如何处理从org.springframework.security.core.userdetails.User抛出的无效凭证异常

时间:2019-03-27 09:28:09

标签: java spring-boot spring-security jhipster cloudfoundry-uaa

如果凭证无效,我想触发一个事件,在我的代码中它将转到oresethrow块(试图实现帐户锁定)。是否有可能捕获从“ org.springframework.security.core”引发的异常。 userdetails.User(lowercaseLogin,user.getPassword(),grantedAuthorities)”,这样我就可以触发处理帐户锁定的事件

我创建了一个自定义事件处理程序(AuthenticationFailureEventListener无法正常工作)以尝试3或5次锁定帐户。我正在使用jhipster UAA

   Optional<User> userFromDatabase = userRepository.findOneWithAuthoritiesByLogin(lowercaseLogin);

            return userFromDatabase.map(user -> {
                if (!user.getActivated()) {
                    log.info("User " + login + " was not activated");
                    throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");

                }
                List<GrantedAuthority> grantedAuthorities = user.getAuthorities().stream()
                        .map(authority -> new SimpleGrantedAuthority(authority.getName())).collect(Collectors.toList());

                return new org.springframework.security.core.userdetails.User(lowercaseLogin, user.getPassword(),
                        grantedAuthorities);
    })

        .orElseThrow(
                        () -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the " + "database"));

-------帐户锁定级别

     @Service
public class AccountLockService {
    private final int MAX_ATTEMPT = 3;
    private LoadingCache<String, Integer> attemptsCache;

    public AccountLockService() {
        super();
        attemptsCache = CacheBuilder.newBuilder().
          expireAfterWrite(1, TimeUnit.MINUTES).build(new CacheLoader<String, Integer>() {
            public Integer load(String key) {
                return 0;
            }
        });
    }


    public void loginFailed(String key) {
        int attempts = 0;
        try {
            attempts = attemptsCache.get(key);
        } catch (ExecutionException e) {
            attempts = 0;
        }
        attempts++;
        attemptsCache.put(key, attempts);
    }

    public boolean isBlocked(String key) {
        try {
            return attemptsCache.get(key) >= MAX_ATTEMPT;
        } catch (ExecutionException e) {
            return false;
        }
    }
}

----自定义监听器

@Component
public class CustomCreatedEventListener {
    @Autowired
    private AccountLockService accountLockService;

    @Autowired
    private HttpServletRequest request;

    public CustomCreatedEventListener(AccountLockService accountLockService, HttpServletRequest request) {
        this.accountLockService = accountLockService;
        this.request = request;
    }

    @EventListener
    public void accountLock(Authentication auth) {

        String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) {
            xfHeader = request.getRemoteAddr();
        }
        xfHeader = xfHeader.split(",")[0];

        accountLockService.loginFailed(xfHeader);
    }
}

0 个答案:

没有答案