From f6c189e28fda37201411de92c94cfdf64235503d Mon Sep 17 00:00:00 2001 From: thinkgem Date: Wed, 22 Apr 2020 11:41:44 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AE=B0=E5=BD=95=E7=99=BB=E5=BD=95=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5=E6=97=A5=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../filter/FormAuthenticationFilter.java | 26 ++++++++++++------- .../jeesite/modules/sys/utils/LogUtils.java | 7 ++++- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java index 0a610c34..50b3b2cc 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java @@ -37,6 +37,9 @@ import com.jeesite.common.shiro.realm.BaseAuthorizingRealm; import com.jeesite.common.shiro.realm.LoginInfo; import com.jeesite.common.web.CookieUtils; import com.jeesite.common.web.http.ServletUtils; +import com.jeesite.modules.sys.entity.Log; +import com.jeesite.modules.sys.entity.User; +import com.jeesite.modules.sys.utils.LogUtils; import com.jeesite.modules.sys.utils.UserUtils; /** @@ -45,10 +48,11 @@ import com.jeesite.modules.sys.utils.UserUtils; * @version 2020-4-13 */ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter { - + public static final String CAPTCHA_PARAM = "validCode"; // 验证码 public static final String MESSAGE_PARAM = "message"; // 登录返回消息 public static final String REMEMBER_USERCODE_PARAM = "rememberUserCode"; // 记住用户名 + public static final String EXCEPTION_ATTRIBUTE_NAME = "exception"; // 异常类属性名 private static final Logger logger = LoggerFactory.getLogger(FormAuthenticationFilter.class); @@ -256,8 +260,8 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. */ @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { - String className = e.getClass().getName(), message = ""; - if (IncorrectCredentialsException.class.getName().equals(className) || UnknownAccountException.class.getName().equals(className)) { + String message = StringUtils.EMPTY; + if (e instanceof IncorrectCredentialsException || e instanceof UnknownAccountException) { message = Global.getText("sys.login.failure"); } else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) { message = StringUtils.replace(e.getMessage(), "msg:", ""); @@ -265,7 +269,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. message = Global.getText("sys.login.error"); logger.error(message, e); // 输出到日志文件 } - request.setAttribute(getFailureKeyAttribute(), className); + request.setAttribute(EXCEPTION_ATTRIBUTE_NAME, e); request.setAttribute(MESSAGE_PARAM, message); // 登录操作如果是Ajax操作,直接返回登录信息字符串。 @@ -318,7 +322,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. String username = WebUtils.getCleanParam(request, DEFAULT_USERNAME_PARAM); boolean rememberMe = WebUtils.isTrue(request, DEFAULT_REMEMBER_ME_PARAM); boolean rememberUserCode = WebUtils.isTrue(request, REMEMBER_USERCODE_PARAM); - String exception = (String)request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); + Exception exception = (Exception)request.getAttribute(EXCEPTION_ATTRIBUTE_NAME); String message = (String)request.getAttribute(MESSAGE_PARAM); String secretKey = Global.getProperty("shiro.loginSubmit.secretKey"); @@ -333,14 +337,18 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. for (Entry entry : paramMap.entrySet()){ data.put(ServletUtils.EXT_PARAMS_PREFIX + entry.getKey(), entry.getValue()); } -// data.put(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception); data.put(MESSAGE_PARAM, message); - - // 非授权异常,登录失败,验证码加1。 - if (!UnauthorizedException.class.getName().equals(exception)){ + + // 非授权异常,登录失败,验证码加 1。 + if (!(exception instanceof UnauthorizedException)){ data.put("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username, (String)paramMap.get("corpCode"), (String)paramMap.get("deviceType"), "failed")); } + + // 记录用户登录失败日志 + String corpCode = (String)paramMap.get("corpCode"); + User user = UserUtils.getByLoginCode(username, corpCode); + LogUtils.saveLog(user, request, "登录失败", Log.TYPE_LOGIN_LOGOUT); //获取当前会话对象 Session session = UserUtils.getSession(); diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java b/modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java index d6dd4b43..57bacaf3 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java @@ -207,7 +207,12 @@ public class LogUtils { } // 如果有异常,设置异常信息(将异常对象转换为字符串) log.setIsException(throwable != null ? Global.YES : Global.NO); - log.setExceptionInfo(ExceptionUtils.getStackTraceAsString(throwable)); + String message = ExceptionUtils.getExceptionMessage(throwable); + if (message != null) { + log.setExceptionInfo(message); + } else { + log.setExceptionInfo(ExceptionUtils.getStackTraceAsString(throwable)); + } // 如果无地址并无异常日志,则不保存信息 if (StringUtils.isBlank(log.getRequestUri()) && StringUtils.isBlank(log.getExceptionInfo())){ return;