/*
* Copyright (c) 2008-2016 Computer Network Information Center (CNIC), Chinese Academy of Sciences.
*
* This file is part of Duckling project.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package cn.vlabs.umt.ui.servlet.login;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.BeanFactory;
import cn.vlabs.duckling.common.crypto.KeyFile;
import cn.vlabs.duckling.common.crypto.impl.RSAKey;
import cn.vlabs.duckling.common.util.Base64;
import cn.vlabs.umt.common.util.RandomUtil;
import cn.vlabs.umt.services.site.AppService;
import cn.vlabs.umt.services.site.Application;
public class AppLogin extends LoginMethod {
public AppLogin(BeanFactory factory) {
super(factory);
}
@Override
protected boolean checkValidateCode(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
//检查验证码
String savedRandom=(String) session.getAttribute("AppRandom");
session.removeAttribute("AppRandom");
String appRandom = request.getParameter("rand");
if (savedRandom==null || !savedRandom.equals(appRandom)){
request.setAttribute("message", "login.imagetext.wrong");
doForward("/message.jsp", request ,response);
return false;
};
return true;
}
protected void onWrongPassword(HttpServletRequest request, HttpServletResponse response,String errorMsg) throws ServletException, IOException{
HttpSession session = request.getSession();
String loginURL=(String) session.getAttribute("applogin.LoginURL");
String vmtApp =(String) session.getAttribute("applogin.LoginAPP");
forwardToLogin(request, response, loginURL, vmtApp,true);
}
@Override
protected void redirectToLogin(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String loginURL=request.getParameter("LoginURL");
String vmtApp = request.getParameter("LoginAPP");
if (loginURL==null || vmtApp==null)
{
return;
}
HttpSession session = request.getSession();
session.setAttribute("applogin.LoginURL", loginURL);
session.setAttribute("applogin.LoginAPP", vmtApp);
forwardToLogin(request, response, loginURL, vmtApp,false);
}
private void forwardToLogin(HttpServletRequest request, HttpServletResponse response, String loginURL, String vmtApp,boolean wrongValidCode) throws ServletException, IOException {
AppService appservice= (AppService)factory.getBean("ApplicationService");
Application app = appservice.getApplication(vmtApp);
if (app==null)
{
return;
}
KeyFile kf = new KeyFile();
RSAKey key = kf.loadFromString(app.getPublicKey());
if (key!=null){
RandomUtil ru = new RandomUtil();
String random = ru.getRandom(5);
byte[] result = key.encrypt(random.getBytes());
String encrypted = Base64.encode(result);
request.getSession().setAttribute("AppRandom", random);
request.setAttribute("Encrypted", encrypted);
request.setAttribute("LoginURL", loginURL);
request.setAttribute("WrongValidCode", wrongValidCode);
doForward("/loginpost.jsp", request, response);
}
}
}