User password verification

Password verification-lock

import java.util.Map;import javax.annotation.Resource;import org.springframework.beans.factory.annotation.Value;import org.springframework.stereotype.Component;import com.google.common.collect.Maps;import com.inesa.basic.business.server.service.BasicUserInfoService;import com.inesa.business.model.AuthorityResponse;import com.inesa.business.model.BasicUserInfoVo;@Componentpublic class AuthorityTools {@Resourceprivate BasicUserInfoService userService;/*** The maximum number of logins allowed*/@Value("${authority.retry.limit:3}")private int retryLimit;/*** User lockout time*/@Value("#{${authority.retry.lock:5} * 60 * 1000L}")private long lockTime;/*** User login lockout time*/private Map userLockTime = Maps.newConcurrentMap();/*** The number of user login failures*/private Map userLongTime = Maps.newConcurrentMap();/*** Encrypt information** @param* @return*/public String encoder(String password) {return CryptoUtil.encrypt(password);}/*** Verify that it is correct** @param username* @param password Number of times to log in* @return*/public AuthorityResponse authority(String username, String password) {BasicUserInfoVo user = userService.findByUserName(username);// Verify user existsif (user == null) {return AuthorityResponse.builder().check(false).error("User does not exist").build();}// Determine if the user is lockedif (userLockTime.containsKey(user.getId())) {if (System.currentTimeMillis() - userLockTime.get(user.getId()) < lockTime) {if (userLongTime.getOrDefault(user.getId(), 0) > retryLimit) {int minutes = (int) ((System.currentTimeMillis() - userLockTime.get(user.getId())) / 60000L);return AuthorityResponse.builder().check(false).error(String.format("User is locked, please try again in %s minutes", lockTime / 60000L - minutes)).build();}} else {// If the time of the last login failure has exceeded the time limit, reset the number of failed loginsuserLockTime.remove(user.getId());userLongTime.remove(user.getId());}}if (user.getState() == BasicUserInfoVo.DISABLE) {return AuthorityResponse.builder().check(false).error("User has been disabled").build();}if (user.getState() == BasicUserInfoVo.LOCKED) {return AuthorityResponse.builder().check(false).error("User has been locked out").build();}// Verify that the password is incorrectif (!password.equals(user.getPassword())) {// Update the number of failed logins after login failures, and update the time of failed loginsint retriedTimes = userLongTime.getOrDefault(user.getId(), 0);retrieveTimes++;userLongTime.put(user.getId(), retriedTimes);userLockTime.put(user.getId(), System.currentTimeMillis());return AuthorityResponse.builder().check(false).error("Password error").build();}return AuthorityResponse.builder().userId(user.getId()).check(true).build();}}