/**
* 認證信息.(身份驗證) : Authentication 是用來驗證用戶身份
*
* @param token
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken authcToken) throws AuthenticationException {
System.out.println("身份認證方法:MyShiroRealm.doGetAuthenticationInfo()");
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
String name = token.getUsername();
String password = String.valueOf(token.getPassword());
//訪問一次,計數一次
ValueOperations<String, String> opsForValue = stringRedisTemplate.opsForValue();
opsForValue.increment(SHIRO_LOGIN_COUNT+name, 1);
//計數大於5時,設置用戶被鎖定一小時
if(Integer.parseInt(opsForValue.get(SHIRO_LOGIN_COUNT+name))>=5){
opsForValue.set(SHIRO_IS_LOCK+name, "LOCK");
stringRedisTemplate.expire(SHIRO_IS_LOCK+name, 1, TimeUnit.HOURS);
}
if ("LOCK".equals(opsForValue.get(SHIRO_IS_LOCK+name))){
throw new DisabledAccountException("由於密碼輸入錯誤次數大於5次,帳號已經禁止登錄!");
}
Map<String, Object> map = new HashMap<String, Object>();
map.put("nickname", name);
//密碼進行加密處理 明文為 password+name
String paw = password+name;
String pawDES = MyDES.encryptBasedDes(paw);
map.put("pswd", pawDES);
SysUser user = null;
// 從數據庫獲取對應用戶名密碼的用戶
List<SysUser> userList = sysUserService.selectByMap(map);
if(userList.size()!=0){
user = userList.get(0);
}
if (null == user) {
throw new AccountException("帳號或密碼不正確!");
}else if(user.getStatus()==0){
/**
* 如果用戶的status為禁用。那么就拋出<code>DisabledAccountException</code>
*/
throw new DisabledAccountException("此帳號已經設置為禁止登錄!");
}else{
//登錄成功
//更新登錄時間 last login time
user.setLastLoginTime(new Date());
sysUserService.updateById(user);
//清空登錄計數
opsForValue.set(SHIRO_LOGIN_COUNT+name, "0");
}
return new SimpleAuthenticationInfo(user, password, getName());
}
原文:https://blog.csdn.net/qq_20954959/article/details/61927119
