Skip to content

Commit

Permalink
add: 登录密码RSA加密 & fix: 密码输错三次应该显示验证码
Browse files Browse the repository at this point in the history
  • Loading branch information
@Wizzercn
Wizzercn committed Apr 24, 2017
1 parent 5506df6 commit 4b79610
Show file tree
Hide file tree
Showing 8 changed files with 1,094 additions and 22 deletions.
6 changes: 6 additions & 0 deletions pom.xml
View file
Expand Up @@ -351,6 +351,12 @@
<version>${nutz-version}</version>
<scope>test</scope>
</dependency>
<!-- RSA -->
<dependency>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>140</version>
</dependency>
<!-- wk-code-generator -->
<dependency>
<groupId>cn.wizzer</groupId>
Expand Down
18 changes: 15 additions & 3 deletions ...eb/src/main/java/cn/wizzer/app/web/commons/shiro/filter/PlatformAuthenticationFilter.java
View file
Expand Up @@ -2,23 +2,26 @@


import cn.wizzer.framework.shiro.token.CaptchaToken;
import cn.wizzer.framework.util.RSAUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.nutz.log.Log;
import org.nutz.log.Logs;
import org.nutz.mvc.ActionContext;
import org.nutz.mvc.ActionFilter;
import org.nutz.mvc.View;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.security.interfaces.RSAPrivateKey;

/**
* Created by wizzer on 2017/1/10.
*/
public class PlatformAuthenticationFilter extends FormAuthenticationFilter implements ActionFilter {

private final static Log log= Logs.get();
private String captchaParam = "platformCaptcha";

public String getCaptchaParam() {
Expand All @@ -35,6 +38,15 @@ protected AuthenticationToken createToken(HttpServletRequest request) {
String captcha = getCaptcha(request);
boolean rememberMe = isRememberMe(request);
String host = getHost(request);
try {
RSAPrivateKey platformPrivateKey = (RSAPrivateKey) request.getSession().getAttribute("platformPrivateKey");
if (platformPrivateKey != null) {
password = RSAUtil.decryptByPrivateKey(password, platformPrivateKey);
SecurityUtils.getSubject().getSession(true).removeAttribute("platformPrivateKey");
}
} catch (Exception e) {
e.printStackTrace();
}
return new CaptchaToken(username, password, rememberMe, host, captcha);
}

Expand Down
59 changes: 41 additions & 18 deletions .../src/main/java/cn/wizzer/app/web/modules/controllers/platform/sys/SysLoginController.java
View file
Expand Up @@ -9,6 +9,7 @@
import cn.wizzer.framework.base.Result;
import cn.wizzer.framework.shiro.exception.CaptchaEmptyException;
import cn.wizzer.framework.shiro.exception.CaptchaIncorrectException;
import cn.wizzer.framework.util.RSAUtil;
import cn.wizzer.framework.util.StringUtil;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.shiro.SecurityUtils;
Expand All @@ -32,6 +33,9 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.awt.image.BufferedImage;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;

/**
* Created by wizzer on 2016/6/22.
Expand All @@ -49,13 +53,29 @@ public class SysLoginController {
@At("")
@Ok("re")
@Filters
public String login(HttpServletRequest req) {
log.debug("");
public String login(HttpServletRequest req, HttpSession session) {
Subject subject = SecurityUtils.getSubject();
if (subject.isAuthenticated()) {
return "redirect:/platform/home";
} else {
try {
HashMap<String, Object> map = RSAUtil.getKeys();
//生成公钥和私钥
RSAPublicKey publicKey = (RSAPublicKey) map.get("public");
RSAPrivateKey privateKey = (RSAPrivateKey) map.get("private");
//模
String publicKeyModulus = publicKey.getModulus().toString(16);
//公钥指数
String publicKeyExponent = publicKey.getPublicExponent().toString(16);
//私钥指数
req.setAttribute("publicKeyExponent", publicKeyExponent);
req.setAttribute("publicKeyModulus", publicKeyModulus);
session.setAttribute("platformPrivateKey", privateKey);
} catch (Exception e) {
e.printStackTrace();
}
return "beetl:/platform/sys/login.html";

}
}

Expand All @@ -65,6 +85,7 @@ public String login(HttpServletRequest req) {
public void noPermission() {

}

/**
* 切换样式,对登陆用户有效
*
Expand Down Expand Up @@ -129,7 +150,7 @@ public Object doLogin(@Attr("loginToken") AuthenticationToken token, HttpServlet
int errCount = 0;
try {
//输错三次显示验证码窗口
errCount = NumberUtils.toInt(Strings.sNull(SecurityUtils.getSubject().getSession(true).getAttribute("errCount")));
errCount = NumberUtils.toInt(Strings.sNull(SecurityUtils.getSubject().getSession(true).getAttribute("platformErrCount")));
Subject subject = SecurityUtils.getSubject();
ThreadContext.bind(subject);
subject.login(token);
Expand All @@ -141,7 +162,7 @@ public Object doLogin(@Attr("loginToken") AuthenticationToken token, HttpServlet
Sys_log sysLog = new Sys_log();
sysLog.setType("info");
sysLog.setTag("用户登陆");
sysLog.setSrc(this.getClass().getName()+"#doLogin");
sysLog.setSrc(this.getClass().getName() + "#doLogin");
sysLog.setMsg("成功登录系统!");
sysLog.setIp(StringUtil.getRemoteAddr());
sysLog.setOpBy(user.getId());
Expand All @@ -159,15 +180,15 @@ public Object doLogin(@Attr("loginToken") AuthenticationToken token, HttpServlet
return Result.error(3, "login.error.locked");
} catch (UnknownAccountException e) {
errCount++;
SecurityUtils.getSubject().getSession(true).setAttribute("errCount", errCount);
SecurityUtils.getSubject().getSession(true).setAttribute("platformErrCount", errCount);
return Result.error(4, "login.error.user");
} catch (AuthenticationException e) {
errCount++;
SecurityUtils.getSubject().getSession(true).setAttribute("errCount", errCount);
SecurityUtils.getSubject().getSession(true).setAttribute("platformErrCount", errCount);
return Result.error(5, "login.error.user");
} catch (Exception e) {
errCount++;
SecurityUtils.getSubject().getSession(true).setAttribute("errCount", errCount);
SecurityUtils.getSubject().getSession(true).setAttribute("platformErrCount", errCount);
return Result.error(6, "login.error.system");
}
}
Expand All @@ -182,17 +203,19 @@ public void logout(HttpSession session) {
Subject currentUser = SecurityUtils.getSubject();
Sys_user user = (Sys_user) currentUser.getPrincipal();
currentUser.logout();
Sys_log sysLog = new Sys_log();
sysLog.setType("info");
sysLog.setTag("用户登出");
sysLog.setSrc(this.getClass().getName()+"#logout");
sysLog.setMsg("成功退出系统!");
sysLog.setIp(StringUtil.getRemoteAddr());
sysLog.setOpBy(user.getId());
sysLog.setOpAt((int) (System.currentTimeMillis() / 1000));
sysLog.setUsername(user.getUsername());
sLogService.async(sysLog);
userService.update(Chain.make("isOnline", false), Cnd.where("id", "=", user.getId()));
if (user != null) {
Sys_log sysLog = new Sys_log();
sysLog.setType("info");
sysLog.setTag("用户登出");
sysLog.setSrc(this.getClass().getName() + "#logout");
sysLog.setMsg("成功退出系统!");
sysLog.setIp(StringUtil.getRemoteAddr());
sysLog.setOpBy(user.getId());
sysLog.setOpAt((int) (System.currentTimeMillis() / 1000));
sysLog.setUsername(user.getUsername());
sLogService.async(sysLog);
userService.update(Chain.make("isOnline", false), Cnd.where("id", "=", user.getId()));
}
} catch (SessionException ise) {
log.debug("Encountered session exception during logout. This can generally safely be ignored.", ise);
} catch (Exception e) {
Expand Down
18 changes: 17 additions & 1 deletion wk-app/wk-web/src/main/webapp/WEB-INF/views/platform/sys/login.html
View file
Expand Up @@ -23,6 +23,9 @@
<script src="${base!}/assets/plugins/modernizr.js"></script>
<script src="${base!}/assets/plugins/jquery-1.11.1.min.js"></script>
<script src="${base!}/assets/js/jquery.pjax.js"></script>
<script src="${base!}/assets/js/sso/RSA.js"></script>
<script src="${base!}/assets/js/sso/BigInt.js"></script>
<script src="${base!}/assets/js/sso/Barrett.js"></script>

<body>
<div class="overlay"></div>
Expand Down Expand Up @@ -81,7 +84,7 @@
<p id="tip" class="bg-danger p15" style="display:none"></p>

<div class="show">
<button class="btn btn-primary btn-lg btn-block" type="submit"
<button id="login" class="btn btn-primary btn-lg btn-block" type="button"
data-loading-text="${msg['login.submit']}...">
${msg['login.submit']}
</button>
Expand Down Expand Up @@ -131,8 +134,19 @@ <h4 class="modal-title" style="color:black;">
</div>

<script type="text/javascript">
function bodyRSA()
{
setMaxDigits(200);
return new RSAKeyPair("${publicKeyExponent!'10001'}","","${publicKeyModulus!'a5aeb8c636ef1fda5a7a17a2819e51e1ea6e0cceb24b95574ae026536243524f322807df2531a42139389674545f4c596db162f6e6bbb26498baab074c036777'}");
}
var key = bodyRSA();

$(document).ready(function () {
$("#year").html(new Date().getFullYear());
$("#login").on("click",function () {
$("#password").val(encryptedString(key,$("#password").val().split("").reverse().join("")));
$("#loginForm").submit();
});
$("#loginForm").ajaxForm({
dataType: 'json',
beforeSubmit: function (arr, form, options) {
Expand All @@ -146,10 +160,12 @@ <h4 class="modal-title" style="color:black;">
window.location.href = "${base!}/platform/home";
} else if (data.code == 2) {
$("#verifycode").val("");
$("#password").val("").focus();
$("#dialogVeryCode img").attr("src", '${base!}/platform/login/captcha?_=' + new Date().getTime());
return $("#dialogVeryCode").modal({show: true, backdrop: 'static', keyboard: false});
} else {
$("#captcha").val("");
$("#password").val("").focus();
$('#captcha_img').attr('src', '${base!}/platform/login/captcha?_=' + new Date().getTime());
$("#tip").html(data.msg);
$("#tip").fadeIn();
Expand Down
74 changes: 74 additions & 0 deletions wk-app/wk-web/src/main/webapp/assets/js/sso/Barrett.js
View file
@@ -0,0 +1,74 @@
// BarrettMu, a class for performing Barrett modular reduction computations in
// JavaScript.
//
// Requires BigInt.js.
//
// Copyright 2004-2005 David Shapiro.
//
// You may use, re-use, abuse, copy, and modify this code to your liking, but
// please keep this header.
//
// Thanks!
//
// Dave Shapiro
// dave@ohdave.com

function BarrettMu(m)
{
this.modulus = biCopy(m);
this.k = biHighIndex(this.modulus) + 1;
var b2k = new BigInt();
b2k.digits[2 * this.k] = 1; // b2k = b^(2k)
this.mu = biDivide(b2k, this.modulus);
this.bkplus1 = new BigInt();
this.bkplus1.digits[this.k + 1] = 1; // bkplus1 = b^(k+1)
this.modulo = BarrettMu_modulo;
this.multiplyMod = BarrettMu_multiplyMod;
this.powMod = BarrettMu_powMod;
}

function BarrettMu_modulo(x)
{
var q1 = biDivideByRadixPower(x, this.k - 1);
var q2 = biMultiply(q1, this.mu);
var q3 = biDivideByRadixPower(q2, this.k + 1);
var r1 = biModuloByRadixPower(x, this.k + 1);
var r2term = biMultiply(q3, this.modulus);
var r2 = biModuloByRadixPower(r2term, this.k + 1);
var r = biSubtract(r1, r2);
if (r.isNeg) {
r = biAdd(r, this.bkplus1);
}
var rgtem = biCompare(r, this.modulus) >= 0;
while (rgtem) {
r = biSubtract(r, this.modulus);
rgtem = biCompare(r, this.modulus) >= 0;
}
return r;
}

function BarrettMu_multiplyMod(x, y)
{
/*
x = this.modulo(x);
y = this.modulo(y);
*/
var xy = biMultiply(x, y);
return this.modulo(xy);
}

function BarrettMu_powMod(x, y)
{
var result = new BigInt();
result.digits[0] = 1;
var a = x;
var k = y;
while (true) {
if ((k.digits[0] & 1) != 0) result = this.multiplyMod(result, a);
k = biShiftRight(k, 1);
if (k.digits[0] == 0 && biHighIndex(k) == 0) break;
a = this.multiplyMod(a, a);
}
return result;
}

0 comments on commit 4b79610

Please sign in to comment.