登录超过一定次数，锁定IP一个小时_计数大于5时,设置用户被锁定一小时-CSDN博客

本文链接：https://blog.csdn.net/weixin_47467938/article/details/128939271

获取真实IP

public class IPUtils {
    /**
     * 获取用户真实IP地址，不使用request.getRemoteAddr()的原因是有可能用户使用了代理软件方式避免真实IP地址,
     * 可是，如果通过了多级反向代理的话，X-Forwarded-For的值并不止一个，而是一串IP值
     *
     * @return ip
     */
    public static String getRealIP(HttpServletRequest request) {
        String ip = request.getHeader("x-forwarded-for");
        if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
            // 多次反向代理后会有多个ip值，第一个ip才是真实ip
            if( ip.indexOf(",")!=-1 ){
                ip = ip.split(",")[0];
            }
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
            System.out.println("Proxy-Client-IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
            System.out.println("WL-Proxy-Client-IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_CLIENT_IP");
            System.out.println("HTTP_CLIENT_IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
            System.out.println("HTTP_X_FORWARDED_FOR ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("X-Real-IP");
            System.out.println("X-Real-IP ip: " + ip);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
            System.out.println("getRemoteAddr ip: " + ip);
        }
        return ip;
    }
}

根据IP锁定限制时间

@Component
public class LoginStintUtil {

    @Autowired
    private StringRedisTemplate stringRedisTemplate;


    /**
     * 用户登录次数限制,密码错误次数大于5时，用户被锁定一小时
     *
     * @param realIp 用户真实ip
     * @return 是否锁定 true 锁定 false 未锁定
     */
    public boolean loginStint(String realIp) {
        ValueOperations<String, String> opsForValue = stringRedisTemplate.opsForValue();
        String loginCount = opsForValue.get(Const.SHIRO_LOGIN_IP + realIp);
        if (Const.LOCK.equals(loginCount)) {
            return Const.LOCK.equals(opsForValue.get(Const.SHIRO_LOGIN_IP + realIp));
        }
        // 访问一次,计数一次
        opsForValue.increment(Const.SHIRO_LOGIN_IP + realIp, 1);
        //计数大于5时，设置用户被锁定一小时
        if (StringUtils.isNotEmpty(loginCount)) {
            if (Integer.parseInt(loginCount) >= Const.LOGIN_COUNT) {
                opsForValue.set(Const.SHIRO_LOGIN_IP + realIp, Const.LOCK);
                stringRedisTemplate.expire(Const.SHIRO_LOGIN_IP + realIp, 1, TimeUnit.HOURS);
            }
        }
        return Const.LOCK.equals(opsForValue.get(Const.SHIRO_LOGIN_IP + realIp));
    }

    /**
     * 登录成功清空登录错误次数
     *
     * @param realIp 用户真实ip
     */
    public void removeRedisLoginCount(String realIp) {
        // 清空登录计数
        ValueOperations<String, String> opsForValue = stringRedisTemplate.opsForValue();
        opsForValue.set(Const.SHIRO_LOGIN_IP + realIp, "0");
    }

}

调用方法检测是否锁定，

   //获取用户真实ip
        String realIp = IPUtils.getRealIP(request);
        // 账号是否被锁定
        if (StringUtils.isNotBlank(realIp)){
            boolean isLock = loginStintUtil.loginStint(realIp);
            if (isLock) {
            response.setMessage("您已登录失败5次，请一小时后再登录");
                return response;
            }else {
            	//
                loginStintUtil.removeRedisLoginCount(realIp);
            }
        }