LoginService.java

package com.rbac.service;

import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.ListIterator;
import java.util.Set;

import org.json.me.JSONArray;
import org.json.me.JSONException;
import org.json.me.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.rbac.common.MenuTree;
import com.rbac.common.UserDetail;
import com.rbac.dao.LoginDao;
import com.rbac.entity.SysAccount;
import com.rbac.entity.SysAction;
import com.rbac.entity.SysMenu;
import com.rbac.entity.SysMenuVo;
import com.rbac.util.CommonUtils;
import com.rbac.util.PasswordHash;

@Service("loginService")
public class LoginService {

	@Autowired
	private LoginDao loginDao;

	/**
	 * 登录功能
	 * @param username
	 * @param password
	 * @return UserDetail
	 */
	public UserDetail login(String username, String password) {
		// 就算根据用户名没找到用户，也要去调用验证密码方法，防止别人根据返回时间猜测用户名
		SysAccount account = loginDao.getSysAccountByUsername(username);
		String userhash = "11";
		String usersalt = "11";
		if (account != null && CommonUtils.isNotBlank(account.getPassword())
				&& CommonUtils.isNotBlank(account.getSalt())) {
			userhash = account.getPassword();
			usersalt = account.getSalt();
		}
		StringBuilder s = new StringBuilder();
		s.append(PasswordHash.PBKDF2_ITERATIONS).append(":").append(usersalt)
				.append(":").append(userhash);
		try {
			if (PasswordHash.validatePassword(password, s.toString())) {
				UserDetail userDetail = new UserDetail();
				userDetail.setAccount(account);
				userDetail.setMenuJsonString(MenuTree.getMenuJsonString(loginDao
						.getMenuListByAccountId(account.getId()),false));
				userDetail.setPermitActionSet(this.getPermitActionSet(account.getId()));
				return userDetail;
			}
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (InvalidKeySpecException e) {
			e.printStackTrace();
		}

		return null;
	}
	
	/**
	 * 获取用户权限，包括菜单自身权限和菜单相关权限
	 * @param accountId
	 * @return
	 */
	private Set<String> getPermitActionSet(Long accountId){
		Set<String> permitActionSet = new HashSet<String>();
		List<SysMenu> menuList = loginDao.getMenuListByAccountId(accountId);
		List<SysAction> actionList = loginDao.getActionListByAccountId(accountId);
		for(SysMenu menu : menuList){
			permitActionSet.add(menu.getUrl());
		}
		for(SysAction action : actionList){
			permitActionSet.add(action.getUrl());
		}
		return permitActionSet;
	}
}