Java Code Examples for org.apache.shiro.web.util.WebUtils#getCleanParam()

The following examples show how to use org.apache.shiro.web.util.WebUtils#getCleanParam() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CentralAuthenticatorEndpoint.java    From super-cloudops with Apache License 2.0 6 votes vote down vote up
/**
 * Secondary certification validation
 *
 * @param request
 * @return
 */
@PostMapping(URI_S_SECOND_VALIDATE)
@ResponseBody
public RespBase<SecondAuthcAssertModel> secondaryValidate(HttpServletRequest request) {
	log.info("Secondary validating, sessionId: {} <= {}", getSessionId(), getFullRequestURL(request));

	RespBase<SecondAuthcAssertModel> resp = new RespBase<>();
	// Requires parameters
	String secondAuthCode = WebUtils.getCleanParam(request, config.getParam().getSecondaryAuthCode());
	String fromAppName = WebUtils.getCleanParam(request, config.getParam().getApplication());
	// Secondary authentication assertion.
	resp.setData(authHandler.secondaryValidate(secondAuthCode, fromAppName));

	log.info("Secondary validated. => {}", resp);
	return resp;
}
 
Example 2
Source File: JsetsFormAuthenticationFilter.java    From jsets-shiro-spring-boot-starter with Apache License 2.0 6 votes vote down vote up
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
	if (isLoginRequest(request, response)) {
        if (isLoginSubmission(request, response)) {//是否登陆请求
            // 是否启用验证码
            if(this.properties.isJcaptchaEnable()){
            	String jcaptcha = WebUtils.getCleanParam(request, ShiroProperties.PARAM_JCAPTCHA);
            	if(Strings.isNullOrEmpty(jcaptcha)){
            		return onJcaptchaFailure(request, response,this.properties.getMsgCaptchaEmpty());
            	}
            	if(!this.captchaProvider.validateCaptcha(WebUtils.toHttp(request), jcaptcha)){
            		return onJcaptchaFailure(request, response,this.properties.getMsgCaptchaError());
            	}
            }
            return executeLogin(request, response);
        } else {
            //allow them to see the login page ;)
            return true;
        }
    } else {
    	
        saveRequestAndRedirectToLogin(request, response);
        return false;
    }
}
 
Example 3
Source File: FormAuthenticationFilter.java    From frpMgr with MIT License 5 votes vote down vote up
/**
 * 获取登录验证码
 */
protected String getCaptcha(ServletRequest request) {
	String captcha = WebUtils.getCleanParam(request, DEFAULT_CAPTCHA_PARAM);
	if (StringUtils.isBlank(captcha)){
		captcha = ObjectUtils.toString(request.getAttribute(DEFAULT_CAPTCHA_PARAM), StringUtils.EMPTY);
	}
	// 登录用户名解密(解决登录用户名明文传输安全问题)
	String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
	if (StringUtils.isNotBlank(secretKey)){
		captcha = DesUtils.decode(captcha, secretKey);
	}
	return captcha;
}
 
Example 4
Source File: SessionAuthenticationFilter.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up
private String decodeBase64Param(final ServletRequest request, final String name) {
  String encoded = WebUtils.getCleanParam(request, name);
  if (encoded != null) {
    return Strings2.decodeBase64(encoded);
  }
  return null;
}
 
Example 5
Source File: AppUserController.java    From Shop-for-JavaWeb with MIT License 5 votes vote down vote up
/**
 * 注册 - 提交手机号码、密码
 */
@RequestMapping(value = "/register-step2-post")
public String registerStep2(HttpServletRequest request, HttpServletResponse response) {
       if (!isValidApp(request)) {
           return renderInvalidApp(response);
       }

	boolean result;
	String message;
	Map<String, Object> data = Maps.newHashMap();
       String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
       String password = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_PASSWORD_PARAM);
       data.put("userLoginName", username);
       data.put("userPassword", password);

	if (ValidateUtils.isMobile(username) && ValidateUtils.isPassword(password)) {
		result = true;
		message = "";
	} else {
		result = false;
		message = ValidateUtils.getErrMsg();
	}

       User user = userService.getByLoginName2(username);
       if (user != null && StringUtils.isNotBlank(user.getId())) {
           result = false;
           message = "电话号码已存在";
       }

	return renderString(response, result, message, data);
}
 
Example 6
Source File: AppUserController.java    From Shop-for-JavaWeb with MIT License 5 votes vote down vote up
/**
 * 注册 - 提交手机号码
 */
@RequestMapping(value = "/register-step1-post")
public String registerStep1(HttpServletRequest request, HttpServletResponse response) {
    if (!isValidApp(request)) {
        return renderInvalidApp(response);
    }

    boolean result;
    String message;
    Map<String, Object> data = Maps.newHashMap();
    String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
    data.put("userLoginName", username);

    if (ValidateUtils.isMobile(username)) {
        result = true;
        message = "";
    } else {
        result = false;
        message = ValidateUtils.getErrMsg();
    }

    User user = userService.getByLoginName2(username);
    if (user != null && StringUtils.isNotBlank(user.getId())) {
        result = false;
        message = "电话号码已存在";
    } else {
        //发送手机验证码
        SmsUtils.sendRegisterCode(username);
    }

    return renderString(response, result, message, data);
}
 
Example 7
Source File: FormAuthenticationCaptchaFilter.java    From cms with Apache License 2.0 5 votes vote down vote up
/**
 * 获得用户类型
 *
 * @param request
 * @return
 */
protected String getStype(ServletRequest request) {
    String stype = WebUtils.getCleanParam(request, getStypeParam());

    if (StringUtils.isBlank(stype)) {
        stype = getStype();
    }

    return stype;
}
 
Example 8
Source File: FormAuthenticationFilter.java    From easyweb with Apache License 2.0 4 votes vote down vote up
protected String getCaptcha(ServletRequest request) {
	return WebUtils.getCleanParam(request, getCaptchaParam());
}
 
Example 9
Source File: AppUserController.java    From Shop-for-JavaWeb with MIT License 4 votes vote down vote up
/**
	 * 自建会话系统给app用
     * 判断用户是否登录的条件:user.id + user.app_login_token
     * 如果用户登录则重新生成app_login_token,实现单点登录,手机掉了只要再次登录,掉了的手机就不能登录了
	 */
	@RequestMapping(value = "/login-post", method = RequestMethod.POST)
	public String loginPost(HttpServletRequest request, HttpServletResponse response) {
        if (!isValidApp(request)) {
            return renderInvalidApp(response);
        }

		boolean result;
		String message;
		Map<String, Object> data = Maps.newHashMap();

		String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
		String password = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_PASSWORD_PARAM);

		//不能为空
		if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
			result = false;
			message = "手机号和密码不能为空";
            return renderString(response, result, message, data);
		}

		//登录
//		UsernamePasswordToken token = new UsernamePasswordToken();
//		token.setUsername(username);
//		token.setPassword(password.toCharArray());
//		token.setRememberMe(true);
//		try {
//			SecurityUtils.getSubject().login(token);
//        }
//        catch (AuthenticationException e) {
//            logger.debug("/app/user/login-post throw AuthenticationException: {}", e.getMessage());
//            result = false;
//            message = "用户名或密码错误";
//            return renderString(response, result, message, data);
//        }
//        catch (Exception e) {
//            logger.debug("/app/user/login-post throw Exception: {}", e.getMessage());
//            result = false;
//            message = e.getMessage();
//            return renderString(response, result, message, data);
//        }

        User user = _login(username, password);

        if (user == null) {
            result = false;
            message = "用户名或密码错误";
            return renderString(response, result, message, data);
        }

        //转移购物车项给用户
        String userId = user.getId();
        String appCartCookieId = getAppCartCookieId(request);
        if (StringUtils.isNotBlank(appCartCookieId)) {
            List<CartItem> cartItemList = cartItemService.findByAppCartCookieId(appCartCookieId, null);
            if (cartItemList != null && !cartItemList.isEmpty()) {
                Cart cart = cartService.getByUserId(userId);
                if (cart != null) { //清空用户的购物车项
                    cartItemService.clearByUserId(userId);
                } else { //创建用户购物车
                    cart = new Cart();
                    cart.setUser(user);
                    cartService.save(cart);
                }
                //把产品转给该用户
                for (CartItem cartItem : cartItemList) {
                    cartItem.setUserId(userId);
                    cartItemService.save(cartItem);
                }
            }
        }

        //重新为客户端生成appCartCookieId
        String oAppCartCookieId = IdGen.uuid();

        //为了app能获得更好的体验,为app的购物车页面准备数据,app从购物车页面跳转到登录页时用
        //代码来自AppCartController.index
        int oCountUsefulCoupon = couponUserService.countUsefulCoupon(userId);
        data = cartItemService.findByUserIdWithCount4Json(userId, null);
        data.put("isLoggedIn", true);
        data.put("countUsefulCoupon", oCountUsefulCoupon);

        Map<String, Object> oUser = user.toSimpleObj();
        result = true;
        message = "成功登录";
        data.put("user", oUser);
        data.put("appCartCookieId", oAppCartCookieId);

        return renderString(response, result, message, data);
	}
 
Example 10
Source File: KaptchaFilter.java    From SpringBootBucket with MIT License 4 votes vote down vote up
protected String getCaptcha(ServletRequest request) {
    return WebUtils.getCleanParam(request, getCaptchaParam());
}
 
Example 11
Source File: LoginController.java    From Shop-for-JavaWeb with MIT License 4 votes vote down vote up
/**
 * 登录失败,真正登录的POST请求由Filter完成
 */
@RequestMapping(value = "${adminPath}/login", method = RequestMethod.POST)
public String loginFail(HttpServletRequest request, HttpServletResponse response, Model model) {
	String from = request.getParameter("from");
	SystemAuthorizingRealm.Principal principal = UserUtils.getPrincipal();
	
	// 如果已经登录,则跳转到管理首页
	if(principal != null){
		if (from != null && from.equals("app"))
			return "redirect:/app/user.html";
		else
			return "redirect:" + adminPath;
	}

	String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
	boolean rememberMe = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM);
	boolean mobile = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_MOBILE_PARAM);
	String exception = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
	String message = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM);
	
	if (StringUtils.isBlank(message) || StringUtils.equals(message, "null")){
		message = "用户或密码错误, 请重试.";
	}

	model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, username);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM, rememberMe);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_MOBILE_PARAM, mobile);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM, message);
	
	if (logger.isDebugEnabled()){
		logger.debug("login fail, active session size: {}, message: {}, exception: {}", 
				sessionDAO.getActiveSessions(false).size(), message, exception);
	}
	
	// 非授权异常,登录失败,验证码加1。
	if (!UnauthorizedException.class.getName().equals(exception)){
		model.addAttribute("isValidateCodeLogin", isValidateCodeLogin(username, true, false));
	}
	
	// 验证失败清空验证码
	request.getSession().setAttribute(ValidateCodeServlet.VALIDATE_CODE, IdGen.uuid());
	
	// 如果是手机登录,则返回JSON字符串
	if (mobile){
        return renderString(response, model);
	}
	
	if (from != null && from.equals("app"))
		return "modules/app/user/login";
	else
		return "modules/sys/sysLogin";
}
 
Example 12
Source File: FormAuthenticationFilter.java    From Shop-for-JavaWeb with MIT License 4 votes vote down vote up
protected String getCaptcha(ServletRequest request) {
	return WebUtils.getCleanParam(request, getCaptchaParam());
}
 
Example 13
Source File: GreenStepBaseFormAuthenticationFilter.java    From bamboobsc with Apache License 2.0 4 votes vote down vote up
protected String getCaptcha(ServletRequest request) {		
    return WebUtils.getCleanParam(request, this.getCaptchaParam());
}
 
Example 14
Source File: GreenStepMobileFormAuthenticationFilter.java    From bamboobsc with Apache License 2.0 4 votes vote down vote up
protected String getCaptcha(ServletRequest request) {		
    return WebUtils.getCleanParam(request, this.getCaptchaParam());
}
 
Example 15
Source File: CaptchaFormAuthenticationFilter.java    From dubai with MIT License 4 votes vote down vote up
protected String getCaptcha(ServletRequest request) {
    return WebUtils.getCleanParam(request, getCaptchaParam());
}
 
Example 16
Source File: LoginController.java    From frpMgr with MIT License 4 votes vote down vote up
/**
 * 登录失败,真正登录的POST请求由Filter完成
 */
@RequestMapping(value = "login", method = RequestMethod.POST)
public String loginFailure(HttpServletRequest request, HttpServletResponse response, Model model) {
	LoginInfo loginInfo = UserUtils.getLoginInfo();
	
	// 如果已经登录,则跳转到管理首页
	if(loginInfo != null){
		String queryString = request.getQueryString();
		queryString = queryString == null ? "" : "?" + queryString;
		String indexUrl = adminPath + "/index" + queryString;
		if (ServletUtils.isAjaxRequest(request)){
			try {
				request.getRequestDispatcher(indexUrl).forward(request, response); // AJAX不支持Redirect改用Forward
			} catch (Exception ex) {
				logger.error(ex.getMessage(), ex);
			}
			return null;
		}
		return REDIRECT + indexUrl;
	}
	
	String username = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_USERNAME_PARAM);
	boolean rememberMe = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM);
	boolean rememberUserCode = WebUtils.isTrue(request, FormAuthenticationFilter.DEFAULT_REMEMBER_USERCODE_PARAM);
	String params = WebUtils.getCleanParam(request, FormAuthenticationFilter.DEFAULT_PARAMS_PARAM);
	String exception = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
	String message = (String)request.getAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM);

	model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM, username);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_ME_PARAM, rememberMe);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_REMEMBER_USERCODE_PARAM, rememberUserCode);
	model.addAttribute(FormAuthenticationFilter.DEFAULT_PARAMS_PARAM, params);
	Map<String, Object> paramMap = ServletUtils.getExtParams(request);
	for (Entry<String, Object> entry : paramMap.entrySet()){
		model.addAttribute(FormAuthenticationFilter.DEFAULT_PARAM_PREFIX_PARAM + entry.getKey(), entry.getValue());
	}
	model.addAttribute(FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception);
	
	// 如果登录设置了语言,则切换语言
	if (paramMap.get("lang") != null){
		Global.setLang((String)paramMap.get("lang"), request, response);
	}
	
	model.addAttribute(FormAuthenticationFilter.DEFAULT_MESSAGE_PARAM, text(message));

	// 非授权异常,登录失败,验证码加1。
	if (!UnauthorizedException.class.getName().equals(exception)){
		model.addAttribute("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username, (String)paramMap.get("deviceType"), "failed"));
	}
	
	//获取当前会话对象
	Session session = UserUtils.getSession();
	model.addAttribute("sessionid", (String)session.getId());

	// 登录操作如果是Ajax操作,直接返回登录信息字符串。
	if (ServletUtils.isAjaxRequest(request)){
		model.addAttribute("result", Global.FALSE);
		return ServletUtils.renderObject(response, model);
	}
	
	// 返回指定用户类型的登录页视图
	String userType = (String)paramMap.get("userType");
	if (StringUtils.isNotBlank(userType)){
		String view = UserUtils.getUserTypeValue(userType, "loginView");
		if(StringUtils.isNotBlank(view)){
			return view;
		}
	}
	
	return "modules/sys/sysLogin";
}
 
Example 17
Source File: FormAuthenticationFilter.java    From tapestry-security with Apache License 2.0 4 votes vote down vote up
protected String getUsername(ServletRequest request) {
    return WebUtils.getCleanParam(request, getUsernameParam());
}
 
Example 18
Source File: CaptchaAuthenticationFilter.java    From base-framework with Apache License 2.0 2 votes vote down vote up
/**
 * 获取用户输入的验证码
 * 
 * @param request ServletRequest
 * 
 * @return String
 */
public String getCaptcha(ServletRequest request) {
	return WebUtils.getCleanParam(request, getCaptchaParam());
}
 
Example 19
Source File: CaptchaFormAuthenticationFilter.java    From MultimediaDesktop with Apache License 2.0 2 votes vote down vote up
protected String getCaptcha(ServletRequest request) {

		return WebUtils.getCleanParam(request, KAPTCHA_REQUEST_KEY);

	}
 
Example 20
Source File: FormAuthenticationCaptchaFilter.java    From cms with Apache License 2.0 votes vote down vote up
/**
 * 获得验证码
 *
 * @param request
 * @return
 */
protected String getCaptcha(ServletRequest request) {

    return WebUtils.getCleanParam(request, getCaptchaParam());

}