spring boot 登陆次数限制以及帐户自动解锁? 400 报错
一、现在想做一个帐户尝试登陆10次还是失败就自动锁定帐户,然后30分钟后自动解锁
下面是尝试登陆失败的处理
package com.mzw.dragon.biz.security;
import com.alibaba.fastjson.JSON;
import com.mzw.dragon.dal.entity.UserEntity;
import com.mzw.dragon.dal.repository.UserRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
/**
* Created by victor.min on 2016/10/24.
*/
@Component
public class RestAuthenticationFailureHandler implements AuthenticationFailureHandler {
private static final Logger logger = LoggerFactory.getLogger(RestAuthenticationFailureHandler.class);
private static final Map<String, String> result = new HashMap<>();
private static final Map<String, Long> task = new HashMap<>();
@Value("${spring.dragon.user.login.max-experiment}")
private static int maxExperiment = 10;
@Value("${spring.dragon.user.login.unlock}")
private static int unlock = 30;
@Autowired
private UserRepository userRepository;
@Autowired
private ThreadPoolTaskExecutor threadPoolTaskExecutor;
static {
result.put("result", "error");
}
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
// logger.info("http servlet request={}", httpServletRequest);
// logger.info("http servlet response={}", httpServletResponse);
// logger.info("authentication exception={}", e);
String message = "用户名或者密码错误";
// 更新数据库 尝试次数
String username = httpServletRequest.getParameter("username");
UserEntity u = userRepository.findByUsernameAndStatus(username, 1);
if (null != u) {
u.setExperiment(u.getExperiment() + 1);
if (u.getExperiment() >= maxExperiment) {
u.setLocked(0);
message = "账户已经锁定,请" + unlock + "分钟后再次尝试";
logger.info("账户{}已经锁定", username);
threadPoolTaskExecutor.execute(() -> {
logger.info("开始解锁账户={}", username);
u.setExperiment(0);
u.setLocked(1);
userRepository.save(u);
logger.info("解锁账户{}成功", username);
}, 10000);
logger.info("===========================");
}
userRepository.save(u);
}
// json 返回错误信息
httpServletResponse.setContentType("application/json");
httpServletResponse.setCharacterEncoding("UTF-8");
result.put("message", message);
httpServletResponse.getWriter().write(JSON.toJSONString(result));
httpServletResponse.getWriter().flush();
}
// @Scheduled(fixedDelay = 1 * 60 * 1000)
// private void unlockUser() {
// logger.info("开始解锁账户={}", username);
// UserEntity u = userRepository.findValidUserByUsername(username);
// u.setExperiment(0);
// u.setLocked(1);
// userRepository.save(u);
// task.remove(username);
// logger.info("解锁账户{}成功", username);
// }
}
解锁帐户那里好像完全没有延时,只是用了一个多线程,但是后面配的那个时间1000ms完全没起作用呀……
大大侠们,有谁弄过这个呀,Help
还有一个问题,用@Value来取配在application.properties里面的值总是取不到,这个是怎么弄的?
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
可以下载一个魔方网表使用一下。######已经搞定了,虽然有点挫,自已用了一个timer,以后再优化吧
你好,我是AI助理
可以解答问题、推荐解决方案等
评论
全部评论 (0)