| | |
|---|
| | | |
|---|
| | | import com.alibaba.nacos.common.utils.StringUtils; |
|---|
| | | import com.vci.ubcs.auth.constant.AuthConstant; |
|---|
| | | import com.vci.ubcs.auth.support.BladePasswordEncoderFactories; |
|---|
| | | import com.vci.ubcs.auth.utils.TokenUtil; |
|---|
| | | import com.vci.ubcs.system.user.entity.User; |
|---|
| | | import com.vci.ubcs.system.user.entity.UserInfo; |
|---|
| | |
|---|
| | | import com.vci.ubcs.common.cache.CacheNames; |
|---|
| | | import org.springblade.core.jwt.JwtUtil; |
|---|
| | | import org.springblade.core.jwt.props.JwtProperties; |
|---|
| | | import org.springblade.core.launch.constant.TokenConstant; |
|---|
| | | import org.springblade.core.log.annotation.LoginOrLogoutLog; |
|---|
| | | import org.springblade.core.redis.cache.BladeRedis; |
|---|
| | | import org.springblade.core.secure.utils.AuthUtil; |
|---|
| | | import org.springblade.core.tool.api.R; |
|---|
| | | import org.springblade.core.tool.support.Kv; |
|---|
| | | import org.springblade.core.tool.utils.*; |
|---|
| | |
|---|
| | | import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|---|
| | | import org.springframework.security.core.userdetails.UserDetailsService; |
|---|
| | | import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|---|
| | | import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; |
|---|
| | | import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; |
|---|
| | | import org.springframework.stereotype.Service; |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | @Override |
|---|
| | | @SneakyThrows |
|---|
| | | @LoginOrLogoutLog("login") |
|---|
| | | public BladeUserDetails loadUserByUsername(String username) { |
|---|
| | | HttpServletRequest request = WebUtil.getRequest(); |
|---|
| | | // 获取用户绑定ID |
|---|
| | |
|---|
| | | // 获取租户ID |
|---|
| | | String headerTenant = request.getHeader(TokenUtil.TENANT_HEADER_KEY); |
|---|
| | | String paramTenant = request.getParameter(TokenUtil.TENANT_PARAM_KEY); |
|---|
| | | String refreshToken = request.getParameter(TokenConstant.REFRESH_TOKEN); |
|---|
| | | String password = request.getParameter(TokenUtil.PASSWORD_KEY); |
|---|
| | | String grantType = request.getParameter(TokenUtil.GRANT_TYPE_KEY); |
|---|
| | | // 判断租户请求头 |
|---|
| | |
|---|
| | | int count = getFailCount(tenantId, username); |
|---|
| | | //为防止取值为空报错的情况,当为空的时候给默认只为5次便锁定用户登录,但是一般很难出现这种情况,因为我feign里面是给了默认密码策略查询的 |
|---|
| | | int failCountValue = Func.isEmpty(strategy) ? FAIL_COUNT:Func.toInt(strategy.getLockingNum()); |
|---|
| | | int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue); |
|---|
| | | //int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue); |
|---|
| | | |
|---|
| | | if (count >= failCount) { |
|---|
| | | if (count >= failCountValue) { |
|---|
| | | throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_TOO_MANY_FAILS); |
|---|
| | | } |
|---|
| | | |
|---|
| | | //超级管理员配置文件配置账号密码,实现登录, 默认租户id为000000 |
|---|
| | | if(tenantId.equals(this.tenantId)){ |
|---|
| | | if (!this.userName.equals(username) && !password.equalsIgnoreCase(this.password)) { |
|---|
| | | //超级管理员配置文件配置账号密码,实现登录, 默认租户id和超管为配置出来的 |
|---|
| | | if(tenantId.equals(this.tenantId) && userName.equals(username)){ |
|---|
| | | if (Func.isBlank(refreshToken)/*刷新token不用校验密码*/ |
|---|
| | | && (!this.userName.equals(username) || !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password)) |
|---|
| | | ) { |
|---|
| | | setFailCount(tenantId, username, count,strategy.getLockingTime()); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!"); |
|---|
| | | } |
|---|
| | | //如果ip比对后get抛出异常No value present就直接抛异常结束登录 |
|---|
| | | if(ipEnable){ |
|---|
| | | Log.debug("当前访问IP:"+getIpAddress(request)); |
|---|
| | | // Log.debug("当前访问IP:"+getIpAddress(request)); |
|---|
| | | Log.debug("当前访问IP:"+WebUtil.getIP(request)); |
|---|
| | | try { |
|---|
| | | ips.stream().filter(s -> s.equals(getIpAddress(request))).findFirst().get(); |
|---|
| | | ips.stream().filter(s -> s.equals(WebUtil.getIP(request))).findFirst().get(); |
|---|
| | | } catch (Exception e){ |
|---|
| | | throw new UserDeniedAuthorizationException(TokenUtil.IP_NOT_FOND); |
|---|
| | | } |
|---|
| | |
|---|
| | | // 用户不存在,但提示用户名与密码错误并锁定账号 |
|---|
| | | if (user == null || user.getId() == null) { |
|---|
| | | setFailCount(tenantId, username, count,strategy.getLockingTime()); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!"); |
|---|
| | | } |
|---|
| | | // 用户状态为1时说明该用户被锁定 |
|---|
| | | if(user.getUserStatus() == 1){ |
|---|
| | | throw new InvalidGrantException(TokenUtil.USER_LOCK); |
|---|
| | | } |
|---|
| | | String hex = DigestUtil.hex(password); |
|---|
| | | // 用户存在但密码错误,超过次数则锁定账号 |
|---|
| | | if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(hex)) { |
|---|
| | | setFailCount(tenantId, username, count,strategy.getLockingTime()); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!"); |
|---|
| | | } |
|---|
| | | // 用户角色不存在 |
|---|
| | | if (Func.isEmpty(userInfo.getRoles())) { |
|---|
