Java Code Examples for org.apache.shiro.SecurityUtils#getSubject()

The following examples show how to use org.apache.shiro.SecurityUtils#getSubject() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LoginServiceImpl.java    From SpringBoot-Shiro-Vue-master-20180625 with Apache License 2.0 6 votes vote down vote up
/**
 * 登录表单提交
 *
 * @param jsonObject
 * @return
 */
@Override
public JSONObject authLogin(JSONObject jsonObject) {
    String username = jsonObject.getString("username");
    String password = jsonObject.getString("password");
    JSONObject returnData = new JSONObject();
    Subject currentUser = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(username, password);
    try {
        currentUser.login(token);
        returnData.put("result", "success");
    } catch (AuthenticationException e) {
        returnData.put("result", "fail");
    }
    return CommonUtil.successJson(returnData);
}
 
Example 2
Source File: AuthController.java    From Spring-Shiro-Spark with Apache License 2.0 6 votes vote down vote up
@PostMapping(value = SUBPATH_LOGIN)
public ResponseEntity<UserDto> login(@RequestBody UserDto userDto,
                                     UriComponentsBuilder uriComponentsBuilder){
    HttpHeaders headers = ApplicationUtil.getHttpHeaders(uriComponentsBuilder,SUBPATH_LOGIN);
    logger.info("================userInfo================username: " + userDto.getUsername() + ",pw: " + userDto.getPassword());
    Subject subject = SecurityUtils.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(userDto.getUsername(),userDto.getPassword());
    //User user = new User("root","root","root","root");
    //userDao.save(user);
    try{
        subject.login(token);
    } catch (AuthenticationException e){
        logger.error("======登录失败======");
        throw new ResultException(ErrorCode.USERNAMEORPASSWORD.getDesc(),ErrorCode.USERNAMEORPASSWORD);
    }
    UserDto loginUserDto = (UserDto) SecurityUtils.getSubject().getSession().getAttribute("user");

    return new ResponseEntity<>(loginUserDto,headers, HttpStatus.OK);
}
 
Example 3
Source File: SysUserServiceImpl.java    From watchdog-framework with MIT License 6 votes vote down vote up
public SysUserVO getCurrentUser(){
    Tools.executeLogin();
    Subject subject = SecurityUtils.getSubject();
    if(!subject.isAuthenticated()){
        throw new RequestException(ResponseCode.NOT_SING_IN);
    }
    JwtToken jwtToken = new JwtToken();
    Object principal = subject.getPrincipal();
    if(principal==null){
        throw RequestException.fail("用户信息获取失败");
    }
    BeanUtils.copyProperties(principal,jwtToken);
    SysUser user = this.findUserByName(jwtToken.getUsername(),false);
    if(user==null){
        throw RequestException.fail("用户不存在");
    }
    //获取菜单/权限信息
    List<SysResource> allPer = userRolesRegexResource(roleService.findAllRoleByUserId(user.getId(),true));
    SysUserVO vo = new SysUserVO();
    BeanUtils.copyProperties(user,vo);
    vo.setResources(allPer);
    return vo;
}
 
Example 4
Source File: ShiroPermissingTag.java    From mumu with Apache License 2.0 6 votes vote down vote up
/**
 * 验证用户是否具有以下任意一个角色。
 * @param roleNames 以 delimeter 为分隔符的角色列表
 * @param delimeter 角色列表分隔符
 * @return 用户是否具有以下任意一个角色
 */
public boolean hasAnyRoles(String roleNames, String delimeter) {
	Subject subject = SecurityUtils.getSubject();
	if (subject != null) {
		if (delimeter == null || delimeter.length() == 0) {
			delimeter = ROLE_NAMES_DELIMETER;
		}

		for (String role : roleNames.split(delimeter)) {
			if (subject.hasRole(role.trim()) == true) {
				return true;
			}
		}
	}

	return false;
}
 
Example 5
Source File: QuestionnaireResource.java    From gazpachoquest with GNU General Public License v3.0 6 votes vote down vote up
@GET
@Path("/{questionnaireId}/page")
@ApiOperation(value = "Fetch the next, current or previous page for the given questionnaire", notes = "More notes about this method", response = QuestionnairePageDTO.class)
@ApiResponses(value = { @ApiResponse(code = 404, message = "Invalid invitation token supplied"),
        @ApiResponse(code = 200, message = "questionnaires available") })
public Response getPage(
        @NotNull @PathParam("questionnaireId") @ApiParam(value = "Questionnaire id", required = true) Integer questionnaireId,
        @ApiParam(name = "mode", value = "Refers how many questions are returned by page.", required = false, defaultValue = "SECTION_BY_SECTION", allowableValues = "QUESTION_BY_QUESTION,SECTION_BY_SECTION,ALL_IN_ONE", allowMultiple = true) @QueryParam("mode") String modeStr,
        @ApiParam(name = "preferredLanguage", value = "Preferred Language for the page is availabe", required = true, defaultValue = "EN", allowableValues = "EN,ES,FI", allowMultiple = true) @QueryParam("preferredLanguage") String preferredLanguageStr,
        @ApiParam(name = "action", value = "Action fired for the respondent", required = true, defaultValue = "ENTERING", allowableValues = "NEXT,PREVIOUS,ENTERING", allowMultiple = true) @QueryParam("action") String actionStr) {

    Subject subject = SecurityUtils.getSubject();
    User principal = (User) SecurityUtils.getSubject().getPrincipal();
    subject.checkPermission("questionnaire:read:" + questionnaireId);
    logger.info("Fetching questionnaire {} for {} user {}", questionnaireId, principal.getFullName());
    RenderingMode mode = StringUtils.isNotBlank(modeStr) ? RenderingMode.fromValue(modeStr) : null;
    NavigationAction action = NavigationAction.fromString(actionStr);
    Language preferredLanguage = Language.fromString(preferredLanguageStr);
    QuestionnairePageDTO page = questionnaireFacade.resolvePage(questionnaireId, mode, preferredLanguage, action);
    return Response.ok(page).build();
}
 
Example 6
Source File: BaseSupportAction.java    From bamboobsc with Apache License 2.0 5 votes vote down vote up
public String getIsSuperRole() {
	Subject subject = SecurityUtils.getSubject();
	if (subject.hasRole(Constants.SUPER_ROLE_ADMIN) || subject.hasRole(Constants.SUPER_ROLE_ALL)) {
		return YesNo.YES;
	}
	return YesNo.NO;
}
 
Example 7
Source File: SessionInterceptor.java    From ZTuoExchange_framework with MIT License 5 votes vote down vote up
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {


    BeanFactory factory = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());
    AdminService adminService = (AdminService) factory.getBean("adminService");
    System.out.println(request.getContextPath());
    Subject currentUser = SecurityUtils.getSubject();

    //判断用户是通过记住我功能自动登录,此时session失效
    if(!currentUser.isAuthenticated() && currentUser.isRemembered()){
        try {
            Admin admin = adminService.findByUsername(currentUser.getPrincipals().toString());
            //对密码进行加密后验证
            UsernamePasswordToken token = new UsernamePasswordToken(admin.getUsername(), admin.getPassword(),currentUser.isRemembered());
            //把当前用户放入session
            currentUser.login(token);
            Session session = currentUser.getSession();
            session.setAttribute(SysConstant.SESSION_ADMIN,admin);
            //设置会话的过期时间--ms,默认是30分钟,设置负数表示永不过期
            session.setTimeout(30*60*1000L);
        }catch (Exception e){
            //自动登录失败,跳转到登录页面
            //response.sendRedirect(request.getContextPath()+"/system/employee/sign/in");
            ajaxReturn(response, 4000, "unauthorized");
            return false;
        }
        if(!currentUser.isAuthenticated()){
            //自动登录失败,跳转到登录页面
            ajaxReturn(response, 4000, "unauthorized");
            return false;
        }
    }
    return true;
}
 
Example 8
Source File: SessionCacheManager.java    From NutzSite with Apache License 2.0 5 votes vote down vote up
public Session getSession(){
    Session session = null;
    try{
        Subject subject = SecurityUtils.getSubject();
        session = subject.getSession(false);
        if (session == null){
            session = subject.getSession();
        }
    }catch (InvalidSessionException e){
        logger.error("Invalid session error", e);
    }catch (UnavailableSecurityManagerException e2){
        logger.error("Unavailable SecurityManager error", e2);
    }
    return session;
}
 
Example 9
Source File: AuthenticationInterceptor.java    From EasyEE with MIT License 5 votes vote down vote up
@Override
	public void afterSuccess(ServletRequest request, ServletResponse response, AuthenticationToken token)
			throws Exception {
		Subject subject = SecurityUtils.getSubject();
		// 不要强制转换,防止 devtools 的 RestartClassLoader 导致的 cast exception
		UsernamePasswordEncodeToken downToken = new UsernamePasswordEncodeToken();
		downToken.setUserId(Integer.valueOf(token.getClass().getMethod("getUserId").invoke(token).toString()));
		downToken.setName(token.getClass().getMethod("getName").invoke(token).toString());
		downToken.setPassword((char[])token.getClass().getMethod("getPassword").invoke(token));
		downToken.setRealName(token.getClass().getMethod("getRealName").invoke(token).toString());
		downToken.setStatus(Integer.valueOf(token.getClass().getMethod("getStatus").invoke(token).toString()));
		// 用户锁定
		if (downToken.getStatus() == SysUser.STATUS_LOCK) {
			subject.logout();
			throw new LockedAccountException("账户已锁定!");
		}

		// 存入用户信息到Session
		// SysUser sysUser=new SysUser(downToken.getName(), new
		// String(downToken.getPassword()));
		SysUser sysUser = new SysUser(downToken.getName(), "");
		sysUser.setPassword(new String(downToken.getPassword()));
		sysUser.setRealName(downToken.getRealName());
		sysUser.setStatus(downToken.getStatus());
		sysUser.setUserId(downToken.getUserId());
		
		subject.getSession().setAttribute("USER", sysUser);

		// 初始化菜单列表
		initMenu(subject.getSession(), downToken);

//		System.out.println("登录成功!");
//		System.out.println(sysOperationPermissionService.getAllOpreationNames());

		// 保存所有权限对应的权限名称,权限备注
		subject.getSession().setAttribute("operationsName", sysOperationPermissionService.getAllOpreationNames());
	}
 
Example 10
Source File: RoleController.java    From springboot-learn with MIT License 5 votes vote down vote up
public void reloadAuthorizingByUserId(User user) {
    RealmSecurityManager rsm = (RealmSecurityManager) SecurityUtils.getSecurityManager();
    UserRealm shiroRealm = (UserRealm) rsm.getRealms().iterator().next();
    Subject subject = SecurityUtils.getSubject();
    String realmName = subject.getPrincipals().getRealmNames().iterator().next();
    SimplePrincipalCollection principals = new SimplePrincipalCollection(user, realmName);
    subject.runAs(principals);
    shiroRealm.getAuthorizationCache().remove(subject.getPrincipals());
    subject.releaseRunAs();

    LOG.info("用户[{}]的权限更新成功!!", user.getUsername());

}
 
Example 11
Source File: LoginController.java    From erp-framework with MIT License 5 votes vote down vote up
@GetMapping("/login")
public String login(HttpServletRequest request){
    logger.info("当前的路径为:" + request.getRequestURI());
    Subject s = SecurityUtils.getSubject();
    logger.info("是否记住登录--》" + s.isRemembered() + "; 是否有权限登录" + s.isAuthenticated());
    if(s.isAuthenticated()){
        return "redirect:index";
    }else {
        return "login";
    }
}
 
Example 12
Source File: ServiceAuthorityCheckAspect.java    From bamboobsc with Apache License 2.0 5 votes vote down vote up
@Around( AspectConstants.LOGIC_SERVICE_PACKAGE )
public Object logicServiceProcess(ProceedingJoinPoint pjp) throws AuthorityException, ServiceException, Throwable {
	MethodSignature signature=(MethodSignature)pjp.getSignature();
	Annotation[] annotations=pjp.getTarget().getClass().getAnnotations();
	String serviceId = AspectConstants.getServiceId(annotations);
	Subject subject = SecurityUtils.getSubject();
	Method method = signature.getMethod();
	if (subject.hasRole(Constants.SUPER_ROLE_ALL) || subject.hasRole(Constants.SUPER_ROLE_ADMIN)) {
		SysEventLogSupport.log( 
				(String)subject.getPrincipal(), Constants.getSystem(), this.getEventId(serviceId, method.getName()), true );
		return pjp.proceed();
	}
	if (StringUtils.isBlank(serviceId)) { // 沒有 service id 無法判斷檢查 
		SysEventLogSupport.log( 
				(String)subject.getPrincipal(), Constants.getSystem(), this.getEventId(serviceId, method.getName()), true );
		return pjp.proceed();
	}
	if (!this.isServiceAuthorityCheck(annotations)) { // 沒有 ServiceAuthority 或 check=false 就不用檢查了 
		SysEventLogSupport.log( 
				(String)subject.getPrincipal(), Constants.getSystem(), this.getEventId(serviceId, method.getName()), true );
		return pjp.proceed();
	}		
	Annotation[] methodAnnotations = method.getAnnotations();
	if (this.isServiceMethodAuthority(serviceId, methodAnnotations, subject)) {
		SysEventLogSupport.log( 
				(String)subject.getPrincipal(), Constants.getSystem(), this.getEventId(serviceId, method.getName()), true );
		return pjp.proceed();
	}
	logger.warn(
			"[decline] user[" + subject.getPrincipal() + "] " 
					+ pjp.getTarget().getClass().getName() 
					+ " - " 
					+ signature.getMethod().getName());		
	SysEventLogSupport.log( 
			(String)subject.getPrincipal(), Constants.getSystem(), this.getEventId(serviceId, method.getName()), false );
	throw new AuthorityException(SysMessageUtil.get(GreenStepSysMsgConstants.NO_PERMISSION));
}
 
Example 13
Source File: ExtDirectJsonRequestProcessorThread.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up
public ExtDirectJsonRequestProcessorThread() {
  Subject subject = SecurityUtils.getSubject();
  checkState(subject != null, "Subject is not set");
  // create the thread state by this moment as this is created in the master (web container) thread
  threadState = new SubjectThreadState(subject);

  final String baseUrl = BaseUrlHolder.get();

  processRequest = ServletScopes.transferRequest(new Callable<String>()
  {
    @Override
    public String call() {
      threadState.bind();
      UserIdMdcHelper.set();
      try {
        // apply base-url from the original thread
        BaseUrlHolder.set(baseUrl);

        return ExtDirectJsonRequestProcessorThread.super.processRequest();
      }
      finally {
        UserIdMdcHelper.unset();
        threadState.restore();
      }

    }
  });
}
 
Example 14
Source File: UserSessionBean.java    From web-budget with GNU General Public License v3.0 4 votes vote down vote up
/**
 * @return return the current {@link Subject} of the application
 */
private Subject getSubject() {
    return SecurityUtils.getSubject();
}
 
Example 15
Source File: ScoreBoardController.java    From PhrackCTF-Platform-Team with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("unchecked")
@RequestMapping(value = "/personalrank", method = RequestMethod.GET)
public ModelAndView PersonalRank() throws Exception {
	ModelAndView mv = new ModelAndView("personalrank");
	CommonUtils.setControllerName(request, mv);
	Subject currentUser = SecurityUtils.getSubject();
	Users userobj=CommonUtils.setUserInfo(currentUser, userServices, teamServices,submissionServices,mv);
	if (userobj==null) {
		mv.addObject("thisuser","");
	} else {
		mv.addObject("thisuser",userobj.getUsername());
	}
	if (CommonUtils.CheckIpBanned(request, bannedIpServices)) {
		currentUser.logout();
	}
	
	Date currenttime= new Date();
	mv.addObject("updatetime", currenttime);
	ArrayList<ScoreBoardObj> rank = new ArrayList<ScoreBoardObj>();
	List<Users> userforrank = userServices.getUsersForRank();
	ArrayList<RanklistObj> ranklist = new ArrayList<RanklistObj>();
	List<Challenges> tasklist = challengeServices.getAllAvailChallenges();
	for (Users u:userforrank) {
		RanklistObj aobj = new RanklistObj();
		Submissions last = submissionServices.getLastCorrectSubmitByUserId(u.getId());
		if (last==null) {
			aobj.setLastSummit(new Date());
		} else {
			aobj.setLastSummit(last.getSubmitTime());
		}
		aobj.setuserobj(u);
		ranklist.add(aobj);
	}
	CompareScore c = new CompareScore();
	Collections.sort(ranklist,c);
	
	int count;
	count = 1;
	for (RanklistObj item:ranklist) {
		if (item.getuserobj().getScore()==0) {
			continue;
		}
		ScoreBoardObj sb = new ScoreBoardObj();
		sb.setrank(count++);
		sb.setusername(item.getuserobj().getUsername());
		sb.setuserid(item.getuserobj().getId());
		sb.setscore(item.getuserobj().getScore());
		Countries usercountry = countryServices.getCountryById(item.getuserobj().getCountryid());
		sb.setcountryname(usercountry.getCountryname());
		sb.setcountrycode(usercountry.getCountrycode());
		ArrayList<SolveList> sl = new ArrayList<SolveList>();
		for (Challenges ch:tasklist) {
			SolveList slitem = new SolveList();
			slitem.settaskid(ch.getId());
			slitem.settakstitle(ch.getTitle());
			if (submissionServices.getSolvedByUseridAndTaskId(item.getuserobj().getId(), ch.getId())>0) {
				slitem.setsolvestr("solved");
			} else {
				slitem.setsolvestr("unsolved");
			}
			sl.add(slitem);
		}
		sb.setsolvestat(sl);
		rank.add(sb);
	}
	
	mv.addObject("scorelist", rank);
	mv.setViewName("personalrank");
	return mv;
}
 
Example 16
Source File: BaseController.java    From yyblog with MIT License 4 votes vote down vote up
public static Subject getSubjct() {
    return SecurityUtils.getSubject();
}
 
Example 17
Source File: AccountServiceImpl.java    From VideoMeeting with Apache License 2.0 4 votes vote down vote up
@Override
public void logout() {
	if (SecurityUtils.getSubject() != null) {
		SecurityUtils.getSubject().logout();
	}
}
 
Example 18
Source File: LoginController.java    From tianti with Apache License 2.0 4 votes vote down vote up
@RequestMapping("/do_login")
	public String doLogin(HttpServletRequest request, Model model){
		
		String username = request.getParameter("username");
		String pwd = request.getParameter("pwd");
		
		boolean rememberMe = false;
		
		String md5Pwd = Md5Util.generatePassword(pwd);
		
		try {
			UsernamePasswordToken token = new UsernamePasswordToken(username, md5Pwd, rememberMe);
			
			Subject subject = SecurityUtils.getSubject();
			
			subject.login(token);
			
			//跳转第一个菜单
			List<Resource> hasResource = (List<Resource>) request.getSession().getAttribute(WebHelper.SESSION_MENU_RESOURCE);
			if(hasResource != null && !hasResource.isEmpty()){
				for(Resource resource : hasResource){
					
					List<Resource> chResources = resource.getChildren();
					if(StringUtils.isNotBlank(resource.getUrl()) && (chResources == null || chResources.isEmpty())){
						return "redirect:" + resource.getUrl();
					}
					if(chResources != null && !chResources.isEmpty()){
						for(Resource chRes : chResources){
							if(StringUtils.isNotBlank(chRes.getUrl())){
								return "redirect:" + chRes.getUrl();
							}
						}
					}
				}
			}
			
			return "redirect:/user/list";
		} catch (LockedAccountException lae) {
//			lae.printStackTrace();
			model.addAttribute("msg", "账号已被禁用");
		} catch (AuthenticationException ae) {
//			ae.printStackTrace();
			model.addAttribute("msg", "账号或密码错误");
		} catch (Exception e) {
//			e.printStackTrace();
			model.addAttribute("msg", "登录异常");
		}
		
		return "login";
	}
 
Example 19
Source File: SecurityInterceptor.java    From phone with Apache License 2.0 4 votes vote down vote up
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
		throws Exception {
	if (logger.isDebugEnabled()) {
		logger.debug("preHandle(HttpServletRequest, HttpServletResponse, Object) - start"); //$NON-NLS-1$
	}

	Subject subject = SecurityUtils.getSubject();
	String requestUrl = request.getRequestURI().replace(request.getContextPath(), "");
	if (logger.isDebugEnabled()) {
		logger.debug(StringUtil.appendStringNotNull("###", "请求的url",requestUrl)); //$NON-NLS-1$
	}
	boolean res = ArrayUtil.foreach(igoreRegexUrls, (v,i) -> {
		return !requestUrl.matches(v);// 如果匹配则不再循环
	});
	// 如果返回false,则表示匹配忽略的url
	if (!res) {
		if (logger.isDebugEnabled()) {
			logger.debug("preHandle(HttpServletRequest, HttpServletResponse, Object) - end"); //$NON-NLS-1$
		}
		return true;
	}
	System.out.println(requestUrl);
	boolean checkResult = false;
	// 如果已登录则直接跳转
	if (subject != null && subject.isAuthenticated()) {
		// 判断是否是访问url
		if (requestUrl.matches(".+\\.(html|jsp)")) {
			checkResult = processMenuSecurity(requestUrl,request);
		} else {
			checkResult = processFuncSecurity(requestUrl);
		}
		// 功能
	}
	if (!checkResult) {
		redirect(response);

		if (logger.isDebugEnabled()) {
			logger.debug("preHandle(HttpServletRequest, HttpServletResponse, Object) - end"); //$NON-NLS-1$
		}
		return false;
	}

	if (logger.isDebugEnabled()) {
		logger.debug("preHandle(HttpServletRequest, HttpServletResponse, Object) - end"); //$NON-NLS-1$
	}
	return true;
}
 
Example 20
Source File: UserServiceImpl.java    From wangmarket with Apache License 2.0 4 votes vote down vote up
public BaseVO loginByUsernameAndPassword(HttpServletRequest request, String username, String password){
		username = Safety.filter(username);
		
		BaseVO baseVO = new BaseVO();
		if(username==null || username.length() == 0 ){
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginUserOrEmailNotNull"));
			return baseVO;
		}
		if(password==null || password.length() == 0){
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginPasswordNotNull"));
			return baseVO;
		}
		
		//判断是用户名还是邮箱登陆的,进而查询邮箱或者用户名,进行登录
		List<User> l = sqlDAO.findByProperty(User.class, username.indexOf("@")>-1? "email":"username", username);
		
		if(l!=null && l.size()>0){
			User user = l.get(0);
			
			String md5Password = new Md5Hash(password, user.getSalt(),Global.USER_PASSWORD_SALT_NUMBER).toString();
			//检验密码是否正确
			if(md5Password.equals(user.getPassword())){
				//检验此用户状态是否正常,是否被冻结
				if(user.getIsfreeze() == User.ISFREEZE_FREEZE){
					baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginUserFreeze"));
					return baseVO;
				}
				
				user.setLasttime(DateUtil.timeForUnix10());
				user.setLastip(IpUtil.getIpAddress(request));
				sqlDAO.save(user);
				
				UsernamePasswordToken token = new UsernamePasswordToken(user.getUsername(), user.getUsername());
		        token.setRememberMe(false);
				Subject currentUser = SecurityUtils.getSubject();  
				try {
					currentUser.login(token);  
				} catch ( UnknownAccountException uae ) {
					java.lang.System.out.println("UnknownAccountException:"+uae.getMessage());
				} catch ( IncorrectCredentialsException ice ) {
					java.lang.System.out.println("IncorrectCredentialsException:"+ice.getMessage());
				} catch ( LockedAccountException lae ) {
					java.lang.System.out.println("LockedAccountException:"+lae.getMessage());
				} catch ( ExcessiveAttemptsException eae ) {
					java.lang.System.out.println("ExcessiveAttemptsException:"+eae.getMessage());
				} catch ( org.apache.shiro.authc.AuthenticationException ae ) {  
					java.lang.System.out.println("AuthenticationException:"+ae.getMessage());
				}
//				logDao.insert("USER_LOGIN_SUCCESS");
				baseVO.setBaseVO(BaseVO.SUCCESS, Language.show("user_loginSuccess"));
			}else{
				baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginPasswordFailure"));
			}
		}else{
			baseVO.setBaseVO(BaseVO.FAILURE, Language.show("user_loginUserNotFind"));
		}
		
		return baseVO;
	}