网易云信的短信验证

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -12,6 +12,7 @@ import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.wsfederation.WsFederationConstants;
 import org.maxkey.config.ApplicationConfig;
+import org.maxkey.crypto.password.opt.AbstractOptAuthn;
 import org.maxkey.dao.service.UserInfoService;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.util.StringUtils;
@@ -69,6 +70,11 @@ public class LoginEndpoint {
 	@Autowired
 	@Qualifier("authenticationProvider")
 	RealmAuthenticationProvider authenticationProvider ;
+	
+	@Autowired
+    @Qualifier("tfaOptAuthn")
+    protected AbstractOptAuthn tfaOptAuthn;
+	
 	/*
 	@Autowired
 	@Qualifier("jwtLoginService")
@@ -124,6 +130,11 @@ public class LoginEndpoint {
 			modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
 			modelAndView.addObject("isKerberos", applicationConfig.getLoginConfig().isKerberos());
 			modelAndView.addObject("isOneTimePwd", applicationConfig.getLoginConfig().isOneTimePwd());
+			if(applicationConfig.getLoginConfig().isOneTimePwd()) {
+			    modelAndView.addObject("optType", tfaOptAuthn.getOptType());
+			    modelAndView.addObject("optInterval", tfaOptAuthn.getInterval());
+			}
+			
 			if( applicationConfig.getLoginConfig().isKerberos()){
 				modelAndView.addObject("userDomainUrlJson", kerberosService.buildKerberosProxys());
 				
@@ -183,4 +194,18 @@ public class LoginEndpoint {
  		
  		return authnType;
  	}
+ 	
+ 	@RequestMapping("/login/otp/{username}")
+    @ResponseBody
+    public String produceOtp(@PathVariable("username") String username) {
+        UserInfo userInfo = new UserInfo();
+        userInfo.setUsername(username);
+        UserInfo queryUserInfo=userInfoService.loadByUsername(username);//(userInfo);
+        if(queryUserInfo!=null) {
+            tfaOptAuthn.produce(queryUserInfo);
+            return "ok";
+        }
+        
+        return "fail";
+    }
 }

maxkey-web-maxkey/src/main/resources/config/applicationConfig.properties

@@ -59,7 +59,14 @@ config.characterencoding.charset.to=UTF-8
 
 config.app.issuer=CN=ConSec,CN=COM,CN=SH
 ############################################################################ 
-
+#IP  
+config.redis.hostname=127.0.0.1
+#port  
+config.redis.port=6379
+#password  
+config.redis.password=password
+#
+config.redis.timeout=10000
 #
 config.redis.pool.maxtotal=1000
 # 
@@ -68,16 +75,6 @@ config.redis.pool.maxidle=200
 config.redis.pool.maxwaitmillis=1000
 # 
 config.redis.pool.testonborrow=true
-  
-#IP  
-config.redis.hostname=127.0.0.1
-#port  
-config.redis.port=6379
-#password  
-config.redis.password=password
-
-config.redis.timeout=10000
-
 ############################################################################
 #                Login configuration
 #enable captcha

maxkey-web-maxkey/src/main/resources/spring/maxkey-security.xml

@@ -93,7 +93,11 @@
 	
 	<bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn">
 	</bean>
-	
+	 
+	<!-- 
+	<bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.sms.netease.SmsOtpAuthnYunxin">
+	</bean>
+	-->
 	<!-- Authentication Password Encoder Config -->
 	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>   
 	

maxkey-web-maxkey/src/main/resources/templates/views/login.ftl

@@ -54,6 +54,7 @@ function formatTime(){
 	strTime+=(seconds<10?"0"+seconds:seconds);
 }
 
+<#if true==isOneTimePwd && "TOPT"==optType>
 function currentTime(){
 	seconds++;
 	if(seconds>59){
@@ -74,17 +75,18 @@ function currentTime(){
 	
 	$("#currentTime").val(strTime);
 }
+
 <#--timeBase Token  Interval default is 30s-->
 var timeBaseCount;
 function getTimeBaseCount(){
-	if(seconds<30){
-		timeBaseCount=30-seconds;
+	if(seconds<${optInterval}){
+		timeBaseCount=${optInterval}-seconds;
 	}else{
-		timeBaseCount=30-(seconds-30);
+		timeBaseCount=${optInterval}-(seconds-${optInterval});
 	}
 	$("#tfa_j_otp_captcha_button").val("<@locale code="login.text.login.twofactor.validTime"/>("+timeBaseCount+")<@locale code="login.text.login.twofactor.validTime.unit"/>");
 };
-
+</#if>
 var currentSwitchTab="div_commonLogin";
 <#--submit form-->		
 function doLoginSubmit(){
@@ -117,7 +119,9 @@ document.onkeydown=function(event){
 };
 	
 $(function(){
+	<#if true==isOneTimePwd && "TOPT"==optType>
 	setInterval("currentTime()", 1000);
+	</#if>
 	<#--on captcha image click ,new a captcha code-->
 	<#if true==isCaptcha>
 	$('#j_captchaimg').click(function () {//
@@ -153,6 +157,14 @@ $(function(){
 		if(captchaCount<60){
 			return;
 		}
+		var loginName=$("#tfa_j_username").val();
+		if(loginName==""){
+			return;
+		}
+		$.get("<@base />/login/otp/"+loginName,function(data,status){
+    		alert("Data: " + data + "\nStatus: " + status);
+  		});
+		
 		<#--todo:send captcha-->
 		captchaCountTimer=setInterval("getCaptchaCount()", 1000);
 	});
@@ -245,13 +257,15 @@ $(function(){
 								<td><@locale code="login.text.password"/>：</td>
 								<td><input class="form-control"  type='password' id='tfa_j_password'  name='password' value=""  tabindex="2" /></td>
 							</tr>
-							<#if true==isOneTimePwd>
+							<#if true==isOneTimePwd >
+							<#if "TOPT"==optType >
 							<tr>
 								<td><@locale code="login.text.currenttime"/>：</td>
 								<td>
 									<input class="form-control"  readonly type='text' id="currentTime" name="currentTime"  tabindex="3"  value="" />
 								</td>
 							</tr>
+							</#if>
 							<tr>
 								<td><@locale code="login.text.captcha"/>：</td>
 								<td>