/*** 移出非安全登录记录
*
*@paramindex_*/
private voidremoveJPTLoginSecurity(String ip, String loginKey) {//移出非安全记录索引
nonSecurityIndex.remove(ip);
nonSecurityIndex.remove(loginKey);
}/*** 如果超出非安全登录记录的保存范围,则自动删除以往数据,非安全记录范围个数为30个*/
private voidoutJPTLoginSecurity() {if (null != nonSecurityIndex && nonSecurityIndex.keySet().size() > 30) {
nonSecurityIndex.clear();
}
}privateJPTLoginSecurity getSecurity(String ip, String loginKey) {
JPTLoginSecurity security= null;if (null ==nonSecurityIndex){return null;
}
security=nonSecurityIndex.get(ip);if (null ==security){
security=nonSecurityIndex.get(loginKey);
}returnsecurity;
}/*** 获取登录账户是否被锁定
*
*@paramindex_
*@return*@throwsException*/
private boolean isLocked(String ip, String loginKey) throwsException {
JPTLoginSecurity security=getSecurity(ip, loginKey);if (null ==security){return false;
}
Calendar c=Calendar.getInstance();
Calendar now=Calendar.getInstance();
c.setTime(security.getLastLoginTime());if (0 < security.getLocked()) {//当前账号被锁定
if (c.before(now)) {//超过锁定时间,可再次登录
security.setLocked(0);//对账号进行解锁
security.setLoginCount(1);
security.setLastLoginTime(newDate());return false;
}return true;//锁定用户未超过锁定时间,不可登录
}return false;
}/*** 验证用户是否安全,一次连续尝试只能尝试10次(默认5分钟为一次连续尝试) 如果用户在一次尝试中连续尝试了10次以上则帐户被锁
*
*@paramip
* ip地址
*@paramloginKey
* 用户登录方式
*@paramindex_
* 非安全记录索引
*@return*@throwsException*/
private boolean isSafe(String ip, String loginKey) throwsException {//思路://1.如果索引存在,则直接计算//2.如果索引不存在,调用outJPTLoginSecurity()计算是否超出记录范围,如果未超出则根据ip和loginKey生成非安全记录
outJPTLoginSecurity();
JPTLoginSecurity security= null;if (null ==nonSecurityIndex) {//nonSecurityIndex = new HashMap();
nonSecurityIndex = new ConcurrentHashMap();
}else{
security=getSecurity(ip, loginKey);
}//TODO 判断用户是否安全
if (null ==security) {
security= newJPTLoginSecurity();
security.setLoginKey(loginKey);
nonSecurityIndex.put(ip, security);
nonSecurityIndex.put(loginKey, security);
}
Calendar c=Calendar.getInstance();
Calendar now=Calendar.getInstance();
c.setTime(security.getLastLoginTime());
c.add(Calendar.MINUTE,5);if(c.after(now)) {//说明当前是连续登录
if (security.getLoginCount() < 10) {
security.setLoginCount(security.getLoginCount()+ 1);return true;
}else{
security.setLocked(1);
c=Calendar.getInstance();
c.setTime(newDate());
c.add(Calendar.MINUTE,10);
security.setLastLoginTime(c.getTime());return false;
}
}else{
security.setLoginCount(1);
security.setLastLoginTime(newDate());return true;
}
}