From cfe431f7938d40cbf2478119baa8a0eab9b746d6 Mon Sep 17 00:00:00 2001
From: zhanghua <314079846@qq.com>
Date: 星期五, 21 四月 2023 12:55:27 +0800
Subject: [PATCH] 登录时密码加密,记录登录错误次数
---
ycl-common/src/main/java/com/ycl/service/user/impl/UmsAdminServiceImpl.java | 23 +++++++
ycl-platform/src/main/resources/application-dev.yml | 2
ycl-common/src/main/java/com/ycl/bo/AdminUserDetails.java | 5 +
ycl-common/src/main/resources/mapper/user/UmsAdminMapper.xml | 2
ycl-platform/src/main/java/com/ycl/controller/platformApi/AlarmController.java | 2
ycl-common/src/main/java/com/ycl/controller/user/UmsAdminController.java | 32 ++++++----
ycl-common/src/main/java/com/ycl/entity/user/UmsAdmin.java | 10 +++
ycl-common/src/main/java/com/ycl/utils/AesEncryptUtil.java | 100 +++++++++++++++++++++++++++++++++
8 files changed, 160 insertions(+), 16 deletions(-)
diff --git a/ycl-common/src/main/java/com/ycl/bo/AdminUserDetails.java b/ycl-common/src/main/java/com/ycl/bo/AdminUserDetails.java
index 4f8975b..f609db8 100644
--- a/ycl-common/src/main/java/com/ycl/bo/AdminUserDetails.java
+++ b/ycl-common/src/main/java/com/ycl/bo/AdminUserDetails.java
@@ -13,6 +13,7 @@
/**
* SpringSecurity闇�瑕佺殑鐢ㄦ埛璇︽儏
*/
+
public class AdminUserDetails implements UserDetails {
private UmsAdmin umsAdmin;
private List<UmsMenu> resourceList;
@@ -63,4 +64,8 @@
public Long getUserId() {
return umsAdmin.getId();
}
+
+ public UmsAdmin getUmsAdmin() {
+ return umsAdmin;
+ }
}
diff --git a/ycl-common/src/main/java/com/ycl/controller/user/UmsAdminController.java b/ycl-common/src/main/java/com/ycl/controller/user/UmsAdminController.java
index 3796ae0..25f8004 100644
--- a/ycl-common/src/main/java/com/ycl/controller/user/UmsAdminController.java
+++ b/ycl-common/src/main/java/com/ycl/controller/user/UmsAdminController.java
@@ -24,6 +24,7 @@
import com.ycl.service.redis.RedisService;
import com.ycl.service.user.UmsAdminService;
import com.ycl.service.user.UmsMenuService;
+import com.ycl.utils.AesEncryptUtil;
import com.ycl.utils.EasyExcelUtils;
import com.ycl.utils.redis.RedisKey;
import com.ycl.vo.user.UserVO;
@@ -80,8 +81,11 @@
@ApiOperation(value = "鐧诲綍浠ュ悗杩斿洖token")
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
- public CommonResult login(@Validated @RequestBody UmsAdminLoginParam umsAdminLoginParam) {
- String token = adminService.login(umsAdminLoginParam.getUsername(), umsAdminLoginParam.getPassword());
+ public CommonResult login(@Validated @RequestBody UmsAdminLoginParam umsAdminLoginParam) throws Exception {
+ String password = AesEncryptUtil.desEncrypt(umsAdminLoginParam.getPassword());
+// String password = umsAdminLoginParam.getPassword();
+ String token = adminService.login(umsAdminLoginParam.getUsername(), password);
+
if (token == null) {
return CommonResult.validateFailed("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒");
}
@@ -161,6 +165,7 @@
private DataDictionary2Mapper dataDictionary2Mapper;
@Resource
private UmsDepartMapper umsDepartMapper;
+
@ApiOperation("鐢ㄦ埛瀵煎叆")
@PostMapping("/import")
public CommonResult importUser(MultipartFile file) throws IOException {
@@ -175,20 +180,20 @@
param.setNickName(item.getNickName());
String sex = item.getSex();
- if (sex.equals("鐢�")){
+ if (sex.equals("鐢�")) {
param.setSex((byte) 1);
} else if (sex.equals("濂�")) {
param.setSex((byte) 0);
- }else {
+ } else {
throw new RuntimeException("鎬у埆杈撳叆鏈夎");
}
String isDy = item.getIsDy();
- if (isDy.equals("鏄�")){
+ if (isDy.equals("鏄�")) {
param.setSex((byte) 1);
} else if (isDy.equals("鍚�")) {
param.setSex((byte) 0);
- }else {
+ } else {
throw new RuntimeException("鍏氬憳杈撳叆鏈夎");
}
@@ -197,9 +202,9 @@
String role = item.getRole();
UmsRole umsRole = umsRoleMapper.selectOne(new LambdaQueryWrapper<UmsRole>().eq(UmsRole::getName, role));
- if (Objects.isNull(umsRole)){
+ if (Objects.isNull(umsRole)) {
param.setRoleIds(null);
- }else {
+ } else {
List list = new ArrayList<>();
list.add(umsRole.getId());
param.setRoleIds(list);
@@ -207,17 +212,17 @@
String userType = item.getUserType();
DataDictionary dataDictionary = dataDictionary2Mapper.selectOne(new LambdaQueryWrapper<DataDictionary>().eq(DataDictionary::getName, userType));
- if (Objects.isNull(dataDictionary)){
+ if (Objects.isNull(dataDictionary)) {
throw new RuntimeException("鐢ㄦ埛绫诲瀷涓嶅瓨鍦�");
- }else {
+ } else {
param.setUserType(dataDictionary.getId().intValue());
}
String department = item.getDepartment();
UmsDepart umsDepart = umsDepartMapper.selectOne(new LambdaQueryWrapper<UmsDepart>().eq(UmsDepart::getDepartName, department));
- if (Objects.isNull(umsDepart)){
+ if (Objects.isNull(umsDepart)) {
throw new RuntimeException("閮ㄩ棬涓嶅瓨鍦�");
- }else {
+ } else {
param.setDepartmentId(umsDepart.getId());
}
@@ -234,7 +239,6 @@
}).sheet().doRead();
return CommonResult.success(true, "瀵煎叆鎴愬姛");
}
-
@ApiOperation("鑾峰彇鎸囧畾鐢ㄦ埛淇℃伅")
@@ -271,7 +275,7 @@
return CommonResult.failed("鎵句笉鍒拌鐢ㄦ埛");
} else if (status == -3) {
return CommonResult.failed("鏃у瘑鐮侀敊璇�");
- }else if (status == -4) {
+ } else if (status == -4) {
return CommonResult.failed("瀵嗙爜涓嶈兘鍜岀櫥褰曞悕瀹屽叏涓�鑷�");
} else {
return CommonResult.failed();
diff --git a/ycl-common/src/main/java/com/ycl/entity/user/UmsAdmin.java b/ycl-common/src/main/java/com/ycl/entity/user/UmsAdmin.java
index 47eda99..79ef1cd 100644
--- a/ycl-common/src/main/java/com/ycl/entity/user/UmsAdmin.java
+++ b/ycl-common/src/main/java/com/ycl/entity/user/UmsAdmin.java
@@ -10,8 +10,10 @@
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.*;
+import org.joda.time.DateTime;
import java.io.Serializable;
+import java.time.LocalDateTime;
import java.util.Date;
import java.util.List;
@@ -99,6 +101,14 @@
@ApiModelProperty(value = "鏄惁涓虹綉鏍肩鐞嗗憳锛�0->涓嶆槸锛�1->鏄�")
private Integer isGrid;
+ @ApiModelProperty(value = "鏄惁涓虹綉鏍肩鐞嗗憳锛�0->涓嶆槸锛�1->鏄�")
+ @TableField("password_error_num")
+ private Integer passwordErrorNum;
+
+ @ApiModelProperty(value = "鏄惁涓虹綉鏍肩鐞嗗憳锛�0->涓嶆槸锛�1->鏄�")
+ @TableField("password_error_last_time")
+ private LocalDateTime passwordErrorLastTime;
+
@ApiModelProperty(value = "鍏抽敭瀛楁")
@TableField(exist = false)
private String keyword;
diff --git a/ycl-common/src/main/java/com/ycl/service/user/impl/UmsAdminServiceImpl.java b/ycl-common/src/main/java/com/ycl/service/user/impl/UmsAdminServiceImpl.java
index c8235e2..3b459dd 100644
--- a/ycl-common/src/main/java/com/ycl/service/user/impl/UmsAdminServiceImpl.java
+++ b/ycl-common/src/main/java/com/ycl/service/user/impl/UmsAdminServiceImpl.java
@@ -1,6 +1,7 @@
package com.ycl.service.user.impl;
import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.date.DateTime;
import cn.hutool.core.util.PageUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.druid.sql.PagerUtils;
@@ -49,6 +50,7 @@
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.text.SimpleDateFormat;
+import java.time.LocalDateTime;
import java.util.*;
import java.util.function.Consumer;
import java.util.stream.Collectors;
@@ -258,12 +260,31 @@
//瀵嗙爜闇�瑕佸鎴风鍔犲瘑鍚庝紶閫�
try {
AdminUserDetails userDetails = (AdminUserDetails) loadUserByUsername(username);
+
+ UmsAdmin admin = userDetails.getUmsAdmin();
+ LocalDateTime nowTime = LocalDateTime.now();
+ nowTime = nowTime.plusMinutes(-15);
+ if (admin.getPasswordErrorNum() != null && admin.getPasswordErrorNum() >= 5
+ && admin.getPasswordErrorLastTime().isAfter(nowTime)) {
+ admin.setPasswordErrorLastTime(LocalDateTime.now());
+ updateById(admin);
+ Asserts.fail("鐧诲綍澶辫触瓒呰繃5娆★紝姝よ处鍙疯閿佸畾锛岃15鍒嗛挓鍚庡啀璇曘��");
+ }
if (!passwordEncoder.matches(password, userDetails.getPassword())) {
+ if (admin.getPasswordErrorNum() == null) {
+ admin.setPasswordErrorNum(1);
+ } else {
+ admin.setPasswordErrorNum(admin.getPasswordErrorNum() + 1);
+ }
+ admin.setPasswordErrorLastTime(LocalDateTime.now());
+ updateById(admin);
Asserts.fail("瀵嗙爜涓嶆纭�");
}
if (!userDetails.isEnabled()) {
Asserts.fail("甯愬彿宸茶绂佺敤");
}
+ admin.setPasswordErrorNum(0);
+ updateById(admin);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -430,7 +451,7 @@
List<UmsMenu> resourceList = getResourceList(admin.getId());
return new AdminUserDetails(admin, resourceList);
}
- throw new UsernameNotFoundException("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒");
+ throw new UsernameNotFoundException("鐢ㄦ埛涓嶅瓨鍦�");
}
@Override
diff --git a/ycl-common/src/main/java/com/ycl/utils/AesEncryptUtil.java b/ycl-common/src/main/java/com/ycl/utils/AesEncryptUtil.java
new file mode 100644
index 0000000..168efc6
--- /dev/null
+++ b/ycl-common/src/main/java/com/ycl/utils/AesEncryptUtil.java
@@ -0,0 +1,100 @@
+package com.ycl.utils;
+
+import org.apache.commons.codec.binary.Base64;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+public class AesEncryptUtil {
+ //浣跨敤AES-128-CBC鍔犲瘑妯″紡锛宬ey闇�瑕佷负16浣�,key鍜宨v鍙互鐩稿悓锛�
+ private static String KEY = "1234567890123456";
+
+ private static String IV = "1234567890123456";
+
+
+ /**
+ * 鍔犲瘑鏂规硶
+ * @param data 瑕佸姞瀵嗙殑鏁版嵁
+ * @param key 鍔犲瘑key
+ * @param iv 鍔犲瘑iv
+ * @return 鍔犲瘑鐨勭粨鏋�
+ * @throws Exception
+ */
+ public static String encrypt(String data, String key, String iv) throws Exception {
+ try {
+
+ Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");//"绠楁硶/妯″紡/琛ョ爜鏂瑰紡"NoPadding PkcsPadding
+ int blockSize = cipher.getBlockSize();
+
+ byte[] dataBytes = data.getBytes();
+ int plaintextLength = dataBytes.length;
+ if (plaintextLength % blockSize != 0) {
+ plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
+ }
+
+ byte[] plaintext = new byte[plaintextLength];
+ System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
+
+ SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
+ IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
+
+ cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
+ byte[] encrypted = cipher.doFinal(plaintext);
+
+ return new Base64().encodeToString(encrypted);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * 瑙e瘑鏂规硶
+ * @param data 瑕佽В瀵嗙殑鏁版嵁
+ * @param key 瑙e瘑key
+ * @param iv 瑙e瘑iv
+ * @return 瑙e瘑鐨勭粨鏋�
+ * @throws Exception
+ */
+ public static String desEncrypt(String data, String key, String iv) throws Exception {
+ try {
+ byte[] encrypted1 = new Base64().decode(data);
+
+ Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
+ SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
+ IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
+
+ cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
+
+ byte[] original = cipher.doFinal(encrypted1);
+ String originalString = new String(original);
+ return originalString.trim();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * 浣跨敤榛樿鐨刱ey鍜宨v鍔犲瘑
+ * @param data
+ * @return
+ * @throws Exception
+ */
+ public static String encrypt(String data) throws Exception {
+ return encrypt(data, KEY, IV);
+ }
+
+ /**
+ * 浣跨敤榛樿鐨刱ey鍜宨v瑙e瘑
+ * @param data
+ * @return
+ * @throws Exception
+ */
+ public static String desEncrypt(String data) throws Exception {
+ return desEncrypt(data, KEY, IV);
+ }
+
+}
diff --git a/ycl-common/src/main/resources/mapper/user/UmsAdminMapper.xml b/ycl-common/src/main/resources/mapper/user/UmsAdminMapper.xml
index f422638..69778c7 100644
--- a/ycl-common/src/main/resources/mapper/user/UmsAdminMapper.xml
+++ b/ycl-common/src/main/resources/mapper/user/UmsAdminMapper.xml
@@ -23,6 +23,8 @@
<result column="zj" property="zj"/>
<result column="mobile" property="mobile"/>
<result column="expiration_date" property="expirationDate"/>
+ <result column="password_error_num" property="passwordErrorNum"/>
+ <result column="password_error_last_time" property="passwordErrorLastTime" />
</resultMap>
<resultMap type="com.ycl.entity.user.UmsAdmin" id="CondMapResultMap" extends="BaseResultMap">
<collection property="depart" javaType="ArrayList" ofType="com.ycl.entity.depart.UmsDepart">
diff --git a/ycl-platform/src/main/java/com/ycl/controller/platformApi/AlarmController.java b/ycl-platform/src/main/java/com/ycl/controller/platformApi/AlarmController.java
index 83980a1..70ba109 100644
--- a/ycl-platform/src/main/java/com/ycl/controller/platformApi/AlarmController.java
+++ b/ycl-platform/src/main/java/com/ycl/controller/platformApi/AlarmController.java
@@ -1,6 +1,7 @@
package com.ycl.controller.platformApi;
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
+import com.ycl.annotation.LogSave;
import com.ycl.api.CommonResult;
import com.ycl.dto.video.AlarmParam;
import com.ycl.enums.common.ResultCode;
@@ -46,6 +47,7 @@
@ApiOperation("瑙嗛鎶ヨ鎺ㄩ�丄PI")
@PostMapping("/AlarmReport")
+ @LogSave(operationType = "鎶ヨ绠$悊", contain = "瑙嗛鎶ヨ鎺ㄩ��")
public CommonResult alarmReport(@RequestBody @Validated AlarmParam alarmParam) {
videoAlarmReportService.save(alarmParam);
return new CommonResult(ResultCode.SUCCESS.getCode(), ResultCode.SUCCESS.getMessage());
diff --git a/ycl-platform/src/main/resources/application-dev.yml b/ycl-platform/src/main/resources/application-dev.yml
index 1a441d0..7f25105 100644
--- a/ycl-platform/src/main/resources/application-dev.yml
+++ b/ycl-platform/src/main/resources/application-dev.yml
@@ -35,7 +35,7 @@
timeout: 0
datasource:
- url: jdbc:mysql://42.193.1.25:3306/sccg0318?useUnicode=true&characterEncoding=utf8&autoReconnect=true&useSSL=false
+ url: jdbc:mysql://42.193.1.25:3306/sccg?useUnicode=true&characterEncoding=utf8&autoReconnect=true&useSSL=false
username: root
password: 321$YcYl@1970!
type: com.alibaba.druid.pool.DruidDataSource
--
Gitblit v1.8.0