java/zhihuishenqu.git

			@@ -1,11 +1,22 @@
			package com.panzhihua.auth.handel;

			import java.security.InvalidKeyException;
			import java.security.NoSuchAlgorithmException;
			import java.time.Duration;
			import java.util.ArrayList;
			import java.util.List;
			import java.util.Set;

			import javax.annotation.Resource;
			import javax.crypto.BadPaddingException;
			import javax.crypto.IllegalBlockSizeException;
			import javax.crypto.NoSuchPaddingException;

			import com.panzhihua.auth.config.MyAESUtil;
			import com.panzhihua.common.model.helper.AESUtil;
			import com.panzhihua.common.utlis.AES;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.data.redis.core.RedisTemplate;
			import org.springframework.security.authentication.AuthenticationProvider;
			import org.springframework.security.authentication.BadCredentialsException;
			import org.springframework.security.authentication.LockedException;
			@@ -33,44 +44,105 @@
			public class UserAuthenticationProvider implements AuthenticationProvider {
			@Resource
			private UserService userService;
			@Resource
			private RedisTemplate redisTemplate;

			private static String LOGIN_FAIL="LOGIN_FAIL_";

			@Override
			public Authentication authenticate(Authentication authentication) throws AuthenticationException {
			// 获取表单输入中返回的用户名
			String userName = (String)authentication.getPrincipal();
			// 获取表单中输入的密码
			String password = (String)authentication.getCredentials();
			// 查询用户是否存在
			R<LoginUserInfoVO> r = userService.getUserInfo(userName);
			if (r.getCode() != 200) {
			throw new UsernameNotFoundException("该账号不存在");
			String password =(String)authentication.getCredentials();
			if(!userName.contains("_1")){
			try {
			password = MyAESUtil.Decrypt((String)authentication.getCredentials(),"Ryo7M3n8loC5Abcd");
			} catch (Exception e) {
			e.printStackTrace();
			}
			boolean flag= redisTemplate.hasKey(LOGIN_FAIL+userName);
			if(flag){
			Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
			if(time>=5){
			redisTemplate.opsForValue().set(LOGIN_FAIL+userName,5, Duration.ofMinutes(5));
			throw new LockedException("登录错误超过限制,请五分钟后重试");
			}
			}
			// 查询用户是否存在
			R<LoginUserInfoVO> r = userService.getUserInfo(userName);
			if (r.getCode() != 200) {
			lockLogin(flag,userName);
			throw new UsernameNotFoundException("账号或密码错误");
			}
			LoginUserInfoVO loginUserInfoVO = r.getData();
			List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
			Set<String> roles = loginUserInfoVO.getRoles();
			if (!ObjectUtils.isEmpty(roles)) {
			roles.forEach(s -> {
			grantedAuthorityList.add(new SimpleGrantedAuthority(s));
			});
			}
			if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())\|\|ObjectUtils.isEmpty(password)) {
			lockLogin(flag,userName);
			throw new UsernameNotFoundException("账号或密码错误");
			}
			// 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
			if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
			lockLogin(flag,userName);
			throw new BadCredentialsException("密码不正确");
			}
			// 还可以加一些其他信息的判断，比如用户账号已停用等判断
			if (loginUserInfoVO.getStatus().intValue() == 2) {
			throw new LockedException("该用户已被禁用");
			}
			// 维护最后登录时间
			userService.putUserLastLoginTime(loginUserInfoVO.getUserId());
			return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
			}
			LoginUserInfoVO loginUserInfoVO = r.getData();
			List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
			Set<String> roles = loginUserInfoVO.getRoles();
			if (!ObjectUtils.isEmpty(roles)) {
			roles.forEach(s -> {
			grantedAuthorityList.add(new SimpleGrantedAuthority(s));
			});
			else {
			// 查询用户是否存在
			R<LoginUserInfoVO> r = userService.getUserInfo(userName);
			if (r.getCode() != 200) {
			throw new UsernameNotFoundException("该账号不存在");
			}
			LoginUserInfoVO loginUserInfoVO = r.getData();
			List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
			Set<String> roles = loginUserInfoVO.getRoles();
			if (!ObjectUtils.isEmpty(roles)) {
			roles.forEach(s -> {
			grantedAuthorityList.add(new SimpleGrantedAuthority(s));
			});
			}
			if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())) {
			throw new UsernameNotFoundException("该账号不存在");
			}
			// 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
			if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
			throw new BadCredentialsException("密码不正确");
			}
			// 还可以加一些其他信息的判断，比如用户账号已停用等判断
			if (loginUserInfoVO.getStatus().intValue() == 2) {
			throw new LockedException("该用户已被禁用");
			}
			// 维护最后登录时间
			userService.putUserLastLoginTime(loginUserInfoVO.getUserId());
			return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);

			}
			if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())) {
			throw new UsernameNotFoundException("该账号不存在");
			}
			// 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
			if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
			throw new BadCredentialsException("密码不正确");
			}
			// 还可以加一些其他信息的判断，比如用户账号已停用等判断
			if (loginUserInfoVO.getStatus().intValue() == 2) {
			throw new LockedException("该用户已被禁用");
			}
			// 维护最后登录时间
			userService.putUserLastLoginTime(loginUserInfoVO.getUserId());
			return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
			}

			@Override
			public boolean supports(Class<?> aClass) {
			return true;
			}

			private void lockLogin(Boolean flag,String userName){
			if(flag){
			Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
			redisTemplate.opsForValue().set(LOGIN_FAIL+userName,time+1, Duration.ofMinutes(5));
			}
			else {
			redisTemplate.opsForValue().set(LOGIN_FAIL+userName,1, Duration.ofMinutes(5));
			}
			}
			}