Question

我正在为FTP站点登录页面。它运行在Tomcat 8服务器上，并配置为在3次失败尝试15分钟后锁定用户。我想在用户被锁定后在登录页面上显示一条消息。问题是当登录失败时页面刷新（重定向回登录页面），清除所有内容。

我确实设法获得了登录尝试剩余错误消息，但是，它不能100％工作，因为我只是将其保存到cookie并且根本没有连接到用户帐户。无论如何都要获取用户名（谁登录）和他们的登录尝试和/或他们是否被锁定？

所以我想展示两件事：

每位用户的登录尝试次数
用户已被锁定，用户名

登录页面：

<%@page import="org.apache.catalina.User"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <link rel="stylesheet" type="text/css" href="<%=request.getContextPath()%>/css/master.css">
        <script type="text/javascript" src="<%=request.getContextPath()%>/javascript/javascript.js"></script>
    </head>
    <body bgcolor="#ffffff">
        <div class="container" role="main">
            <form method="POST" action="j_security_check">
                <table border="0" align="center">
                    <tr>
                        <td>Login</td>
                        <td><input id="user" type="text" name="j_username" autocomplete="off"></td>
                    </tr>
                    <tr>
                        <td>Password</td>
                        <td><input type="password" name="j_password" autocomplete="off"></td>
                    </tr>
                </table>
                     <%
                        User user = (User) request.getSession().getAttribute("user");
                        System.out.println("User: " + user);
                        if (request.getParameter("error") != null) {
                            System.out.println("Error: " + request.getParameter("error"));
                            %>
                                <div id="errorLogin">Invalid username or password</div>
                                <br/>
                                <div><span id="loginAttempt"><script>loginAttempts("<%=user%>");</script></span></div>
                            <%
                        }
                    %>

                <input type="submit" value="Login">
            </form>
        </div>
                    <%  response.setHeader("Cache-Control", "no-cache"); // HTTP 1.1
                        response.setHeader("Cache-Control", "no-store");
                        response.setHeader("Pragma", "no-cache"); // HTTP 1.0
                        response.setHeader("Expires", "0"); // Prevents cache at proxy server
                    %>
    </body>
</html>

javascipt.js

var loginattempts = null;
var temp;

function loginAttempts(user) {
    //var user = document.getElementById('user').value;
    var div = document.getElementById('loginAttempt');
    var msg = "Warning: Login attempts remaining: ";
    loginattempts = getCookie("login");

    if (loginattempts === "" || loginattempts === null) {
        createCookie("login", 3, 5);
        temp = getCookie("login");
        div.textContent = msg + temp.toString();
    } else if (loginattempts === "0" || loginattempts === 0) {
        div.textContent = user + " has been locked out";
    } else {
        temp = getCookie("login") - 1 ;
        div.textContent = msg + temp.toString();
    }

    debugger;

}

function getCookie(cname) {
    var name = cname + "=";
    var decodedCookie = decodeURIComponent(document.cookie);
    var ca = decodedCookie.split(';');

     for(var i = 0; i <ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0) === ' ') {
            c = c.substring(1);
        }
        if (c.indexOf(name) === 0) {
            return c.substring(name.length, c.length);
        }
    }
    return "";
}

function createCookie(cname, cvalue, exdays) {
    var d = new Date();
    d.setTime(d.getTime() + (exdays*24*60*60*1000));
    var expires = "expires=" + d.toUTCString();
    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}

server.xml lockout：

<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" cacheSize="1000" cacheRemovalWarningTime="3600">

Answer 1

我自己解决了这个问题，我使用cookie来存储信息。

尝试失败后尝试显示登录尝试和用户锁定消息

1 个答案: