第一步:创建 AuthenticationSuccessEventListener.java 用来处理登录成功的事件。
package com.dcits.yft.auth; import com.dcits.yft.system.dao.UserDao; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.stereotype.Component; import java.util.Map; /** * 登陆成功监听 * * @author Shaoj 3/2/2017. */ @Component public class AuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> { @Autowired private UserDao userDao; @Override public void onApplicationEvent(AuthenticationSuccessEvent authenticationSuccessEvent) { YftUserDetails yftUserDetails = (YftUserDetails) authenticationSuccessEvent.getAuthentication().getPrincipal(); String account = yftUserDetails.getUsername(); Map<String, Object> user = userDao.queryUserByAccount(account); userDao.updateStatusByAccount(account, user.get("ENABLE").toString(), 0); } } 第二步:新建AuthenticationFailureListener.java 用来处理登录失败的事件。package com.dcits.yft.auth; import com.dcits.yft.system.dao.ParamsDao; import com.dcits.yft.system.dao.UserDao; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationListener; import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; import org.springframework.stereotype.Component; import java.util.Map; /** * 登陆失败监听 * * @author Shaoj 3/2/2017. */ @Component public class AuthenticationFailureListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> { @Autowired private UserDao userDao; @Autowired private ParamsDao paramsDao; @Override public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent authenticationFailureBadCredentialsEvent) { String account = authenticationFailureBadCredentialsEvent.getAuthentication().getPrincipal().toString(); Map<String, Object> user = userDao.queryUserByAccount(account); if (user != null) { // 用户失败次数 int fails = Integer.parseInt(user.get("FAILS").toString()); fails++; // 系统配置失败次数 int FAILS_COUNT = Integer.parseInt(paramsDao.queryParamsValue("FAILS_COUNT")); // 超出失败次数,停用账户 if (fails >= FAILS_COUNT) { userDao.updateStatusByAccount(account, "false", fails); // 失败次数++ } else { userDao.updateStatusByAccount(account, user.get("ENABLE").toString(), fails); } } } } 第三步:在UserDao.java中加入登录状态更新的代码 /** * 更新用户登录次数 * * @param account 账户 * @param login_counts 登录次数 * @return */ public void updateLoginCounts(String account) { daoUtil.update("update t_yft_user set login_counts = login_counts + 1 where account = ?", account); } 第四步:数据库中添加登录次数字段 alter table T_YFT_USER add (FAILS number(11) default 0 ); comment on column T_YFT_USER.FAILS is '失败尝试次数'; INSERT INTO t_yft_params (ID,CODE,NAME,VALUE,UNIT,REMARK,CRT_DATE) VALUES (66,'FAILS_COUNT','登陆尝试次数','5','','',to_date('2017-03-02','yyyy-mm-dd'));
