package cn.infop.security;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;

@WebServlet({"/login.do"})
/* loaded from: input_file:cn/infop/security/Login.class */
public class Login extends HttpServlet {
    private static final long serialVersionUID = -2430397043741402043L;
    private static final Logger log = Logger.getLogger(Login.class);
    private final String LOGIN = "login-page.jsp";

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(httpServletRequest.getParameter("username"), httpServletRequest.getParameter("password"));
        if ("rememberMe".equals(httpServletRequest.getParameter("rememberMe"))) {
            usernamePasswordToken.setRememberMe(true);
        } else {
            usernamePasswordToken.setRememberMe(false);
        }
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(usernamePasswordToken);
            log.debug("验证成功");
            log.debug("Session Id: " + subject.getSession().getId());
            httpServletRequest.getRequestDispatcher("/console/home.jsp").forward(httpServletRequest, httpServletResponse);
        } catch (UnknownAccountException e) {
            log.debug("用户名不存在！");
            httpServletRequest.setAttribute("msg", "用户名不存在！");
            httpServletRequest.getRequestDispatcher("login-page.jsp").forward(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e2) {
            log.debug("账户或密码错误，验证失败！");
            httpServletRequest.setAttribute("msg", "账户或密码错误，验证失败！");
            httpServletRequest.getRequestDispatcher("login-page.jsp").forward(httpServletRequest, httpServletResponse);
        } catch (ExcessiveAttemptsException e3) {
            log.debug("已试登录5次，请过10分钟后再登录！");
            httpServletRequest.setAttribute("msg", "已试登录5次，请过10分钟后再登录！");
            httpServletRequest.getRequestDispatcher("login-page.jsp").forward(httpServletRequest, httpServletResponse);
        } catch (LockedAccountException e4) {
            log.debug("账户被锁定！");
            httpServletRequest.setAttribute("msg", "账户被锁定！");
            httpServletRequest.getRequestDispatcher("login-page.jsp").forward(httpServletRequest, httpServletResponse);
        } catch (IncorrectCredentialsException e5) {
            log.debug("密码不匹配，请重新输入！");
            httpServletRequest.setAttribute("msg", "密码不匹配，请重新输入！");
            httpServletRequest.getRequestDispatcher("login-page.jsp").forward(httpServletRequest, httpServletResponse);
        }
    }
}
