| | |
|---|
| | | package com.pollex.pam.web.rest; |
|---|
| | | |
|---|
| | | import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject; |
|---|
| | | import com.pollex.pam.security.jwt.JWTFilter; |
|---|
| | | import com.pollex.pam.security.jwt.TokenProvider; |
|---|
| | | import com.pollex.pam.business.security.token.EServiceAuthenticationToken; |
|---|
| | | import com.pollex.pam.business.web.vm.EServiceLoginVM; |
|---|
| | | import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import javax.servlet.http.HttpServletResponse; |
|---|
| | | import javax.servlet.http.HttpSession; |
|---|
| | | |
|---|
| | | import org.slf4j.Logger; |
|---|
| | | import org.slf4j.LoggerFactory; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.http.HttpHeaders; |
|---|
| | | import org.springframework.http.HttpStatus; |
|---|
| | |
|---|
| | | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; |
|---|
| | | import org.springframework.security.core.Authentication; |
|---|
| | | import org.springframework.security.core.context.SecurityContextHolder; |
|---|
| | | import org.springframework.util.StringUtils; |
|---|
| | | import org.springframework.web.bind.annotation.PathVariable; |
|---|
| | | import org.springframework.web.bind.annotation.PostMapping; |
|---|
| | | import org.springframework.web.bind.annotation.RequestBody; |
|---|
| | | import org.springframework.web.bind.annotation.RequestMapping; |
|---|
| | | import org.springframework.web.bind.annotation.RestController; |
|---|
| | | |
|---|
| | | import static com.pollex.pam.business.aop.logging.audit.AuditLoggingType.CONSULTANT_LOGIN; |
|---|
| | | import com.pollex.pam.business.aop.logging.audit.AuditLoggingInject; |
|---|
| | | import com.pollex.pam.business.security.token.EServiceAuthenticationToken; |
|---|
| | | import com.pollex.pam.business.service.ConsultantService; |
|---|
| | | import com.pollex.pam.business.service.util.AesUtil; |
|---|
| | | import com.pollex.pam.business.web.errors.OtpLoginFailException; |
|---|
| | | import com.pollex.pam.business.web.vm.EServiceLoginVM; |
|---|
| | | import com.pollex.pam.security.jwt.JWTFilter; |
|---|
| | | import com.pollex.pam.security.jwt.TokenProvider; |
|---|
| | | |
|---|
| | | @RestController |
|---|
| | | @RequestMapping("/api/eService") |
|---|
| | | public class EServiceResource { |
|---|
| | | |
|---|
| | | private final static Logger log = LoggerFactory.getLogger(EServiceResource.class); |
|---|
| | | |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | AuthenticationManagerBuilder authenticationManagerBuilder; |
|---|
| | |
|---|
| | | @Autowired |
|---|
| | | TokenProvider tokenProvider; |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | ConsultantService consultantService; |
|---|
| | | |
|---|
| | | @AuditLoggingInject(type = CONSULTANT_LOGIN) |
|---|
| | | @PostMapping("/authenticate") |
|---|
| | | public ResponseEntity<UserJWTController.JWTToken> authorize(@RequestBody EServiceLoginVM eServiceLoginVM) { |
|---|
| | | EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken( |
|---|
| | | @PostMapping("/authenticate/{imgCode}") |
|---|
| | | public ResponseEntity<UserJWTController.JWTToken> authorize( |
|---|
| | | @RequestBody EServiceLoginVM eServiceLoginVM |
|---|
| | | , HttpServletResponse response, HttpServletRequest request, |
|---|
| | | @PathVariable String imgCode){ |
|---|
| | | |
|---|
| | | |
|---|
| | | String paswword = AesUtil.aesDecode(eServiceLoginVM.getPassword()); |
|---|
| | | if(!StringUtils.hasText(paswword)) { |
|---|
| | | throw new OtpLoginFailException("密碼解密失敗"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | HttpSession session = request.getSession(); |
|---|
| | | String sessionImpCode = (String) session.getAttribute("img_code"); |
|---|
| | | |
|---|
| | | if (!StringUtils.hasText(sessionImpCode) |
|---|
| | | || !StringUtils.hasText(imgCode)) { |
|---|
| | | throw new OtpLoginFailException("驗證碼輸入錯誤"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(!imgCode.equals(sessionImpCode)) { |
|---|
| | | throw new OtpLoginFailException("驗證碼輸入錯誤"); |
|---|
| | | } |
|---|
| | | |
|---|
| | | session.setAttribute("img_code", null); |
|---|
| | | EServiceAuthenticationToken authenticationToken = new EServiceAuthenticationToken( |
|---|
| | | eServiceLoginVM.getUsername(), |
|---|
| | | eServiceLoginVM.getPassword() |
|---|
| | | paswword |
|---|
| | | ); |
|---|
| | | |
|---|
| | | Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken); |
|---|
| | | consultantService.updateLoginTime(eServiceLoginVM.getUsername()); |
|---|
| | | SecurityContextHolder.getContext().setAuthentication(authenticationToken); |
|---|
| | | |
|---|
| | | String jwt = tokenProvider.createToken(authentication, false); |
|---|
| | | HttpHeaders httpHeaders = new HttpHeaders(); |
|---|
| | | httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer" + jwt); |
|---|
