【开源中国 APP 全新上线】“动弹” 回归、集成大模型对话、畅读技术报告”
一、现在想做一个帐户尝试登陆10次还是失败就自动锁定帐户,然后30分钟后自动解锁
下面是尝试登陆失败的处理
package com.mzw.dragon.biz.security; import com.alibaba.fastjson.JSON; import com.mzw.dragon.dal.entity.UserEntity; import com.mzw.dragon.dal.repository.UserRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.scheduling.annotation.Scheduled; import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.stereotype.Component; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.Timer; import java.util.TimerTask; /** * Created by victor.min on 2016/10/24. */ @Component public class RestAuthenticationFailureHandler implements AuthenticationFailureHandler { private static final Logger logger = LoggerFactory.getLogger(RestAuthenticationFailureHandler.class); private static final Map<String, String> result = new HashMap<>(); private static final Map<String, Long> task = new HashMap<>(); @Value("${spring.dragon.user.login.max-experiment}") private static int maxExperiment = 10; @Value("${spring.dragon.user.login.unlock}") private static int unlock = 30; @Autowired private UserRepository userRepository; @Autowired private ThreadPoolTaskExecutor threadPoolTaskExecutor; static { result.put("result", "error"); } @Override public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException { // logger.info("http servlet request={}", httpServletRequest); // logger.info("http servlet response={}", httpServletResponse); // logger.info("authentication exception={}", e); String message = "用户名或者密码错误"; // 更新数据库 尝试次数 String username = httpServletRequest.getParameter("username"); UserEntity u = userRepository.findByUsernameAndStatus(username, 1); if (null != u) { u.setExperiment(u.getExperiment() + 1); if (u.getExperiment() >= maxExperiment) { u.setLocked(0); message = "账户已经锁定,请" + unlock + "分钟后再次尝试"; logger.info("账户{}已经锁定", username); threadPoolTaskExecutor.execute(() -> { logger.info("开始解锁账户={}", username); u.setExperiment(0); u.setLocked(1); userRepository.save(u); logger.info("解锁账户{}成功", username); }, 10000); logger.info("==========================="); } userRepository.save(u); } // json 返回错误信息 httpServletResponse.setContentType("application/json"); httpServletResponse.setCharacterEncoding("UTF-8"); result.put("message", message); httpServletResponse.getWriter().write(JSON.toJSONString(result)); httpServletResponse.getWriter().flush(); } // @Scheduled(fixedDelay = 1 * 60 * 1000) // private void unlockUser() { // logger.info("开始解锁账户={}", username); // UserEntity u = userRepository.findValidUserByUsername(username); // u.setExperiment(0); // u.setLocked(1); // userRepository.save(u); // task.remove(username); // logger.info("解锁账户{}成功", username); // } }
解锁帐户那里好像完全没有延时,只是用了一个多线程,但是后面配的那个时间1000ms完全没起作用呀……
大大侠们,有谁弄过这个呀,Help
还有一个问题,用@Value来取配在application.properties里面的值总是取不到,这个是怎么弄的?