📄 详细分析三.txt
字号:
}
}
*/
uo = this.getUserOnlineService().createUserOnline(uo); // 加入在线用户表
} catch (BbscsException ex) {
logger.error(ex);
return INPUT;
}
UserSession us = userService.getUserSession(ui);
/**
public UserSession getUserSession(UserInfo ui) {
UserSession us = new UserSession();
us.setEmail(ui.getEmail());
us.setGroupID(ui.getGroupID());
us.setId(ui.getId());
us.setNickName(ui.getNickName());
String[] signDetail = new String[3];
signDetail[0] = ui.getSignDetail0() == null ? "" : ui.getSignDetail0();
signDetail[1] = ui.getSignDetail1() == null ? "" : ui.getSignDetail1();
signDetail[2] = ui.getSignDetail2() == null ? "" : ui.getSignDetail2();
us.setSignDetail(signDetail);
us.setUserName(ui.getUserName());
us.setLastActiveTime(System.currentTimeMillis());
Map[] permissionMap = this.getUserPermission(ui);
us.setUserPermissionArray(permissionMap);
-->
/**
public Map[] getUserPermission(UserInfo userInfo) {
return this.getUserPermission(userInfo.getGroupID());
}
*/
return us;
}
*/
us.setValidateCode(uo.getValidateCode());//Session的validateCode改变之
this.getSession().put(Constant.USER_SESSION_KEY, us);
放入本Login本关的Session中!public static final String USER_SESSION_KEY = "user_session";这里我们可以简单的看一下UserSession的处理,好象我们以前讲过吧,这里重新讲一次:
private String userName = "";
private String id = "";
private String nickName = "";
private String email = "";
private long lastActiveTime = 0;
private Map userPermission = new HashMap();
private Map boardPermission = new HashMap();
private Map specialPermission = new HashMap();
private Map boardSpecialPermission = new HashMap();
private long bid = 0;
private int groupID = 0;
private long addedOnlineTime = 0;
private long addedOnlineHour = 0;
private String validateCode = "";
private String[] signDetail = { "", "", "" };
private String boardPass = "";
private int initStatus = 0;
这些是它的属性,当然也有get/set;上面的us.setValidateCode就是这样工作的..我们这里重点看下:
us.setUserPermissionArray(permissionMap);
public void setUserPermissionArray(Map[] permissionMap) {
setSpecialPermission(permissionMap[1]); //特别的权力!
/**
public void setSpecialPermission(Map specialPermission) {
this.specialPermission = specialPermission;
}
而它是通过根据Permission的TypeID确定的:
Permission permission = (Permission) permissionList.get(i);
if (permission.getTypeID() == 0) {
userPermission[0].put(permission.getResource() + "," + permission.getAction(), permission);
} else {
userPermission[1].put(permission.getId(), permission);
}
*/
Set pset = permissionMap[0].entrySet();//Map的遍历哦!
Iterator it = pset.iterator();
while (it.hasNext()) {
Map.Entry p = (Map.Entry) it.next();
Permission permission = (Permission) p.getValue();//getValue
String[] actions = permission.getAction().split(",");
for (int i = 0; i < actions.length; i++) {
String[] resources = ((String) p.getKey()).split(",");//getKey
this.getUserPermission().put(resources[0] + "?action=" + actions[i], p.getValue());
}
}
}
this.getUserCookie().removeAuthCode(); //Cookie的authCode改变
this.getUserCookie().addCookies(ui);
// this.getUserCookie().addValidateCode(uo.getValidateCode());
if (this.getCookieTime() != -1) {
this.getUserCookie().addC("U", this.getUsername(), this.getCookieTime());
this.getUserCookie().addDES("P", Util.hash(this.getPasswd()), this.getCookieTime());//这里对UserSession和UserCookie都进行了改变...
}
return SUCCESS;
}
我们知道在进入Login之前,已经对UserCookie进行了操作:
UserCookie userCookie = new UserCookie(request, response, sysConfig);
((UserCookieAware) action).setUserCookie(userCookie);
看下面授代码:
public UserCookie(HttpServletRequest request, HttpServletResponse response, SysConfig sysConfig) {
this.request = request;
this.response = response;
this.sysConfig = sysConfig;
try {
des = new DES(DES._DESede);//DES算法
/**
DES 64位密钥, 有效密钥56位, 8位用来校验.
DES ede, 密钥应该是64*2=128位, 有效密钥56*2=112位 -->16字节
Blowfish 密钥40--448位.
*/
} catch (Exception ex) {
logger.error(ex);
}
getCookies();
}
从request,response原处引入这样参数到UserCookie中!
private HttpServletRequest request;
private HttpServletResponse response;
private SysConfig sysConfig;
private DES des;
getCookies...将查找如下key相关的Cookie信息:
private static final String PASS_USERNAME_KEY = "PASS_USERNAME";//用于单点登录
private static final String PASS_USERNAME_DES_KEY = "PASS_USERNAME_DES";//用于单点登录
private static final String BBSCS_FORUMPERNUM_KEY = "FN";
private static final String BBSCS_POSTPERNUM_KEY = "PN";
private static final String BBSCS_TIMEZONE_KEY = "TZ";
private static final String BBSCS_FORUMVIEWMODE_KEY = "VM";
private static final String BBSCS_LASTSENDNOTETIME_KEY = "LN";
private static final String BBSCS_LASTPOSTTIME_KEY = "LP";
private static final String BBSCS_EDITTYPE = "ET";
private static final String BBSCS_AUTHCODE = "AC";
private static final String BBSCS_USERNAME = "U";//用于BBSCS
private static final String BBSCS_PASSWD = "P";//用于BBSCS
当然,它们也有初始值:
private int postPerNum = 10;
private int forumPerNum = 20;
private int forumViewMode = 0;
private String timeZone = "GMT+08:00";
private String pusername = "";
private String pusernamedes = "";
private long lastSendNoteTime = 0;
private long lastPostTime = 0;
private int editType = 0;
private String authCode = "";
private String userName = "";
private String passwd = "";
这里有request的使用Cookie cookies[] = request.getCookies();
if (this.sysConfig.isUsePass()) { /**数据库UsePass=0,usePass=1可能指的是用于多个系统之间的登录问题(使用通行证)*/
if (sCookie.getName().equals(PASS_USERNAME_KEY)) {
this.pusername = sCookie.getValue();
// System.out.println("pass username:" + username);
}
if (sCookie.getName().equals(PASS_USERNAME_DES_KEY)) {
if (StringUtils.isNotBlank(sCookie.getValue())) {
buf = Util.base64decodebyte(sCookie.getValue());
byte[] dec = des.decode(buf, Util.base64decodebyte(this.sysConfig.getCookieKey()));//Enc-Base64位加密
this.pusernamedes = new String(dec);
// System.out.println("pass usernamedes:" +
// usernamedes);
}
}
}
我们看验证码的一段:
if (sCookie.getName().equals(BBSCS_AUTHCODE)) {
if (StringUtils.isNotBlank(sCookie.getValue())) {
buf = Util.base64decodebyte(sCookie.getValue());
byte[] dec = des.decode(buf, Util.base64decodebyte(this.sysConfig.getCookieKey()));
this.authCode = new String(dec);
}
}
而我们回到AuthImg:
UserCookie uc = new UserCookie(request, response, sysConfig);
uc.addAuthCode(rand);//这里用了UserCookie中的addAuthCode方法:
public void addAuthCode(String authCode) {
this.addDES(BBSCS_AUTHCODE, authCode, -1);
}
//而对于authCode其实它用了DES算法:
public void addC(String name, String value, int maxage) { //普通加Cookie的方法
Cookie cookies = new Cookie(name, value);
cookies.setPath(this.sysConfig.getCookiePath());
cookies.setMaxAge(maxage);
// cookies.setMaxAge(30 * 60);
if (StringUtils.isNotBlank(this.sysConfig.getCookieDomain())) {//域名,用于单点登录
cookies.setDomain(this.sysConfig.getCookieDomain());
}
this.response.addCookie(cookies);//这里用到了response!
}
public void addDES(String name, String value, int maxage) {
try {
// DES des = new DES(DES._DESede);
des.setKey(Util.base64decodebyte(this.sysConfig.getCookieKey()));//加入密钥!
/**数据库中CookieKey=nhNhwZ6X7xzgXnnZBxWFQLwCGQtJojL3*/
byte[] enc = des.encode(value.getBytes());
value = Util.base64Encode(enc);
/**
public static String base64Encode(byte[] txt) {
String encodeTxt = "";
if (txt != null && txt.length > 0) {
encodeTxt = new sun.misc.BASE64Encoder().encode(txt);
}
return encodeTxt;
}
*/
Cookie cookies = new Cookie(name, value);
cookies.setPath(this.sysConfig.getCookiePath());
// cookies.setMaxAge(30 * 60);
cookies.setMaxAge(maxage);
if (StringUtils.isNotBlank(this.sysConfig.getCookieDomain())) {
cookies.setDomain(this.sysConfig.getCookieDomain());
}
this.response.addCookie(cookies);
} catch (Exception ex) {
// ex.printStackTrace();
logger.error("addDES(String name, String value)" + ex);
}
}
好,我们暂时回到Login.java:
this.getUserCookie().removeAuthCode();
/**
public void removeAuthCode() {
this.addC(BBSCS_AUTHCODE, "", 0);
}
*/
this.getUserCookie().addCookies(ui);
// this.getUserCookie().addValidateCode(uo.getValidateCode());
if (this.getCookieTime() != -1) {
this.getUserCookie().addC("U", this.getUsername(), this.getCookieTime());
this.getUserCookie().addDES("P", Util.hash(this.getPasswd()), this.getCookieTime());
}
这里将一些登录特性ui用addCookies加入了其UserCookie中!
public void addCookies(UserInfo ui) {
this.forumPerNum = ui.getForumPerNum();
addC(BBSCS_FORUMPERNUM_KEY, String.valueOf(ui.getForumPerNum()), -1);
this.postPerNum = ui.getPostPerNum();
addC(BBSCS_POSTPERNUM_KEY, String.valueOf(ui.getPostPerNum()), -1);
this.timeZone = ui.getTimeZone();
addC(BBSCS_TIMEZONE_KEY, Util.base64Encode(ui.getTimeZone()), -1);
this.forumViewMode = ui.getForumViewMode();
addC(BBSCS_FORUMVIEWMODE_KEY, String.valueOf(ui.getForumViewMode()), -1);
this.editType = ui.getEditType();
addC(BBSCS_EDITTYPE, String.valueOf(ui.getEditType()), -1);
}
OK!return SUCCESS;到<result name="success" type="redirect">${tourl}</result>
当然,我们先讲下cookieLogin方法先:它由check发现后转到这里...
public String check() {
if (StringUtils.isNotBlank(this.getUserCookie().getUserName())
&& StringUtils.isNotBlank(this.getUserCookie().getPasswd())) {
return this.cookieLogin();
} else {
return this.index();
}
}
我们这里可以观察其不同点在于:
UserInfo ui = this.getUserService().findUserInfoByUserName(this.getUserCookie().getUserName());
if (ui == null) {
this.addActionError(this.getText("error.user.notexist"));
return INPUT;
}
if (!this.getUserCookie().getPasswd().equals(ui.getRePasswd())) { ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -