From dd29fcb8eff0fe9d442b98bd47738c79f3db136a Mon Sep 17 00:00:00 2001
From: 李宇 <986321569@qq.com>
Date: 星期四, 25 二月 2021 09:56:37 +0800
Subject: [PATCH] 修改密码次数和时间
---
src/main/java/com/nanometer/smartlab/controller/LoginController.java | 2 +-
src/main/webapp/WEB-INF/ehcache.xml | 10 ++++++++++
src/main/webapp/WEB-INF/spring-shiro.xml | 2 +-
src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java | 6 +++---
4 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/main/java/com/nanometer/smartlab/controller/LoginController.java b/src/main/java/com/nanometer/smartlab/controller/LoginController.java
index 3ac1190..b5a72da 100644
--- a/src/main/java/com/nanometer/smartlab/controller/LoginController.java
+++ b/src/main/java/com/nanometer/smartlab/controller/LoginController.java
@@ -44,7 +44,7 @@
FacesUtils.warn("用户名不存在");
return null;
} catch (ExcessiveAttemptsException e) {
- FacesUtils.warn("登陆失败,密码连续输入错误超过5次,锁定5分钟!");
+ FacesUtils.warn("登陆失败,密码连续输入错误超过8次,锁定1分钟!");
return null;
} catch (Exception e) {
logger.error("登陆失败", e);
diff --git a/src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java b/src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java
index 7f5739c..a11416e 100644
--- a/src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java
+++ b/src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java
@@ -65,11 +65,11 @@
retryCount = new AtomicInteger(0);
passwordRetryCache.put(username, retryCount);
}
- if(retryCount.incrementAndGet() > 5) {
+ if(retryCount.incrementAndGet() > 8) {
//if retry count > 5 throw
- logger.warn("username: " + username + " tried to login more than 5 times in period");
+ logger.warn("username: " + username + " tried to login more than 8 times in period");
// FacesUtils.warn("用户名: " + username + " 密码连续输入错误超过5次,锁定5分钟!");
- throw new ExcessiveAttemptsException("用户名: " + username + " 密码连续输入错误超过5次,锁定5分钟!");
+ throw new ExcessiveAttemptsException("用户名: " + username + " 密码连续输入错误超过8次,锁定1分钟!");
}
boolean matches = super.doCredentialsMatch(authcToken, info);
diff --git a/src/main/webapp/WEB-INF/ehcache.xml b/src/main/webapp/WEB-INF/ehcache.xml
index 5fed98f..2950179 100644
--- a/src/main/webapp/WEB-INF/ehcache.xml
+++ b/src/main/webapp/WEB-INF/ehcache.xml
@@ -29,6 +29,16 @@
statistics="true">
</cache>
+ <!-- 缓存1min -->
+ <cache name="oneMin"
+ maxElementsInMemory="10000"
+ maxElementsOnDisk="100000"
+ eternal="false"
+ timeToIdleSeconds="60"
+ timeToLiveSeconds="60"
+ overflowToDisk="false"
+ diskPersistent="false" />
+
<!-- 缓存5min -->
<cache name="fivMin"
maxElementsInMemory="10000"
diff --git a/src/main/webapp/WEB-INF/spring-shiro.xml b/src/main/webapp/WEB-INF/spring-shiro.xml
index 357bd34..03420b4 100644
--- a/src/main/webapp/WEB-INF/spring-shiro.xml
+++ b/src/main/webapp/WEB-INF/spring-shiro.xml
@@ -117,7 +117,7 @@
<!-- 密码错误5次锁定5min -->
<bean id="credentialsMatcher" class="com.nanometer.smartlab.realm.RetryLimitCredentialsMatcher">
<constructor-arg ref="shiroSpringCacheManager"/>
- <property name="retryLimitCacheName" value="fivMin"/>
+ <property name="retryLimitCacheName" value="oneMin"/>
<!-- 密码加密 1次md5,增强密码可修改此处 -->
<property name="hashAlgorithmName" value="MD5"/>
<property name="storedCredentialsHexEncoded" value="true"/>
--
Gitblit v1.9.2