国产xxxx99真实实拍_久久不雅视频_高清韩国a级特黄毛片_嗯老师别我我受不了了小说

資訊專(zhuān)欄INFORMATION COLUMN

redis 實(shí)現(xiàn)登陸次數(shù)限制

loonggg / 2844人閱讀

摘要:利用實(shí)現(xiàn)登陸次數(shù)限制注解核心代碼很簡(jiǎn)單基本思路比如希望達(dá)到的要求是這樣在內(nèi)登陸異常次數(shù)達(dá)到次鎖定該用戶(hù)那么登陸請(qǐng)求的參數(shù)中會(huì)有一個(gè)參數(shù)唯一標(biāo)識(shí)一個(gè)比如郵箱手機(jī)號(hào)用這個(gè)參數(shù)作為存入對(duì)應(yīng)的為登陸錯(cuò)誤的次數(shù)類(lèi)型并設(shè)置過(guò)期時(shí)間為當(dāng)獲取到

title: redis-login-limitation


利用 redis 實(shí)現(xiàn)登陸次數(shù)限制, 注解 + aop, 核心代碼很簡(jiǎn)單.

基本思路

比如希望達(dá)到的要求是這樣: 在 1min 內(nèi)登陸異常次數(shù)達(dá)到5次, 鎖定該用戶(hù) 1h

那么登陸請(qǐng)求的參數(shù)中, 會(huì)有一個(gè)參數(shù)唯一標(biāo)識(shí)一個(gè) user, 比如 郵箱/手機(jī)號(hào)/userName

用這個(gè)參數(shù)作為key存入redis, 對(duì)應(yīng)的value為登陸錯(cuò)誤的次數(shù), string 類(lèi)型, 并設(shè)置過(guò)期時(shí)間為 1min. 當(dāng)獲取到的 value == "4" , 說(shuō)明當(dāng)前請(qǐng)求為第 5 次登陸異常, 鎖定.

所謂的鎖定, 就是將對(duì)應(yīng)的value設(shè)置為某個(gè)標(biāo)識(shí)符, 比如"lock", 并設(shè)置過(guò)期時(shí)間為 1h

核心代碼

定義一個(gè)注解, 用來(lái)標(biāo)識(shí)需要登陸次數(shù)校驗(yàn)的方法

package io.github.xiaoyureed.redispractice.anno;

import java.lang.annotation.*;

@Documented
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface RedisLimit {
    /**
     * 標(biāo)識(shí)參數(shù)名, 必須是請(qǐng)求參數(shù)中的一個(gè)
     */
    String identifier();

    /**
     * 在多長(zhǎng)時(shí)間內(nèi)監(jiān)控, 如希望在 60s 內(nèi)嘗試
     * 次數(shù)限制為5次, 那么 watch=60; unit: s
     */
    long watch();

    /**
     * 鎖定時(shí)長(zhǎng), unit: s
     */
    long lock();

    /**
     * 錯(cuò)誤的嘗試次數(shù)
     */
    int times();
}

編寫(xiě)切面, 在目標(biāo)方法前后進(jìn)行校驗(yàn), 處理...

package io.github.xiaoyureed.redispractice.aop;

@Component
@Aspect
// Ensure that current advice is outer compared with ControllerAOP
// so we can handling login limitation Exception in this aop advice.
//@Order(9)
@Slf4j
public class RedisLimitAOP {

    @Autowired
    private StringRedisTemplate stringRedisTemplate;

    @Around("@annotation(io.github.xiaoyureed.redispractice.anno.RedisLimit)")
    public Object handleLimit(ProceedingJoinPoint joinPoint) {
        MethodSignature  methodSignature = (MethodSignature) joinPoint.getSignature();
        final Method     method          = methodSignature.getMethod();
        final RedisLimit redisLimitAnno  = method.getAnnotation(RedisLimit.class);// 貌似可以直接在方法參數(shù)中注入 todo

        final String identifier = redisLimitAnno.identifier();
        final long   watch      = redisLimitAnno.watch();
        final int    times      = redisLimitAnno.times();
        final long   lock       = redisLimitAnno.lock();
        // final ServletRequestAttributes att             = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
        // final HttpServletRequest       request         = att.getRequest();
        // final String                   identifierValue = request.getParameter(identifier);

        String identifierValue = null;
        try {
            final Object arg           = joinPoint.getArgs()[0];
            final Field  declaredField = arg.getClass().getDeclaredField(identifier);
            declaredField.setAccessible(true);
            identifierValue = (String) declaredField.get(arg);
        } catch (NoSuchFieldException e) {
            log.error(">>> invalid identifier [{}], cannot find this field in request params", identifier);
        } catch (IllegalAccessException e) {
            e.printStackTrace();
        }
        if (StringUtils.isBlank(identifierValue)) {
            log.error(">>> the value of RedisLimit.identifier cannot be blank, invalid identifier: {}", identifier);
        }

        // check User locked
        final ValueOperations ssOps = stringRedisTemplate.opsForValue();
        final String                          flag  = ssOps.get(identifierValue);
        if (flag != null && "lock".contentEquals(flag)) {
            final BaseResp result = new BaseResp();
            result.setErrMsg("user locked");
            result.setCode("1");
            return new ResponseEntity<>(result, HttpStatus.OK);
        }

        ResponseEntity result;
        try {
            result = (ResponseEntity) joinPoint.proceed();
        } catch (Throwable e) {
            result = handleLoginException(e, identifierValue, watch, times, lock);
        }
        return result;
    }

    private ResponseEntity handleLoginException(Throwable e, String identifierValue, long watch, int times, long lock) {
        final BaseResp result = new BaseResp();
        result.setCode("1");
        if (e instanceof LoginException) {
            log.info(">>> handle login exception...");
            final ValueOperations ssOps = stringRedisTemplate.opsForValue();
            Boolean                               exist = stringRedisTemplate.hasKey(identifierValue);
            // key doesn"t exist, so it is the first login failure
            if (exist == null || !exist) {
                ssOps.set(identifierValue, "1", watch, TimeUnit.SECONDS);
                result.setErrMsg(e.getMessage());
                return new ResponseEntity<>(result, HttpStatus.OK);
            }

            String count = ssOps.get(identifierValue);
            // has been reached the limitation
            if (Integer.parseInt(count) + 1 == times) {
                log.info(">>> [{}] has been reached the limitation and will be locked for {}s", identifierValue, lock);
                ssOps.set(identifierValue, "lock", lock, TimeUnit.SECONDS);
                result.setErrMsg("user locked");
                return new ResponseEntity<>(result, HttpStatus.OK);
            }
            ssOps.increment(identifierValue);
            result.setErrMsg(e.getMessage() + "; you have try " + ssOps.get(identifierValue) + "times.");
        }
        log.error(">>> RedisLimitAOP cannot handle {}", e.getClass().getName());
        return new ResponseEntity<>(result, HttpStatus.OK);
    }
}

這樣使用:

package io.github.xiaoyureed.redispractice.web;

@RestController
public class SessionResources {

    @Autowired
    private SessionService sessionService;

    /**
     * 1 min 之內(nèi)嘗試超過(guò)5次, 鎖定 user 1h
     */
    @RedisLimit(identifier = "name", watch = 30, times = 5, lock = 10)
    @RequestMapping(value = "/session", method = RequestMethod.POST)
    public ResponseEntity login(@Validated @RequestBody LoginReq req) {
        return new ResponseEntity<>(sessionService.login(req), HttpStatus.OK);
    }
}
references

https://github.com/xiaoyureed...

文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。

轉(zhuǎn)載請(qǐng)注明本文地址:http://m.specialneedsforspecialkids.com/yun/75864.html

相關(guān)文章

  • 大話(huà)后端開(kāi)發(fā)的奇淫技巧大集合

    摘要:,大家好,很榮幸有這個(gè)機(jī)會(huì)可以通過(guò)寫(xiě)博文的方式,把這些年在后端開(kāi)發(fā)過(guò)程中總結(jié)沉淀下來(lái)的經(jīng)驗(yàn)和設(shè)計(jì)思路分享出來(lái)模塊化設(shè)計(jì)根據(jù)業(yè)務(wù)場(chǎng)景,將業(yè)務(wù)抽離成獨(dú)立模塊,對(duì)外通過(guò)接口提供服務(wù),減少系統(tǒng)復(fù)雜度和耦合度,實(shí)現(xiàn)可復(fù)用,易維護(hù),易拓展項(xiàng)目中實(shí)踐例子 Hi,大家好,很榮幸有這個(gè)機(jī)會(huì)可以通過(guò)寫(xiě)博文的方式,把這些年在后端開(kāi)發(fā)過(guò)程中總結(jié)沉淀下來(lái)的經(jīng)驗(yàn)和設(shè)計(jì)思路分享出來(lái) 模塊化設(shè)計(jì) 根據(jù)業(yè)務(wù)場(chǎng)景,將業(yè)務(wù)...

    CloudwiseAPM 評(píng)論0 收藏0

  • Redis實(shí)戰(zhàn)之限制操作頻率

    摘要:場(chǎng)景場(chǎng)景留言功能限制,秒內(nèi)只能評(píng)論次,超出次數(shù)不讓能再評(píng)論,并提示過(guò)于頻繁場(chǎng)景點(diǎn)贊功能限制,秒內(nèi)只能點(diǎn)贊次,超出次數(shù)后不能再點(diǎn)贊,并禁止操作個(gè)小時(shí),提示過(guò)于頻繁,被禁止操作小時(shí)場(chǎng)景上傳記錄功能,限制一天只能上傳次,超出次數(shù)不讓能再上傳,并提 場(chǎng)景 場(chǎng)景1 留言功能限制,30秒 內(nèi)只能評(píng)論 10次,超出次數(shù)不讓能再評(píng)論,并提示:過(guò)于頻繁 場(chǎng)景2 點(diǎn)贊功能限制,10秒 內(nèi)只能點(diǎn)贊 10次,...

    張率功 評(píng)論0 收藏0

  • shiro項(xiàng)目介紹

    摘要:項(xiàng)目介紹在之前的整合項(xiàng)目之后,更加完善功能,之前的代碼不予展示與介紹,想了解的請(qǐng)參考整合項(xiàng)目項(xiàng)目代碼獲取功能新增用戶(hù)注冊(cè)登錄錯(cuò)誤次數(shù)限制使用作緩存注解配置引入數(shù)據(jù)校驗(yàn)使用統(tǒng)一異常處理配置項(xiàng)目結(jié)構(gòu)代碼控制層,以下展示注冊(cè)和登錄功能會(huì)跳到我們自 shiro項(xiàng)目介紹 在之前的shiro整合項(xiàng)目之后,更加完善shiro功能,之前的代碼不予展示與介紹,想了解的請(qǐng)參考shiro整合項(xiàng)目項(xiàng)目代碼獲取...

    ruicbAndroid 評(píng)論0 收藏0

發(fā)表評(píng)論

0條評(píng)論

最新活動(dòng)
閱讀需要支付1元查看
<