密码策略

package c.v.swms.server.service.security.pojo;

import java.util.Date;
import java.util.List;
import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;

import c.v.swms.server.model.base.pass.PasswordRule;
import c.v.swms.server.utils.DateUtil;
import c.v.swms.server.web.filter.WarehouseHolder;
import c.v.thorn.server.exception.BusinessException;
import c.v.thorn.server.model.security.User;
import c.v.thorn.server.service.security.pojo.DefaultUserManager;
import c.v.thorn.server.util.LocalizedMessage;
import c.v.thorn.server.web.security.UserHolder;

public class DefaultSwmsUserManager extends DefaultUserManager {
	//密码策略返回消息
	public String message;

	public void saveUser(User user, Locale locale) {
		if (this.retrieve(user.getLoginName()) != null && user.isNew()) {
			throw new BusinessException("user.already.exsits", 
			new String[] { user.getLoginName() });
		}
		PasswordRule rule = getPasswordRule();
		
		User dbuser;
		if (user.isNew()) {
			dbuser = user;
			dbuser.setEnabled(true);
			dbuser.setLocked(false);
		} else {
			dbuser = load(User.class, user.getId());
		}
		if (user.getFirstPage() != null && 
		user.getFirstPage().getId() != null) {
			dbuser.setFirstPage(user.getFirstPage());
		} else {
			dbuser.setFirstPage(null);
		}
			  
		//密码规则校验
		verifyPassByRule(dbuser, rule, user.getPassword());
		dbuser.setPassword(
			DigestUtils.shaHex(user.getPassword()));
		dbuser.setStrExtend1(user.getStrExtend1());
		dbuser.setStrExtend2(user.getStrExtend2());
		dbuser.setStrExtend3(user.getStrExtend3());
		dbuser.setStrExtend4(user.getStrExtend4());
		dbuser.setLocale(locale);
		dbuser.setExpiryDate(user.getExpiryDate());
		dbuser.setEmail(user.getEmail());
		dbuser.setLoginName(user.getLoginName());
		dbuser.setName(user.getName());
		dbuser.setReferenceModel(
				user.getReferenceModel()==null?WarehouseHolder.getWarehouse().
				getReferenceModel():user.getReferenceModel());

		this.commonDao.store(dbuser);
	}
	/**
	 * 用户修改密码
	 */
	public void modifyPassword(String oldPassword, 
		String newPassword, String confirmPassword) {
		User user = commonDao.load(User.class,
			UserHolder.getUser().getId());
		PasswordRule rule = getPasswordRule();
		//新密码一致性验证
		if(!(newPassword.trim()).equals(confirmPassword.trim())){
			throw new BusinessException("newPassword.notsame");
		}
		//原密码验证
		String oldPass = DigestUtils.shaHex(oldPassword);
		if (!oldPass.equals(user.getPassword())) {
			throw new BusinessException("password.notCorrect");
		}

		verifyPassByRule(user, rule, newPassword);
		String newPass = DigestUtils.shaHex(newPassword);
		user.setPassword(newPass);
		commonDao.store(user);
		LocalizedMessage.addMessage("password.Change.success");
	}
	

	private void verifyPassByRule(User user, PasswordRule rule,	
		String newPassword) {
		if (rule == null) {
			return;
		}
		//新密码规则验证
		if (this.isPass(rule, newPassword, user) == false) {			
			throw new BusinessException(message);
		} 
		//当不区分大小写时把修改的密码转换成小写的存到数据库
		if(!rule.getCaseSensitive()){
			newPassword = newPassword.toLowerCase();
		}
		String newPass = DigestUtils.shaHex(newPassword);
		user.setPassword(newPass);

		//当密码重复周期为0时把用户的历史密码清空
		if(rule.getRepeatCycle() == 0){
			user.setStrExtend5("");
		} else {
			//新密码重复性验证
			if (!StringUtils.isEmpty(user.getStrExtend5()) 
				&& user.getStrExtend5().indexOf(newPass) >= 0) {
				throw new BusinessException("password.history.dupicate");
			}
			//将新密码加入历史密码组,
			//如果历史密码超过重复周期,去掉前面的历史密码
			user.setStrExtend5(user.getStrExtend5() + newPass + ",");
			int times = StringUtils.countMatches(user.getStrExtend5(), ",");
			while (times > rule.getRepeatCycle()) {
				user.setStrExtend5(StringUtils.substring(user.getStrExtend5(), 
						user.getStrExtend5().indexOf(",")+1));
				times = StringUtils.countMatches(user.getStrExtend5(), ",");
			}
		}
		
		//当策略的密码有效期为0时,则修改用户的有效期为null即永不过期
		if(rule.getPeriod() == 0){
			user.setPasswordExpiryDate(null);
		} else {
			user.setPasswordExpiryDate(
				DateUtil.addDayToDate(new Date(), rule.getPeriod())); 
		}
	}
	
	@SuppressWarnings("unchecked")
	private PasswordRule getPasswordRule() {
		PasswordRule pass=null;
		List<PasswordRule> rules = commonDao.findByQuery(
			"from PasswordRule pr where pr.isDisable = false");
		if (rules == null || rules.size() < 1) {
			return null;
		}
		pass = rules.get(0);
		return pass;
	}
	
	/**
	 * 密码策略判断
	 * @param password
	 * @param user
	 * @return
	 */
	private boolean isPass(PasswordRule pass, 
		String password, User user) {
		if (pass == null) {
			return true;
		}
		//长度不足
		if (pass.getPwdLength() > password.length()) {
			message = "connot.length.shot";
			return false;
		}
		//无特殊符号
		if (pass.getNeedSymbol()) {
			Pattern p = Pattern.compile("(.*[^a-zA-z0-9].*)");
			Matcher m = p.matcher(password);
			if (!m.matches()) {	
				message = "connot.needSymbol";
				return false;
			}
		}
		//无字母
		if(pass.getNeedLetter()) {
			Pattern p = Pattern.compile("(.*[a-zA-z].*)");
			Matcher m = p.matcher(password);
			if (!m.matches()) {
				message = "connot.needLetter";
				return false;
			}

		}
		//无数字
		if (pass.getNeedNumber()) {
			Pattern p = Pattern.compile("(.*[0-9].*)");
			Matcher m = p.matcher(password);
			if (!m.matches()) {
				message = "connot.needNumber";
				return false;
			}
		}
		return true;
	}

	private String shaEncodePassword(String painPwd) {
		painPwd = painPwd == null ? "" : painPwd;
		if (painPwd.length() == 40) {
			return painPwd;
		}
		return DigestUtils.shaHex(painPwd);
	}
	

}

 

你可能感兴趣的:(密码)