package com.springboot.test.shiro.config.shiro;
import java.util.concurrent.atomic.AtomicInteger;
import com.springboot.test.shiro.modules.user.dao.UserMapper;
import com.springboot.test.shiro.modules.user.dao.entity.User;
import org.apache.log4j.Logger;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.springframework.beans.factory.annotation.Autowired;
/**
 * @author: WangSaiChao
 * @date: 2018/5/25
 * @description: 登陸次數(shù)限制
 */
public class RetryLimitHashedCredentialsMatcher extends SimpleCredentialsMatcher {
 private static final Logger logger = Logger.getLogger(RetryLimitHashedCredentialsMatcher.class);
 @Autowired
 private UserMapper userMapper;
 private Cache<String, AtomicInteger> passwordRetryCache;
 public RetryLimitHashedCredentialsMatcher(CacheManager cacheManager) {
  passwordRetryCache = cacheManager.getCache("passwordRetryCache");
 }
 @Override
 public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
  //獲取用戶名
  String username = (String)token.getPrincipal();
  //獲取用戶登錄次數(shù)
  AtomicInteger retryCount = passwordRetryCache.get(username);
  if (retryCount == null) {
   //如果用戶沒(méi)有登陸過(guò),登陸次數(shù)加1 并放入緩存
   retryCount = new AtomicInteger(0);
   passwordRetryCache.put(username, retryCount);
  }
  if (retryCount.incrementAndGet() > 5) {
   //如果用戶登陸失敗次數(shù)大于5次 拋出鎖定用戶異常 并修改數(shù)據(jù)庫(kù)字段
   User user = userMapper.findByUserName(username);
   if (user != null && "0".equals(user.getState())){
    //數(shù)據(jù)庫(kù)字段 默認(rèn)為 0 就是正常狀態(tài) 所以 要改為1
    //修改數(shù)據(jù)庫(kù)的狀態(tài)字段為鎖定
    user.setState("1");
    userMapper.update(user);
   }
   logger.info("鎖定用戶" + user.getUsername());
   //拋出用戶鎖定異常
   throw new LockedAccountException();
  }
  //判斷用戶賬號(hào)和密碼是否正確
  boolean matches = super.doCredentialsMatch(token, info);
  if (matches) {
   //如果正確,從緩存中將用戶登錄計(jì)數(shù) 清除
   passwordRetryCache.remove(username);
  }
  return matches;
 }
 /**
  * 根據(jù)用戶名 解鎖用戶
  * @param username
  * @return
  */
 public void unlockAccount(String username){
  User user = userMapper.findByUserName(username);
  if (user != null){
   //修改數(shù)據(jù)庫(kù)的狀態(tài)字段為鎖定
   user.setState("0");
   userMapper.update(user);
   passwordRetryCache.remove(username);
  }
 }
}

/**
 * 配置密碼比較器
 * @return
 */
@Bean("credentialsMatcher")
public RetryLimitHashedCredentialsMatcher retryLimitHashedCredentialsMatcher(){
 RetryLimitHashedCredentialsMatcher retryLimitHashedCredentialsMatcher = new RetryLimitHashedCredentialsMatcher(ehCacheManager());

 //如果密碼加密,可以打開下面配置
 //加密算法的名稱
 //retryLimitHashedCredentialsMatcher.setHashAlgorithmName("MD5");
 //配置加密的次數(shù)
 //retryLimitHashedCredentialsMatcher.setHashIterations(1024);
 //是否存儲(chǔ)為16進(jìn)制
 //retryLimitHashedCredentialsMatcher.setStoredCredentialsHexEncoded(true);

 return retryLimitHashedCredentialsMatcher;
}

/**
 * 身份認(rèn)證realm; (這個(gè)需要自己寫，賬號(hào)密碼校驗(yàn)；權(quán)限等)
 * @return
 */
@Bean
public ShiroRealm shiroRealm(){
 ShiroRealm shiroRealm = new ShiroRealm();
 ......
 //配置自定義密碼比較器
 shiroRealm.setCredentialsMatcher(retryLimitHashedCredentialsMatcher());
 return shiroRealm;
}

<!-- 登錄失敗次數(shù)緩存
  注意 timeToLiveSeconds 設(shè)置為300秒 也就是5分鐘
  可以根據(jù)自己的需求更改
 -->
<cache name="passwordRetryCache"
  maxEntriesLocalHeap="2000"
  eternal="false"
  timeToIdleSeconds="0"
  timeToLiveSeconds="300"
  overflowToDisk="false"
  statistics="true">
</cache>

/**
 * 解除admin 用戶的限制登錄 
 * 寫死的 方便測(cè)試
 * @return
 */
@RequestMapping("/unlockAccount")
public String unlockAccount(Model model){
 model.addAttribute("msg","用戶解鎖成功");

 retryLimitHashedCredentialsMatcher.unlockAccount("admin");

 return "login";
}

<a href="/unlockAccount" rel="external nofollow" >解鎖admin用戶</a></button>