org.apache.shiro.authc.DisabledAccountException Java Examples
The following examples show how to use
org.apache.shiro.authc.DisabledAccountException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JdbcAuthenticationRealm.java From base-framework with Apache License 2.0 | 6 votes |
/** * 用户登录的身份验证方法 * */ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; String username = usernamePasswordToken.getUsername(); if (username == null) { throw new AccountException("用户名不能为空"); } User user = accountManager.getUserByUsername(username); if (user == null) { throw new UnknownAccountException("用户不存在"); } if (user.getState().equals(State.Disable.getValue())) { throw new DisabledAccountException("你的账户已被禁用,请联系管理员开通."); } SessionVariable model = new SessionVariable(user); return new SimpleAuthenticationInfo(model,user.getPassword(),getName()); }
Example #2
Source File: ShiroDbRealm.java From Mario with Apache License 2.0 | 6 votes |
/** * 认证回调函数,登录时调用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) authcToken; User user = accountService.findUserByLoginName(token.getUsername()); if (user != null) { if (user.getStatus().equals("0")) {//disable throw new DisabledAccountException(); } //用户对应的Menu信息 List<Menu> menus = accountService.findMenuByUserID(user.getId()); Subject currentUser = SecurityUtils.getSubject(); Session session = currentUser.getSession(); session.setAttribute("menuList", menus); byte[] salt = Encodes.decodeHex(user.getSalt()); return new SimpleAuthenticationInfo(new ShiroUser(user.getId(), user.getLoginName(), user.getName()), user.getPassword(), ByteSource.Util.bytes(salt), getName()); } else { return null; } }
Example #3
Source File: CaptchaFormAuthenticationFilter.java From MultimediaDesktop with Apache License 2.0 | 6 votes |
protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) { String errorMessage = null; if (ae instanceof IncorrectCredentialsException) { errorMessage = "密码错误,输入错误超过当日限制,将锁定账户"; // 登录失败日志记录 logLoginStatus(request, LoginType.登录失败); } else if (ae instanceof ValidateCodeException) { errorMessage = "验证码错误"; } else if (ae instanceof UnValidationAccountException) { errorMessage = "账号未被验证"; } else if (ae instanceof LockedAccountException) { errorMessage = "密码输入错误超过当日限制,请明天再试"; } else if (ae instanceof DisabledAccountException) { errorMessage = "账号被管理员锁定"; } else if (ae instanceof UnknownAccountException) { errorMessage = "账号不存在"; } else { errorMessage = "未知错误"; log.fatal("登录错误-未知错误,请管理员检查", ae); } request.setAttribute(getFailureKeyAttribute(), errorMessage); }
Example #4
Source File: SysLoginController.java From mumu with Apache License 2.0 | 5 votes |
/** * 用户登录 * @return */ @MumuLog(name = "用户登录",operater = "POST") @RequestMapping(value = "/login",method = {RequestMethod.POST}) public ModelAndView logining(HttpServletRequest request){ String exceptionClassName = (String) request.getAttribute("shiroLoginFailure"); String error = null; if (UnknownAccountException.class.getName().equals(exceptionClassName)) { error = "用户名/密码错误"; } else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) { error = "用户名/密码错误"; } else if(ExcessiveAttemptsException.class.getName().equals(exceptionClassName)){ error = "输入错误次数太过,请稍后重试"; } else if(DisabledAccountException.class.getName().equals(exceptionClassName)){ error="账户被锁定,请联系管理员"; }else if(AccountUnActiveException.class.getName().equals(exceptionClassName)){ error="账户未激活,请登录邮箱激活账号!"; }else if (exceptionClassName != null) { error = "错误提示:" + exceptionClassName; } Map<String,String> map=new HashMap<String,String>(); if(error!=null){ request.setAttribute("shiroLoginFailure", error); map.put("code","500"); map.put("msg","failure"); map.put("data",error); return new ModelAndView("login",map); } map.put("code","200"); map.put("msg","success"); map.put("data","登录成功"); return new ModelAndView("redirect:/system/index",map); }
Example #5
Source File: AuthenticatingRealmImplTest.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
@Test public void testDisabledAuthentication() throws Exception { buildTestAuthenticationConfig(CUser.STATUS_DISABLED); UsernamePasswordToken upToken = new UsernamePasswordToken("username", "password"); thrown.expect(DisabledAccountException.class); realm.getAuthenticationInfo(upToken); }
Example #6
Source File: AuthenticatingRealmImpl.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
@Override protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) { UsernamePasswordToken upToken = (UsernamePasswordToken) token; CUser user; try { user = configuration.readUser(upToken.getUsername()); } catch (UserNotFoundException e) { throw new UnknownAccountException("User '" + upToken.getUsername() + "' cannot be retrieved.", e); } if (user.getPassword() == null) { throw new CredentialsException("User '" + upToken.getUsername() + "' has no password, cannot authenticate."); } if (user.isActive()) { // Check for legacy user that has unsalted password hash // Update if unsalted password hash and valid credentials were specified if (hasLegacyPassword(user) && isValidCredentials(upToken, user)) { reHashPassword(user, new String(upToken.getPassword())); } return createAuthenticationInfo(user); } else if (CUser.STATUS_DISABLED.equals(user.getStatus())) { throw new DisabledAccountException("User '" + upToken.getUsername() + "' is disabled."); } else { throw new AccountException( "User '" + upToken.getUsername() + "' is in illegal status '" + user.getStatus() + "'."); } }
Example #7
Source File: AjaxAuthenticationFilter.java From java-platform with Apache License 2.0 | 5 votes |
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { if (WebHelper.isAjax((HttpServletRequest) request)) { Result result = Result.failure(); if (e instanceof IncorrectCredentialsException) { result.message("密码错误"); } else if (e instanceof ExpiredCredentialsException) { result.message("密码已过期"); } else if (e instanceof UnknownAccountException) { result.message("该账号不存在"); } else if (e instanceof DisabledAccountException) { result.message("该账号已禁用"); } else if (e instanceof LockedAccountException) { result.message("该账号已锁定"); } else if (e instanceof AccountException) { result.message("账号错误"); } else if (e instanceof CredentialsException) { result.message("密码错误"); } try { writeObject(request, response, result); } catch (IOException ex) { throw new RuntimeException(ex); } return false; } return super.onLoginFailure(token, e, request, response); }
Example #8
Source File: FormAuthenticationCaptchaFilter.java From cms with Apache License 2.0 | 5 votes |
/** * 重写父类方法,当登录失败将异常信息设置到 request 的 attribute 中 */ @Override protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) { if (ae instanceof CaptchaException) { request.setAttribute(getFailureKeyAttribute(), "验证码不正确"); } else if (ae instanceof IncorrectCredentialsException) { request.setAttribute(getFailureKeyAttribute(), "用户名或密码错误"); } else if (ae instanceof DisabledAccountException) { request.setAttribute(getFailureKeyAttribute(), "你的账户已被禁用"); } else { request.setAttribute(getFailureKeyAttribute(), "服务器出现异常"); } }
Example #9
Source File: GlobalExceptionHandler.java From MeetingFilm with Apache License 2.0 | 5 votes |
/** * 账号被冻结异常 */ @ExceptionHandler(DisabledAccountException.class) @ResponseStatus(HttpStatus.UNAUTHORIZED) public String accountLocked(DisabledAccountException e, Model model) { String username = getRequest().getParameter("username"); LogManager.me().executeLog(LogTaskFactory.loginLog(username, "账号被冻结", getIp())); model.addAttribute("tips", "账号被冻结"); return "/login.html"; }
Example #10
Source File: AuthzPrincipalRepositoryImpl.java From spring-boot-starter-samples with Apache License 2.0 | 5 votes |
@Override public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; if( !StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null ){ throw new UnknownAccountException("Username or password is required."); } //密码加密 String pwd = new String(upToken.getPassword());//Base64.encodeBase64String(new String(upToken.getPassword()).getBytes()); //账号状态 Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd); //账号不存在 或 用户名或密码不正确 if("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))){ throw new InvalidAccountException("Username or password is incorrect, please re-enter."); } // 账号被禁用 else if ("0".equals(statusMap.get("num_4"))) { throw new DisabledAccountException("Account is disabled."); } //用户无所属角色 else if("0".equals(statusMap.get("num_3"))){ throw new NoneRoleException(); } // 用户主体对象 AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd); // 用户角色ID集合 List<String> roles = getAuthzUserDao().getRoles(model.getUserid()); model.setRoles(Sets.newHashSet(roles.iterator())); model.setRoleid(roles.get(0)); // 用户权限标记集合 Set<String> perms = Sets.newHashSet(); for (String roleid : model.getRoles()) { perms.addAll(getAuthzRolePermsDao().getPermissions(roleid)); } model.setPerms(perms); // 认证信息 return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login"); }
Example #11
Source File: AuthzPrincipalRepositoryImpl.java From spring-boot-starter-samples with Apache License 2.0 | 5 votes |
@Override public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken upToken = (UsernamePasswordToken) token; if( !StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null ){ throw new UnknownAccountException("Username or password is required."); } //密码加密 String pwd = new String(upToken.getPassword());//Base64.encodeBase64String(new String(upToken.getPassword()).getBytes()); //账号状态 Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd); //账号不存在 或 用户名或密码不正确 if("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))){ throw new InvalidAccountException("Username or password is incorrect, please re-enter."); } // 账号被禁用 else if ("0".equals(statusMap.get("num_4"))) { throw new DisabledAccountException("Account is disabled."); } //用户无所属角色 else if("0".equals(statusMap.get("num_3"))){ throw new NoneRoleException(); } // 用户主体对象 AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd); // 用户角色ID集合 List<String> roles = getAuthzUserDao().getRoles(model.getUserid()); model.setRoles(Sets.newHashSet(roles.iterator())); model.setRoleid(roles.get(0)); // 用户权限标记集合 Set<String> perms = Sets.newHashSet(); for (String roleid : model.getRoles()) { perms.addAll(getAuthzRolePermsDao().getPermissions(roleid)); } model.setPerms(perms); // 认证信息 return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login"); }
Example #12
Source File: GlobalExceptionHandler.java From WebStack-Guns with MIT License | 5 votes |
/** * 账号被冻结异常 */ @ExceptionHandler(DisabledAccountException.class) @ResponseStatus(HttpStatus.UNAUTHORIZED) public String accountLocked(DisabledAccountException e, Model model) { String username = getRequest().getParameter("username"); LogManager.me().executeLog(LogTaskFactory.loginLog(username, "账号被冻结", getIp())); model.addAttribute("tips", "账号被冻结"); return "/login.html"; }
Example #13
Source File: AuthzLoginController.java From spring-boot-starter-samples with Apache License 2.0 | 4 votes |
@ApiOperation(value = "login:stateless", notes = "用户登录(无状态会话)") @ApiImplicitParams({ @ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"), @ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") }) @BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN) @RequestMapping(value = "stateless", method = {RequestMethod.POST, RequestMethod.GET}) @ResponseBody public Object stateless(@RequestParam String username, @RequestParam String password, String captcha, @ApiIgnore HttpServletRequest request, @ApiIgnore Model model) { // 直接响应登录成功的提醒 if (SubjectUtils.isAuthenticated()) { // 响应成功状态信息 return ResultUtils.success("Login Success."); } // 响应成功状态信息 Map<String, Object> data = new HashMap<String, Object>(); data.put("status", STATUS_FAIL); String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); // 已经超出了重试限制,需要进行提醒 if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.captcha.required")); data.put("captcha", "required"); } // 验证码错误 else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.captcha.incorrect")); data.put("captcha", "required"); } // 验证码失效 else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.captcha.invalid")); data.put("captcha", "required"); } // 账号或密码为空 else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.empty")); } // 账户或密码错误 else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.invalid")); } // 账户没有启用 else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.disabled")); } // 该用户无所属角色,禁止登录 else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.nonerole")); } else if(StringUtils.isNotEmpty(ERROR_VALUE)) { data.put("message", "Authentication Failure."); } return data; }
Example #14
Source File: AuthzLoginController.java From spring-boot-starter-samples with Apache License 2.0 | 4 votes |
@ApiOperation(value = "login:stateful", notes = "用户登录(有状态会话)") @ApiImplicitParams({ @ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"), @ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") }) @BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN) @RequestMapping(value = "stateful", method = {RequestMethod.POST, RequestMethod.GET}) public String stateful(@RequestParam(required = false) String username, @RequestParam(required = false) String password, @RequestParam(required = false) String captcha, @ApiIgnore HttpServletRequest request, @ApiIgnore Model model) { // 如果有请求参数forceLogout表示是管理员强制退出的,在界面上显示相应的信息。 if(request.getParameter("forceLogout") != null) { model.addAttribute("message", "您已经被管理员强制退出,请重新登录"); model.addAttribute("forceLogout", "true"); } // 如果用户已登录,直接转发到首页 if (SubjectUtils.isAuthenticated()) { return "redirect:/index"; } String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); // 已经超出了重试限制,需要进行提醒 if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.captcha.required")); model.addAttribute("captcha", "required"); } // 验证码错误 else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.captcha.incorrect")); model.addAttribute("captcha", "required"); } // 验证码失效 else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.captcha.invalid")); model.addAttribute("captcha", "required"); } // 账号或密码为空 else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.empty")); } // 账户或密码错误 else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.invalid")); } // 账户没有启用 else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.disabled")); } // 该用户无所属角色,禁止登录 else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.nonerole")); } else if(StringUtils.isNotEmpty(ERROR_VALUE)) { model.addAttribute("message", "Authentication Failure."); } /*String kick = request.getParameter("kickout"); if (StringUtils.equals("1", kick)) { model.addAttribute("message", getMessage("login.account.kickout")); }*/ return "html/authz/rbac0/login"; }
Example #15
Source File: UserRealm.java From MultimediaDesktop with Apache License 2.0 | 4 votes |
/** * 认证回调函数,登录时调用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { SystemLoginToken token = (SystemLoginToken) authcToken; if (token.getUsername() == null) { throw new AccountException("提交表单未包含用户名."); } // 增加判断验证码逻辑 String captcha = token.getCaptcha(); String exitCode = (String) SecurityUtils .getSubject() .getSession() .getAttribute( com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY); if (null == captcha || !captcha.equalsIgnoreCase(exitCode)) { throw new ValidateCodeException("验证码错误"); } UserLoginDto user = userservice.login(token.getUsername()); if (user == null) { return null; } log.info("[用户登录]-[获取登录用户信息]-返回数据结果:" + ToStringBuilder.reflectionToString(user)); if (user != null && UserConstant.SUCCESS == user.getResult()) { // 用户没有被验证 if (!user.isvStatus()) { log.info("用户没有通过邮箱验证."); throw new UnValidationAccountException(); } if(user.isDisable()&&UserDisableReason.登录超过限制.equals(user.getDisableReason())){ throw new LockedAccountException(); } // 用户被锁定 if (user.isDisable()) { log.info("用户被禁止登录."); throw new DisabledAccountException(); } byte[] salt = Encodes.decodeHex(user.getSalt()); return new SimpleAuthenticationInfo(new ShiroUser(user.getId(), user.getName(), user.getRole()), user.getPassword(), ByteSource.Util.bytes(salt), getName()); } throw new UnknownAccountException(); }
Example #16
Source File: AuthzLoginController.java From spring-boot-starter-samples with Apache License 2.0 | 4 votes |
@ApiOperation(value = "login:stateless", notes = "用户登录(无状态会话)") @ApiImplicitParams({ @ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"), @ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") }) @BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN) @RequestMapping(value = "stateless", method = {RequestMethod.POST, RequestMethod.GET}) @ResponseBody public Object stateless(@RequestParam String username, @RequestParam String password, String captcha, @ApiIgnore HttpServletRequest request, @ApiIgnore Model model) { // 直接响应登录成功的提醒 if (SubjectUtils.isAuthenticated()) { // 响应成功状态信息 return ResultUtils.success("Login Success."); } // 响应成功状态信息 Map<String, Object> data = new HashMap<String, Object>(); data.put("status", STATUS_FAIL); String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); // 已经超出了重试限制,需要进行提醒 if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.captcha.required")); data.put("captcha", "required"); } // 验证码错误 else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.captcha.incorrect")); data.put("captcha", "required"); } // 验证码失效 else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.captcha.invalid")); data.put("captcha", "required"); } // 账号或密码为空 else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.empty")); } // 账户或密码错误 else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.invalid")); } // 账户没有启用 else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.disabled")); } // 该用户无所属角色,禁止登录 else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) { data.put("message", getMessage("login.account.nonerole")); } else if(StringUtils.isNotEmpty(ERROR_VALUE)) { data.put("message", "Authentication Failure."); } return data; }
Example #17
Source File: AuthzLoginController.java From spring-boot-starter-samples with Apache License 2.0 | 4 votes |
@ApiOperation(value = "login:stateful", notes = "用户登录(有状态会话)") @ApiImplicitParams({ @ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"), @ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") }) @BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN) @RequestMapping(value = "stateful", method = {RequestMethod.POST, RequestMethod.GET}) public String stateful(@RequestParam(required = false) String username, @RequestParam(required = false) String password, @RequestParam(required = false) String captcha, @ApiIgnore HttpServletRequest request, @ApiIgnore Model model) { // 如果有请求参数forceLogout表示是管理员强制退出的,在界面上显示相应的信息。 if(request.getParameter("forceLogout") != null) { model.addAttribute("message", "您已经被管理员强制退出,请重新登录"); model.addAttribute("forceLogout", "true"); } // 如果用户已登录,直接转发到首页 if (SubjectUtils.isAuthenticated()) { return "redirect:/index"; } String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME); // 已经超出了重试限制,需要进行提醒 if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.captcha.required")); model.addAttribute("captcha", "required"); } // 验证码错误 else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.captcha.incorrect")); model.addAttribute("captcha", "required"); } // 验证码失效 else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.captcha.invalid")); model.addAttribute("captcha", "required"); } // 账号或密码为空 else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.empty")); } // 账户或密码错误 else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.invalid")); } // 账户没有启用 else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.disabled")); } // 该用户无所属角色,禁止登录 else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) { model.addAttribute("message", getMessage("login.account.nonerole")); } else if(StringUtils.isNotEmpty(ERROR_VALUE)) { model.addAttribute("message", "Authentication Failure."); } /*String kick = request.getParameter("kickout"); if (StringUtils.equals("1", kick)) { model.addAttribute("message", getMessage("login.account.kickout")); }*/ return "html/authz/rbac0/login"; }