Fatal编程技术网
  • java/
  • Java 如何处理从org.springframework.security.core.userdetails.User为无效凭据引发的异常

Java 如何处理从org.springframework.security.core.userdetails.User为无效凭据引发的异常

java spring-boot spring-security jhipster

Java 如何处理从org.springframework.security.core.userdetails.User为无效凭据引发的异常,java,spring-boot,spring-security,jhipster,cloudfoundry-uaa,Java,Spring Boot,Spring Security,Jhipster,Cloudfoundry Uaa,如果存在无效凭据,我希望触发一个事件,在我的代码中,它将转到orelsethrow块(尝试实现帐户锁定)。是否可以捕获从“org.springframework.security.core.userdetails.User(小写字母,User.getPassword(),grantedAuthories)”引发的异常这样我就可以触发一个处理帐户锁定的事件 我已经创建了一个自定义事件处理程序(AuthenticationFailureEventListener不起作用),以在尝试3或5次后锁定帐户

如果存在无效凭据,我希望触发一个事件,在我的代码中,它将转到orelsethrow块(尝试实现帐户锁定)。是否可以捕获从“org.springframework.security.core.userdetails.User(小写字母,User.getPassword(),grantedAuthories)”引发的异常这样我就可以触发一个处理帐户锁定的事件

我已经创建了一个自定义事件处理程序(AuthenticationFailureEventListener不起作用),以在尝试3或5次后锁定帐户。我正在使用jhipster UAA

   Optional<User> userFromDatabase = userRepository.findOneWithAuthoritiesByLogin(lowercaseLogin);

            return userFromDatabase.map(user -> {
                if (!user.getActivated()) {
                    log.info("User " + login + " was not activated");
                    throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");

                }
                List<GrantedAuthority> grantedAuthorities = user.getAuthorities().stream()
                        .map(authority -> new SimpleGrantedAuthority(authority.getName())).collect(Collectors.toList());

                return new org.springframework.security.core.userdetails.User(lowercaseLogin, user.getPassword(),
                        grantedAuthorities);
    })

        .orElseThrow(
                        () -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the " + "database"));
我尝试过实现AuthenticationFailureEventListener(),但没有触发该事件。我也尝试过同样的方法,但侦听器中的代码没有被错误的凭据调用。您的意思是:是否可以捕获从“org.springframework.security.core.userdetails.User”引发的异常(小写字母,user.getPassword(),grantedAuthories)”?如果传递空值,则仅引发IllegalArgumentException。 
     @Service
public class AccountLockService {
    private final int MAX_ATTEMPT = 3;
    private LoadingCache<String, Integer> attemptsCache;

    public AccountLockService() {
        super();
        attemptsCache = CacheBuilder.newBuilder().
          expireAfterWrite(1, TimeUnit.MINUTES).build(new CacheLoader<String, Integer>() {
            public Integer load(String key) {
                return 0;
            }
        });
    }


    public void loginFailed(String key) {
        int attempts = 0;
        try {
            attempts = attemptsCache.get(key);
        } catch (ExecutionException e) {
            attempts = 0;
        }
        attempts++;
        attemptsCache.put(key, attempts);
    }

    public boolean isBlocked(String key) {
        try {
            return attemptsCache.get(key) >= MAX_ATTEMPT;
        } catch (ExecutionException e) {
            return false;
        }
    }
}

@Component
public class CustomCreatedEventListener {
    @Autowired
    private AccountLockService accountLockService;

    @Autowired
    private HttpServletRequest request;

    public CustomCreatedEventListener(AccountLockService accountLockService, HttpServletRequest request) {
        this.accountLockService = accountLockService;
        this.request = request;
    }

    @EventListener
    public void accountLock(Authentication auth) {

        String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) {
            xfHeader = request.getRemoteAddr();
        }
        xfHeader = xfHeader.split(",")[0];

        accountLockService.loginFailed(xfHeader);
    }
}