Spring
security
java
force
brutal
/pom.xml
<!-- https://github.com/google/guava -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>28.1-jre</version>
</dependency>
Guava is a set of core Java libraries from Google that includes new collection types (such as multimap and multiset), immutable collections, a graph library, and utilities for concurrency, I/O, hashing, caching, primitives, strings, and more! It is widely used on most Java projects within Google, and widely used by many other companies as well.
https://github.com/google/guava
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
/**
* 加入監聽器
*/
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
}
@Service
public class LoginAttemptService {
private final int MAX_ATTEMPT = 5; //設定最大嘗試次數
private LoadingCache<String, Integer> attemptsCache;
//建構方法
public LoginAttemptService() {
attemptsCache = CacheBuilder.newBuilder().expireAfterWrite(
60, // 失敗後可重新嘗試的時間
TimeUnit.SECONDS // 時間單位
).build(new CacheLoader<String, Integer>() {
public Integer load(String key) {
return 0;
}
});
}
/**
* 登入成功,將快取清除
* @param key 用戶 IP
*/
public void loginSucceeded(String key) {
attemptsCache.invalidate(key); //清除快取
}
/**
* 登入失敗,累積嘗試次數
* @param key 用戶 IP
*/
public void loginFailed(String key) {
int attempts = 0;
try {
attempts = attemptsCache.get(key);//取得快取 IP 的次數
} catch (ExecutionException e) {
attempts = 0;//找不到快取
}
attempts++;
attemptsCache.put(key, attempts);//加入快取
}
/**
* 檢查是否超過嘗試次數
* @param key 用戶 IP
* @return
*/
public boolean isBlocked(String key) {
try {
return attemptsCache.get(key) >= MAX_ATTEMPT;
} catch (ExecutionException e) {
return false;
}
}
}
@Component
public class AuthenticationFailureListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
@Autowired
private LoginAttemptService loginAttemptService;
public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent e) {
WebAuthenticationDetails auth = (WebAuthenticationDetails) e.getAuthentication().getDetails();
// 回傳登入的位址
loginAttemptService.loginFailed(auth.getRemoteAddress());
}
}
@Component
public class AuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> {
@Autowired
private LoginAttemptService loginAttemptService;
public void onApplicationEvent(AuthenticationSuccessEvent e) {
WebAuthenticationDetails auth = (WebAuthenticationDetails) e.getAuthentication().getDetails();
// 回傳登入的位址
loginAttemptService.loginSucceeded(auth.getRemoteAddress());
}
}
一、建立檔案 .gitignore //不上傳檔案 二、指令 git --version //檢查版本 git init //初始化git git add [--all] //加入檔案 git add -f [filename] //強制加入檔案 git commit -m "mag" //建立儲存檔 git config user.name "name" //使用者名稱
Feb 22, 2021SQL MongoDB 說明 database database 資料庫 table collection
Oct 7, 2020專案架構 com.zygroup.ilnd config CustomerConfig 第一個資料庫Config ProductConfig 第二個資料庫Config model 第一個資料表
Oct 5, 2020{home_url}/.m2/settings.xml <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> <activeProfiles> <activeProfile>github</activeProfile> </activeProfiles>
Feb 26, 2020or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up