@Component
public class LoginFailedListener implements ApplicationListener<AbstractAuthenticationFailureEvent> {

    @Autowired
    private CustomProperties customProperties ;

    @Autowired
    private UserDao userDao;

    @Override
    public void onApplicationEvent(AbstractAuthenticationFailureEvent abstractAuthenticationFailureEvent) {
        String loginName = abstractAuthenticationFailureEvent.getAuthentication()
            .getName();
        if (log.isInfoEnabled()) {
            log.info("登錄失敗 loginName=[{}]", loginName);
        }
        if (StringUtils.isBlank(loginName)) {
            return;
        }
        //查詢登錄賬號是否存在
        UserDo condition = new UserDo();
        condition.setLoginName(loginName);
        List<UserDo> userDos = userDao.selectByRecord(condition);
        if (CollectionUtils.isEmpty(userDos)) {
            return;
        }
        UserDo userDo = userDos.get(0);
        UserDo updateDo = new UserDo();
        updateDo.setUserId(userDo.getUserId());
        Integer loginFailMaxCount = customroperties.getLoginFailMaxCount();
        if (loginFailMaxCount <= userDo.getTryTime() + 1) {
            //更新用戶狀態(tài)為凍結(jié)
            updateDo.setStatus(EnumUserStatus.FORBIDDEN.getCode());
            updateDo.setTryTime(loginFailMaxCount);
            if (log.isInfoEnabled()) {
                log.info("登錄次數(shù)已達最大次數(shù):{} 凍結(jié)賬戶 loginName=[{}]", loginFailMaxCount, loginName);
            }
        } else {
            //更新嘗試次數(shù)
            updateDo.setTryTime(userDo.getTryTime() + 1);
            if (log.isInfoEnabled()) {
                log.info("嘗試次數(shù)+1 loginName=[{}], tryTime=[{}]", loginName, updateDo.getTryTime());
            }
        }
        updateDo.setUpdateTime(new Date());
        userDao.updateBySelective(updateDo);
    }
}

@Slf4j
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private CustomProperties customProperties ;

    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        try {
            super.additionalAuthenticationChecks(userDetails, authentication);
        } catch (AuthenticationException e) {
            if(e instanceof BadCredentialsException && userDetails instanceof UserDto){
                UserDto userDto = (UserDto) userDetails;
                //先到這里，然后去觸發(fā)LoginFailedListener,達到賬戶被鎖定這里需要+1
                //已經(jīng)被凍結(jié)的不處理，只處理正常用戶，并且是達到最大失敗次數(shù)的那一次
                if(EnumUserStatus.NORMAL.getCode().equals(userDto.getStatus()) && Objects.equals(userDto.getTryTime() + 1, customProperties .getLoginFailMaxCount())){
                    if(log.isErrorEnabled()){
                        log.error("用戶:{} 登錄失敗次數(shù)已達最大,賬戶將被鎖定", userDto.getLoginName());
                    }
                    throw new BadCredentialsException(e.getMessage(), new LoginFailCountOutException("登錄失敗次數(shù)已達最大"));
                }else {
                    throw e;
                }

            }else {
                throw e;
            }

        }
    }


}

public class LoginFailCountOutException extends AuthenticationException {
    private static final long serialVersionUID = -8546980609242201580L;

    /**
     * Constructs an {@code AuthenticationException} with the specified message and no
     * root cause.
     *
     * @param msg the detail message
     */
    public LoginFailCountOutException(String msg) {
        super(msg);
    }

    public LoginFailCountOutException(String msg, Throwable ex) {
        super(msg, ex);
    }
}

@Bean
    public AuthenticationProvider authenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, UserAuthoritiesMapper userAuthoritiesMapper) {
        DaoAuthenticationProvider authenticationProvider = new CustomDaoAuthenticationProvider();
        // 對默認的UserDetailsService進行覆蓋
        authenticationProvider.setUserDetailsService(userDetailsService);
        authenticationProvider.setPasswordEncoder(passwordEncoder);
        authenticationProvider.setAuthoritiesMapper(userAuthoritiesMapper);
        return authenticationProvider;
    }

@Autowired
    private AuthenticationProvider authenticationProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
    }

failureHandler((request, response, ex) -> {
                response.setContentType("application/json;charset=utf-8");
                PrintWriter out = response.getWriter();
                String errorMessage = this.loginFailureErrorMessage(ex);
                out.write(JSON.toJSONString(Response.<Void>builder().isSuccess(false)
                    .errorMessage(errorMessage)
                    .build()));
                out.flush();
                out.close();
            })

private String loginFailureErrorMessage(AuthenticationException ex) {
        if (ex instanceof UsernameNotFoundException || ex instanceof BadCredentialsException) {
            if(ex.getCause() != null && ex.getCause() instanceof LoginFailCountOutException){
                return "登錄失敗次數(shù)已達最大限制, 賬戶凍結(jié)";
            }
            return "用戶名或密碼錯誤";
        }
        if (ex instanceof DisabledException) {
            return "賬戶被禁用";
        }
        if (ex instanceof LockedException) {
            return "賬戶被鎖定";
        }
        if (ex instanceof AccountExpiredException) {
            return "賬戶已過期";
        }
        if (ex instanceof CredentialsExpiredException) {
            return "密碼已過期";
        }
        log.warn("不明原因登錄失敗", ex);
        return "登錄失敗";
    }