ubcs.git - Gitblit

			@@ -31,9 +31,9 @@
			import com.vci.ubcs.common.cache.CacheNames;
			import org.springblade.core.jwt.JwtUtil;
			import org.springblade.core.jwt.props.JwtProperties;
			import org.springblade.core.launch.constant.TokenConstant;
			import org.springblade.core.log.annotation.LoginOrLogoutLog;
			import org.springblade.core.redis.cache.BladeRedis;
			import org.springblade.core.secure.utils.AuthUtil;
			import org.springblade.core.tool.api.R;
			import org.springblade.core.tool.support.Kv;
			import org.springblade.core.tool.utils.*;
			@@ -42,7 +42,6 @@
			import com.vci.ubcs.system.entity.Tenant;
			import com.vci.ubcs.system.feign.ISysClient;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.security.core.AuthenticationException;
			import org.springframework.security.core.GrantedAuthority;
			import org.springframework.security.core.authority.AuthorityUtils;
			import org.springframework.security.core.authority.SimpleGrantedAuthority;
			@@ -110,6 +109,7 @@
			// 获取租户ID
			String headerTenant = request.getHeader(TokenUtil.TENANT_HEADER_KEY);
			String paramTenant = request.getParameter(TokenUtil.TENANT_PARAM_KEY);
			String refreshToken = request.getParameter(TokenConstant.REFRESH_TOKEN);
			String password = request.getParameter(TokenUtil.PASSWORD_KEY);
			String grantType = request.getParameter(TokenUtil.GRANT_TYPE_KEY);
			// 判断租户请求头
			@@ -131,17 +131,19 @@
			int count = getFailCount(tenantId, username);
			//为防止取值为空报错的情况，当为空的时候给默认只为5次便锁定用户登录，但是一般很难出现这种情况，因为我feign里面是给了默认密码策略查询的
			int failCountValue = Func.isEmpty(strategy) ? FAIL_COUNT:Func.toInt(strategy.getLockingNum());
			int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue);
			//int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue);

			if (count >= failCount) {
			if (count >= failCountValue) {
			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_TOO_MANY_FAILS);
			}

			//超级管理员配置文件配置账号密码，实现登录, 默认租户id和超管为配置出来的
			if(tenantId.equals(this.tenantId) && userName.equals(username)){
			if (!this.userName.equals(username) \|\| !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password)) {
			if (Func.isBlank(refreshToken)/刷新token不用校验密码/
			&& (!this.userName.equals(username) \|\| !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password))
			) {
			setFailCount(tenantId, username, count,strategy.getLockingTime());
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCount-count)+"】次尝试机会!");
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!");
			}
			//如果ip比对后get抛出异常No value present就直接抛异常结束登录
			if(ipEnable){
			@@ -197,7 +199,7 @@
			// 用户不存在,但提示用户名与密码错误并锁定账号
			if (user == null \|\| user.getId() == null) {
			setFailCount(tenantId, username, count,strategy.getLockingTime());
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCount-count)+"】次尝试机会!");
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!");
			}
			// 用户状态为1时说明该用户被锁定
			if(user.getUserStatus() == 1){
			@@ -207,7 +209,7 @@
			// 用户存在但密码错误,超过次数则锁定账号
			if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(hex)) {
			setFailCount(tenantId, username, count,strategy.getLockingTime());
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCount-count)+"】次尝试机会!");
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!");
			}
			// 用户角色不存在
			if (Func.isEmpty(userInfo.getRoles())) {