我的应用程序使用spring cloud oauth2 rest and angular。
我的目标是使用spring服务器来限制最大登录失败次数
angular2登录代码:
const body = "username=" + encodeURI(username) + "&password=" + encodeURI(password) +
"&grant_type=password&client_id=" + encodeURI(this.clientId);
this.http.post("/oauth/token",body,{headers:authHeaders}).map{
...
}
spring auth-server web安全码:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().authorizeRequests()
.anyRequest().authenticated();
}
我尝试了这两个事件:
public class AuthenticationFailureListener
implements ApplicationListener<AuthenticationFailureBadCredentialsEvent>{
@Override
public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent e) {
//...
}
}
和:
public class AuthenticationSuccessListener
implements ApplicationListener<AuthenticationSuccessEvent> {
@Override
public void onApplicationEvent(AuthenticationSuccessEvent e) {
//...
}
}
但它不起作用
如何倾听“登录失败并取得成功”?
答案 0 :(得分:1)
Spring Security 默认 不发布 AuthenticationFailureBadCredentialsEvent (登录失败)事件默认。
您需要使用ApplicationEventPublisher 覆盖 DefaultAuthenticationEventPublisher。
必须在您的身份验证配置类中完成此操作,如下所示。
@Configuration
protected static class MyAuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Value("${ldap.url}")
String url;
@Value("${ldap.base}")
String base;
@Value("${ldap.managerDn}")
String managerDn;
@Value("${ldap.password}")
String password;
@Autowired
ApplicationEventPublisher applicationEventPublisher;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().userSearchFilter("sAMAccountName={0}")
.userSearchBase(base).contextSource().url(url)
.managerDn(managerDn).managerPassword(password);
//This publisher will trigger AuthenticationFailureBadCredentialsEvent (AbstractAuthenticationFailureEvent)
auth.authenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher));
}
要支持基于表单的身份验证,请在configure()方法中添加以下内容。
.and().formLogin();
整个配置方法应类似于以下内容。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**").permitAll()
.anyRequest().fullyAuthenticated().and().formLogin();
super.configure(http);
}