Index: forgon-core/src/main/java/com/forgon/security/action/UserAction.java =================================================================== diff -u -r40748 -r40755 --- forgon-core/src/main/java/com/forgon/security/action/UserAction.java (.../UserAction.java) (revision 40748) +++ forgon-core/src/main/java/com/forgon/security/action/UserAction.java (.../UserAction.java) (revision 40755) @@ -1,6 +1,7 @@ package com.forgon.security.action; import java.util.Date; +import java.util.Properties; import java.util.Set; import javax.servlet.http.HttpServletRequest; @@ -10,13 +11,15 @@ import net.sf.json.JSONObject; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.struts2.convention.annotation.Action; import org.apache.struts2.convention.annotation.Namespace; import org.apache.struts2.convention.annotation.ParentPackage; import com.forgon.directory.acegi.tools.AcegiHelper; +import com.forgon.directory.model.LoginInfo; import com.forgon.directory.service.SysUserManager; import com.forgon.directory.vo.LoginUserData; import com.forgon.security.model.User; @@ -27,6 +30,7 @@ import com.forgon.tools.crypto.rsa.RSAEncrypt; import com.forgon.tools.json.JSONUtil; import com.forgon.tools.util.ConfigUtils; +import com.forgon.tools.util.PropertiesUtils; import com.opensymphony.xwork2.ModelDriven; import com.opensymphony.xwork2.Preparable; @@ -76,29 +80,54 @@ throw new RuntimeException("用户名或密码不能为空!"); } String j_passwordAfterRsaDecrypt = RSAEncrypt.decrypt(password); - String j_passwordRsaMd5 = CoderEncryption.encryptMD5ForSpringSecurity(j_passwordAfterRsaDecrypt); String j_useNameAfterRsaDecrypt = RSAEncrypt.decrypt(userName); - User user = userManager.getUserByUserCode(j_useNameAfterRsaDecrypt); + //判断是否扫描登录 + boolean userNameIsBarcode = j_useNameAfterRsaDecrypt.matches("^01[0-9]{7,10}$"); + String property = "name"; + if(userNameIsBarcode){ + property = "barcode"; + } + User user = sysUserManager.getUserByPropertyWithLower(property, j_useNameAfterRsaDecrypt); if(user == null){ throw new RuntimeException("用户名异常!"); } - if(!StringUtils.equals(user.getPasswd(), j_passwordRsaMd5)){ - throw new RuntimeException("密码错误!"); + //判断密码是否正确 + if(userNameIsBarcode){ + //条码登录的密码从配置文件中取 + String barcodeLogonPassword = LoginInfo.barcodeLogonDefalutPassword; + Properties logonProperties = PropertiesUtils.getLogonProperties(); + if(MapUtils.isNotEmpty(logonProperties)){ + String configBarcodeLogonPassword = (String)logonProperties.getProperty("barcodeLogonPassword"); + if(StringUtils.isNotBlank(configBarcodeLogonPassword)){ + barcodeLogonPassword = configBarcodeLogonPassword; + } + } + //在登录界面输入的用户名为条码值,密码固定输入为"P@ssw0rd" + if(!StringUtils.equals(j_passwordAfterRsaDecrypt, barcodeLogonPassword)){ + throw new RuntimeException("密码错误!"); + } + }else{ + String j_passwordRsaMd5 = CoderEncryption.encryptMD5ForSpringSecurity(j_passwordAfterRsaDecrypt); + if(!StringUtils.equals(user.getPasswd(), j_passwordRsaMd5)){ + throw new RuntimeException("密码错误!"); + } } Boolean modifiedPwd = user.getModifiedPwd() == null ? false :user.getModifiedPwd(); Boolean needForceModifyPwdWhenFirstTime = ConfigUtils.getSystemSetConfigByNameBool("needForceModifyPwdWhenFirstTime"); if(needForceModifyPwdWhenFirstTime && !modifiedPwd){ // 开启了needForceModifyPwdWhenFirstTime配置项,第一次登录时,需要修改密码,原密码直接认定为不符合要求 meetPwdComplexity = false; - }else{ + }else if(!userNameIsBarcode){ + //PC端只支持用户名密码登录时,检查密码复杂度,扫码登录不检查 //开启了forceUserChangePwdWhenNotMeetPwdComplexityReq配置项,就需要检查密码复杂度 Boolean forceUserChangePwdWhenNotMeetPwdComplexityReq = ConfigUtils.getSystemSetConfigByNameBool("forceUserChangePwdWhenNotMeetPwdComplexityReq"); if(forceUserChangePwdWhenNotMeetPwdComplexityReq){ meetPwdComplexity = userManager.forceUserChangePwdWhenNotMeetPwdComplexityReq(user.getName(), j_useNameAfterRsaDecrypt, j_passwordAfterRsaDecrypt); } - passwdIsExpired = sysUserManager.userPasswdIsExpired(user, new Date()); } + //检查密码是否过期QYSRMYY-76 + passwdIsExpired = sysUserManager.userPasswdIsExpired(user, new Date()); } catch (Exception e) { e.printStackTrace(); } Index: ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java =================================================================== diff -u -r40748 -r40755 --- ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java (.../DaoUserDetailSSTSImpl.java) (revision 40748) +++ ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java (.../DaoUserDetailSSTSImpl.java) (revision 40755) @@ -391,6 +391,17 @@ //处理深圳三院单点登录配置导致密码未传完后台的情况 if(StringUtils.isNotBlank(j_password) && (StringUtils.equals(j_password, barcodeLogonPassword) || StringUtils.equals(RSAEncrypt.decrypt(j_password), barcodeLogonPassword))){ password = CoderEncryption.encryptMD5ForSpringSecurity(j_password); + //新增强制用户定期修改登录密码功能QYSRMYY-76 + if(StringUtils.equals(RSAEncrypt.decrypt(j_password), barcodeLogonPassword) && sysUserManager.userPasswdIsExpired(currentLoginedUser, now)){ + //通过扫描工作证条码登录时,在登录界面输入的用户名为条码值,密码固定输入为"P@ssw0rd"的情况才做拦截; + logger.error("用户"+ username + "密码已经过期,请修改密码后再进行登录!"); + if(request != null){ + request.getSession().setAttribute("message", messageCommon); + } + //记录ip登录失败记录(GZSZYY-119【登录管理】新增多个登录功能改进(ip登录失败锁定次数,验证码刷新规则修改)) + recordLoginFailIp(request); + throw new DisabledException("密码已经过期,请修改密码后再进行登录!"); + } } }else{ //如果有配置sso单点登录的bean且所登录的帐号不为条码时,通过统一身份认证的方式认证