VerifyLoginWeaversso.jsp
5.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<%@page import="com.api.login.util.ValidatecodeUtil" %>
<%@ page import="com.engine.hrm.biz.LoginPasswordParser, weaver.conn.RecordSet, weaver.file.Prop, weaver.general.AES" %>
<%@ page import="weaver.general.Util" %>
<%@ page import="weaver.integration.logging.Logger" %>
<%@ page import="weaver.integration.logging.LoggerFactory" %>
<%@ page import="weaver.rsa.security.RSA" %>
<%@ page import="weaver.weaversso.VerifyWeaverSSO" %>
<%@ page import="java.net.URLDecoder" %>
<%@ page import="java.net.URLEncoder" %>
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
<%
String requestMethod = Util.null2String(request.getMethod());
if (requestMethod.equalsIgnoreCase("GET")) {
%>
<script language="javascript">
alert("非法登录方式");
window.close();
</script>
<%
return;
}
//authenticationType:2,扫码;token
Logger logger = LoggerFactory.getLogger(Logger.class);
String weaverssoservice = Util.null2String(request.getParameter("service"));
String appid = Util.null2String(request.getParameter("appid"));
String isRememberAccount = Util.null2String(request.getParameter("isRememberAccount"));
String isRememberPassword = Util.null2String(request.getParameter("isRememberPassword"));
// logger.info("===========service:"+weaverssoservice);
// logger.info("===========appid:"+appid);
String loginfile = Util.null2String(request.getParameter("loginfile"));
String logintype = Util.null2String(request.getParameter("logintype"));
if ("".equals(logintype)) {
logintype = "1";
}
String loginid = Util.null2String(request.getParameter("loginid"));
String userpassword = Util.null2String(request.getParameter("userpassword"));
String message = Util.null2String(request.getParameter("message"));
String isIE = Util.null2String(request.getParameter("isie"));
String authenticationType = Util.null2String(request.getParameter("authenticationType"));
if ("2".equals(authenticationType)) {
//扫码登录
loginid = (String) session.getAttribute("_SSO_HRM_LOGINID_");
userpassword = "C8F57459-99AF-4A3F-8351-3CE2508B451C";
}
String decodeService = URLDecoder.decode(weaverssoservice, "UTF-8");
String andFlag = "?";
if (decodeService.contains("?")) {
andFlag = "&";
}
decodeService += andFlag + "isRememberAccount_=" + isRememberAccount;
decodeService += "&isRememberPassword_=" + isRememberPassword;
decodeService += "&loginid_=" + loginid;
LoginPasswordParser passwordParser = new LoginPasswordParser();
String sendpassword = userpassword;
if (passwordParser.isEncrypted(userpassword)) {
userpassword = passwordParser.getDecryptedPassword(userpassword);
} else {
sendpassword = passwordParser.getEncryptedPassword(userpassword);
}
decodeService += "&up_=" + sendpassword;
String encodeService = URLEncoder.encode(decodeService, "UTF-8");
String referer = request.getHeader("Referer") + "#/?message=311"+"&appid="+appid+"&service="+weaverssoservice;
//验证码验证
if (!ValidatecodeUtil.checkLoginValidateCode(request)) {
logger.info("===========验证码验证失败!");
response.sendRedirect(referer);
return;
}
String apploginid = loginid;
VerifyWeaverSSO sso = new VerifyWeaverSSO();
String remoteHost = request.getRemoteHost();
String realloginid = sso.getRealLoginid(appid, loginid, remoteHost);
// logger.info("===========realloginid:"+realloginid);
/*if (!"".equals(realloginid)) {
apploginid = realloginid;
} else {
response.sendRedirect(referer);
return;
}*/
if ("".equals(realloginid)) {
logger.info("===========统一认证失败!未找到注册账号或者客户端未注册!");
response.sendRedirect(referer);
return;
}
if (!weaverssoservice.equals("") && !appid.equals("")) {
VerifyWeaverSSO verifyWeaverSSO = new VerifyWeaverSSO();
// String serverUrl = referer.substring(0, referer.indexOf("/wui/index.html#")) + "/WeaverSSOlogin";
String ts = verifyWeaverSSO.saveLog(appid, apploginid, loginid, request.getRemoteHost());
// String pass = userpassword + "-f-g-" + serverUrl+"-h-i-"+sso.getSalt();
String pass = AES.encrypt(userpassword, "yjcust");
RecordSet rs = new RecordSet();
rs.executeProc("SystemSet_Select","");
rs.next();
String oaaddress = Util.null2String(rs.getString("oaaddress"));
String loginUrl = oaaddress+"/sso/login";
//集成登录使用明文的userpassword,这里暂存一下
String isrsaopen = Util.null2String(Prop.getPropValue("openRSA","isrsaopen"));//是否开启RSA
session.setAttribute("userpassword",userpassword);
session.setAttribute("password",userpassword);
session.setAttribute("isrsaopen",isrsaopen);//是否RSA加密
if("1".equals(isrsaopen)){
RSA rsa = new RSA();
userpassword = rsa.decrypt(request,userpassword);
if(rsa.getMessage().equals("0")){
String rsa_user_password = rsa.encrypt(request,userpassword);
session.setAttribute("password_new",rsa_user_password);
}
}
// String casLoginurl = loginUrl+(loginUrl.indexOf("?")>0? "&":"?")+"username=" + loginid + "&token=" + pass + "&service=" + URLEncoder.encode(weaverssoservice) + "&referer=" + URLEncoder.encode(referer);
// String casLoginurl = loginUrl+(loginUrl.indexOf("?")>0? "&":"?")+"username=" + loginid + "&token=" + pass + "&service=" + weaverssoservice + "&referer=" + URLEncoder.encode(referer);
String casLoginurl = loginUrl+(loginUrl.indexOf("?")>0? "&":"?")+"username=" + loginid + "&token=" + pass + "&service=" + encodeService + "&referer=" + URLEncoder.encode(referer);
response.sendRedirect(casLoginurl);
} else {
response.sendRedirect(referer);
}
%>