Shulou(Shulou.com)05/31 Report--

This article mainly introduces the method of how to limit the number of login failures per day based on Redis. The article is very detailed and has a certain reference value. Interested friends must read it!

1. Train of thought

The following is the code I wrote before, without considering high concurrency scenarios. If it is a high concurrency scenario, to consider the override value of redis's set method, you can use incr instead of get,set to ensure data security.

Record the number of login failures through redis, taking the user's username as key

Every time you receive a login request, you will go to redis to check whether the number of logins is greater than or equal to the limit we set. If so, return it directly.

two。 Code

Omit the code of logging in the foreground and querying the database in the background

2.1 controller

For the Jboot I use here, the way to get redisTemplate is Jboot.me (). GetRedis (), or jedisTemplate for spring.

/ / if the user enters the account password to log in more than the limit number of times, the 24-hour login ban / / sets the limit on the number of failures in a day. The default is final int limit = 3; JbootRedis jr = Jboot.me (). GetRedis (); / / Constants.LOGIN_COUNT = "LOGIN_COUNT" / / account is the username String key = Constants.LOGIN_COUNT + "_" + account; Integer count = jr.get (key) passed from the page. If (count = = null) {count = 0;} else {if (count > = limit) {/ / return ajaxJson.setMsg directly ("your login failures today have exceeded the limit, please try again tomorrow.") ; ajaxJson.setSuccess (false); logger.error ("users with account [" + account+ "] log in more than the upper limit in a single day"); render (callback, gson.toJson (ajaxJson)); return;}} / /. Go to the database to query the user object if (user! = null) {/ / add the number of login failures to redis Integer newCount = IncrFailLoginCount (key,count); logger.error ("user with account [" + account+ "] failed to login," + ajaxJson.getMsg ()); ajaxJson.setMsg (ajaxJson.getMsg () + ", the remaining login times are:" + (limit-newCount)); render (callback, gson.toJson (ajaxJson)); return } else {/ / login succeeded, clear redis failure record jr.del (key);}

2.2 IncrFailLoginCount method

/ * * Statistics of login failures in a day * @ param key redis key * @ param count login failures * @ return count login failures * / private Integer IncrFailLoginCount (String key,Integer count) {JbootRedis jr = Jboot.me (). GetRedis (); count++; / / set the expiration time to 23:59:59 tonight long timeInMillis = DateUtils.getMillsecBeforeMoment (23,59,59,999) If (timeInMillis < 100) {/ / avoid logging in at the last second to cause the expiration time to be too small or even negative timeInMillis = 1000 expiration 60;} / / set the expiration time jr.set (key,count); / / pay attention to the order here, first set and then pexpire jr.pexpire (key,timeInMillis); return count;}

A utility class of time is used here, and the specific code is as follows:

/ * get the number of milliseconds from the current time to the specified time * @ param hour hours at specified time * @ param min specified time minutes * @ param sec specified time seconds * @ param mill specified time milliseconds * @ return*/public static long getMillsecBeforeMoment (int hour,int min,int sec,int mill) {return getMillisecBetweenDate (new Date (), getMoment (hour,min,sec,mill) } / * get the number of milliseconds between two dates * @ param before * @ param after * @ return * / public static long getMillisecBetweenDate (Date before, Date after) {long beforeTime = before.getTime (); long afterTime = after.getTime (); return afterTime-beforeTime } / * get Date * @ param hour 24 hours * @ param min minutes * @ param sec seconds * @ param mill milliseconds * @ return * / public static Date getMoment (int hour,int min,int sec,int mill) {Calendar calendar = Calendar.getInstance (); calendar.setTime (new Date ()); calendar.set (Calendar.HOUR_OF_DAY,hour); calendar.set (Calendar.MINUTE,min); calendar.set (Calendar.SECOND,sec) Calendar.set (Calendar.MILLISECOND,mill); return calendar.getTime ();}

One thing to note here is that after redis sets the expiration time, re-set will clear the expiration effect and become permanent again, so you need to pexpire () every time.

There is another method in redis: incr (). Each time this method is called, it will make the value of a key + 1. Without this key, it will initially be 0 and then + 1. It is suitable for counter and can also be used in this case, but I only want to count + 1 when login fails, and directly judge count before login, so I use the traditional get (), set ().

The above is all the content of this article "how to limit the number of login failures per day based on Redis". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.