记录登录失败日志

2020-04-22 11:41:44 +08:00
parent 76d1eda40c
commit f6c189e28f
2 changed files with 23 additions and 10 deletions
--- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java
@@ -37,6 +37,9 @@ import com.jeesite.common.shiro.realm.BaseAuthorizingRealm;
 import com.jeesite.common.shiro.realm.LoginInfo;
 import com.jeesite.common.web.CookieUtils;
 import com.jeesite.common.web.http.ServletUtils;
+import com.jeesite.modules.sys.entity.Log;
+import com.jeesite.modules.sys.entity.User;
+import com.jeesite.modules.sys.utils.LogUtils;
 import com.jeesite.modules.sys.utils.UserUtils;

 /**
@@ -49,6 +52,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
 	public static final String CAPTCHA_PARAM = "validCode"; // 验证码
 	public static final String MESSAGE_PARAM = "message"; // 登录返回消息
 	public static final String REMEMBER_USERCODE_PARAM = "rememberUserCode"; // 记住用户名
+	public static final String EXCEPTION_ATTRIBUTE_NAME = "exception"; // 异常类属性名
 	
 	private static final Logger logger = LoggerFactory.getLogger(FormAuthenticationFilter.class);
 	
@@ -256,8 +260,8 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
 	 */
 	@Override
 	protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
-		String className = e.getClass().getName(), message = "";
-		if (IncorrectCredentialsException.class.getName().equals(className) || UnknownAccountException.class.getName().equals(className)) {
+		String message = StringUtils.EMPTY;
+		if (e instanceof IncorrectCredentialsException || e instanceof UnknownAccountException) {
 			message = Global.getText("sys.login.failure");
 		} else if (e.getMessage() != null && StringUtils.startsWith(e.getMessage(), "msg:")) {
 			message = StringUtils.replace(e.getMessage(), "msg:", "");
@@ -265,7 +269,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
 			message = Global.getText("sys.login.error");
 			logger.error(message, e); // 输出到日志文件
 		}
-		request.setAttribute(getFailureKeyAttribute(), className);
+		request.setAttribute(EXCEPTION_ATTRIBUTE_NAME, e);
 		request.setAttribute(MESSAGE_PARAM, message);
 		
 		// 登录操作如果是Ajax操作，直接返回登录信息字符串。
@@ -318,7 +322,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
 		String username = WebUtils.getCleanParam(request, DEFAULT_USERNAME_PARAM);
 		boolean rememberMe = WebUtils.isTrue(request, DEFAULT_REMEMBER_ME_PARAM);
 		boolean rememberUserCode = WebUtils.isTrue(request, REMEMBER_USERCODE_PARAM);
-		String exception = (String)request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
+		Exception exception = (Exception)request.getAttribute(EXCEPTION_ATTRIBUTE_NAME);
 		String message = (String)request.getAttribute(MESSAGE_PARAM);

 		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
@@ -333,15 +337,19 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.
 		for (Entry<String, Object> entry : paramMap.entrySet()){
 			data.put(ServletUtils.EXT_PARAMS_PREFIX + entry.getKey(), entry.getValue());
 		}
-//		data.put(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME, exception);
 		data.put(MESSAGE_PARAM, message);
 		
-		// 非授权异常，登录失败，验证码加1。
-		if (!UnauthorizedException.class.getName().equals(exception)){
+		// 非授权异常，登录失败，验证码加 1。
+		if (!(exception instanceof UnauthorizedException)){
 			data.put("isValidCodeLogin", BaseAuthorizingRealm.isValidCodeLogin(username,
 					(String)paramMap.get("corpCode"), (String)paramMap.get("deviceType"), "failed"));
 		}

+		// 记录用户登录失败日志
+		String corpCode = (String)paramMap.get("corpCode");
+		User user = UserUtils.getByLoginCode(username, corpCode);
+		LogUtils.saveLog(user, request, "登录失败", Log.TYPE_LOGIN_LOGOUT);
+		
 		//获取当前会话对象
 		Session session = UserUtils.getSession();
 		data.put("sessionid", (String)session.getId());
--- a/modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/utils/LogUtils.java
@@ -207,7 +207,12 @@ public class LogUtils {
 			}
 			// 如果有异常，设置异常信息（将异常对象转换为字符串）
 			log.setIsException(throwable != null ? Global.YES : Global.NO);
-			log.setExceptionInfo(ExceptionUtils.getStackTraceAsString(throwable));
+			String message = ExceptionUtils.getExceptionMessage(throwable);
+			if (message != null) {
+				log.setExceptionInfo(message);
+			} else {
+				log.setExceptionInfo(ExceptionUtils.getStackTraceAsString(throwable));
+			}
 			// 如果无地址并无异常日志，则不保存信息
 			if (StringUtils.isBlank(log.getRequestUri()) && StringUtils.isBlank(log.getExceptionInfo())){
 				return;