private static final String LOGIN_ERROR_KEY_PREFIX = "aaa:bbb:ccc:error:";
private static final int MAX_LOGIN_ATTEMPTS = 5;
private static final int LOGIN_LOCK_DURATION_MINUTES = 5;
private void incrementLoginAttempts(String username) {
String key = LOGIN_ERROR_KEY_PREFIX + username;
redisUtils.getIncBy(key,1,RedisUtils.DEFAULT_DBINDEX);
redisUtils.setExpire(key, 60 * 1, RedisUtils.DEFAULT_DBINDEX);
}
private boolean isLoginAttemptsExceeded(String username) {
String key = LOGIN_ERROR_KEY_PREFIX + username;
String loginAttempts = redisUtils.get(key, RedisUtils.DEFAULT_DBINDEX);
return loginAttempts != null && Integer.valueOf(loginAttempts) >= MAX_LOGIN_ATTEMPTS;
}
private void resetLoginAttempts(String username) {
String key = LOGIN_ERROR_KEY_PREFIX + username;
redisUtils.del(key,RedisUtils.DEFAULT_DBINDEX);
}
private void lockLogin(String username) {
String key = LOGIN_ERROR_KEY_PREFIX + username + ":locked";
redisUtils.getIncBy(key,1,RedisUtils.DEFAULT_DBINDEX);
redisUtils.setExpire(key,60 * 10,RedisUtils.DEFAULT_DBINDEX);
}
private boolean isLoginLocked(String username) {
String key = LOGIN_ERROR_KEY_PREFIX + username + ":locked";
String keyStr = redisUtils.get(key, RedisUtils.DEFAULT_DBINDEX);
if (StringUtils.isEmpty(keyStr)) {
return false;
}
return true;
}
// 检查登录错误次数是否达到限制
if (isLoginLocked(account)) {
throw new ApiException("-1","登录被锁定,请10分钟后再试");
}
//todo用户查询
// 验证用户名和密码
if (null == houtaiAdminByAccount || !password.equals(object.getPassword())) {
// 增加登录错误次数
incrementLoginAttempts(account);
// 检查登录错误次数是否达到限制
if (isLoginAttemptsExceeded(account)) {
// 锁定登录
lockLogin(account);
throw new ApiException("-1","登录错误次数过多,账号已被锁定请10分钟后再试");
} else {
throw new ApiException("-1","账号或密码不正确");
}
}
// 登录成功,重置登录错误次数
resetLoginAttempts(account);