添加登录验证失败次数锁定账号登录

438b61e8 · chenzx · c3ab6c83 · 438b61e8 · 438b61e8 · 438b61e8
Commit 438b61e8 authored Aug 17, 2021 by chenzx
7 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 	<groupId>LV77</groupId>
 	<artifactId>ads-mds-login</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
-	<packaging>war</packaging>
+	<packaging>jar</packaging>

 	<name>mdslogin</name>
 	<description>mdslogin</description>
@@ -143,6 +143,12 @@
 			<version>0.9.1</version>
 		</dependency>

+		<dependency>
+			<groupId>es.moki.ratelimitj</groupId>
+			<artifactId>ratelimitj-inmemory</artifactId>
+			<version>0.4.1</version>
+		</dependency>
+
 	</dependencies>

 	<dependencyManagement>
@@ -158,6 +164,23 @@
 	</dependencyManagement>

 	<build>
+		<resources>
+			<resource>
+				<directory>lib</directory>
+				<targetPath>BOOT-INF/lib/</targetPath>
+				<includes>
+					<include>**/*.jar</include>
+				</includes>
+			</resource>
+			<resource>
+				<directory>src/main/resources</directory>
+				<includes>
+					<include>*.yml</include>
+					<include>**/*.xml</include>
+				</includes>
+			</resource>
+		</resources>
+
 		<finalName>mdslogin</finalName>
 		<plugins>
 			<plugin>

--- a/src/main/java/com/keymobile/proxy/conf/ClientSsoConfig.java
+++ b/src/main/java/com/keymobile/proxy/conf/ClientSsoConfig.java
@@ -16,7 +16,7 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

-@Configuration
+//@Configuration
 public class ClientSsoConfig implements DisposableBean {
    @Autowired
    SsoServerProcesssor ssoServerProcesssor;

--- a/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationFailureHandler.java
+++ b/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationFailureHandler.java
 package com.keymobile.proxy.conf;

+import com.keymobile.proxy.service.RateLimitService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
@@ -9,14 +12,32 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.concurrent.TimeUnit;

 @Component
 public class RESTAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {

+    @Autowired
+    private RateLimitService rateLimitService;
+
+    @Autowired
+    private RedisTemplate redisTemplate;
+
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                        AuthenticationException exception) throws IOException, ServletException {
-        super.onAuthenticationFailure(request, response, exception);
+        //super.onAuthenticationFailure(request, response, exception);
+        String username = request.getParameter("username");
+        String password = request.getParameter("password");
+        System.out.println("登陆失败信息："+username+"#######"+password);
+        if(rateLimitService.reached(username)){
+            System.out.println("锁定了账户："+username);
+            redisTemplate.opsForValue().set("LOCK_USER_"+username,true,10, TimeUnit.MINUTES);
+        }
+        PrintWriter writer = response.getWriter();
+        writer.write("您已连续登录失败超过5次，账号已被锁定10分钟。");
+        writer.flush();
+        writer.close();
    }

 }
--- a/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
+++ b/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
 package com.keymobile.proxy.conf;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
@@ -12,15 +16,24 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.UUID;

 @Component
 public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
-	
+
+    @Autowired
+    private RedisTemplate redisTemplate;
+
 	@Value("${security.allowRootLogin:true}")
 	private boolean rootAllowLogin = true;
    @Value("${redirect-url.data-platform}")
    private String go;

+    private static Logger logger = LoggerFactory.getLogger(RESTAuthenticationSuccessHandler.class);
+
+    private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
@@ -37,6 +50,15 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
        		&& !rootAllowLogin)
            data = "root not allow login";

+        if(null != redisTemplate.opsForValue().get("LOCK_USER_"+userNameWithIdAttached.split(":")[0])){
+            System.out.println("已锁定："+userNameWithIdAttached.split(":")[0]);
+            PrintWriter writer = response.getWriter();
+            writer.write("您已连续登录失败超过5次，账号已被锁定10分钟。");
+            writer.flush();
+            writer.close();
+            return;
+        }
+
        if(null==sso || "".equals(sso.trim())){
            System.out.println("走登录页面登录");
        }else{
@@ -44,6 +66,11 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
            response.sendRedirect(go);
        }

+        logger.info("{\"principal\":\"{}\",\"requestID\":\"{}\",\"startTime\":\"{}\",\"sessionID\":\"\",\"applicationName\":\"登录\",\"sql\":\"\"}",
+                userNameWithIdAttached.split(":")[0],
+                UUID.randomUUID().toString().replaceAll("-",""),
+                sdf.format(new Date()));
+
        PrintWriter writer = response.getWriter();
        writer.write(data);
        writer.flush();

--- a/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
+++ b/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
@@ -103,10 +103,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                if (u == null) {
                    u = new com.keymobile.proxy.model.User();
                    u.setName(username);
-                    u.setPassword("37fa265330ad83eaa879efb1e2db6380896cf639");//pwd
+                    u.setPassword("c02ef4f4bf2c5ff709c4182a5ef4c083f572e364");//pwd
                    u.setDName(username);
-                    u = authService.addUser(new Long[] { (long) 4 }, new Long[] {}, u);
-                    this.logger.info("单点登录新增用户："+u);
+                    u = authService.addUser(new Long[] { (long) 2 }, new Long[] { (long) 0}, u);
+//                    this.logger.info("单点登录新增用户："+u);
+//                    System.out.println("单点登录新增用户信息："+u);
+//                    System.out.println("单点登录新增用户信息1："+u.toString());
                    System.out.println("单点登录新增用户名称："+username);
                }


--- a/src/main/java/com/keymobile/proxy/model/SsoServerProcesssor.java
+++ b/src/main/java/com/keymobile/proxy/model/SsoServerProcesssor.java
@@ -3,7 +3,7 @@ package com.keymobile.proxy.model;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;

-@Component
+//@Component
 public class SsoServerProcesssor {
    @Value("${portal.sso.appid}")
    private String clientAppId;

--- a/src/main/java/com/keymobile/proxy/service/RateLimitService.java
+++ b/src/main/java/com/keymobile/proxy/service/RateLimitService.java
+package com.keymobile.proxy.service;
+
+import es.moki.ratelimitj.core.limiter.request.RequestLimitRule;
+import es.moki.ratelimitj.core.limiter.request.RequestRateLimiter;
+import es.moki.ratelimitj.inmemory.request.InMemorySlidingWindowRequestRateLimiter;
+import org.springframework.stereotype.Component;
+
+import java.util.Collections;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+@Component
+public class RateLimitService {
+    //密错误5次，账号锁定10分钟
+    Set<RequestLimitRule> rules = Collections.singleton(RequestLimitRule.of(10, TimeUnit.MINUTES, 5)); // 50 request per minute, per key
+    RequestRateLimiter requestRateLimiter = new InMemorySlidingWindowRequestRateLimiter(rules);
+
+    public boolean reached(String key){
+        return requestRateLimiter.overLimitWhenIncremented(key);
+    }
+
+    public void resetLimit(String key) {
+        requestRateLimiter.resetLimit(key);
+    }
+}
\ No newline at end of file