power2.0
/
power_gm
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

新增redis密码输入次数过多锁定账号

Browse Source
master
ALW 3 years ago
parent 001a040db3
commit 783bb6a7ce
10 changed files with 235 additions and 242 deletions
Show Stats Download Patch File Download Diff File

24
power-admin/pom.xml
Unescape Escape View File

@ -158,18 +158,18 @@
<build> <build>
<finalName>power</finalName> <finalName>power</finalName>
<plugins> <plugins>
<!--<plugin>--> <plugin>
<!--&lt;!&ndash; 指定maven编译的jdk版本,如果不指定,maven3默认用jdk 1.5 maven2默认用jdk1.3 &ndash;&gt;--> <!-- 指定maven编译的jdk版本,如果不指定,maven3默认用jdk 1.5 maven2默认用jdk1.3 -->
<!--<groupId>org.apache.maven.plugins</groupId>--> <groupId>org.apache.maven.plugins</groupId>
<!--<artifactId>maven-compiler-plugin</artifactId>--> <artifactId>maven-compiler-plugin</artifactId>
<!--<version>3.1</version>--> <version>3.1</version>
<!--<configuration>--> <configuration>
<!--&lt;!&ndash; 一般而言target与source是保持一致的但是有时候为了让程序能在其他版本的jdk中运行(对于低版本目标jdk源代码中不能使用低版本jdk中不支持的语法)会存在target不同于source的情况 &ndash;&gt;--> <!-- 一般而言target与source是保持一致的但是有时候为了让程序能在其他版本的jdk中运行(对于低版本目标jdk源代码中不能使用低版本jdk中不支持的语法)会存在target不同于source的情况 -->
<!--<source>1.8</source> &lt;!&ndash; 源代码使用的JDK版本 &ndash;&gt;--> <source>1.8</source> <!-- 源代码使用的JDK版本 -->
<!--<target>1.8</target> &lt;!&ndash; 需要生成的目标class文件的编译版本 &ndash;&gt;--> <target>1.8</target> <!-- 需要生成的目标class文件的编译版本 -->
<!--<encoding>UTF-8</encoding>&lt;!&ndash; 字符集编码 &ndash;&gt;--> <encoding>UTF-8</encoding><!-- 字符集编码 -->
<!--</configuration>--> </configuration>
<!--</plugin>--> </plugin>
<plugin> <plugin>
<groupId>org.apache.tomcat.maven</groupId> <groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId> <artifactId>tomcat7-maven-plugin</artifactId>

14
power-admin/src/main/java/com/manage/bean/LoginVoRedis.java
Unescape Escape View File

@ -1,17 +1,19 @@
package com.manage.bean; package com.manage.bean;
public class LoginVoRedis { public class LoginVoRedis {
private String username; private String userName;
private String password; private String password;
private int loginFailureCount; private int loginFailureCount;
private String loginTime; private String loginTime;
public String getUsername() {
return username; public String getUserName() {
return userName;
} }
public void setUsername(String username) { public void setUserName(String userName) {
this.username = username; this.userName = userName;
} }
public String getPassword() { public String getPassword() {
@ -41,7 +43,7 @@ public class LoginVoRedis {
@Override @Override
public String toString() { public String toString() {
return "LoginVo_Redis{" + return "LoginVo_Redis{" +
"username='" + username + '\'' + "username='" + userName + '\'' +
", password='" + password + '\'' + ", password='" + password + '\'' +
", loginFailureCount=" + loginFailureCount + ", loginFailureCount=" + loginFailureCount +
", loginTime='" + loginTime + '\'' + ", loginTime='" + loginTime + '\'' +

120
power-admin/src/main/java/com/manage/controller/LoginController.java
Unescape Escape View File

@ -62,52 +62,35 @@ public class LoginController {
@Value("${POWER_PORT}") @Value("${POWER_PORT}")
private String POWER_PORT; private String POWER_PORT;
@RequestMapping(value = "login",method = RequestMethod.GET) @RequestMapping(value = "login", method = RequestMethod.GET)
public String toLogin(Model model){ public String toLogin(Model model) {
Power_Login_Set loginSet = powerLoginSetMapper.selectByPrimaryKey(1); Power_Login_Set loginSet = powerLoginSetMapper.selectByPrimaryKey(1);
model.addAttribute("loginSet",loginSet); model.addAttribute("loginSet", loginSet);
CacheManager.addExcCount("noExc"); CacheManager.addExcCount("noExc");
return "loginDir/login"; return "loginDir/login";
} }
@RequestMapping(value = "login",method = RequestMethod.POST) @RequestMapping(value = "login", method = RequestMethod.POST)
@ResponseBody @ResponseBody
public Msg login(Power_User powerUser,HttpServletResponse response, HttpServletRequest request,Model model){ public Msg login(Power_User powerUser, HttpServletResponse response, HttpServletRequest request, Model model) {
LoginVoRedis loginVo = new LoginVoRedis();
Msg msg = new Msg();
String userName = powerUser.getUserName(); String userName = powerUser.getUserName();
String userPwd = powerUser.getUserPwd(); if (!userName.equals("admin")) {
String s = "00" + userName;
if (!userName.equals("admin")){
String s ="00" + userName;
powerUser.setUserName(s); powerUser.setUserName(s);
} }
loginVo.setUsername(userName);
loginVo.setPassword(userPwd);
Date date = new Date();
SimpleDateFormat sdFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
loginVo.setLoginTime(sdFormatter.toString());
Jedis redis = JedisPoolUtil.getJedisPoolInstance().getResource(); Jedis redis = JedisPoolUtil.getJedisPoolInstance().getResource();
String userInfo = redis.get(userName); String userInfo = redis.get(userName);
if (userInfo==null){ String errorPwsCount = "0";
loginVo.setLoginFailureCount(0); if (userInfo == null) {
redis.set(userName, JSONObject.toJSONString(loginVo)); redis.set(userName, errorPwsCount);
userInfo = redis.get(userName);
}
JSON json =JSONObject.parseObject(userInfo);
System.out.println(json);
LoginVoRedis userLoginInfo = JSONObject.toJavaObject(json, LoginVoRedis.class);
int loginFailCount = userLoginInfo.getLoginFailureCount();
if (loginFailCount >= 5 ) {
} }
int i = Integer.parseInt(redis.get(userName));
if (i < 5) {
try { try {
Power_UserVo user = powerUserService.findPowerUserByUserNameAndUserPwd(powerUser); Power_UserVo user = powerUserService.findPowerUserByUserNameAndUserPwd(powerUser);
//添加进操作日志 //添加进操作日志
Power_Log log = new Power_Log(); Power_Log log = new Power_Log();
if (user != null) {
if(user != null){
//存session密码置空 //存session密码置空
//是否记住密码功能 //是否记住密码功能
MyCookieUtil.remember(request, response); MyCookieUtil.remember(request, response);
@ -118,11 +101,11 @@ public class LoginController {
List<User_Dept_Menu> menuList = new ArrayList<>(); List<User_Dept_Menu> menuList = new ArrayList<>();
Set<String> menus = new LinkedHashSet<>(); Set<String> menus = new LinkedHashSet<>();
if (user.getRoleId().equals(0) || user.getRoleId().equals(-100)) { if (user.getRoleId().equals(0) || user.getRoleId().equals(-100)) {
list = powerMenuService.queryAllPowerMenu(null,user.getRoleId()); list = powerMenuService.queryAllPowerMenu(null, user.getRoleId());
} else { } else {
list = powerMenuService.selectUserAndRoleMenuListPower(user.getUserId(),null); list = powerMenuService.selectUserAndRoleMenuListPower(user.getUserId(), null);
} }
if(null != list && !list.isEmpty()){ if (null != list && !list.isEmpty()) {
for (Power_Menu powerMenu : list) { for (Power_Menu powerMenu : list) {
User_Dept_Menu deptMenu = new User_Dept_Menu(); User_Dept_Menu deptMenu = new User_Dept_Menu();
String menuUrl = powerMenu.getMenuUrl(); String menuUrl = powerMenu.getMenuUrl();
@ -141,88 +124,85 @@ public class LoginController {
//设置科室 //设置科室
StringBuilder powerDepts = new StringBuilder(); StringBuilder powerDepts = new StringBuilder();
List<Power_Dept> powerDeptsList = power_deptService.selectByPrimaryKeys(user.getDeptId()); List<Power_Dept> powerDeptsList = power_deptService.selectByPrimaryKeys(user.getDeptId());
for(int j=0;j<powerDeptsList.size();j++){ for (int j = 0; j < powerDeptsList.size(); j++) {
if(j<powerDeptsList.size()-1){ if (j < powerDeptsList.size() - 1) {
powerDepts.append(powerDeptsList.get(j).getDeptName()).append(","); powerDepts.append(powerDeptsList.get(j).getDeptName()).append(",");
}else{ } else {
powerDepts.append(powerDeptsList.get(j).getDeptName()); powerDepts.append(powerDeptsList.get(j).getDeptName());
} }
} }
Integer roleId = user.getRoleId(); Integer roleId = user.getRoleId();
if(null != roleId && roleId != 0 && roleId != -100){ if (null != roleId && roleId != 0 && roleId != -100) {
user.setRemark(powerDepts.toString()); user.setRemark(powerDepts.toString());
} }
//清除用户登录错误次数缓存 //清除用户登录错误次数缓存
CacheManager.clearOnly(powerUser.getUserName()); CacheManager.clearOnly(powerUser.getUserName());
//设置进缓存 //设置进缓存
CacheManager.putCache(token,new Cache(user,System.currentTimeMillis(),TOKEN_EXPIRE_TIME*1000)); CacheManager.putCache(token, new Cache(user, System.currentTimeMillis(), TOKEN_EXPIRE_TIME * 1000));
ActionScopeUtils.setSessionAttribute("token",token,Integer.valueOf(String.valueOf(TOKEN_EXPIRE_TIME))); ActionScopeUtils.setSessionAttribute("token", token, Integer.valueOf(String.valueOf(TOKEN_EXPIRE_TIME)));
ActionScopeUtils.setSessionAttribute("CURRENT_USER",user,Integer.valueOf(String.valueOf(TOKEN_EXPIRE_TIME))); ActionScopeUtils.setSessionAttribute("CURRENT_USER", user, Integer.valueOf(String.valueOf(TOKEN_EXPIRE_TIME)));
Power_User user1 = (Power_User)request.getSession().getAttribute("CURRENT_USER"); Power_User user1 = (Power_User) request.getSession().getAttribute("CURRENT_USER");
//单点登录跳转 //单点登录跳转
String url = ""; String url = "";
if(sysFlag == 2){ if (sysFlag == 2) {
url = EMRMEDICALRECORD_URLHEAD+"/login?token="+token+"&userName="+user.getUserName()+"&flag=1"; url = EMRMEDICALRECORD_URLHEAD + "/login?token=" + token + "&userName=" + user.getUserName() + "&flag=1";
}else{ } else {
//获取本地端口 //获取本地端口
int POWER_PORT = request.getLocalPort(); int POWER_PORT = request.getLocalPort();
url = "http://"+ip+":"+POWER_PORT+"/power/gatewayPage"; url = "http://" + ip + ":" + POWER_PORT + "/power/gatewayPage";
} }
redis.set(userName, JSONObject.toJSONString(loginVo)); redis.del(userName);
request.getSession().setAttribute("user",loginVo); return Msg.success().add("url", url);
return Msg.success().add("url",url); } else {
}else{
//登录失败 //登录失败
Integer wrongNum = 1; Integer wrongNum = 1;
Cache cache = CacheManager.getCacheInfo(powerUser.getUserName()); Cache cache = CacheManager.getCacheInfo(powerUser.getUserName());
if(cache != null){ if (cache != null) {
//缓存中错误次数 //缓存中错误次数
Integer currentNum = (Integer)cache.getValue(); Integer currentNum = (Integer) cache.getValue();
//叠加1 //叠加1
wrongNum += currentNum; wrongNum += currentNum;
} }
//添加缓存 //添加缓存
CacheManager.putCache(powerUser.getUserName(),new Cache(wrongNum)); CacheManager.putCache(powerUser.getUserName(), new Cache(wrongNum));
log.setCreater(powerUser.getUserName()); log.setCreater(powerUser.getUserName());
log.setLogTitle("登录"); log.setLogTitle("登录");
log.setLogContent("用户密码错误"); log.setLogContent("用户密码错误");
log.setRemark("已错误【"+wrongNum+"】次"); log.setRemark("已错误【" + wrongNum + "】次");
logService.insert(log); logService.insert(log);
request.setAttribute("msg", "用户名或密码不正确"); request.setAttribute("msg", "用户名或密码不正确");
loginFailCount ++; redis.incr(userName);
loginVo.setLoginFailureCount(loginFailCount);
redis.set(userName,JSONObject.toJSONString(loginVo));
request.getSession().setAttribute("user",loginVo);
return Msg.failUser(); return Msg.failUser();
} }
}catch (Exception e){ } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
CacheManager.addExcCount("exc"); CacheManager.addExcCount("exc");
} }
} else {
//失败次数大于五时锁十五分钟
redis.setex(userName, 900, i + "");
return Msg.failUser2();
}
return null; return null;
} }
@RequestMapping("refuse") @RequestMapping("refuse")
public String refuse(){ public String refuse() {
return "refuse"; return "refuse";
} }
//获取session所剩时间 //获取session所剩时间
@RequestMapping(value = "getSessionRemainingTime",method = RequestMethod.GET,produces = {"text/json;charset=UTF-8"}) @RequestMapping(value = "getSessionRemainingTime", method = RequestMethod.GET, produces = {"text/json;charset=UTF-8"})
@ResponseBody @ResponseBody
public String getSessionRemainingTime(HttpServletRequest request)throws Exception{ public String getSessionRemainingTime(HttpServletRequest request) throws Exception {
long lastAccessTime = 0L; long lastAccessTime = 0L;
String sessionId = request.getSession().getId(); String sessionId = request.getSession().getId();
Object attribute = request.getSession().getAttribute(sessionId); Object attribute = request.getSession().getAttribute(sessionId);
if(null != attribute){ if (null != attribute) {
lastAccessTime = (long)attribute; lastAccessTime = (long) attribute;
return JSON.toJSONString(TOKEN_EXPIRE_TIME-(System.currentTimeMillis()-lastAccessTime)); return JSON.toJSONString(TOKEN_EXPIRE_TIME - (System.currentTimeMillis() - lastAccessTime));
}else{ } else {
return null; return null;
} }
} }

2
power-admin/src/main/java/com/manage/controller/UserController.java
Unescape Escape View File

@ -168,7 +168,7 @@ public class UserController {
ServletRequestAttributes attr=(ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); ServletRequestAttributes attr=(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request =attr.getRequest(); HttpServletRequest request =attr.getRequest();
Power_UserVo powerUser = powerUserService.selectByPrimaryKey(userId); Power_UserVo powerUser = powerUserService.selectByPrimaryKey(userId);
powerUser.setUserPwd("EUwQTRBEEE0WFxJERRVCREVEEkYQEBFBTUJATU1GR0I="); powerUser.setUserPwd("R0QXEUNFFUNHFhAQTURMF0dNQUEVTUQRTBJDQEZNERI=");
powerUserService.updateByPrimaryKeySelective(powerUser,request); powerUserService.updateByPrimaryKeySelective(powerUser,request);
CacheManager.addExcCount("noExc"); CacheManager.addExcCount("noExc");
return Msg.success(); return Msg.success();

BIN
power-admin/src/main/webapp/static/img/login/login_bg.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 496 KiB

After

Width:  |  Height:  |  Size: 661 KiB

BIN
power-admin/src/main/webapp/static/img/login/login_logo.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

66
power-admin/src/main/webapp/static/js/login.js
Unescape Escape View File

@ -1,10 +1,7 @@
/** /**
* Created by ljx on 2019/4/25. * Created by ljx on 2019/4/25.
*/ */
$(function(){ $(function () {
//cookie数据保存格式是key=value;key=value;形式loginInfo为保存在cookie中的key值具体看controller代码 //cookie数据保存格式是key=value;key=value;形式loginInfo为保存在cookie中的key值具体看controller代码
/*if(str != ""){ /*if(str != ""){
var userName = str.split("#")[0]; var userName = str.split("#")[0];
@ -28,7 +25,7 @@ $(function(){
return ""; return "";
}*/ }*/
$("#forgetPwd").on("click",function(){ $("#forgetPwd").on("click", function () {
alert("请联系管理员进行修改密码!"); alert("请联系管理员进行修改密码!");
}); });
@ -36,8 +33,6 @@ $(function(){
}); });
var banar = document.getElementById('banar'); var banar = document.getElementById('banar');
var txt = document.getElementById('txt'); var txt = document.getElementById('txt');
var sub = document.getElementById('sub'); var sub = document.getElementById('sub');
@ -47,6 +42,7 @@ var allchar = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, "a", "b", "c", "d", "e",
"f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r",
"s", "t", "u", "v", "w", "x", "y", "z"]; "s", "t", "u", "v", "w", "x", "y", "z"];
var result; var result;
function randomChar() { function randomChar() {
result = "";//创建空的字符串,方便等下接收值 result = "";//创建空的字符串,方便等下接收值
//循环找出4的字符 //循环找出4的字符
@ -61,15 +57,15 @@ function randomChar() {
banar.innerHTML = result; banar.innerHTML = result;
//点击验证按钮,判断我们输入的值和随机生成的值是否一样? //点击验证按钮,判断我们输入的值和随机生成的值是否一样?
//一样就弹出验证成功,不一样就弹出验证错误。 //一样就弹出验证成功,不一样就弹出验证错误。
sub.onclick = function () { // sub.onclick = function () {
if (txt.value == result) { // if (txt.value == result) {
alert("验证成功!!!"); // alert("验证成功!!!");
} else { // } else {
alert("验证错误!!!"); // alert("验证错误!!!");
randomChar();//如果错误执行randomChar方法重新随机生成4个字符 // randomChar();//如果错误执行randomChar方法重新随机生成4个字符
txt.value = "";//如果错误,我们输入的验证码等于空,方便我们再次输入 // txt.value = "";//如果错误,我们输入的验证码等于空,方便我们再次输入
} // }
}; // };
} }
randomChar(); randomChar();
@ -83,6 +79,7 @@ function login() {
var userName = $("#userName").val(); var userName = $("#userName").val();
var userPwd = $("#userPwd").val(); var userPwd = $("#userPwd").val();
var txt = $("#txt").val(); var txt = $("#txt").val();
userPwd = hex_hmac_md5(userPwd, userPwd);
var rememberMeChecked = $("input[type='checkbox']").is(':checked'); var rememberMeChecked = $("input[type='checkbox']").is(':checked');
var rememberMe = ''; var rememberMe = '';
if (rememberMeChecked) { if (rememberMeChecked) {
@ -96,6 +93,10 @@ function login() {
} else { } else {
if (txt == '') { if (txt == '') {
toastr.warning("验证码不能为空!"); toastr.warning("验证码不能为空!");
} else {
if (result != txt) {
toastr.warning("验证码错误!")
randomChar();
} else { } else {
$.ajax({ $.ajax({
type: "POST", type: "POST",
@ -103,27 +104,24 @@ function login() {
data: {userName: userName, userPwd: userPwd, rememberMe: rememberMe}, data: {userName: userName, userPwd: userPwd, rememberMe: rememberMe},
dataType: 'json', dataType: 'json',
success: function (data) { success: function (data) {
if (result==txt) {
if (data.code == 100) { if (data.code == 100) {
window.location.href = data.extend.url; window.location.href = data.extend.url;
} else { } else {
toastr.warning(data.extend.msg); toastr.warning(data.msg);
}
}else {
toastr.warning("验证码错误!!!");
} }
} }
}) })
} }
} }
} }
}
} }
var interval = ""; var interval = "";
var qrCodeIdentity = ""; var qrCodeIdentity = "";
//获取扫码登录二维码 //获取扫码登录二维码
function handoffLogin() { function handoffLogin() {
$.ajax({ $.ajax({
type: "POST", type: "POST",
data: {loginTypeBitValue: 16, type: 3, projectUid: "cloudkey-fstth", ApplicationId: "fstth-wzh"}, data: {loginTypeBitValue: 16, type: 3, projectUid: "cloudkey-fstth", ApplicationId: "fstth-wzh"},
@ -140,9 +138,9 @@ function login() {
$("#switchHandoff2").css("display", "block"); $("#switchHandoff2").css("display", "block");
} }
function scanCodeLogin() { function scanCodeLogin() {
$.ajax({ $.ajax({
type: "POST", type: "POST",
data: {qrCodeIdentity: qrCodeIdentity}, data: {qrCodeIdentity: qrCodeIdentity},
@ -179,29 +177,29 @@ function login() {
} }
}) })
} }
function handoffLogin2() { function handoffLogin2() {
$("#switchHandoff").css("display", "block"); $("#switchHandoff").css("display", "block");
$("#switchHandoff2").css("display", "none"); $("#switchHandoff2").css("display", "none");
clearInterval(interval); clearInterval(interval);
} }
$('body').keydown(function () { $('body').keydown(function () {
if (event.keyCode == '13') { if (event.keyCode == '13') {
login(); login();
} }
}) })
/** /**
* 判断是iframe框架跳出iframe框架使用top链接 * 判断是iframe框架跳出iframe框架使用top链接
*/ */
if (top.location != location) { if (top.location != location) {
top.location.href = location.href; top.location.href = location.href;
} }

2
power-admin/src/main/webapp/static/js/user.js
Unescape Escape View File

@ -504,7 +504,7 @@ function resetPassword(){
if(ids.length == 2){ if(ids.length == 2){
Common.confirm({ Common.confirm({
title: "提示", title: "提示",
message: '确定是否重置用户名'+userName[0]+'的密码为000000', message: '确定是否重置用户名'+userName[0]+'的密码为123456',
operate: function (reselt) { operate: function (reselt) {
if (reselt) { if (reselt) {
$.ajax({ $.ajax({

6
power-foundaton/pom.xml
Unescape Escape View File

@ -51,6 +51,12 @@
<groupId>org.slf4j</groupId> <groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId> <artifactId>slf4j-log4j12</artifactId>
</dependency> </dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>3.1.0</version>
<scope>compile</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>

7
power-foundaton/src/main/java/com/manage/util/Msg.java
Unescape Escape View File

@ -45,6 +45,13 @@ public class Msg {
return result; return result;
} }
public static Msg failUser2(){
Msg result=new Msg();
result.setCode(200);
result.setMsg("账号或密码错误次数过多,请十五分钟后在尝试登录");
return result;
}
public static Msg fail(String msg){ public static Msg fail(String msg){
Msg result=new Msg(); Msg result=new Msg();
result.setCode(200); result.setCode(200);

Write Preview
Loading…
Cancel
Save