/** * 认证信息.(身份验证) : Authentication 是用来验证用户身份 * * @param token * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { System.out.println("身份认证方法:MyShiroRealm.doGetAuthenticationInfo()"); UsernamePasswordToken token = (UsernamePasswordToken) authcToken; String name = token.getUsername(); String password = String.valueOf(token.getPassword()); //访问一次,计数一次 ValueOperations<String, String> opsForValue = stringRedisTemplate.opsForValue(); opsForValue.increment(SHIRO_LOGIN_COUNT+name, 1); //计数大于5时,设置用户被锁定一小时 if(Integer.parseInt(opsForValue.get(SHIRO_LOGIN_COUNT+name))>=5){ opsForValue.set(SHIRO_IS_LOCK+name, "LOCK"); stringRedisTemplate.expire(SHIRO_IS_LOCK+name, 1, TimeUnit.HOURS); } if ("LOCK".equals(opsForValue.get(SHIRO_IS_LOCK+name))){ throw new DisabledAccountException("由于密码输入错误次数大于5次,帐号已经禁止登录!"); } Map<String, Object> map = new HashMap<String, Object>(); map.put("nickname", name); //密码进行加密处理 明文为 password+name String paw = password+name; String pawDES = MyDES.encryptBasedDes(paw); map.put("pswd", pawDES); SysUser user = null; // 从数据库获取对应用户名密码的用户 List<SysUser> userList = sysUserService.selectByMap(map); if(userList.size()!=0){ user = userList.get(0); } if (null == user) { throw new AccountException("帐号或密码不正确!"); }else if(user.getStatus()==0){ /** * 如果用户的status为禁用。那么就抛出<code>DisabledAccountException</code> */ throw new DisabledAccountException("此帐号已经设置为禁止登录!"); }else{ //登录成功 //更新登录时间 last login time user.setLastLoginTime(new Date()); sysUserService.updateById(user); //清空登录计数 opsForValue.set(SHIRO_LOGIN_COUNT+name, "0"); } return new SimpleAuthenticationInfo(user, password, getName()); } 原文:https://blog.csdn.net/qq_20954959/article/details/61927119