IndexController.java

package com.hp.cmsz.web;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.Graphics2D;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Random;

import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.input.SAXBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import com.google.gson.Gson;
import com.hp.cmsz.commons.utils.Constant;
import com.hp.cmsz.commons.utils.DES;
import com.hp.cmsz.commons.utils.PropertiesUtil;
import com.hp.cmsz.commons.utils.TokenProcessor;
import com.hp.cmsz.entity.UserInfo;
import com.hp.cmsz.entity.XcdDetailInfoView;
import com.hp.cmsz.entity.XcdWarningInfoView;
import com.hp.cmsz.service.CmszOperationLogService;
import com.hp.cmsz.service.IndexService;
import com.hp.cmsz.service.account.AccountService;
import com.hp.cmsz.service.authoritymanage.AuthorityManageService;

/**
 * LoginController负责打开登录页面(GET请求)和登录出错页面(POST请求)，
 * 
 * 真正登录的POST请求由Filter完成,test
 * 
 * @author Zhang Wei
 */
@Controller
@RequestMapping(value = "/index")
public class IndexController {

	private static Logger log = LoggerFactory.getLogger(IndexController.class);
	@Autowired
	private AccountService accountService;

	@Autowired
	// 自动加载
	private AuthorityManageService authorityManageService;

	@Autowired
	private IndexService indexService;

	@Autowired
	private CmszOperationLogService cmszOperationLogService;

	@RequestMapping(method = RequestMethod.GET)
	public String login(

	/*
	 * @RequestParam("username") String username,
	 * 
	 * @RequestParam("password") String password,
	 */
	HttpServletRequest request, Map map) throws IOException {
		/*
		 * username=java.net.URLDecoder.decode(username, "UTF-8");//一次解码
		 * password = java.net.URLDecoder.decode(password, "UTF-8");//一次解码
		 * System.out.println(IPUtils.getIpAddress(request)); String user_ip =
		 * IPUtils.getIpAddress(request); if (user_ip.substring(0,
		 * 7).equals("192.168") || user_ip.equals("127.0.0.1")) { //内网网段 //开关标志位
		 * 0 打开 1 关闭 if(accountService.getLoginModelSwitch().equals("1"))
		 * {//关闭4A认证,交由本地认证 String prompt = ""; UserInfo userInfo =
		 * authorityManageService.getUserInfoByUserName(username); if(userInfo
		 * == null) { prompt = "该用户不存在！"; }else
		 * if(userInfo.getLogLock().equals("0")){ // 0 禁用 1 启用 prompt =
		 * "该用户已经被禁用！"; } else
		 * if(!authorityManageService.entryptPassword(password
		 * ).equals(userInfo.getPassword())) { prompt = "你输入的密码不正确！"; } else {
		 * prompt = "success"; }
		 * 
		 * } else { //通过4A认证
		 * 
		 * }
		 * 
		 * } else { //外网网段,通过4A认证
		 * 
		 * }
		 */
		// map.put("loginState", "loginSuccess");

	
		UserInfo userinfo = (UserInfo) SecurityUtils.getSubject().getSession()
				.getAttribute("CURRENT_USER_SESSION");
		if (userinfo != null) {
			cmszOperationLogService.createLog("访问", "首页",
					userinfo.getStaffname() + "访问首页");
		}

		// Add by Huach on 20140803 begin
		return PageURLController.index;
		// return nextUrl(request);
		// Add by Huach on 20140803 end

	}

	@RequestMapping(method = RequestMethod.POST)
	public String fail(HttpServletRequest request,
	// @RequestParam(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM) String
	// userName,
			Model model, Map map) {

		// model.addAttribute(FormAuthenticationFilter.DEFAULT_USERNAME_PARAM,
		// userName);
		// map.put("loginState", "loginFail");
		// Add by Huach on 20140803 begin
		return PageURLController.index;

		// return nextUrl(request);
		// Add by Huach on 20140803 end

	}

	

	// 图片中的数据实时刷新
	@RequestMapping(value = "/DataRefresh/*", method = RequestMethod.GET)
	public void refreshData(HttpServletResponse response,
			HttpServletRequest request) {
		List<Object[]> stat = indexService.getStat();
		List<String> list = new ArrayList<String>();
		for (int i = 0; i < stat.size(); i++) {
			Object[] objs = stat.get(i);
			list.add(objs[0].toString());
			list.add(objs[1].toString());
		}
		Gson gson = new Gson();
		response.setContentType("text/Xml;charset=gbk");
		PrintWriter out = null;
		try {
			out = response.getWriter();
			out.println(gson.toJson(list));// 转化为json字符串并输出
		} catch (IOException ex1) {
			ex1.printStackTrace();
		} finally {
			out.close();
		}
	}

	// 右上角中的数据实时刷新
	@RequestMapping(value = "/table/{id}/*", method = RequestMethod.GET)
	public void tableData(@PathVariable("id") String id,
			HttpServletResponse response, HttpServletRequest request) {
		List<Object[]> proNumber = null;
		if ("early_warning".equals(id)) {
			proNumber = indexService.getEarlyWarning();
		} else if ("risk".equals(id)) {
			proNumber = indexService.getRisk();
		} else {
			proNumber = indexService.getFailure();
		}
		List<String> list = new ArrayList<String>();
		for (int i = 0; i < proNumber.size(); i++) {
			Object[] objs = proNumber.get(i);
			String tt = "{\"id\":" + (i + 1) + ",\"proName\":\""
					+ objs[0].toString() + "\",\"num\":\"" + objs[1].toString()
					+ "\"}";
			list.add(tt);
		}
		Gson gson = new Gson();
		response.setContentType("text/Xml;charset=gbk");
		PrintWriter out = null;
		try {
			out = response.getWriter();
			out.println(gson.toJson(list));// 转化为json字符串并输出
		} catch (IOException ex1) {
			ex1.printStackTrace();
		} finally {
			out.close();
		}
	}

	// 右上角中的数据实时刷新
	@RequestMapping(value = "/table1/*", method = RequestMethod.GET)
	public void tableData1(HttpServletResponse response,
			HttpServletRequest request) {
		List<XcdWarningInfoView> warningDetail = indexService
				.getWaringAndRisk();
		List<XcdWarningInfoView> tt = new ArrayList<XcdWarningInfoView>();
		if (warningDetail.size() > 10) {
			for (int i = 0; i < 10; i++) {
				tt.add(warningDetail.get(i));
			}
		} else {
			for (int i = 0; i < warningDetail.size(); i++) {
				tt.add(warningDetail.get(i));
			}
		}

		Gson gson = new Gson();
		response.setContentType("text/Xml;charset=gbk");
		PrintWriter out = null;
		try {
			out = response.getWriter();
			out.println(gson.toJson(tt));// 转化为json字符串并输出
		} catch (IOException ex1) {
			ex1.printStackTrace();
		} finally {
			out.close();
		}
	}

	// 右上角中的数据实时刷新
	@RequestMapping(value = "/table2/*", method = RequestMethod.GET)
	public void tableData2(HttpServletResponse response,
			HttpServletRequest request) {
		List<XcdDetailInfoView> xcdWorkingOrderInfoS = indexService.getXcd();
		List<XcdDetailInfoView> tt = new ArrayList<XcdDetailInfoView>();
		if (xcdWorkingOrderInfoS.size() > 10) {
			for (int i = 0; i < 10; i++) {
				tt.add(xcdWorkingOrderInfoS.get(i));
			}
		} else {
			for (int i = 0; i < xcdWorkingOrderInfoS.size(); i++) {
				tt.add(xcdWorkingOrderInfoS.get(i));
			}
		}

		Gson gson = new Gson();
		response.setContentType("text/Xml;charset=gbk");
		PrintWriter out = null;
		try {
			out = response.getWriter();
			out.println(gson.toJson(tt));// 转化为json字符串并输出
		} catch (IOException ex1) {
			ex1.printStackTrace();
		} finally {
			out.close();
		}
	}

	// Function to do authentication by huach on 20140803 begin
	private String validToken(String[] paras) {
		HttpClient httpclient = new HttpClient();
		String strURL = "";
		try {
			strURL = PropertiesUtil.readValue(Constant.CONFIG_FILE,
					Constant.URL_FOR_LOGIN_FROM_4A);
		} catch (IOException e1) {
			log.info("get 4A URL error");
			log.error(e1.getMessage());
			e1.printStackTrace();
		}
		PostMethod post = new PostMethod(strURL);
		log.info("--4A URL is:" + strURL);
		// boolean success = false;
		try {
			InetAddress addr = InetAddress.getLocalHost();
			String ip = addr.getHostAddress();
			log.info("IP is:" + ip);
			log.info("--Parameters is:" + paras.toString());
			post.addParameter(Constant.PARAMETER_OF_4A_TOKEN, paras[0]);
			post.addParameter(Constant.PARAMETER_OF_4A_IP, ip);
			post.addParameter(Constant.PARAMETER_OF_4A_APP_KEY, paras[2]);
			post.addParameter(Constant.PARAMETER_OF_4A_ACC_KEY, paras[1]);
			post.addParameter(Constant.PARAMETER_OF_4A_MASTER_ACC, paras[3]);
			log.info("--Get account from 4A with query string is:IP=" + ip
					+ "&&" + Constant.PARAMETER_OF_4A_TOKEN + "=" + paras[0]
					+ "&&" + Constant.PARAMETER_OF_4A_ACC_KEY + "=" + paras[1]
					+ "&&" + Constant.PARAMETER_OF_4A_APP_KEY + "=" + paras[2]
					+ "&&" + Constant.PARAMETER_OF_4A_MASTER_ACC + "="
					+ paras[3]);
			int result = httpclient.executeMethod(post);
			log.info("Response status code: " + result);
			SAXBuilder build = new SAXBuilder();
			Document doc = build.build(post.getResponseBodyAsStream());
			Element root = doc.getRootElement();
			Element resResult = root.getChild("RESULT");
			log.info("res=" + resResult.getValue());
			if ("1".equals(resResult.getValue())) {
				// success = true;
				return root.getChild("ACCOUNT").getValue();
			} else {
				// success = false;
				Element resMsg = root.getChild("RESULT_MSG");
				log.debug("resMsg=" + resMsg.getValue());
				Element resMsgCode = root.getChild("RESULT_MSGCODE");
				log.debug("resMsgCode=" + resMsgCode.getValue());
				throw new Exception("4a check failed.");
			}
		} catch (Exception e) {
			log.info("Get HTTP from 4A Error");
			log.error(e.getMessage());
			e.printStackTrace();

		} finally {
			post.releaseConnection();
		}
		return null;
	}

	private String nextUrl(HttpServletRequest request) {
		if (is4ARequest(request)) {
			log.info("--4A request--");
			if (isAuthenticate(request)) {
				log.info("--4A reauest and Authenticate pass--");
				return PageURLController.index;
			} else {
				log.info("--4A Authenticate begin--");
				// authenticate by 4A then dispath to an autoCommit page, the
				// page will submit username and password to /index again
				String tokenString = request
						.getParameter(Constant.PARAMETER_OF_4A_TOKEN);
				log.info("---Get Token String from 4A is:" + tokenString);
				String[] paras = tokenString.split(Constant.SEPARATOR_OF_TOKEN);
				String accountId = validToken(paras);
				if (accountId == null || accountId.isEmpty()) {
					log.info("--Valid token fail--");
					// accountId="des";
					// throw new UnknownAccountException();
				} else {
					log.info("---Get accountId from 4A is:" + accountId);
				}
				HttpSession ses = request.getSession();
				ses.setAttribute(Constant.PARAMETER_OF_4A_TOKEN, paras[0]);
				ses.setAttribute(Constant.PARAMETER_OF_4A_ACC_KEY, paras[1]);
				ses.setAttribute(Constant.PARAMETER_OF_4A_APP_KEY, paras[2]);
				// get password for current accountId and set them to request
				UserInfo userinfo = accountService
						.findUserInfoByLoginName(accountId);
				String password = "";
				try {
					DES des = new DES();
					password = des.decrypt(userinfo.getPassword());
				} catch (Exception e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}
				request.setAttribute(
						FormAuthenticationFilter.DEFAULT_USERNAME_PARAM,
						accountId);
				request.setAttribute(
						FormAuthenticationFilter.DEFAULT_PASSWORD_PARAM,
						password);
				return PageURLController.AUTO_LOGIN_PAGE;
			}

		} else {
			log.info("--Not 4A request--");
			if (isAuthenticate(request)) {
				log.info("--Not 4A request and authenticated fail--");
				if (isLocalRequest(request)) {
					log.info("--local request and authenticate pass--");
					return PageURLController.index;
				} else {
					log.info("--not local request--");
					if (isAuthenticateByLocal(request)) {
						log.info("--local authenticated pass--");
						return PageURLController.index;
					} else {
						log.info("--Prompt to login from 4A--");
						request.setAttribute(
								FormAuthenticationFilter.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME,
								Constant.MUST_LOGIN_FROM_4A);
						// prompt = "该系统已被4A平台接管，请通过4A平台登录!";
						// 强制退出认证
						request.getSession().setAttribute(
								Constant.CURRENT_USER_SESSION, null);
						return PageURLController.index;
					}
				}
			} else {
				log.info("--not 4A erquest and didn't authenticated--");
				return PageURLController.index;
			}
		}
	}

	private boolean is4ARequest(HttpServletRequest request) {
		String remoteIP = request.getRemoteAddr();
		String queryString = request.getQueryString();
		String IPof4a = "";
		try {
			IPof4a = PropertiesUtil.readValue(Constant.CONFIG_FILE,
					Constant.SERVER_IP_OF_4A);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		log.info("--4A Request IP is:" + IPof4a);
		log.info("--Request IP is:" + remoteIP + " and query string is:"
				+ queryString);
		// if (IPof4a.equals(remoteIP)||(queryString!=null &&
		// queryString.startsWith(Constant.PARAMETER_OF_4A_TOKEN) &&
		// (queryString.split(Constant.SEPARATOR_OF_TOKEN)).length==4)) {
		// return true;
		// } else {
		// return false;
		// }
		return true;
	}

	private boolean isAuthenticate(HttpServletRequest request) {
		Object current_user_session = request.getSession().getAttribute(
				Constant.CURRENT_USER_SESSION);
		if (current_user_session == null) {
			return false;
		} else {
			return true;
		}
	}

	private boolean isLocalRequest(HttpServletRequest request) {
		String remoteIP = request.getRemoteAddr();
		String localIPPrefix = "";
		try {
			localIPPrefix = PropertiesUtil.readValue(Constant.CONFIG_FILE,
					Constant.LOCAL_IP_PREFIX);
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		if (remoteIP.startsWith(localIPPrefix)) {
			return true;
		} else {
			return false;
		}
	}

	private boolean isAuthenticateByLocal(HttpServletRequest request) {
		if (accountService.getLoginModelSwitch().equals("1")) {
			return true;
		} else {
			return false;
		}
	}

	/*
	 * //图片中的数据实时刷新
	 * 
	 * @RequestMapping(value = "/DataRefresh/*",method = RequestMethod.GET)
	 * public void refreshData(HttpServletResponse response,HttpServletRequest
	 * request) { List<Object[]> stat = indexService.getStat(); List<String>
	 * list = new ArrayList<String>(); for(int i = 0;i<stat.size(); i++){
	 * Object[] objs = stat.get(i); list.add(objs[0].toString());
	 * list.add(objs[1].toString()); } Gson gson = new Gson();
	 * response.setContentType("text/Xml;charset=gbk"); PrintWriter out = null;
	 * try { out = response.getWriter();
	 * out.println(gson.toJson(list));//转化为json字符串并输出 } catch (IOException ex1)
	 * { ex1.printStackTrace(); }finally{ out.close(); } }
	 * 
	 * //右上角中的数据实时刷新
	 * 
	 * @RequestMapping(value = "/table/{id}/*",method = RequestMethod.GET)
	 * public void tableData(@PathVariable("id") String id, HttpServletResponse
	 * response,HttpServletRequest request) { List<Object[]> proNumber = null;
	 * if("early_warning".equals(id)){ proNumber =
	 * indexService.getEarlyWarning(); }else if("risk".equals(id)){ proNumber =
	 * indexService.getRisk(); }else{ proNumber = indexService.getFailure(); }
	 * List<String> list = new ArrayList<String>(); for(int i =
	 * 0;i<proNumber.size(); i++){ Object[] objs = proNumber.get(i); String tt
	 * ="{\"id\":"+(i+1)+",\"proName\":\""+
	 * objs[0].toString()+"\",\"num\":\""+objs[1].toString()+"\"}" ;
	 * list.add(tt); } Gson gson = new Gson();
	 * response.setContentType("text/Xml;charset=gbk"); PrintWriter out = null;
	 * try { out = response.getWriter();
	 * out.println(gson.toJson(list));//转化为json字符串并输出 } catch (IOException ex1)
	 * { ex1.printStackTrace(); }finally{ out.close(); } }
	 * 
	 * //工作视图预警和隐患table
	 * 
	 * @RequestMapping(value = "/table1/*",method = RequestMethod.GET) public
	 * void tableData1( HttpServletResponse response,HttpServletRequest request)
	 * { List<XcdWarningInfoView> warningDetail
	 * =indexService.getWaringAndRisk(); List<XcdWarningInfoView> tt = new
	 * ArrayList<XcdWarningInfoView>(); if(warningDetail.size() > 10){ for(int i
	 * = 0 ;i <10;i++){ tt.add(warningDetail.get(i)); } }else{ for(int i = 0 ;i
	 * <warningDetail.size();i++){ tt.add(warningDetail.get(i)); } }
	 * 
	 * Gson gson = new Gson(); response.setContentType("text/Xml;charset=gbk");
	 * PrintWriter out = null; try { out = response.getWriter();
	 * out.println(gson.toJson(tt));//转化为json字符串并输出 } catch (IOException ex1) {
	 * ex1.printStackTrace(); }finally{ out.close(); } }
	 * 
	 * //工作视图协查单table
	 * 
	 * @RequestMapping(value = "/table2/*",method = RequestMethod.GET) public
	 * void tableData2( HttpServletResponse response,HttpServletRequest request)
	 * { List<XcdDetailInfoView> xcdWorkingOrderInfoS = indexService.getXcd();
	 * List<XcdDetailInfoView> tt = new ArrayList<XcdDetailInfoView>();
	 * if(xcdWorkingOrderInfoS.size() > 10){ for(int i = 0 ;i <10;i++){
	 * tt.add(xcdWorkingOrderInfoS.get(i)); } }else{ for(int i = 0 ;i
	 * <xcdWorkingOrderInfoS.size();i++){ tt.add(xcdWorkingOrderInfoS.get(i)); }
	 * }
	 * 
	 * Gson gson = new Gson(); response.setContentType("text/Xml;charset=gbk");
	 * PrintWriter out = null; try { out = response.getWriter();
	 * out.println(gson.toJson(tt));//转化为json字符串并输出 } catch (IOException ex1) {
	 * ex1.printStackTrace(); }finally{ out.close(); } }
	 */
	// 操作日志记录
	@RequestMapping(value = "/createLog*", method = RequestMethod.GET)
	public void createLogs(HttpServletRequest request,
			HttpServletResponse response) throws Exception {
		cmszOperationLogService.createLog("用户登录", "登录验证页面", "登录到该系统");
	}

	// 操作日志记录
	@RequestMapping(value = "/logoutCreateLog*", method = RequestMethod.GET)
	public void logoutCreateLogs(HttpServletRequest request,
			HttpServletResponse response) throws Exception {
		cmszOperationLogService.createLog("用户退出", "用户退出操作", "退出该系统返回到登录页面");
	}

	/**
	 * 验证码入值
	 * 
	 * @return
	 */
	public List<String> code() {
		List<String> WORDS = new ArrayList<String>();
		for (int i = 0; i < 26; i++) {
			WORDS.add(((char) ('A' + i)) + "");
			WORDS.add(((char) ('a' + i)) + "");
			if (i < 10) {
				WORDS.add((0 + i) + "");
			}
		}
		return WORDS;
	}

	/**
	 * 验证码
	 * 
	 * @param request
	 * @param response
	 * @return
	 */
	@RequestMapping(value = "/graphics/checkCode")
	public String checkCode(HttpServletRequest request,
			HttpServletResponse response) {
		List<String> words = code();
		int width = 120;
		int height = 30;
		// 绘制 步骤一一张内存中图片
		BufferedImage bufferedImage = new BufferedImage(width, height,
				BufferedImage.TYPE_INT_RGB);
		// 步骤二 图片绘制背景颜色 ---通过绘图对象
		Graphics graphics = bufferedImage.getGraphics();// 得到画图对象 --- 画笔
		// 绘制任何图形之前 都必须指定一个颜色
		graphics.setColor(getRandColor(200, 250));
		graphics.fillRect(0, 0, width, height);
		// 步骤三 绘制边框
		graphics.setColor(Color.WHITE);
		graphics.drawRect(0, 0, width - 1, height - 1);
		// 步骤四 四个随机数字
		Graphics2D graphics2d = (Graphics2D) graphics;
		// 设置输出字体
		graphics2d.setFont(new Font("宋体", Font.BOLD, 18));
		Random random = new Random();// 生成随机数
		String checkcode = "";// 获得生成成员
		for (int i = 0; i < words.size(); i++) {
			int index = random.nextInt(words.size());
			checkcode += words.get(index);
			if (i == 3) {
				break;
			}
		}
		// 定义x坐标
		int x = 10;
		for (int i = 0; i < checkcode.length(); i++) {
			// 随机颜色
			graphics2d.setColor(new Color(20 + random.nextInt(110), 20 + random
					.nextInt(110), 20 + random.nextInt(110)));
			// 旋转 -30 --- 30度
			int jiaodu = random.nextInt(60) - 30;
			// 换算弧度
			double theta = jiaodu * Math.PI / 180;
			// 获得字母数字
			char c = checkcode.charAt(i);
			// 将生成汉字 加入buffer
			// 将c 输出到图片
			graphics2d.rotate(theta, x, 20);
			graphics2d.drawString(String.valueOf(c), x, 20);
			graphics2d.rotate(-theta, x, 20);
			x += 30;
		}
		// 将验证码内容保存session
		request.getSession().setAttribute("checkcode_session", checkcode);
		// 步骤五 绘制干扰线
		graphics.setColor(getRandColor(160, 200));
		int x1;
		int x2;
		int y1;
		int y2;
		for (int i = 0; i < 30; i++) {
			x1 = random.nextInt(width);
			x2 = random.nextInt(12);
			y1 = random.nextInt(height);
			y2 = random.nextInt(12);
			graphics.drawLine(x1, y1, x1 + x2, x2 + y2);
		}
		// 将上面图片输出到浏览器 ImageIO
		graphics.dispose();// 释放资源
		try {
			ImageIO.write(bufferedImage, "jpg", response.getOutputStream());
		} catch (IOException e) {
			e.printStackTrace();
		}
		return null;
	}

	/**
	 * 取其某一范围的color
	 * 
	 * @param fc
	 *            int 范围参数1
	 * @param bc
	 *            int 范围参数2
	 * @return Color
	 */
	private Color getRandColor(int fc, int bc) {
		// 取其随机颜色
		Random random = new Random();
		if (fc > 255) {
			fc = 255;
		}
		if (bc > 255) {
			bc = 255;
		}
		int r = fc + random.nextInt(bc - fc);
		int g = fc + random.nextInt(bc - fc);
		int b = fc + random.nextInt(bc - fc);
		return new Color(r, g, b);
	}

	/**
	 * 异步确认验证码是否正确
	 * 
	 * @return
	 * @return
	 */
	@ResponseBody
	@RequestMapping(value = "/graphics/ajaxCheck", method = RequestMethod.POST)
	public String ajaxCheckCode(Model model, String code,
			HttpServletRequest request) {
		String checkcode = (String) request.getSession().getAttribute(
				"checkcode_session");
		String flag = "0";
		if (code.equalsIgnoreCase(checkcode)) {
			request.getSession().removeAttribute("checkcode_session");
			flag = "1";
		}
		return flag;
	}
}