Java 如何处理从org.springframework.security.core.userdetails.User为无效凭据引发的异常
如果存在无效凭据,我希望触发一个事件,在我的代码中,它将转到orelsethrow块(尝试实现帐户锁定)。是否可以捕获从“org.springframework.security.core.userdetails.User(小写字母,User.getPassword(),grantedAuthories)”引发的异常这样我就可以触发一个处理帐户锁定的事件 我已经创建了一个自定义事件处理程序(AuthenticationFailureEventListener不起作用),以在尝试3或5次后锁定帐户。我正在使用jhipster UAAJava 如何处理从org.springframework.security.core.userdetails.User为无效凭据引发的异常,java,spring-boot,spring-security,jhipster,cloudfoundry-uaa,Java,Spring Boot,Spring Security,Jhipster,Cloudfoundry Uaa,如果存在无效凭据,我希望触发一个事件,在我的代码中,它将转到orelsethrow块(尝试实现帐户锁定)。是否可以捕获从“org.springframework.security.core.userdetails.User(小写字母,User.getPassword(),grantedAuthories)”引发的异常这样我就可以触发一个处理帐户锁定的事件 我已经创建了一个自定义事件处理程序(AuthenticationFailureEventListener不起作用),以在尝试3或5次后锁定帐户
Optional<User> userFromDatabase = userRepository.findOneWithAuthoritiesByLogin(lowercaseLogin);
return userFromDatabase.map(user -> {
if (!user.getActivated()) {
log.info("User " + login + " was not activated");
throw new UserNotActivatedException("User " + lowercaseLogin + " was not activated");
}
List<GrantedAuthority> grantedAuthorities = user.getAuthorities().stream()
.map(authority -> new SimpleGrantedAuthority(authority.getName())).collect(Collectors.toList());
return new org.springframework.security.core.userdetails.User(lowercaseLogin, user.getPassword(),
grantedAuthorities);
})
.orElseThrow(
() -> new UsernameNotFoundException("User " + lowercaseLogin + " was not found in the " + "database"));
我尝试过实现AuthenticationFailureEventListener(),但没有触发该事件。我也尝试过同样的方法,但侦听器中的代码没有被错误的凭据调用。您的意思是:是否可以捕获从“org.springframework.security.core.userdetails.User”引发的异常(小写字母,user.getPassword(),grantedAuthories)”?如果传递空值,则仅引发IllegalArgumentException。
@Service
public class AccountLockService {
private final int MAX_ATTEMPT = 3;
private LoadingCache<String, Integer> attemptsCache;
public AccountLockService() {
super();
attemptsCache = CacheBuilder.newBuilder().
expireAfterWrite(1, TimeUnit.MINUTES).build(new CacheLoader<String, Integer>() {
public Integer load(String key) {
return 0;
}
});
}
public void loginFailed(String key) {
int attempts = 0;
try {
attempts = attemptsCache.get(key);
} catch (ExecutionException e) {
attempts = 0;
}
attempts++;
attemptsCache.put(key, attempts);
}
public boolean isBlocked(String key) {
try {
return attemptsCache.get(key) >= MAX_ATTEMPT;
} catch (ExecutionException e) {
return false;
}
}
}
@Component
public class CustomCreatedEventListener {
@Autowired
private AccountLockService accountLockService;
@Autowired
private HttpServletRequest request;
public CustomCreatedEventListener(AccountLockService accountLockService, HttpServletRequest request) {
this.accountLockService = accountLockService;
this.request = request;
}
@EventListener
public void accountLock(Authentication auth) {
String xfHeader = request.getHeader("X-Forwarded-For");
if (xfHeader == null) {
xfHeader = request.getRemoteAddr();
}
xfHeader = xfHeader.split(",")[0];
accountLockService.loginFailed(xfHeader);
}
}