controller
package com.custom.sso.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import com.alibaba.fastjson.JSONObject;
import com.custom.common.utils.CookieUtils;
import com.custom.sso.service.LoginService;
/**
* 登录错误限制
* @author xyq
*
*/
public class LoginController {
@Value("${TOKEN_KEY}")
private String TOKEN_KEY;
@Autowired
private LoginService loginService;
@RequestMapping(value="/user/login.do")
@ResponseBody
public JSONObject login(String email,String password,HttpServletRequest request, HttpServletResponse response){
JSONObject json = new JSONObject();
try {
json = loginService.login(email, password);
String status = json.get("status").toString();
if("0".equals(status)){
String token = json.get("token").toString();
CookieUtils.setCookie(request, response, TOKEN_KEY, token);
}
} catch (Exception e) {
e.printStackTrace();
}
return json;
}
}
service 接口:
package com.custom.sso.service;
import java.util.List;
import com.alibaba.fastjson.JSONObject;
import com.custom.bean.LoginRecord;
import com.custom.bean.UserAccountinfo;
/**
* 用户登录
* @author Administrator
*
*/
public interface LoginService {
boolean checkLoginRecord(String email);
void deleteLoginRecord(String email);
List<LoginRecord> getLastLoginRecord(String email);
String getFaNum5Record(String email);
void insertLoginRecord(LoginRecord record);
boolean localDate(String date) throws Exception;
String createToken(UserAccountinfo accountInfo);
JSONObject login(String email,String password)throws Exception;
}
service实现:
package com.custom.sso.service.impl;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.DigestUtils;
import com.alibaba.fastjson.JSONObject;
import com.custom.bean.LoginRecord;
import com.custom.bean.LoginRecordExample;
import com.custom.bean.LoginRecordExample.Criteria;
import com.custom.bean.UserAccountinfo;
import com.custom.common.jedis.JedisClientPool.JedisClient;
import com.custom.common.utils.JsonUtils;
import com.custom.mapper.LoginRecordMapper;
import com.custom.sso.service.LoginService;
import com.custom.sso.service.RegisterService;
@Service
@Transactional
public class LoginServiceImpl implements LoginService{
@Autowired
private LoginRecordMapper loginRecordMapper;
@Autowired
private JedisClient jedisClient;
@Value("${SESSION_EXPIRE}")
private Integer SESSION_EXPIRE;
@Autowired
private RegisterService registerService;
LoginRecordExample example = new LoginRecordExample();
//根据用户名判断是否有过登录记录 有返回true 没有返回false
public boolean checkLoginRecord(String email) {
Criteria criteria = example.createCriteria().andEmailEqualTo(email);
List<LoginRecord> list = loginRecordMapper.selectByExample(example);
if(list.size()>0){
return true;
}
return false;
}
//根据用户名 删除用户的登录记录
public void deleteLoginRecord(String email) {
Criteria criteria = example.createCriteria().andEmailEqualTo(email);
int deleteByExample = loginRecordMapper.deleteByExample(example);
}
//根据用户名 获取用户最近的一条登录记录
public List<LoginRecord> getLastLoginRecord(String email) {
List<LoginRecord> list = loginRecordMapper.getLastLoginRecord(email);
return list;
}
//获取用户登录失败次数为5的登录时间
public String getFaNum5Record(String email) {
String data = loginRecordMapper.getFaNum5Record(email);
return data;
}
//插入登录记录
public void insertLoginRecord(LoginRecord record) {
loginRecordMapper.insertLoginRecord(record);
}
//判断当前时间与锁定时间差是否大于一天
@Override
public boolean localDate(String date) throws Exception {
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd HH:mm:ss");
Date date2 = sdf.parse(date);
Date now = sdf.parse(sdf.format(new Date()));
if(now.getTime()-date2.getTime()>24*60*60*1000){
return true;
}else{
return false;
}
}
//生成token
public String createToken(UserAccountinfo accountInfo) {
String token = UUID.randomUUID().toString();
// 把用户信息写入redis,key:token value:用户信息
accountInfo.setPassword(null);
jedisClient.set("SESSION:"+ token,JsonUtils.objectToJson(accountInfo));
// 设置Session的过期时间
jedisClient.expire("SESSION:"+ token, SESSION_EXPIRE);
// 把token返回
return token;
}
public JSONObject login(String email,String password) throws Exception{
JSONObject json = new JSONObject();
List<UserAccountinfo> list = registerService.check(email);
LoginRecord re = new LoginRecord();
if(list.size()>0){
UserAccountinfo accountInfo = list.get(0);
//用户存在
if(this.checkLoginRecord(email)){
//用户有过登录记录
List<LoginRecord> record = this.getLastLoginRecord(email);
String lockFlag="";
String failureNum="";
String loginDate="";
if(record!=null){
LoginRecord loginRecord = record.get(0);
lockFlag = loginRecord.getLockflag();
failureNum = loginRecord.getFailurenum();
SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd HH:mm:ss");
loginDate = sdf.format(loginRecord.getLogindate());
}
if("1".equals(lockFlag)){
//用户被锁定
if(this.localDate(loginDate)){
//锁定时间超过一天
//删除用户的登录记录
this.deleteLoginRecord(email);
//判断密码是否正确
if(DigestUtils.md5DigestAsHex(password.getBytes()).equals(accountInfo.getPassword())){
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum("0");
this.insertLoginRecord(re);
//如果登录成功需要把token写入cookie
String token = this.createToken(accountInfo);
json.put("status", "0");
json.put("userid", ""+ accountInfo.getUserid()+"");
json.put("usermail", ""+accountInfo.getEmail()+"");
json.put("data", "登录成功!");
json.put("token", ""+ token+"");
}else{
//密码不正确
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum("1");
this.insertLoginRecord(re);
json.put("status","2");
json.put("data", "用户名或密码错误!");
}
}else{
//TODO 锁定时间没有超过一天 1代表锁定时间没超过一天
json.put("lock", "1");
}
}else{
//TODO 用户未被锁定
//判断密码是否正确
if(DigestUtils.md5DigestAsHex(password.getBytes()).equals(accountInfo.getPassword())){
this.deleteLoginRecord(email);
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum("0");
//如果登录成功需要把token写入cookie
String token = this.createToken(accountInfo);
json.put("status", "0");
json.put("userid", ""+ accountInfo.getUserid()+"");
json.put("usermail", ""+accountInfo.getEmail()+"");
json.put("data", "登录成功!");
json.put("token", ""+ token+"");
}else{
//密码不正确
//上次登录失败时已错误4次
if("4".equals(failureNum)){
re.setEmail(email);
re.setLockflag("1");
re.setFailurenum("5");
this.insertLoginRecord(re);
// 2表示登录失败次数已达到5次
json.put("lock", "2");
json.put("data", "密码错误次数过多。");
}else{
//上次登录失败没超过4次
//判断上次失败已错误2次
if("2".equals(failureNum)){
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum("3");
this.insertLoginRecord(re);
// 3表示登录失败次数已达到3次
json.put("lock", "3");
json.put("data", "忘记了密码?");
}else{
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum(String.valueOf(Integer.parseInt(failureNum)+1));
this.insertLoginRecord(re );
json.put("status","2");
json.put("data", "用户名或密码错误!");
}
}
}
}
}else{
//用户没有登录记录
//判断密码是否正确
if(DigestUtils.md5DigestAsHex(password.getBytes()).equals(accountInfo.getPassword())){
String token = this.createToken(accountInfo);
//如果登录成功需要把token写入cookie
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum("0");
this.insertLoginRecord(re);
json.put("status", "0");
json.put("userid", ""+ accountInfo.getUserid()+"");
json.put("usermail", ""+accountInfo.getEmail()+"");
json.put("data", "登录成功!");
json.put("token", ""+ token+"");
}else{
//密码不正确
re.setEmail(email);
re.setLockflag("0");
re.setFailurenum("1");
this.insertLoginRecord(re);
json.put("status","2");
json.put("data", "用户名或密码错误!");
}
}
}else{
//用户不存在
json.put("status", "1");
json.put("data", "用户不存在!");
}
return json;
}
}
5947
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
