解决思路:
1、每次产生的验证码都做及时清除缓存
2、用户密码做MD5处理
3、用户登录次数限制
@ResponseBody
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ApiResult login(@RequestParam(value = "user_name") String user_name, @RequestParam(value = "user_pwd") String user_pwd, @RequestParam(value = "user_code") String user_code) {
logger.info("登录|UserAdminController|login|params:user_name={},user_pwd={},user_code={}", user_name, user_pwd, user_code);
try {
/*加密\登录次数\清除缓存*/
Integer ticketTimeout = Constant.TICKET_TIMEOUT;
//从map中获取当前用户登录次数
Map<String, ContextVo> map = AdminInterceptor.getLoginCount();
//每五分钟清理用户登录次数
if (map.size() > 0 && ObjectUtils.isNotNull(map.get(user_name))) {
bllUserInfoService.removeSession(map, user_name);
}
ContextVo loginVo;
if (ObjectUtils.isNotEmpty(map.get(user_name))) {
loginVo = map.get(user_name);
} else {
loginVo = new ContextVo();
}
//是否缓存用户登录次数
if (ObjectUtils.isNotNull(loginVo.getLoginCount())) {
//登录次数限制+原子类
int loginCount = Integer.parseInt(loginVo.getLoginCount().toString());
if (loginCount >= Constant.LOGIN_COUNT) {//如果登录次数超过5次
request.getSession().removeAttribute("login");
return ApiResult.build(ResultCode.AUTH_LOGIN_ERROR.getCode(), ResultCode.AUTH_LOGIN_ERROR.getName());
} else {
loginVo.getLoginCount().incrementAndGet();
}
} else {
//用户登录次数
loginVo.setLoginCount(new AtomicInteger(0));
loginVo.getLoginCount().incrementAndGet();
//产生失效时间
Timestamp createTime = new Timestamp(System.currentTimeMillis());
Calendar cal = Calendar.getInstance();
cal.setTime(createTime);
cal.add(Calendar.SECOND, ticketTimeout);
Timestamp recoverTime = new Timestamp(cal.getTimeInMillis());
loginVo.setRecoverTime(recoverTime);
}
map.put(user_name, loginVo);
//每五分钟清理用户登录次数
if (map.size() > 0 && ObjectUtils.isNotNull(map.get(user_name))) {
bllUserInfoService.removeSession(map, user_name);
}
//验证码
String validateCode = (String) request.getSession().getAttribute("login");
logger.debug("=validateCode=={}=", validateCode);
if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(user_code)) {
request.getSession().removeAttribute("login");
return ApiResult.build(ResultCode.CAPTCHA_ERR.getCode(), ResultCode.CAPTCHA_ERR.getName());
}
BllUserInfoVO bllUserInfoVO = new BllUserInfoVO();
bllUserInfoVO.setUserName(user_name);
//md5
user_pwd = DigestUtils.md5DigestAsHex(user_pwd.getBytes());
bllUserInfoVO.setUserPwd(user_pwd);
bllUserInfoVO = bllUserInfoService.selectByUserNameAndPassWord(bllUserInfoVO);
//登录并存入缓存
if (ObjectUtils.isNotNull(bllUserInfoVO)) {
Integer userId = bllUserInfoVO.getUserId();
request.getSession().setAttribute(ContextUtils.SESSIONUTILS, userId.toString());
logger.info("登录成功,设置session的值为ContextUtils.SESSIONUTILS={}", userId);
//清除验证码
request.getSession().removeAttribute("login");
return ApiResult.build(ResultCode.STATUS_OK.getCode(), ResultCode.STATUS_OK.getName());
}
//清除验证码,重新生成(前台调用)
request.getSession().removeAttribute("login");
return ApiResult.build(ResultCode.AUTH_LOGIN_FAILED.getCode(), ResultCode.AUTH_LOGIN_FAILED.getName());
} catch (Exception e) {
logger.error("登录|UserAdminController|login|params:user_name={},user_pwd={},user_code={},message={},stackTrace={}", user_name, user_pwd, user_code, e.getMessage(), e);
return ApiResult.build(ResultCode.SYSTEM_EXCEIPTION.getCode(), ResultCode.SYSTEM_EXCEIPTION.getName());
}
}