/** 重写父类方法,当登录失败次数大于allowLoginNum(允许登录次)时,将显示验证码 */
@Override
protected boolean onLoginFailure(
AuthenticationToken token,
AuthenticationException e,
ServletRequest request,
ServletResponse response) {
if (e instanceof CaptchaValidationException) {
request.setAttribute(KEY_AUTH_CAPTCHA_REQUIRED, Boolean.TRUE);
} else if (e instanceof IncorrectCredentialsException) {
// 消息友好提示
e = new IncorrectCredentialsException("登录账号或密码不正确");
// 失败记录
SourceUsernamePasswordToken sourceUsernamePasswordToken = (SourceUsernamePasswordToken) token;
User authAccount =
userService.findByAuthTypeAndAuthUid(
User.AuthTypeEnum.SYS, sourceUsernamePasswordToken.getUsername());
if (authAccount != null) {
authAccount.setLogonTimes(authAccount.getLogonTimes() + 1);
authAccount.setLastLogonFailureTime(DateUtils.currentDate());
authAccount.setLogonFailureTimes(authAccount.getLogonFailureTimes() + 1);
userService.save(authAccount);
// 达到验证失败次数限制,传递标志属性,登录界面显示验证码输入
if (authAccount.getLogonFailureTimes() > LOGON_FAILURE_LIMIT) {
request.setAttribute(KEY_AUTH_CAPTCHA_REQUIRED, Boolean.TRUE);
}
}
}
return super.onLoginFailure(token, e, request, response);
}
protected AuthenticationToken createToken(
String username, String password, ServletRequest request, ServletResponse response) {
boolean rememberMe = isRememberMe(request);
String host = getHost(request);
SourceUsernamePasswordToken token =
new SourceUsernamePasswordToken(username, password, rememberMe, host);
String source = request.getParameter("source");
// 获取设备ID标识
String uuid = request.getParameter("uuid");
token.setUuid(uuid);
if (StringUtils.isNotBlank(source)) {
token.setSource(Enum.valueOf(AuthSourceEnum.class, source));
} else {
if (isMobileAppAccess(request)) {
token.setSource(AuthSourceEnum.P);
}
}
return token;
}
/** 重写父类方法,当登录成功后,重置失败标志 */
@Override
protected boolean onLoginSuccess(
AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)
throws Exception {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
SourceUsernamePasswordToken sourceUsernamePasswordToken = (SourceUsernamePasswordToken) token;
User authAccount =
userService.findByAuthTypeAndAuthUid(
User.AuthTypeEnum.SYS, sourceUsernamePasswordToken.getUsername());
Date now = DateUtils.currentDate();
// 更新Access Token,并设置半年后过期
if (StringUtils.isBlank(authAccount.getAccessToken())
|| authAccount.getAccessTokenExpireTime().before(now)) {
authAccount.setAccessToken(UUID.randomUUID().toString());
authAccount.setAccessTokenExpireTime(
new DateTime(DateUtils.currentDate()).plusMonths(6).toDate());
userService.save(authAccount);
}
// 写入登入记录信息
UserLogonLog userLogonLog = new UserLogonLog();
userLogonLog.setLogonTime(DateUtils.currentDate());
userLogonLog.setLogonYearMonthDay(DateUtils.formatDate(userLogonLog.getLogoutTime()));
userLogonLog.setRemoteAddr(httpServletRequest.getRemoteAddr());
userLogonLog.setRemoteHost(httpServletRequest.getRemoteHost());
userLogonLog.setRemotePort(httpServletRequest.getRemotePort());
userLogonLog.setLocalAddr(httpServletRequest.getLocalAddr());
userLogonLog.setLocalName(httpServletRequest.getLocalName());
userLogonLog.setLocalPort(httpServletRequest.getLocalPort());
userLogonLog.setServerIP(IPAddrFetcher.getGuessUniqueIP());
userLogonLog.setHttpSessionId(httpServletRequest.getSession().getId());
userLogonLog.setUserAgent(httpServletRequest.getHeader("User-Agent"));
userLogonLog.setXforwardFor(IPAddrFetcher.getRemoteIpAddress(httpServletRequest));
userLogonLog.setAuthType(authAccount.getAuthType());
userLogonLog.setAuthUid(authAccount.getAuthUid());
userLogonLog.setAuthGuid(authAccount.getAuthGuid());
userService.userLogonLog(authAccount, userLogonLog);
if (isMobileAppAccess(request)) {
return true;
} else {
// 根据不同登录类型转向不同成功界面
AuthUserDetails authUserDetails = AuthContextHolder.getAuthUserDetails();
// 判断密码是否已到期,如果是则转向密码修改界面
Date credentialsExpireTime = authAccount.getCredentialsExpireTime();
if (credentialsExpireTime != null && credentialsExpireTime.before(DateUtils.currentDate())) {
httpServletResponse.sendRedirect(
httpServletRequest.getContextPath()
+ authUserDetails.getUrlPrefixBySource()
+ "/profile/credentials-expire");
return false;
}
// 如果是强制转向指定successUrl则清空SavedRequest
if (forceSuccessUrl) {
WebUtils.getAndClearSavedRequest(httpServletRequest);
}
return super.onLoginSuccess(token, subject, request, httpServletResponse);
}
}
