Spring Security简介
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。
下面看下实例代码:
第一步:创建 AuthenticationSuccessEventListener.Java 用来处理登录成功的事件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
package com.dcits.yft.auth; import com.dcits.yft.system.dao.UserDao; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.stereotype.Component; import java.util.Map; /** * 登陆成功监听 * * @author Shaoj 3/2/2017. */ @Component public class AuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> { @Autowired private UserDao userDao; @Override public void onApplicationEvent(AuthenticationSuccessEvent authenticationSuccessEvent) { YftUserDetails yftUserDetails = (YftUserDetails) authenticationSuccessEvent.getAuthentication().getPrincipal(); String account = yftUserDetails.getUsername(); Map<String, Object> user = userDao.queryUserByAccount(account); userDao.updateStatusByAccount(account, user.get( "ENABLE" ).toString(), 0 ); } } |
第二步:新建AuthenticationFailureListener.java 用来处理登录失败的事件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
package com.dcits.yft.auth; import com.dcits.yft.system.dao.ParamsDao; import com.dcits.yft.system.dao.UserDao; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; import org.springframework.stereotype.Component; import java.util.Map; /** * 登陆失败监听 * * @author Shaoj 3/2/2017. */ @Component public class AuthenticationFailureListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> { @Autowired private UserDao userDao; @Autowired private ParamsDao paramsDao; @Override public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent authenticationFailureBadCredentialsEvent) { String account = authenticationFailureBadCredentialsEvent.getAuthentication().getPrincipal().toString(); Map<String, Object> user = userDao.queryUserByAccount(account); if (user != null ) { // 用户失败次数 int fails = Integer.parseInt(user.get( "FAILS" ).toString()); fails++; // 系统配置失败次数 int FAILS_COUNT = Integer.parseInt(paramsDao.queryParamsValue( "FAILS_COUNT" )); // 超出失败次数,停用账户 if (fails >= FAILS_COUNT) { userDao.updateStatusByAccount(account, "false" , fails); // 失败次数++ } else { userDao.updateStatusByAccount(account, user.get( "ENABLE" ).toString(), fails); } } } } |
第三步:在UserDao.java中加入登录状态更新的代码
1
2
3
4
5
6
7
8
9
10
|
/** * 更新用户登录次数 * * @param account 账户 * @param login_counts 登录次数 * @return */ public void updateLoginCounts(String account) { daoUtil.update( "update t_yft_user set login_counts = login_counts + 1 where account = ?" , account); } |
第四步:数据库中添加登录次数字段
1
2
3
4
5
|
<span style= "font-family: Arial, Helvetica, sans-serif;" >alter table T_YFT_USER add (FAILS number( 11 ) default 0 );</span> <span style= "font-family: Arial, Helvetica, sans-serif;" >comment on column T_YFT_USER.FAILS is '失败尝试次数' ;</span> [sql] view plain copy INSERT INTO t_yft_params (ID,CODE,NAME,VALUE,UNIT,REMARK,CRT_DATE) VALUES ( 66 , 'FAILS_COUNT' , '登陆尝试次数' , '5' , '' , '' ,to_date( '2017-03-02' , 'yyyy-mm-dd' )); |
以上所述是小编给大家介绍的Java中SpringSecurity密码错误5次锁定用户的实现方法,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对服务器之家网站的支持!
原文链接:http://blog.csdn.net/xinkou9725/article/details/61195791