如果凭证无效,我想触发一个事件,在我的代码中它将转到oresethrow块(试图实现帐户锁定)。是否有可能捕获从“ org.springframework.security.core”引发的异常。 userdetails.User(lowercaseLogin,user.getPassword(),grantedAuthorities)”,这样我就可以触发处理帐户锁定的事件
我创建了一个自定义事件处理程序(AuthenticationFailureEventListener无法正常工作)以尝试3或5次锁定帐户。我正在使用jhipster UAA
Optional<User> userFromDatabase = userRepository.findOneWithAuthoritiesByLogin(lowercaseLogin);
return userFromDatabase.map(user -> {
if (!user.getActivated()) {
log.info("User " + login + " was not activated");
throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");
}
List<GrantedAuthority> grantedAuthorities = user.getAuthorities().stream()
.map(authority -> new SimpleGrantedAuthority(authority.getName())).collect(Collectors.toList());
return new org.springframework.security.core.userdetails.User(lowercaseLogin, user.getPassword(),
grantedAuthorities);
})
.orElseThrow(
() -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the " + "database"));
-------帐户锁定级别
@Service
public class AccountLockService {
private final int MAX_ATTEMPT = 3;
private LoadingCache<String, Integer> attemptsCache;
public AccountLockService() {
super();
attemptsCache = CacheBuilder.newBuilder().
expireAfterWrite(1, TimeUnit.MINUTES).build(new CacheLoader<String, Integer>() {
public Integer load(String key) {
return 0;
}
});
}
public void loginFailed(String key) {
int attempts = 0;
try {
attempts = attemptsCache.get(key);
} catch (ExecutionException e) {
attempts = 0;
}
attempts++;
attemptsCache.put(key, attempts);
}
public boolean isBlocked(String key) {
try {
return attemptsCache.get(key) >= MAX_ATTEMPT;
} catch (ExecutionException e) {
return false;
}
}
}
----自定义监听器
@Component
public class CustomCreatedEventListener {
@Autowired
private AccountLockService accountLockService;
@Autowired
private HttpServletRequest request;
public CustomCreatedEventListener(AccountLockService accountLockService, HttpServletRequest request) {
this.accountLockService = accountLockService;
this.request = request;
}
@EventListener
public void accountLock(Authentication auth) {
String xfHeader = request.getHeader("X-Forwarded-For");
if (xfHeader == null) {
xfHeader = request.getRemoteAddr();
}
xfHeader = xfHeader.split(",")[0];
accountLockService.loginFailed(xfHeader);
}
}