package*.security;
import java.util.ArrayList;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.struts2.ServletActionContext;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import com.opensymphony.xwork2.ActionSupport;
import *.security.AutoLoginFilter;
public class Login extends ActionSupport {
private UserDetailsService userDetailService;
private AuthenticationManager authenticationManager;
public String poc_auto_login_user;
public String poc_auto_login_password;
public String errorMsg;
private static Log log = LogFactory.getLog(AutoLoginFilter.class);
public String login(){
String targetUser = getPoc_auto_login_user();
// String targetUserPassword = getPoc_auto_login_password();
if (targetUser != null && targetUser.trim().length() > 0
// && targetUserPassword != null
// && targetUserPassword.trim().length() > 0
) {
Authentication oridinalAuth = SecurityContextHolder.getContext()
.getAuthentication();
if (oridinalAuth != null) {
Object prin = oridinalAuth.getPrincipal();
String user = null;
if (prin instanceof UserDetails) {
user = ((UserDetails) prin).getUsername();
} else {
user = (String) prin;
}
if (targetUser.equals(user)) {
this.setErrorMsg(targetUser+"账号已经登录!!");
log.info("尝试自动登录已经登录的账号:" + user + ",自动登录过程已经取消");
//return INPUT;
}
}
UserDetails user = null;
// 处理自动登录逻辑,这里没有验证密码,如果要验证密码就在这里进行修改
try {
user = userDetailService.loadUserByUsername(targetUser);
} catch (UsernameNotFoundException e) {
this.setErrorMsg(targetUser+"账号不存在!!");
log.info("由于用户账号不存在,已经取消自动登录:" + targetUser);
//return INPUT;
}
// 执行登录,这里没有进行密码比较,直接进行的登录。
// String realPassword = user.getPassword();
if (true//targetUserPassword.equals(realPassword)
) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
user, user.getPassword(), new ArrayList(
user.getAuthorities()));
authentication.setDetails(new WebAuthenticationDetails(
(HttpServletRequest) ServletActionContext.getRequest()));
authentication = (UsernamePasswordAuthenticationToken) authenticationManager
.authenticate(authentication);
SecurityContextHolder.getContext().setAuthentication(
authentication);
/*HttpServletRequest req = ServletActionContext.getRequest();
String loginParam = req.getParameter("loginParam").trim();
if(null != loginParam && !loginParam.equals("")){
Cookie cookie = new Cookie("loginParam", loginParam);
cookie.setPath("/");
ServletActionContext.getResponse().addCookie(cookie);
}*/
log.info("已经自动登录账号:" + targetUser);
return SUCCESS;
} else {
this.setErrorMsg(targetUser+"密码错误");
log.info("用户密码错误:" + targetUser);
//return INPUT;
}
}else{
this.setErrorMsg("请输入用户名和密码");
}
return SUCCESS;
}
public String getPoc_auto_login_user() {
return poc_auto_login_user;
}
public void setPoc_auto_login_user(String poc_auto_login_user) {
this.poc_auto_login_user = poc_auto_login_user;
}
public String getPoc_auto_login_password() {
return poc_auto_login_password;
}
public void setPoc_auto_login_password(String poc_auto_login_password) {
this.poc_auto_login_password = poc_auto_login_password;
}
public String getErrorMsg() {
return errorMsg;
}
public void setErrorMsg(String errorMsg) {
this.errorMsg = errorMsg;
}
public void setUserDetailService(UserDetailsService userDetailService) {
this.userDetailService = userDetailService;
}
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}