예제 #1
0
  @Override
  public void onApplicationEvent(ApplicationEvent event) {

    // shop key unknow
    String k =
        (String)
            servletContext.getAttribute("Z" + "G" + "S" + "H" + "O" + "P" + "_" + "K" + "E" + "Y");
    String shopkey = EncryptUtils.dencrypt(k);
    if (!StringUtils.containsIgnoreCase(shopkey, "z" + "g" + "s" + "h" + "o" + "p")) {
      throw new RuntimeException();
    }

    // 登录成功:记录登录IP、清除登录失败次数
    if (event instanceof AuthenticationSuccessEvent) {
      AuthenticationSuccessEvent authEvent = (AuthenticationSuccessEvent) event;
      Authentication authentication = (Authentication) authEvent.getSource();
      String loginIp = ((WebAuthenticationDetails) authentication.getDetails()).getRemoteAddress();
      Admin admin = (Admin) authentication.getPrincipal();
      admin.setLoginIp(loginIp);
      admin.setLoginDate(new Date());
      SystemConfig systemConfig = SystemConfigUtils.getSystemConfig();
      if (systemConfig.getIsLoginFailureLock() == false) {
        return;
      }
      admin.setLoginFailureCount(0);
      adminService.update(admin);
    }

    // 登录失败:增加登录失败次数
    if (event instanceof AuthenticationFailureBadCredentialsEvent) {
      AuthenticationFailureBadCredentialsEvent authEvent =
          (AuthenticationFailureBadCredentialsEvent) event;
      Authentication authentication = (Authentication) authEvent.getSource();
      String loginUsername = authentication.getName();
      SystemConfig systemConfig = SystemConfigUtils.getSystemConfig();
      if (systemConfig.getIsLoginFailureLock() == false) {
        return;
      }
      Admin admin = adminService.get("username", loginUsername);
      if (admin != null) {
        int loginFailureCount = admin.getLoginFailureCount() + 1;
        if (loginFailureCount >= systemConfig.getLoginFailureLockCount()) {
          admin.setIsAccountLocked(true);
          admin.setLockedDate(new Date());
        }
        admin.setLoginFailureCount(loginFailureCount);
        adminService.update(admin);
      }
    }
  }
  @Override
  @Transactional
  public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
    Object principal = event.getAuthentication().getPrincipal();
    if (principal instanceof String) {
      User user =
          new JPAQuery(entityManager)
              .from(QUser.user)
              .where(QUser.user.userName.eq((String) principal))
              .singleResult(QUser.user);
      if (user != null) {
        if (user.getFailedLogins() == null) {
          user.setFailedLogins(1);
        } else {
          user.setFailedLogins(user.getFailedLogins() + 1);
        }

        if (user.getFailedLogins() > 10) {
          user.setLockedOut(DateTime.now().plusMinutes(10));
        }

      } else {
        LogManager.getLogger(UserAuthenticationErrorHandler.class)
            .error("Unknown user login attempt: {}", principal);
      }
    }
  }
예제 #3
0
  @Override
  public void onApplicationEvent(ApplicationEvent event) {
    if (event instanceof AbstractUaaEvent) {
      ((AbstractUaaEvent) event).process(uaaAuditService);
    } else if (event instanceof AuthenticationFailureBadCredentialsEvent) {
      AuthenticationFailureBadCredentialsEvent bce =
          (AuthenticationFailureBadCredentialsEvent) event;
      String principal = bce.getAuthentication().getName();
      UaaAuthenticationDetails details =
          (UaaAuthenticationDetails) bce.getAuthentication().getDetails();

      if (bce.getException() instanceof UsernameNotFoundException) {
        uaaAuditService.principalNotFound(principal, details);
      } else {
        uaaAuditService.principalAuthenticationFailure(principal, details);
      }
    }
  }
  public void testAuthenticationFailureEvent() throws Exception {
    String userName = "******";
    String ip = "1.2.3.4";
    String sessionId = "it tastes just like our regular coffee";

    HttpServletRequest request = createMock(HttpServletRequest.class);
    HttpSession session = createMock(HttpSession.class);
    expect(request.getRemoteAddr()).andReturn(ip);
    expect(request.getSession(false)).andReturn(session);
    expect(session.getId()).andReturn(sessionId);

    replay(request, session);
    WebAuthenticationDetails details = new WebAuthenticationDetails(request);
    verify(request, session);

    org.springframework.security.core.Authentication authentication =
        new TestingDetailsAuthenticationToken(
            userName, "cheesiness", new GrantedAuthority[0], details);
    AuthenticationFailureBadCredentialsEvent authEvent =
        new AuthenticationFailureBadCredentialsEvent(
            authentication, new BadCredentialsException("you are bad!"));

    SecurityAuthenticationEventOnmsEventBuilder builder =
        new SecurityAuthenticationEventOnmsEventBuilder();
    builder.setEventProxy(m_eventProxy);
    builder.afterPropertiesSet();

    EventBuilder eventBuilder =
        new EventBuilder(SecurityAuthenticationEventOnmsEventBuilder.FAILURE_UEI, "OpenNMS.WebUI");
    eventBuilder.addParam("user", userName);
    eventBuilder.addParam("ip", ip);
    eventBuilder.addParam("exceptionName", authEvent.getException().getClass().getSimpleName());
    eventBuilder.addParam("exceptionMessage", authEvent.getException().getMessage());

    m_eventProxy.send(EventEquals.eqEvent(eventBuilder.getEvent()));

    m_mocks.replayAll();
    builder.onApplicationEvent(authEvent);
    m_mocks.verifyAll();
  }