1
回答
spring boot 登陆次数限制以及帐户自动解锁

一、现在想做一个帐户尝试登陆10次还是失败就自动锁定帐户,然后30分钟后自动解锁

下面是尝试登陆失败的处理

package com.mzw.dragon.biz.security;

import com.alibaba.fastjson.JSON;
import com.mzw.dragon.dal.entity.UserEntity;
import com.mzw.dragon.dal.repository.UserRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;

/**
 * Created by victor.min on 2016/10/24.
 */
@Component
public class RestAuthenticationFailureHandler implements AuthenticationFailureHandler {

    private static final Logger logger = LoggerFactory.getLogger(RestAuthenticationFailureHandler.class);

    private static final Map<String, String> result = new HashMap<>();

    private static final Map<String, Long> task = new HashMap<>();

    @Value("${spring.dragon.user.login.max-experiment}")
    private static int maxExperiment = 10;

    @Value("${spring.dragon.user.login.unlock}")
    private static int unlock = 30;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private ThreadPoolTaskExecutor threadPoolTaskExecutor;

    static {
        result.put("result", "error");
    }

    @Override
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {

//        logger.info("http servlet request={}", httpServletRequest);
//        logger.info("http servlet response={}", httpServletResponse);
//        logger.info("authentication exception={}", e);

        String message = "用户名或者密码错误";

        // 更新数据库 尝试次数
        String username = httpServletRequest.getParameter("username");
        UserEntity u = userRepository.findByUsernameAndStatus(username, 1);
        if (null != u) {
            u.setExperiment(u.getExperiment() + 1);
            if (u.getExperiment() >= maxExperiment) {
                u.setLocked(0);
                message = "账户已经锁定,请" + unlock + "分钟后再次尝试";

                logger.info("账户{}已经锁定", username);

                threadPoolTaskExecutor.execute(() -> {
                    logger.info("开始解锁账户={}", username);
                    u.setExperiment(0);
                    u.setLocked(1);
                    userRepository.save(u);
                    logger.info("解锁账户{}成功", username);
                }, 10000);
                logger.info("===========================");
            }
            userRepository.save(u);
        }

        // json 返回错误信息
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");

        result.put("message", message);

        httpServletResponse.getWriter().write(JSON.toJSONString(result));
        httpServletResponse.getWriter().flush();

    }

//    @Scheduled(fixedDelay = 1 * 60 * 1000)
//    private void unlockUser() {
//        logger.info("开始解锁账户={}", username);
//        UserEntity u = userRepository.findValidUserByUsername(username);
//        u.setExperiment(0);
//        u.setLocked(1);
//        userRepository.save(u);
//        task.remove(username);
//        logger.info("解锁账户{}成功", username);
//    }

}



解锁帐户那里好像完全没有延时,只是用了一个多线程,但是后面配的那个时间1000ms完全没起作用呀……

大大侠们,有谁弄过这个呀,Help

还有一个问题,用@Value来取配在application.properties里面的值总是取不到,这个是怎么弄的?



举报
_冢彧
发帖于2年前 1回/460阅
顶部