主要是利用lua脚本保证原子性,由redis报错错误次数
/**
* 登录次数验证
*
* @param userId 用户ID
* @param retriesLifecycleTime 多长时间内重试有效(秒)
*/publicLongsetLoginRetriesLockNum(Long userId,Integer retriesLifecycleTime){String key= REDIS_USER_LOCK_PREFIX+ userId;String retriesLockScript="local errorNum = redis.call('get',KEYS[1]) "+" if errorNum == false then "+" errorNum = redis.call('incr',KEYS[1]) "+" redis.call('expire',KEYS[1],tonumber(ARGV[1])) "+" return errorNum "+" else "+" return redis.call('incr',KEYS[1]) "+" end";// 执行 lua 脚本DefaultRedisScript<Long> redisScript=newDefaultRedisScript<>();// 指定 lua 脚本
redisScript.setScriptText(retriesLockScript);// 指定返回类型
redisScript.setResultType(Long.class);// 参数一:redisScript,参数二:key列表,参数三:arg(可多个)Long retriesLockNum=(Long) redisUtil.execute(redisScript,Collections.singletonList(key),String.valueOf(retriesLifecycleTime));return retriesLockNum;}Long lockNum= loginLockUtil.setLoginRetriesLockNum(user.getId(), lockTime);
log.info("user:{},lockNum:{}", user.getId(), lockNum);//判断此次错误后是否已达到最大限制次数,已达到则锁定账户if(lockNum>= loginTimeLimit){
log.warn("the user is lock because of failed many times");//更新用户状态为密码连续错误异常
updateUserParam.setUserStatus(UserStatusEnum.MULTIPLE_PWD_ERROR);thrownewSecurityEventException("密码错误次数过多,账号已被锁定,请明日重试或找回密码!",UserStatusEnum.MULTIPLE_PWD_ERROR,
user.getPhone(), user.getUsername());}