| src/main/java/com/nanometer/smartlab/controller/LoginController.java | ●●●●● patch | view | raw | blame | history | |
| src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java | ●●●●● patch | view | raw | blame | history | |
| src/main/webapp/WEB-INF/ehcache.xml | ●●●●● patch | view | raw | blame | history | |
| src/main/webapp/WEB-INF/spring-shiro.xml | ●●●●● patch | view | raw | blame | history |
src/main/java/com/nanometer/smartlab/controller/LoginController.java
@@ -44,7 +44,7 @@ FacesUtils.warn("用户名不存在"); return null; } catch (ExcessiveAttemptsException e) { FacesUtils.warn("登陆失败,密码连续输入错误超过5次,锁定5分钟!"); FacesUtils.warn("登陆失败,密码连续输入错误超过8次,锁定1分钟!"); return null; } catch (Exception e) { logger.error("登陆失败", e); src/main/java/com/nanometer/smartlab/realm/RetryLimitCredentialsMatcher.java
@@ -65,11 +65,11 @@ retryCount = new AtomicInteger(0); passwordRetryCache.put(username, retryCount); } if(retryCount.incrementAndGet() > 5) { if(retryCount.incrementAndGet() > 8) { //if retry count > 5 throw logger.warn("username: " + username + " tried to login more than 5 times in period"); logger.warn("username: " + username + " tried to login more than 8 times in period"); // FacesUtils.warn("用户名: " + username + " 密码连续输入错误超过5次,锁定5分钟!"); throw new ExcessiveAttemptsException("用户名: " + username + " 密码连续输入错误超过5次,锁定5分钟!"); throw new ExcessiveAttemptsException("用户名: " + username + " 密码连续输入错误超过8次,锁定1分钟!"); } boolean matches = super.doCredentialsMatch(authcToken, info); src/main/webapp/WEB-INF/ehcache.xml
@@ -29,6 +29,16 @@ statistics="true"> </cache> <!-- 缓存1min --> <cache name="oneMin" maxElementsInMemory="10000" maxElementsOnDisk="100000" eternal="false" timeToIdleSeconds="60" timeToLiveSeconds="60" overflowToDisk="false" diskPersistent="false" /> <!-- 缓存5min --> <cache name="fivMin" maxElementsInMemory="10000" src/main/webapp/WEB-INF/spring-shiro.xml
@@ -117,7 +117,7 @@ <!-- 密码错误5次锁定5min --> <bean id="credentialsMatcher" class="com.nanometer.smartlab.realm.RetryLimitCredentialsMatcher"> <constructor-arg ref="shiroSpringCacheManager"/> <property name="retryLimitCacheName" value="fivMin"/> <property name="retryLimitCacheName" value="oneMin"/> <!-- 密码加密 1次md5,增强密码可修改此处 --> <property name="hashAlgorithmName" value="MD5"/> <property name="storedCredentialsHexEncoded" value="true"/>
