版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_37782076/article/details/86590565
@Configuration注入类中添加
@Bean(name = "credentialsMatcher")
public RetryLimitCredentialsMatcher hashedCredentialsMatcher(JedisTemplate jedisTemplate) {
// 设定Password校验的Hash算法与迭代次数.
RetryLimitCredentialsMatcher credentialsMatcher = new RetryLimitCredentialsMatcher(jedisTemplate);
credentialsMatcher.setHashAlgorithmName(Passwords.HASH_ALGORITHM);
credentialsMatcher.setHashIterations(Passwords.HASH_INTERATIONS);
return credentialsMatcher;
}
/**
* FIXME
*/
public static final String HASH_ALGORITHM = "SHA-1";
/**
* FIXME
*/
public static final int HASH_INTERATIONS = 128;
package com.comtop.map.pub.security;
import com.comtop.map.pub.cache.redis.JedisTemplate;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class RetryLimitCredentialsMatcher extends HashedCredentialsMatcher {
private static final Logger log = LoggerFactory.getLogger(RetryLimitCredentialsMatcher.class);
private static final String NAMESPACE = "passwordRetryCache:";
/** 超时时间(单位:秒) */
private static final int CACHE_TIME_OUT = 600;
/** 限制登录次数 */
private static final int MAX_LOGIN_TIME = 5;
private JedisTemplate jedisTemplate;
public RetryLimitCredentialsMatcher(JedisTemplate jedisTemplate) {
this.jedisTemplate = jedisTemplate;
}
@Override
public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
RestUsernamePasswordToken rupToken = (RestUsernamePasswordToken) token;
String source = rupToken.getSource();
String loginType = rupToken.getLoginType();
boolean pcLogin = RestUsernamePasswordToken.LOGIN_SOURCE_PC.equals(source) && RestUsernamePasswordToken.LOGIN_SOURCE_PC.equals(loginType);
boolean manageLogin = RestUsernamePasswordToken.LOGIN_SOURCE_MANAGE.equals(loginType);
String username = (String) token.getPrincipal();
String redisKey = NAMESPACE + username + ":";
if (pcLogin || manageLogin) {
redisKey += loginType;
} else {
redisKey += RestUsernamePasswordToken.LOGIN_TYPE_DEFAULT;
}
Object retryCount = jedisTemplate.getObject(redisKey);
if (retryCount == null) {
retryCount = 0;
jedisTemplate.setexObject(redisKey, CACHE_TIME_OUT, retryCount);
}
int current = (int) retryCount + 1;
if (current > MAX_LOGIN_TIME) {
log.warn("username: {} tried to login more than max times in period", username);
throw new ExcessiveAttemptsException("您的用户名或密码错误次数已满,将锁定10分钟。");
}
jedisTemplate.setexObject(redisKey, CACHE_TIME_OUT, current);
boolean matches = super.doCredentialsMatch(token, info);
if (matches) {
//clear retry data
jedisTemplate.del(redisKey);
} else {
int remain = MAX_LOGIN_TIME - current;
if (remain == 0) {
throw new ExcessiveAttemptsException("您的用户名或密码错误次数已满,将锁定10分钟。");
} else {
throw new ExcessiveAttemptsException("您的用户名或密码错误,还有" + remain + "次机会。");
}
}
return true;
}
/**
* 根据用户名 解锁用户
*/
public void unlockAccount(String username){
jedisTemplate.del(NAMESPACE + username);
}
}