阅读 93

oauth2登录日志

1.登录成功,实现ApplicationListener <AuthenticationSuccessEvent,>

@Component
public class AuthenticationSuccessEventListener implements ApplicationListener<AuthenticationSuccessEvent> {


    @Autowired
    private HttpServletRequest request;

    @Autowired
    private LoginInfoService loginInfoService;


    @Override
    public void onApplicationEvent(final AuthenticationSuccessEvent event) {


        //这里还有oAuth2的客户端认证的事件,需要做一个判断
        if (event.getAuthentication().getDetails().toString().contains("username")) {

            final UserAgent userAgent = UserAgent.parseUserAgentString(request.getHeader("User-Agent"));
            //获取ip
            final String ip = IpUtils.getIpAddr(request);
            //获取真实地址
            String address = AddressUtils.getRealAddressByIP(ip);
            // 获取客户端操作系统
            String os = userAgent.getOperatingSystem().getName();
            // 获取客户端浏览器
            String browser = userAgent.getBrowser().getName();

            Map user = (LinkedHashMap)event.getAuthentication().getDetails();

            String username = (String) user.get("username");
            if (username.contains(":")){
                username = username.substring(0, username.length() - 1);
            }

            //登录日志
            LoginInfo loginInfo = new LoginInfo();
            loginInfo.setUserName(username);
            loginInfo.setIpaddr(ip);
            loginInfo.setBrowser(browser);
            loginInfo.setStatus(0);
            loginInfo.setOs(os);
            loginInfo.setLocation(address);
            loginInfo.setMsg("登录成功");
            loginInfoService.insertLoginInfo(loginInfo);

        }

    }
}
复制代码

2.登录失败,实现ApplicationListener<AbstractAuthenticationFailureEvent,>

@Component
public class AuthencationFailureListener implements ApplicationListener<AbstractAuthenticationFailureEvent> {


    @Autowired
    private HttpServletRequest request;

    @Autowired
    private LoginInfoService loginInfoService;

    @Override
    public void onApplicationEvent(AbstractAuthenticationFailureEvent event) {


        final UserAgent userAgent = UserAgent.parseUserAgentString(request.getHeader("User-Agent"));
        //获取ip
        final String ip = IpUtils.getIpAddr(request);
        //获取真实地址
        String address = AddressUtils.getRealAddressByIP(ip);
        // 获取客户端操作系统
        String os = userAgent.getOperatingSystem().getName();
        // 获取客户端浏览器
        String browser = userAgent.getBrowser().getName();

        //提供的凭据是错误的,用户名或者密码错误
        if(event instanceof AuthenticationFailureBadCredentialsEvent){
            Map user = (LinkedHashMap)event.getAuthentication().getDetails();
            String username = (String) user.get("username");
            if (username.contains(":")){
                username = username.substring(0, username.length() - 1);
            }
            //登录日志
            LoginInfo loginInfo = new LoginInfo();
            loginInfo.setUserName(username);
            loginInfo.setIpaddr(ip);
            loginInfo.setBrowser(browser);
            loginInfo.setOs(os);
            loginInfo.setStatus(1);
            loginInfo.setLocation(address);
            loginInfo.setMsg((String) event.getException().getMessage());
            loginInfoService.insertLoginInfo(loginInfo);


        } else if(event instanceof AuthenticationFailureCredentialsExpiredEvent){
            //验证通过,但是密码过期
            System.out.println("---AuthenticationFailureCredentialsExpiredEvent---");
        } else if(event instanceof AuthenticationFailureDisabledEvent){
            //验证过了但是账户被禁用
            System.out.println("---AuthenticationFailureDisabledEvent---");
        } else if(event instanceof AuthenticationFailureExpiredEvent){
            //验证通过了,但是账号已经过期
            System.out.println("---AuthenticationFailureExpiredEvent---");
        }  else if(event instanceof AuthenticationFailureLockedEvent){
            //账户被锁定
            System.out.println("---AuthenticationFailureLockedEvent---");
        } else if(event instanceof AuthenticationFailureProviderNotFoundEvent){
            //配置错误,没有合适的AuthenticationProvider来处理登录验证
            System.out.println("---AuthenticationFailureProviderNotFoundEvent---");
        } else if(event instanceof AuthenticationFailureProxyUntrustedEvent){
            //代理不受信任,用于Oauth、CAS这类三方验证的情形,多属于配置错误
            System.out.println("---AuthenticationFailureProxyUntrustedEvent---");
        } else if(event instanceof AuthenticationFailureServiceExceptionEvent){
            //其他任何在AuthenticationManager中内部发生的异常都会被封装成此类
            System.out.println("---AuthenticationFailureServiceExceptionEvent---");
        }
    }
}
复制代码

3.工具类

3.1 IpUtils

public class IpUtils {

    public static String getIpAddr(HttpServletRequest request)
    {
        if (request == null)
        {
            return "unknown";
        }
        String ip = request.getHeader("x-forwarded-for");
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
        {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
        {
            ip = request.getHeader("X-Forwarded-For");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
        {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
        {
            ip = request.getHeader("X-Real-IP");
        }

        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip))
        {
            ip = request.getRemoteAddr();
        }
        return "0:0:0:0:0:0:0:1".equals(ip) ? "127.0.0.1" : new HTMLFilter().doFilter(ip);
    }

    public static boolean internalIp(String ip)
    {
        byte[] addr = textToNumericFormatV4(ip);
        return internalIp(addr) || "127.0.0.1".equals(ip);
    }

    private static boolean internalIp(byte[] addr)
    {
        if (addr == null || addr.length < 2)
        {
            return true;
        }
        final byte b0 = addr[0];
        final byte b1 = addr[1];
        // 10.x.x.x/8
        final byte SECTION_1 = 0x0A;
        // 172.16.x.x/12
        final byte SECTION_2 = (byte) 0xAC;
        final byte SECTION_3 = (byte) 0x10;
        final byte SECTION_4 = (byte) 0x1F;
        // 192.168.x.x/16
        final byte SECTION_5 = (byte) 0xC0;
        final byte SECTION_6 = (byte) 0xA8;
        switch (b0)
        {
            case SECTION_1:
                return true;
            case SECTION_2:
                if (b1 >= SECTION_3 && b1 <= SECTION_4)
                {
                    return true;
                }
            case SECTION_5:
                switch (b1)
                {
                    case SECTION_6:
                        return true;
                }
            default:
                return false;
        }
    }

    /**
     * 将IPv4地址转换成字节
     *
     * @param text IPv4地址
     * @return byte 字节
     */
    public static byte[] textToNumericFormatV4(String text)
    {
        if (text.length() == 0)
        {
            return null;
        }

        byte[] bytes = new byte[4];
        String[] elements = text.split("\\.", -1);
        try
        {
            long l;
            int i;
            switch (elements.length)
            {
                case 1:
                    l = Long.parseLong(elements[0]);
                    if ((l < 0L) || (l > 4294967295L)) {
                        return null;
                    }
                    bytes[0] = (byte) (int) (l >> 24 & 0xFF);
                    bytes[1] = (byte) (int) ((l & 0xFFFFFF) >> 16 & 0xFF);
                    bytes[2] = (byte) (int) ((l & 0xFFFF) >> 8 & 0xFF);
                    bytes[3] = (byte) (int) (l & 0xFF);
                    break;
                case 2:
                    l = Integer.parseInt(elements[0]);
                    if ((l < 0L) || (l > 255L)) {
                        return null;
                    }
                    bytes[0] = (byte) (int) (l & 0xFF);
                    l = Integer.parseInt(elements[1]);
                    if ((l < 0L) || (l > 16777215L)) {
                        return null;
                    }
                    bytes[1] = (byte) (int) (l >> 16 & 0xFF);
                    bytes[2] = (byte) (int) ((l & 0xFFFF) >> 8 & 0xFF);
                    bytes[3] = (byte) (int) (l & 0xFF);
                    break;
                case 3:
                    for (i = 0; i < 2; ++i)
                    {
                        l = Integer.parseInt(elements[i]);
                        if ((l < 0L) || (l > 255L)) {
                            return null;
                        }
                        bytes[i] = (byte) (int) (l & 0xFF);
                    }
                    l = Integer.parseInt(elements[2]);
                    if ((l < 0L) || (l > 65535L)) {
                        return null;
                    }
                    bytes[2] = (byte) (int) (l >> 8 & 0xFF);
                    bytes[3] = (byte) (int) (l & 0xFF);
                    break;
                case 4:
                    for (i = 0; i < 4; ++i)
                    {
                        l = Integer.parseInt(elements[i]);
                        if ((l < 0L) || (l > 255L)) {
                            return null;
                        }
                        bytes[i] = (byte) (int) (l & 0xFF);
                    }
                    break;
                default:
                    return null;
            }
        }
        catch (NumberFormatException e)
        {
            return null;
        }
        return bytes;
    }

    public static String getHostIp()
    {
        try
        {
            return InetAddress.getLocalHost().getHostAddress();
        }
        catch (UnknownHostException e)
        {
        }
        return "127.0.0.1";
    }

    public static String getHostName()
    {
        try
        {
            return InetAddress.getLocalHost().getHostName();
        }
        catch (UnknownHostException e)
        {
        }
        return "未知";
    }
}
复制代码

3.2 AddressUtils

public class AddressUtils {
    private static final Logger log = LoggerFactory.getLogger(AddressUtils.class);

    // IP地址查询
    public static final String IP_URL = "http://whois.pconline.com.cn/ipJson.jsp";

    // 未知地址
    public static final String UNKNOWN = "XX XX";

    public static String getRealAddressByIP(String ip) {
        String address = UNKNOWN;
        // 内网不查询
        if (IpUtils.internalIp(ip)) {
            return "内网IP";
        }
        if (true) {
            try {
                String rspStr = HttpUtils.sendGet(IP_URL, "ip=" + ip + "&json=true", "GBK");
                if (StringUtils.isEmpty(rspStr)) {
                    log.error("获取地理位置异常 {}", ip);
                    return UNKNOWN;
                }
                JSONObject obj = JSONObject.parseObject(rspStr);
                String region = obj.getString("pro");
                String city = obj.getString("city");
                return String.format("%s %s", region, city);
            } catch (Exception e) {
                log.error("获取地理位置异常 {}", ip);
            }
        }
        return address;
    }
}
复制代码

4.遗留问题:目前登录成功可以监听到6种认证模式的成功事件,但是登录失败无法监听到另外2种自定义认证模式的事件。目前还没找到比较优雅的做法,暂时在授权服务器的AuthenticationManager authenticationManager = new AuthenticationManager(){ //失败日志 } 中解决

文章分类
代码人生
文章标签