思路参考:
Java中SpringSecurity密码错误5次锁定用户的实现方法_JAVA教程_服务器之家
异常抛出参考: spring cloud oauth2 登录一定次数后锁定_hqmeng的博客-CSDN博客_oauth 用户被锁定
自己写的:
===============================1、失败锁定账号==========================
登录失败的监听处理(失败次数累加、超过则锁定)
@Component
public class AuthenticationFailureListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {@Value("${loginMgmt.loginErrorMax}")private Integer loginErrorMax;//#登录错误最大次数(锁定)@AutowiredITSysOpService itSysOpService;@Overridepublic void onApplicationEvent(AuthenticationFailureBadCredentialsEvent authenticationFailureBadCredentialsEvent) {String account = Authentication().getPrincipal().toString();//登录账号TSysOp tSysOp = itSysOpService.queryByUserName(account);if(tSysOp!=null){Integer hasErrorCount= 错误次数();//数据库(已经登录错误次数)hasErrorCount=(hasErrorCount!=null)?hasErrorCount:0;hasErrorCount++;if(hasErrorCount>=loginErrorMax){//超过最大错误次数(锁定)tSysOp.set状态("2");//锁定tSysOp.set错误次数(hasErrorCount);//错误次数tSysOp.set锁定时间(new Date());//锁定时间itSysOpService.updateOperator(tSysOpe);throw new LockedException("登录失败超"+loginErrorMax+"次,账号已被锁定!");}else{//否则不锁定,错误次数加1tSysOp.set错误次数(hasErrorCount);//错误次数itSysOpService.updateOperator(tSysOp);int hasChance=loginErrorMax-hasErrorCount;throw new LockedException("登录失败,还有"+hasChance+"次登录机会!");}}}
}
登录成功的监听处理(置为未锁定、登录错误次数置为0)
@Component
public class AuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> {@AutowiredITSysOpService itSysOpService;/*** 登录成功监听* 登录成功(根据登录账号设置用户未锁定、登录错误次数置为0)* @param authenticationSuccessEvent*/@Overridepublic void onApplicationEvent(AuthenticationSuccessEvent authenticationSuccessEvent) {MySecurityUser mySecurityUser =(Authentication().getPrincipal();String account&#Username();//登录账号TSysOp tSysOp = itSysOpService.queryByUserName(account);tSysOp.set状态("1");//未锁定tSysOp.set错误次数(0);//错误登录检查次数置为0itSysOpService.updateOperator(tSysOp);//更新账号信息}
}
======================2、根据数据库状态登录时给出报错==================
将数据库锁定状态传给springsecurity用户对象
/*** 权限验证相关接口实现*/
@Service
public class SecurityAuthInterfaceImpl implements SecurityAuthInterface {@Overridepublic MySecurityUser findUserByUserName(String userName) {TSysOp user = userService.queryByUserName(userName);//根据账号查询数据库if (user == null) {return null;}String stateStr&#状态();//锁定状态Integer stateInt=StringValid.isValid(stateStr)?Integer.valueOf(stateStr):0;return new fCode(), fPassword(), stateInt, fOpId());}根据传递状态判断是否锁定
@Autowired
private SecurityAuthInterface userRoleInterface;@Component
public class MySecurityUserDetails implements UserDetailsService {public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException {logger.info("-------------你输入的用户名为:" + name);MySecurityUser user = this.userRoleInterface.findUserByUserName(name);if (user == null) {logger.info("-------------未查询到用户名:" + name);throw new UsernameNotFoundException("Invalid username or password.");} else {状态()==2){//用户被锁定throw new InternalAuthenticationServiceException("该账号已被锁定,请联系管理员!");}List<MySecurityRole> roles = 根据用户id查询用户角色return new Username(), Password(), State(), roles);}}
}======================3、将登录失败提示到前端展示======================
@Component("authenctiationFailureHandler")
public class AuthenctiationFailureHandler extends SimpleUrlAuthenticationFailureHandler {private Logger logger = Class());public AuthenctiationFailureHandler() {}public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {this.logger.info("----------------登录失败------------------------");String msg = "";if (!(exception instanceof UsernameNotFoundException) && !(exception instanceof BadCredentialsException)) {if(exception instanceof LockedException){//用户被锁定、将要被锁定(AuthenticationFailureListener类--登录失败时)msg&#Message();}else if (exception instanceof DisabledException) {msg = "账户被禁用,登录失败,请联系管理员!";}else if(exception instanceof InternalAuthenticationServiceException){//用户被锁定、无效(MySecurityUserDetails类--用户名密码正确,用户状态非正常)msg&#Message();}else {msg = "登录失败!";}}else{msg = "登录失败,用户名或密码输入错误!";}().filter(request, response, ().error(2, msg, new Object[0]), (Integer)null);}
}
本文发布于:2024-01-31 13:59:24,感谢您对本站的认可!
本文链接:https://www.4u4v.net/it/170668076229028.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
| 留言与评论(共有 0 条评论) |
