.equals("")) {
			sUserIDSelected = request.getParameter("UserIDSelected");
			sUserID = sUserIDSelected;
		}

		Configure CurConfig = Configure.getInstance(application);
		CurConfig.setContextPath(request.getContextPath());
		Sqlca = Transaction.createTransaction(CurConfig.getConfigure("DataSource"));
		
		sUserID=getUserId(sUserID,Sqlca);//根据登陆ID获得用户的ID
		if (!validUserPassword(request, Sqlca, sUserID, sPWD)) throw new Exception("用户["+sUserID+"]登录失败:用户密码检验失败");
		Sqlca.commit();
		
		//取当前用户和机构，并将其放入 Session
		ASUser CurUser = ASUser.getUser(SpecialTools.real2Amarsoft(sUserID),Sqlca);

		//读取上下文单点登陆配置
		String singleSignon = pageContext.getServletContext().getInitParameter("singleSignon");
		String loginType = request.getParameter("loginType");
		if(!"compulsive".equals(loginType) && "true".equals(singleSignon)){
			StringBuffer sql = new StringBuffer();
			sql.append("select count(1) num from user_list where userid='");
			sql.append(sUserID);
			sql.append("' and (endtime is null or endtime = '') group by userid");
			String num = Sqlca.getString(new SqlObject(sql.toString()));
			if(null != num){
				throw new Exception("false");
			}
		}else if("compulsive".equals(loginType)){
			StringBuffer updateSql = new StringBuffer();
			updateSql.append("update user_list set endtime='");
			updateSql.append(StringFunction.getTodayNow().replaceAll(":", "△"));
			updateSql.append("' where userid='");
			updateSql.append(sUserID);
			updateSql.append("'");
			SqlObject so = new SqlObject(updateSql.toString());
			so.setDebugSql(so.getDebugSql().replaceAll("△", ":"));
			so.setOriginalSql(so.getOriginalSql().replaceAll("△", ":"));
			so.setRunSql(so.getRunSql().replaceAll("△", ":"));
			Sqlca.executeSQL(so);
		}
		
		//设置运行上下文参数 CurARC　在IncludeBegin.jsp中使用
		RuntimeContext CurARC = new RuntimeContext();
		CurARC.setAttribute("ScreenWidth",sScreenWidth);
		CurARC.setUser(CurUser);
		CurARC.setPref(new ASPreference(CurUser.getUserID()));
		CurARC.setCompSession(new ComponentSession());

		session = request.getSession(true);
		session.setAttribute("CurARC",CurARC);

		//用户登陆成功，记录登陆信息
	    SessionListener sessionListener=new SessionListener(request,session,CurUser,CurConfig.getConfigure("DataSource"));
	    session.setAttribute("listener",sessionListener);
%><script type="text/javascript">
<%
		String sPWDState =  new UserMarkInfo(Sqlca,CurUser.getUserID()).getPasswordState();
		if(true && // 开发模式不做首次登录/密码过期校验
				(sPWDState.equals(String.valueOf(SecurityAuditConstants.CODE_USER_FIRST_LOGON)) || sPWDState.equals(String.valueOf(SecurityAuditConstants.CODE_PWD_OVERDUE)))){
%>
 			window.open("<%=CurConfig.getContextPath() %>/Redirector?ComponentURL=/AppMain/ModifyPassword.jsp","_top");
<%
	}else{
			String mainPath=getCurUseMainPath(sUserID,Sqlca);
%>
			window.open("<%=CurConfig.getContextPath() %>/Redirector?ComponentURL=<%=mainPath%>","_top");
<%	  
		}
%></script>
<%
	} catch (Exception e) {
		//e.printStackTrace();
		//e.fillInStackTrace();
		//e.printStackTrace(new java.io.PrintWriter(System.out));
%>
		<script type="text/javascript">
			//alert("登录失败,请检查用户名和密码是否输入正确！\n如果您忘记了密码，请与系统管理员联系，恢复初始密码。");
			if("false" == "<%=e.getMessage()%>"){
				if(confirm("发现此账号已登陆中，是否强制登陆？")){
					window.open("Logon.jsp?loginType=compulsive&UserID=<%=logonId%>&Password=<%=sPWD%>&ScreenWidth=<%=sScreenWidth%>","_top");
				}else{
					window.open("index.html","_top");
				}
			}else{
				alert("<%=e.getMessage()%>");
				window.open("index.html","_top");
			}
		</script>			
<%
		return;
	} finally {
		if(Sqlca!=null) {
			//断掉当前数据连接
			Sqlca.commit();
			Sqlca.disConnect();
			Sqlca = null;
		}
	}
%>