Skip to content

L
loginservice
Commit 438b61e8 by chenzx
Options

添加登录验证失败次数锁定账号登录

parent c3ab6c83
Showing with 107 additions and 8 deletions
pom.xml
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
<groupId>LV77</groupId> <groupId>LV77</groupId>
<artifactId>ads-mds-login</artifactId> <artifactId>ads-mds-login</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging> <packaging>jar</packaging>
<name>mdslogin</name> <name>mdslogin</name>
<description>mdslogin</description> <description>mdslogin</description>
...@@ -143,6 +143,12 @@ ...@@ -143,6 +143,12 @@
<version>0.9.1</version> <version>0.9.1</version>
</dependency> </dependency>
<dependency>
<groupId>es.moki.ratelimitj</groupId>
<artifactId>ratelimitj-inmemory</artifactId>
<version>0.4.1</version>
</dependency>
</dependencies> </dependencies>
<dependencyManagement> <dependencyManagement>
...@@ -158,6 +164,23 @@ ...@@ -158,6 +164,23 @@
</dependencyManagement> </dependencyManagement>
<build> <build>
<resources>
<resource>
<directory>lib</directory>
<targetPath>BOOT-INF/lib/</targetPath>
<includes>
<include>**/*.jar</include>
</includes>
</resource>
<resource>
<directory>src/main/resources</directory>
<includes>
<include>*.yml</include>
<include>**/*.xml</include>
</includes>
</resource>
</resources>
<finalName>mdslogin</finalName> <finalName>mdslogin</finalName>
<plugins> <plugins>
<plugin> <plugin>
......
src/main/java/com/keymobile/proxy/conf/ClientSsoConfig.java
...@@ -16,7 +16,7 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean; ...@@ -16,7 +16,7 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@Configuration //@Configuration
public class ClientSsoConfig implements DisposableBean { public class ClientSsoConfig implements DisposableBean {
@Autowired @Autowired
SsoServerProcesssor ssoServerProcesssor; SsoServerProcesssor ssoServerProcesssor;
......
src/main/java/com/keymobile/proxy/conf/RESTAuthenticationFailureHandler.java
package com.keymobile.proxy.conf; package com.keymobile.proxy.conf;
import com.keymobile.proxy.service.RateLimitService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
...@@ -9,14 +12,32 @@ import javax.servlet.http.HttpServletRequest; ...@@ -9,14 +12,32 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.util.concurrent.TimeUnit;
@Component @Component
public class RESTAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler { public class RESTAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Autowired
private RateLimitService rateLimitService;
@Autowired
private RedisTemplate redisTemplate;
@Override @Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException { AuthenticationException exception) throws IOException, ServletException {
super.onAuthenticationFailure(request, response, exception); //super.onAuthenticationFailure(request, response, exception);
String username = request.getParameter("username");
String password = request.getParameter("password");
System.out.println("登陆失败信息:"+username+"#######"+password);
if(rateLimitService.reached(username)){
System.out.println("锁定了账户:"+username);
redisTemplate.opsForValue().set("LOCK_USER_"+username,true,10, TimeUnit.MINUTES);
}
PrintWriter writer = response.getWriter();
writer.write("您已连续登录失败超过5次,账号已被锁定10分钟。");
writer.flush();
writer.close();
} }
} }
src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
package com.keymobile.proxy.conf; package com.keymobile.proxy.conf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
...@@ -12,15 +16,24 @@ import javax.servlet.http.HttpServletRequest; ...@@ -12,15 +16,24 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.UUID;
@Component @Component
public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Autowired
private RedisTemplate redisTemplate;
@Value("${security.allowRootLogin:true}") @Value("${security.allowRootLogin:true}")
private boolean rootAllowLogin = true; private boolean rootAllowLogin = true;
@Value("${redirect-url.data-platform}") @Value("${redirect-url.data-platform}")
private String go; private String go;
private static Logger logger = LoggerFactory.getLogger(RESTAuthenticationSuccessHandler.class);
private static SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
@Override @Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
...@@ -37,6 +50,15 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc ...@@ -37,6 +50,15 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
&& !rootAllowLogin) && !rootAllowLogin)
data = "root not allow login"; data = "root not allow login";
if(null != redisTemplate.opsForValue().get("LOCK_USER_"+userNameWithIdAttached.split(":")[0])){
System.out.println("已锁定:"+userNameWithIdAttached.split(":")[0]);
PrintWriter writer = response.getWriter();
writer.write("您已连续登录失败超过5次,账号已被锁定10分钟。");
writer.flush();
writer.close();
return;
}
if(null==sso || "".equals(sso.trim())){ if(null==sso || "".equals(sso.trim())){
System.out.println("走登录页面登录"); System.out.println("走登录页面登录");
}else{ }else{
...@@ -44,6 +66,11 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc ...@@ -44,6 +66,11 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
response.sendRedirect(go); response.sendRedirect(go);
} }
logger.info("{\"principal\":\"{}\",\"requestID\":\"{}\",\"startTime\":\"{}\",\"sessionID\":\"\",\"applicationName\":\"登录\",\"sql\":\"\"}",
userNameWithIdAttached.split(":")[0],
UUID.randomUUID().toString().replaceAll("-",""),
sdf.format(new Date()));
PrintWriter writer = response.getWriter(); PrintWriter writer = response.getWriter();
writer.write(data); writer.write(data);
writer.flush(); writer.flush();
......
src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
...@@ -103,10 +103,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -103,10 +103,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
if (u == null) { if (u == null) {
u = new com.keymobile.proxy.model.User(); u = new com.keymobile.proxy.model.User();
u.setName(username); u.setName(username);
u.setPassword("37fa265330ad83eaa879efb1e2db6380896cf639");//pwd u.setPassword("c02ef4f4bf2c5ff709c4182a5ef4c083f572e364");//pwd
u.setDName(username); u.setDName(username);
u = authService.addUser(new Long[] { (long) 4 }, new Long[] {}, u); u = authService.addUser(new Long[] { (long) 2 }, new Long[] { (long) 0}, u);
this.logger.info("单点登录新增用户:"+u); // this.logger.info("单点登录新增用户:"+u);
// System.out.println("单点登录新增用户信息:"+u);
// System.out.println("单点登录新增用户信息1:"+u.toString());
System.out.println("单点登录新增用户名称:"+username); System.out.println("单点登录新增用户名称:"+username);
} }
......
src/main/java/com/keymobile/proxy/model/SsoServerProcesssor.java
...@@ -3,7 +3,7 @@ package com.keymobile.proxy.model; ...@@ -3,7 +3,7 @@ package com.keymobile.proxy.model;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@Component //@Component
public class SsoServerProcesssor { public class SsoServerProcesssor {
@Value("${portal.sso.appid}") @Value("${portal.sso.appid}")
private String clientAppId; private String clientAppId;
......
src/main/java/com/keymobile/proxy/service/RateLimitService.java 0 → 100644
package com.keymobile.proxy.service;
import es.moki.ratelimitj.core.limiter.request.RequestLimitRule;
import es.moki.ratelimitj.core.limiter.request.RequestRateLimiter;
import es.moki.ratelimitj.inmemory.request.InMemorySlidingWindowRequestRateLimiter;
import org.springframework.stereotype.Component;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.TimeUnit;
@Component
public class RateLimitService {
//密错误5次,账号锁定10分钟
Set<RequestLimitRule> rules = Collections.singleton(RequestLimitRule.of(10, TimeUnit.MINUTES, 5)); // 50 request per minute, per key
RequestRateLimiter requestRateLimiter = new InMemorySlidingWindowRequestRateLimiter(rules);
public boolean reached(String key){
return requestRateLimiter.overLimitWhenIncremented(key);
}
public void resetLimit(String key) {
requestRateLimiter.resetLimit(key);
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment