manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

记录登录失败日志

Browse Source
This commit is contained in:
thinkgem
2020-04-22 11:41:44 +08:00
parent 76d1eda40c
commit f6c189e28f
2 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
View File

@@ -37,6 +37,9 @@ import com.jeesite.common.shiro.realm.BaseAuthorizingRealm;
import com.jeesite.common.shiro.realm.LoginInfo; import com.jeesite.common.shiro.realm.LoginInfo;
import com.jeesite.common.web.CookieUtils; import com.jeesite.common.web.CookieUtils;
import com.jeesite.common.web.http.ServletUtils; import com.jeesite.common.web.http.ServletUtils;
import com.jeesite.modules.sys.entity.Log;
import com.jeesite.modules.sys.entity.User;
import com.jeesite.modules.sys.utils.LogUtils;
import com.jeesite.modules.sys.utils.UserUtils; import com.jeesite.modules.sys.utils.UserUtils;
/** /**
@@ -45,10 +48,11 @@ import com.jeesite.modules.sys.utils.UserUtils;
* @version 2020-4-13 * @version 2020-4-13
*/ */
public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter { public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter {
public static final String CAPTCHA_PARAM = "validCode"; // 验证码 public static final String CAPTCHA_PARAM = "validCode"; // 验证码
public static final String MESSAGE_PARAM = "message"; // 登录返回消息 public static final String MESSAGE_PARAM = "message"; // 登录返回消息
public static final String REMEMBER_USERCODE_PARAM = "rememberUserCode"; // 记住用户名 public static final String REMEMBER_USERCODE_PARAM = "rememberUserCode"; // 记住用户名
public static final String EXCEPTION_ATTRIBUTE_NAME = "exception"; // 异常类属性名
private static final Logger logger = LoggerFactory.getLogger(FormAuthenticationFilter.class); private static final Logger logger = LoggerFactory.getLogger(FormAuthenticationFilter.class);
@@ -256,8 +260,8 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
*/ */
@Override @Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
String className = e.getClass().getName(), message = ""; String message = StringUtils.EMPTY;
if (IncorrectCredentialsException.class.getName().equals(className) || UnknownAccountException.class.getName().equals(className)) { if (e instanceof IncorrectCredentialsException || e instanceof UnknownAccountException) {
message = Global.getText("sys.login.failure"); message = Global.getText("sys.login.failure");
} else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) { } else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) {
message = StringUtils.replace(e.getMessage(), "msg:", ""); message = StringUtils.replace(e.getMessage(), "msg:", "");
@@ -265,7 +269,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
message = Global.getText("sys.login.error"); message = Global.getText("sys.login.error");
logger.error(message, e); // 输出到日志文件 logger.error(message, e); // 输出到日志文件
} }
request.setAttribute(getFailureKeyAttribute(), className); request.setAttribute(EXCEPTION_ATTRIBUTE_NAME, e);
request.setAttribute(MESSAGE_PARAM, message); request.setAttribute(MESSAGE_PARAM, message);
// 登录操作如果是Ajax操作直接返回登录信息字符串。 // 登录操作如果是Ajax操作直接返回登录信息字符串。
@@ -318,7 +322,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
String username = WebUtils.getCleanParam(request, DEFAULT_USERNAME_PARAM); String username = WebUtils.getCleanParam(request, DEFAULT_USERNAME_PARAM);
boolean rememberMe = WebUtils.isTrue(request, DEFAULT_REMEMBER_ME_PARAM); boolean rememberMe = WebUtils.isTrue(request, DEFAULT_REMEMBER_ME_PARAM);
boolean rememberUserCode = WebUtils.isTrue(request, REMEMBER_USERCODE_PARAM); boolean rememberUserCode = WebUtils.isTrue(request, REMEMBER_USERCODE_PARAM);
String exception = (String)request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); Exception exception = (Exception)request.getAttribute(EXCEPTION_ATTRIBUTE_NAME);
String message = (String)request.getAttribute(MESSAGE_PARAM); String message = (String)request.getAttribute(MESSAGE_PARAM);
String secretKey = Global.getProperty("shiro.loginSubmit.secretKey"); String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
@@ -333,14 +337,18 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
for (Entry<String, Object> entry : paramMap.entrySet()){ for (Entry<String, Object> entry : paramMap.entrySet()){
data.put(ServletUtils.EXT_PARAMS_PREFIX + entry.getKey(), entry.getValue()); data.put(ServletUtils.EXT_PARAMS_PREFIX + entry.getKey(), entry.getValue());
} }
// data.put(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception);
data.put(MESSAGE_PARAM, message); data.put(MESSAGE_PARAM, message);
// 非授权异常登录失败验证码加1。 // 非授权异常,登录失败,验证码加 1。
if (!UnauthorizedException.class.getName().equals(exception)){ if (!(exception instanceof UnauthorizedException)){
data.put("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username, data.put("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username,
(String)paramMap.get("corpCode"), (String)paramMap.get("deviceType"), "failed")); (String)paramMap.get("corpCode"), (String)paramMap.get("deviceType"), "failed"));
} }
// 记录用户登录失败日志
String corpCode = (String)paramMap.get("corpCode");
User user = UserUtils.getByLoginCode(username, corpCode);
LogUtils.saveLog(user, request, "登录失败", Log.TYPE_LOGIN_LOGOUT);
//获取当前会话对象 //获取当前会话对象
Session session = UserUtils.getSession(); Session session = UserUtils.getSession();

7
modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java
View File

@@ -207,7 +207,12 @@ public class LogUtils {
} }
// 如果有异常,设置异常信息(将异常对象转换为字符串) // 如果有异常,设置异常信息(将异常对象转换为字符串)
log.setIsException(throwable != null ? Global.YES : Global.NO); log.setIsException(throwable != null ? Global.YES : Global.NO);
log.setExceptionInfo(ExceptionUtils.getStackTraceAsString(throwable)); String message = ExceptionUtils.getExceptionMessage(throwable);
if (message != null) {
log.setExceptionInfo(message);
} else {
log.setExceptionInfo(ExceptionUtils.getStackTraceAsString(throwable));
}
// 如果无地址并无异常日志,则不保存信息 // 如果无地址并无异常日志,则不保存信息
if (StringUtils.isBlank(log.getRequestUri()) && StringUtils.isBlank(log.getExceptionInfo())){ if (StringUtils.isBlank(log.getRequestUri()) && StringUtils.isBlank(log.getExceptionInfo())){
return; return;