SessionController.java

package net.tooan.ynpay.api.webapp.controller.rest;

import com.google.gson.Gson;
import net.tooan.ynpay.commons.YnpayJndiConstants;
import net.tooan.ynpay.commons.helper.Encrypt;
import net.tooan.ynpay.third.jfinal.aop.Before;
import net.tooan.ynpay.third.jfinal.core.Controller;
import net.tooan.ynpay.third.jfinal.ext.interceptor.Restful;
import net.tooan.ynpay.third.jfinal.ext.interceptor.ejb.RemoteEJB;
import net.tooan.ynpay.third.jfinal.log.Logger;
import net.tooan.ynpay.user.agent.bean.User;
import net.tooan.ynpay.user.agent.facade.SessionFacade;
import net.tooan.ynpay.user.agent.facade.UserFacade;
import net.tooan.ynpay.user.agent.model.Session;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * Created with IntelliJ IDEA.
 * User: Jing
 * Date: 13-11-21
 * Time: 下午3:11
 */
@Before(Restful.class)
public class SessionController extends Controller {

    private static final Logger logger = Logger.getLogger(SessionController.class);

    @RemoteEJB(mappedName = YnpayJndiConstants.User_Facade_Remote)
    private UserFacade userFacade;

    @RemoteEJB(mappedName = YnpayJndiConstants.Mongo_Session_Facade_Remote)
    private SessionFacade sessionFacade;

    private static final Gson gson = new Gson();

    public void index() {
        renderError(HttpStatus.SC_NOT_FOUND);
    }

    public void save() {
        try {
            // 从输入流中获取内容，并转换为 json 格式
            Map info = gson.fromJson(IOUtils.toString(getRequest().getInputStream()), HashMap.class);

            String username = (String) info.get("username");
            String signature = (String) info.get("signature");
            String timestamp = (String) info.get("timestamp");

            // 通过用户名查询用户信息
            User user = userFacade.findOneBy("username", username);
            if (user == null) {
                // 用户不存在，抛出未授权【401】错误
                renderError(HttpStatus.SC_UNAUTHORIZED);
            } else {
                // 对请求参数进行校验
                String[] pars = new String[]{username, timestamp, user.getKey()};
                Arrays.sort(pars);
                if (signature.equals(Encrypt.sha1(StringUtils.join(pars, "")))) {
                    // 验证通过
                    if (user.getStatus() == 1) {
                        // 用户状态正常

                        // 保存用户 Session，默认保存 24 小时
                        Session session = sessionFacade.save(user, -1, true);
                        session.setUser(null);
                        session.setId(null);
                        // 返回授权 token
                        renderJson(session);
                    } else {
                        // 用户状态异常（停用或未激活），抛出禁止访问【403】错误
                        renderError(HttpStatus.SC_FORBIDDEN);
                    }
                } else {
                    // 验证失败，抛出未授权【401】错误
                    renderError(HttpStatus.SC_UNAUTHORIZED);
                }
            }
        } catch (Exception e) {
            if (logger.isErrorEnabled()) {
                logger.error(e.getMessage(), e);
            }
            renderError(HttpStatus.SC_BAD_REQUEST);
        }
    }
}