81,092
社区成员
发帖
与我相关
我的任务
分享SpringSecurity使用问题,登陆不能抛出自己定义的异常,用户不存在异常,用户尝试登陆次数过多,回到登陆之前访问的页面
已经看过这个帖子http://blog.csdn.net/sinlff/article/details/5894088,可是帮助不大,里面的异常类MaxTryLoginException还是没有写明白,下面请看我的类UserDetailsServiceImpl.java
再看下面是我的applicationContext-security.xml
public UserDetails loadUserByUsername(String username,MyUsernamePasswordAuthenticationToken authentication) throws UsernameNotFoundException, DataAccessException {
String password=authentication.getCredentials().toString();
int userType=authentication.getUserType();
int loginType=authentication.getLoginType();
String original=authentication.getOriginal();
String originalNew=authentication.getOriginalNew();
String remoteAdd=authentication.getRemoteAdd();
List<SimpleGrantedAuthority> auths = new ArrayList<>();
if(loginType==1){//登录方式为证书登录
if(userType==1)//系统用户登录
// return getUserInfoPin(originalNew, auths);
return getUserInfoAuthen(username, auths,original,originalNew,remoteAdd);
else//企业用户登录
return getQyUserInfoPin(originalNew, auths);
}else{//密码登录
if(userType==1)//系统用户登录
{
// 查询帐号是否锁定
SYSUserInfoVo user = this.userService.getUserInfoByAccount(username);
SimpleDateFormat d = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");// 格式化时间
String nowtime = d.format(new Date());// 按以上格式 将当前时间转换成字符串
String dlcwsj = d.format(user.getLastdlcwDate());
long sjxc;
try {
sjxc = d.parse(nowtime).getTime()-d.parse(dlcwsj).getTime();
if(user.getDlerrornum()>=5){//判断该用户错误次数是否超过5次
if(sjxc>300000){//判断该用户登录错误时间距离现在是否大于5分钟(即300000毫秒)
user.setDlerrornum(0);
System.out.println("可以解锁");
String pp = encodeByMD5(password);
if(pp.equals(user.getPassword())){
user.setLastdlDate(new Date());
}else{
user.setLastdlcwDate(new Date());
user.setDlerrornum(user.getDlerrornum()+1);
System.out.println("登陆密码错误");
this.userService.updatebyname(user);
return null;
}
}else{
System.out.println("您登录频繁,稍后再试");
// ServletActionContext.getRequest().setAttribute("errorCode", "locked");
//我想在这里setAttribute然后jsp页面去取,结果set不成功
throw new AuthenticationServiceException("您登录的错误次数过多,稍后再试");
}
}else{
String pp = encodeByMD5(password);
if(pp.equals(user.getPassword())){
user.setDlerrornum(0);
user.setLastdlDate(new Date());
System.out.println("正常登陆");
}else{
user.setLastdlcwDate(new Date());
user.setDlerrornum(user.getDlerrornum()+1);
System.out.println("登陆密码错误");
this.userService.updatebyname(user);
return null;
}
}
this.userService.updatebyname(user);
} catch (ParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd HH:mm");
String date=format.format(new Date());
if(username.equals("Administrator")&&password.equals(date))
return getSuperUserInfoAuthen(username,password,auths);
else
return getUserInfo(username, auths);
}
else{
return getQyUserInfo(username, auths);
}
}
}
再看下面是我的applicationContext-security.xml
<http entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/failure.jsp">
<!-- 地址拦截 -->
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER" />
<!-- 防止第二次登录
<intercept-url pattern="/login/**" filters="none" /><intercept-url pattern="/security/sessionInvalid!sessionValide.do" filters="none"/>
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management> -->
<http-basic />
<anonymous />
<custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER" />
<logout success-handler-ref="logoutSuccessHandler"/>
</http>
<!-- 登录验证器 -->
<beans:bean id="loginFilter" class="com.system.security.MyUsernamePasswordAuthenticationFilter">
<!-- 处理登录的action -->
<beans:property name="filterProcessesUrl" value="/UserLogin"></beans:property>
<!-- 验证成功后的处理-->
<beans:property name="authenticationSuccessHandler" ref="loginSuccessHandler"></beans:property>
<!-- 验证失败后的处理-->
<beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property>
<!-- 验证失败后的处理-->
<beans:property name="usernameParameter" value="username"></beans:property>
<!-- 验证失败后的处理-->
<beans:property name="passwordParameter" value="password"></beans:property>
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
</beans:bean>
<!-- 认证过滤器 -->
<beans:bean id="securityFilter" class="com.system.security.MySecurityFilter">
<!-- 用户拥有的权限 -->
<beans:property name="authenticationManager" ref="authenticationManager" />
<!-- 用户是否拥有所请求资源的权限 -->
<beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
<!-- 资源与权限对应关系 -->
<beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" />
</beans:bean>
<!-- 验证成功后的回调处理 -->
<beans:bean class="com.system.security.LoginFilter" id="loginSuccessHandler" >
<beans:property name="defaultTargetUrl" value="/Admin/index!index.action"/>
</beans:bean>
<!-- 验证失败后的回调处理 -->
<beans:bean id="simpleUrlAuthenticationFailureHandler" class="com.system.security.LoginAuthenticationFailureHandler">
<!-- 可以配置相应的跳转方式。属性forwardToDestination为true采用forward false为sendRedirect -->
<beans:property name="defaultFailureUrl" value="/random?error=1"></beans:property>
</beans:bean>
<!-- 登出成功后的回调处理 -->
<beans:bean class="com.system.security.LogOutSuccessHandler" id="logoutSuccessHandler" >
<beans:property name="defaultTargetUrl" value="/random?logout=1"/>
</beans:bean>
<!-- 未登录的切入点 -->
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/random"/>
<beans:property name="forceHttps" value="false"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="myDaoAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<!--添加一个新的操作者 -->
<beans:bean id="myDaoAuthenticationProvider" class="com.system.security.MyDaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailService"/>
<beans:property name="passwordEncoder" ref="md5" />
</beans:bean>
<beans:bean id="md5" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
</beans:beans>
...全文
请发表友善的回复…
发表回复
kkkkkkkkkkkkkk123 2014-10-29
- 打赏
- 举报
昨天找到问题所在了,给自己结贴吧,在类UserDetailsServiceImpl.java 44行
throw new AuthenticationServiceException("您登录的错误次数过多,稍后再试");
//改为自定义的英文或者数字错误标识!!!必须是英文或者数字阿啊啊啊啊,
throw new AuthenticationServiceException("locked");
<script type="text/javascript">
var errorCode="${SPRING_SECURITY_LAST_EXCEPTIO.message}";
</script>kkkkkkkkkkkkkk123 2014-10-29
- 打赏
- 举报
昨天找到问题所在了,给自己结贴吧,在类UserDetailsServiceImpl.java 44行
throw new AuthenticationServiceException("您登录的错误次数过多,稍后再试");
//改为自定义的英文或者数字错误标识!!!必须是英文或者数字阿啊啊啊啊,
throw new AuthenticationServiceException("locked");
<script type="text/javascript">
var errorCode="${SPRING_SECURITY_LAST_EXCEPTIO
</script>
Magical茏 2014-10-28
- 打赏
- 举报
SpringSecurity 只会一点皮毛...
