Index: ssts-web/src/test/java/test/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManagerTests.java =================================================================== diff -u -r40732 -r40787 --- ssts-web/src/test/java/test/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManagerTests.java (.../SupplyRoomConfigManagerTests.java) (revision 40732) +++ ssts-web/src/test/java/test/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManagerTests.java (.../SupplyRoomConfigManagerTests.java) (revision 40787) @@ -4,18 +4,26 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertFalse; + import java.util.Arrays; +import java.util.HashSet; +import java.util.List; import java.util.Set; import java.util.stream.Collectors; import net.sf.json.JSONArray; +import org.apache.commons.collections.CollectionUtils; import org.junit.Before; import org.junit.Test; import com.forgon.Constants; +import com.forgon.disinfectsystem.entity.basedatamanager.supplyroomconfig.SupplyRoomConfig; import com.forgon.disinfectsystem.entity.basedatamanager.toussedefinition.AutobasketInsertionConfig; import com.forgon.disinfectsystem.entity.basedatamanager.toussedefinition.TousseDefinition; +import com.forgon.security.model.Role; +import com.forgon.tools.IPAddressValidator; +import com.forgon.tools.util.ConfigUtils; import test.forgon.disinfectsystem.AbstractCSSDTest; @@ -103,4 +111,58 @@ return objectDao.getLongSet( "SELECT tousseDefinitionAncestorID FROM " + AutobasketInsertionConfig.class.getSimpleName()); } + + /** + * 登录IP地址是否合法的测试用例 + */ + @Test + public void testIsValideAdministratorLoginIP(){ + boolean enableAdministratorLoginIPRestriction = ConfigUtils.getSystemSetConfigByNameBool("enableAdministratorLoginIPRestriction"); + if(!enableAdministratorLoginIPRestriction){ + return; + } + SupplyRoomConfig supplyRoomConfig = supplyRoomConfigManager.getSystemParamsObj(); + supplyRoomConfig.setAdminLoginStartIP("192.168.2.10"); + supplyRoomConfig.setAdminLoginEndIP("192.168.2.20"); + + Set userAllRoles = new HashSet(); + Role administratorRole = new Role(); + administratorRole.setName("ROLE_ADMINISTRATOR_0"); + userAllRoles.add(administratorRole); + + //192.168.2.10的地址为合法地址 + String loginIp1 = "192.168.2.10"; + boolean isValide1 = supplyRoomConfigManager.isValideAdministratorLoginIP(loginIp1, userAllRoles); + assertTrue(isValide1); + + //192.168.2.2的地址为非法地址 + String loginIp2 = "192.168.2.2"; + boolean isValide2 = supplyRoomConfigManager.isValideAdministratorLoginIP(loginIp2, userAllRoles); + assertFalse(isValide2); + + //127.0.0.1的地址为合法地址 + String loginIp3 = "127.0.0.1"; + boolean isValide3 = supplyRoomConfigManager.isValideAdministratorLoginIP(loginIp3, userAllRoles); + assertTrue(isValide3); + + //服务器的地址为合法地址 + List serverIps = IPAddressValidator.getServerIps(); + if(CollectionUtils.isNotEmpty(serverIps)){ + assertTrue(supplyRoomConfigManager.isValideAdministratorLoginIP(serverIps.get(0), userAllRoles)); + } + + //登录用户非管理员时,不做IP合法性检查 + String loginIp4 = "192.168.2.2"; + boolean isValide4 = supplyRoomConfigManager.isValideAdministratorLoginIP(loginIp4, null); + assertTrue(isValide4); + + //没有设置管理员登录IP地址范围,所有IP都是合法地址 + supplyRoomConfig.setAdminLoginStartIP(null); + supplyRoomConfig.setAdminLoginEndIP(null); + String loginIp5 = "192.168.2.2"; + boolean isValide5 = supplyRoomConfigManager.isValideAdministratorLoginIP(loginIp5, userAllRoles); + assertTrue(isValide5); + + } + } Index: ssts-basedata/src/main/java/com/forgon/disinfectsystem/entity/basedatamanager/supplyroomconfig/SupplyRoomConfig.java =================================================================== diff -u -r40748 -r40787 --- ssts-basedata/src/main/java/com/forgon/disinfectsystem/entity/basedatamanager/supplyroomconfig/SupplyRoomConfig.java (.../SupplyRoomConfig.java) (revision 40748) +++ ssts-basedata/src/main/java/com/forgon/disinfectsystem/entity/basedatamanager/supplyroomconfig/SupplyRoomConfig.java (.../SupplyRoomConfig.java) (revision 40787) @@ -775,6 +775,19 @@ private String deviceMaintenanceUpdateMode = MODIFY_THROUGH_ADMINISTRATIVE_PERMISSIONS; public static final String MODIFY_THROUGH_ADMINISTRATIVE_PERMISSIONS = "通过管理权限进行修改"; public static final String ONLY_THE_REGISTRANT_CAN_MAKE_MODIFICATIONS = "仅登记人可以修改"; + + /** + * 管理员登录IP地址范围的开始IP + * QYSRMYY-78 + */ + private String adminLoginStartIP; + + /** + * 管理员登录IP地址范围的结束IP + * QYSRMYY-78 + */ + private String adminLoginEndIP; + @Id @GeneratedValue(strategy = GenerationType.AUTO) public Long getId() { @@ -1929,4 +1942,20 @@ public void setUserPasswordResetLimitDate(Date userPasswordResetLimitDate) { this.userPasswordResetLimitDate = userPasswordResetLimitDate; } + + public String getAdminLoginStartIP() { + return adminLoginStartIP; + } + + public void setAdminLoginStartIP(String adminLoginStartIP) { + this.adminLoginStartIP = adminLoginStartIP; + } + + public String getAdminLoginEndIP() { + return adminLoginEndIP; + } + + public void setAdminLoginEndIP(String adminLoginEndIP) { + this.adminLoginEndIP = adminLoginEndIP; + } } Index: ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManager.java =================================================================== diff -u -r40730 -r40787 --- ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManager.java (.../SupplyRoomConfigManager.java) (revision 40730) +++ ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManager.java (.../SupplyRoomConfigManager.java) (revision 40787) @@ -12,6 +12,7 @@ import com.forgon.directory.model.OrgUnit; import com.forgon.directory.vo.LoginUserData; import com.forgon.disinfectsystem.entity.basedatamanager.supplyroomconfig.SupplyRoomConfig; +import com.forgon.security.model.Role; import com.forgon.tools.hibernate.BasePoManager; /** @@ -343,4 +344,13 @@ * 获取已设置不自动审核入框的包 */ public JSONArray getAutobasketInsertionConfig(); + + /** + * 登录IP地址是否合法 + * @param ip 登录IP地址 + * @param allRoles 角色 + * @return true/false + */ + public boolean isValideAdministratorLoginIP(String loginIp, Set allRoles); + } Index: ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManagerImpl.java =================================================================== diff -u -r40730 -r40787 --- ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManagerImpl.java (.../SupplyRoomConfigManagerImpl.java) (revision 40730) +++ ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/service/SupplyRoomConfigManagerImpl.java (.../SupplyRoomConfigManagerImpl.java) (revision 40787) @@ -2,6 +2,7 @@ import java.io.File; import java.math.BigDecimal; +import java.math.BigInteger; import java.sql.ResultSet; import java.sql.SQLException; import java.util.ArrayList; @@ -36,6 +37,8 @@ import com.forgon.disinfectsystem.entity.basedatamanager.toussedefinition.TousseDefinition; import com.forgon.disinfectsystem.systemsetting.service.SystemSettingManager; import com.forgon.exception.SystemException; +import com.forgon.security.model.Role; +import com.forgon.tools.IPAddressValidator; import com.forgon.tools.MathTools; import com.forgon.tools.cache.ForgonThreadLocalResourceManager; import com.forgon.tools.db.DatabaseUtil; @@ -1307,4 +1310,57 @@ } return arr; } + + @Override + public boolean isValideAdministratorLoginIP(String loginIp, Set allRoles) { + boolean enableAdministratorLoginIPRestriction = ConfigUtils.getSystemSetConfigByNameBool("enableAdministratorLoginIPRestriction"); + if(!enableAdministratorLoginIPRestriction){ + return true; + } + if(StringUtils.isBlank(loginIp)){ + throw new SystemException("IP地址无效!"); + } + + //判断是否管理员 + boolean hasAdministratorRole = false; + if(CollectionUtils.isNotEmpty(allRoles)){ + for (Role role : allRoles) { + if(StringUtils.equals(role.getName(), "ROLE_ADMINISTRATOR_0")){ + hasAdministratorRole = true; + break; + } + } + } + + if(!hasAdministratorRole){ + //非管理员不做IP限制 + return true; + } + + List serverIps = IPAddressValidator.getServerIps(); + if(CollectionUtils.isNotEmpty(serverIps) && serverIps.contains(loginIp)){ + //本机IP地址默认为合法IP + return true; + } + + if("127.0.0.1".equals(loginIp) || "0:0:0:0:0:0:0:1".equals(loginIp) || "::1".equals(loginIp)){ + //本机IP地址默认为合法IP + return true; + } + + SupplyRoomConfig supplyRoomConfig = this.getSystemParamsObj(); + if(StringUtils.isBlank(supplyRoomConfig.getAdminLoginStartIP()) || StringUtils.isBlank(supplyRoomConfig.getAdminLoginEndIP())){ + //不做校验,默认都为合法IP + return true; + } + + BigInteger loginIpBigInteger = IPAddressValidator.ipToBigInteger(loginIp); + BigInteger startIPBigInteger = IPAddressValidator.ipToBigInteger(supplyRoomConfig.getAdminLoginStartIP()); + BigInteger endIPIpBigInteger = IPAddressValidator.ipToBigInteger(supplyRoomConfig.getAdminLoginEndIP()); + if(loginIpBigInteger == null || startIPBigInteger == null || endIPIpBigInteger == null){ + throw new SystemException("IP地址无效!"); + } + return loginIpBigInteger.compareTo(startIPBigInteger) >=0 && loginIpBigInteger.compareTo(endIPIpBigInteger) <=0; + } + } Index: forgon-tools/src/main/java/com/forgon/tools/IPAddressValidator.java =================================================================== diff -u -r12331 -r40787 --- forgon-tools/src/main/java/com/forgon/tools/IPAddressValidator.java (.../IPAddressValidator.java) (revision 12331) +++ forgon-tools/src/main/java/com/forgon/tools/IPAddressValidator.java (.../IPAddressValidator.java) (revision 40787) @@ -1,8 +1,20 @@ package com.forgon.tools; +import java.math.BigInteger; +import java.net.InetAddress; +import java.net.NetworkInterface; +import java.net.SocketException; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; + import com.forgon.tools.string.StringTools; public class IPAddressValidator{ @@ -49,5 +61,129 @@ return isValid; } - + + /** + * ip地址是否合法 + * @param ip ip地址 + * @return true/false + */ + public static boolean isValidIp(String ip){ + if(StringUtils.isBlank(ip)){ + return false; + } + try { + InetAddress inetAddress = InetAddress.getByName(ip); + return inetAddress.getHostAddress().equals(ip); + } catch (Exception e) { + e.printStackTrace(); + } + return false; + } + + /** + * IP地址范围是否合法(startIp <= endIp) + * @param startIp + * @param endIp + * @return true/false + */ + public static boolean isValidIpRange(String startIp, String endIp){ + if(StringUtils.isBlank(startIp) || StringUtils.isBlank(endIp)){ + return false; + } + try { + BigInteger startIpBigInteger = ipToBigInteger(startIp); + BigInteger endIpBigInteger = ipToBigInteger(endIp); + return startIpBigInteger.compareTo(endIpBigInteger) <=0; + } catch (Exception e) { + e.printStackTrace(); + } + return false; + } + + /** + * 将IP地址转换为BigInteger,便于比较大小 + * @param ip IP地址 + * @return BigInteger + */ + public static BigInteger ipToBigInteger(String ip) { + try { + InetAddress inetAddress = InetAddress.getByName(ip); + return new BigInteger(1, inetAddress.getAddress()); + } catch (Exception e) { + e.printStackTrace(); + } + return null; + } + + /** + * 从请求中获取客户端IP + * @param request 请求 + * @return IP + */ + public static String getClientIp(HttpServletRequest request) { + + if(request == null){ + return null; + } + + List ipList = new ArrayList(); + if(StringUtils.isNotBlank(request.getHeader("X-Forwarded-For"))){ + ipList.add(request.getHeader("X-Forwarded-For")); + } + if(StringUtils.isNotBlank(request.getHeader("Proxy-Client-IP"))){ + ipList.add(request.getHeader("Proxy-Client-IP")); + } + if(StringUtils.isNotBlank(request.getHeader("WL-Proxy-Client-IP"))){ + ipList.add(request.getHeader("WL-Proxy-Client-IP")); + } + if(StringUtils.isNotBlank(request.getHeader("HTTP_CLIENT_IP"))){ + ipList.add(request.getHeader("HTTP_CLIENT_IP")); + } + if(StringUtils.isNotBlank(request.getHeader("HTTP_X_FORWARDED_FOR"))){ + ipList.add(request.getHeader("HTTP_X_FORWARDED_FOR")); + } + + if(CollectionUtils.isNotEmpty(ipList)){ + for (String ip : ipList) { + if(ip.indexOf(",") > 0) { + ip = ip.substring(0, ip.indexOf(",")); + } + ip = ip.trim(); + if(isValidIp(ip)){ + return ip; + } + } + } + + return request.getRemoteAddr(); + } + + /** + * 获取服务器所有IP + * @return 服务器所有IP + * @throws SocketException + */ + public static List getServerIps() { + List ips = new ArrayList<>(); + try { + Enumeration networkInterfaces = NetworkInterface.getNetworkInterfaces(); + + while (networkInterfaces.hasMoreElements()) { + NetworkInterface networkInterface = networkInterfaces.nextElement(); + Enumeration inetAddresses = networkInterface.getInetAddresses(); + + while (inetAddresses.hasMoreElements()) { + InetAddress inetAddress = inetAddresses.nextElement(); + if (!inetAddress.isLoopbackAddress() && !inetAddress.isLinkLocalAddress()) { + ips.add(inetAddress.getHostAddress()); + } + } + } + } catch (Exception e) { + e.printStackTrace(); + } + + return ips; + } + } \ No newline at end of file Index: ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/action/SupplyRoomConfigAction.java =================================================================== diff -u -r40748 -r40787 --- ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/action/SupplyRoomConfigAction.java (.../SupplyRoomConfigAction.java) (revision 40748) +++ ssts-basedata/src/main/java/com/forgon/disinfectsystem/basedatamanager/supplyroomconfig/action/SupplyRoomConfigAction.java (.../SupplyRoomConfigAction.java) (revision 40787) @@ -38,7 +38,6 @@ import com.forgon.disinfectsystem.entity.basedatamanager.supplyroomconfig.InstrumentRepairRemindOrgUnit; import com.forgon.disinfectsystem.entity.basedatamanager.supplyroomconfig.SupplyRoomConfig; import com.forgon.disinfectsystem.entity.basedatamanager.taskGroup.TaskGroup; -import com.forgon.disinfectsystem.entity.basedatamanager.toussedefinition.AutobasketInsertionConfig; import com.forgon.disinfectsystem.entity.basedatamanager.toussedefinition.TousseDefinition; import com.forgon.disinfectsystem.entity.urgent.UrgentLevel; import com.forgon.entity.PageEntity; @@ -47,6 +46,7 @@ import com.forgon.tools.Constants; import com.forgon.tools.GB2Alpha; import com.forgon.tools.GB2WB; +import com.forgon.tools.IPAddressValidator; import com.forgon.tools.MathTools; import com.forgon.tools.StrutsParamUtils; import com.forgon.tools.StrutsResponseUtils; @@ -1467,6 +1467,34 @@ supplyRoomConfig.setUserPasswordResetLimitDate(null); } } + + //启用限制管理员登录IP的功能QYSRMYY-78 + boolean enableAdministratorLoginIPRestriction = ConfigUtils.getSystemSetConfigByNameBool("enableAdministratorLoginIPRestriction"); + if(enableAdministratorLoginIPRestriction){ + String adminLoginStartIP = rq.getParameter("adminLoginStartIP"); + String adminLoginEndIP = rq.getParameter("adminLoginEndIP"); + if(StringUtils.isNotBlank(adminLoginStartIP) || StringUtils.isNotBlank(adminLoginEndIP)){ + if(!IPAddressValidator.isValidIp(adminLoginStartIP)){ + //“管理员登录起始IP地址”无效 + StrutsResponseUtils.output(false, "管理员登录IP地址范围需要设置完整的起始和结束范围,请修改后再保存。"); + return; + } + if(!IPAddressValidator.isValidIp(adminLoginEndIP)){ + //“管理员登录结束IP地址”无效 + StrutsResponseUtils.output(false, "管理员登录IP地址范围需要设置完整的起始和结束范围,请修改后再保存。"); + return; + } + if(StringUtils.isNotBlank(adminLoginStartIP) && StringUtils.isNotBlank(adminLoginEndIP)){ + if(!IPAddressValidator.isValidIpRange(adminLoginStartIP, adminLoginEndIP)){ + //“管理员登录IP地址范围”无效 + StrutsResponseUtils.output(false, "管理员登录IP地址范围起始IP地址不能大于结束IP地址。"); + return; + } + } + } + supplyRoomConfig.setAdminLoginStartIP(adminLoginStartIP); + supplyRoomConfig.setAdminLoginEndIP(adminLoginEndIP); + } supplyRoomConfigManager.save(supplyRoomConfig); Index: forgon-core/src/main/java/com/forgon/security/service/IpLoginLockRecordManagerImpl.java =================================================================== diff -u -r40542 -r40787 --- forgon-core/src/main/java/com/forgon/security/service/IpLoginLockRecordManagerImpl.java (.../IpLoginLockRecordManagerImpl.java) (revision 40542) +++ forgon-core/src/main/java/com/forgon/security/service/IpLoginLockRecordManagerImpl.java (.../IpLoginLockRecordManagerImpl.java) (revision 40787) @@ -13,6 +13,7 @@ import com.forgon.runwithtrans.model.RunWithTransNewTask; import com.forgon.runwithtrans.service.RunWithTransNewManager; import com.forgon.security.model.IpLoginLockRecord; +import com.forgon.tools.IPAddressValidator; import com.forgon.tools.hibernate.BasePoManagerImpl; import com.forgon.tools.util.ConfigUtils; import com.forgon.tools.util.ForgonDateUtils; @@ -31,7 +32,7 @@ return; } - String ip = request.getRemoteAddr(); + String ip = IPAddressValidator.getClientIp(request); if(StringUtils.isBlank(ip)){ return; } Index: ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java =================================================================== diff -u -r40755 -r40787 --- ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java (.../DaoUserDetailSSTSImpl.java) (revision 40755) +++ ssts-web/src/main/java/com/forgon/disinfectsystem/security/userdetails/DaoUserDetailSSTSImpl.java (.../DaoUserDetailSSTSImpl.java) (revision 40787) @@ -54,6 +54,7 @@ import com.forgon.security.service.UserManager; import com.forgon.security.tools.Util; import com.forgon.security.userdetails.UserContainsSessionUser; +import com.forgon.tools.IPAddressValidator; import com.forgon.tools.crypto.coder.CoderEncryption; import com.forgon.tools.crypto.rsa.RSAEncrypt; import com.forgon.tools.string.StringTools; @@ -150,6 +151,8 @@ if(requestAttributes != null){ request = ((ServletRequestAttributes)requestAttributes).getRequest(); } + //客户端IP地址 + String clientIp = IPAddressValidator.getClientIp(request); //判断当前登录IP是否被锁定(GZSZYY-119【登录管理】新增多个登录功能改进(IP登录失败锁定次数,验证码刷新规则修改)) if(request != null){ ipLoginLockRecordManager.isLockedIP(request); @@ -199,7 +202,7 @@ userLogonRecord.setSucc(UserLogonRecord.SUCC_FALSE); if(request != null){ request.getSession().setAttribute("message", messageCommon); - userLogonRecord.setIp(request.getRemoteAddr()); + userLogonRecord.setIp(clientIp); } //插入登录记录 userManager.insertUserLogonRecord(userLogonRecord); @@ -211,6 +214,8 @@ if(request != null){ request.getSession().removeAttribute("message"); } + //判断登录IP是否合法QYSRMYY-78 + isValideLoginIp(request, getCurrentLoginedUserRoles(currentLoginedUser)); } if(!currentLoginedUser.isEnabled()){ @@ -260,7 +265,7 @@ logger.info(messageAfterLocked); if(request != null){ request.getSession().setAttribute("message", messageCommon); - userLogonRecord.setIp(request.getRemoteAddr()); + userLogonRecord.setIp(clientIp); } //插入登录记录 userManager.insertUserLogonRecord(userLogonRecord); @@ -328,7 +333,7 @@ } if(request != null){ request.getSession().setAttribute("message", logonFailNoticeMessage); - userLogonRecord.setIp(request.getRemoteAddr()); + userLogonRecord.setIp(clientIp); } //插入登录记录 userManager.insertUserLogonRecord(userLogonRecord); @@ -340,7 +345,7 @@ } userLogonRecord.setSucc(UserLogonRecord.SUCC_TRUE); if(request != null){ - userLogonRecord.setIp(request.getRemoteAddr()); + userLogonRecord.setIp(clientIp); } //第一次登录时,需要修改密码;检查密码复杂度;GZSZYY-121 @@ -458,7 +463,7 @@ //登录成功后,修改用户的最后在线时间FSSZYY-37 userManager.updateUserLastOnlineTime(currentLoginedUser.getId(), new Date(), false); //登录成功后,清除IP登录失败次数GZSZYY-119 - ipLoginLockRecordManager.clearIpLoginFailCount(request == null ? null : request.getRemoteAddr()); + ipLoginLockRecordManager.clearIpLoginFailCount(clientIp); UserDetails acegiUser = new UserContainsSessionUser( authenticationUserName,password, @@ -469,6 +474,34 @@ } /** + * 判断登录IP是否合法QYSRMYY-78 + * @param request 请求 + * @param allRoles 登录用户角色 + */ + private void isValideLoginIp(HttpServletRequest request, Set allRoles) { + boolean enableAdministratorLoginIPRestriction = ConfigUtils.getSystemSetConfigByNameBool("enableAdministratorLoginIPRestriction"); + if(!enableAdministratorLoginIPRestriction){ + return; + } + if(request == null || CollectionUtils.isEmpty(allRoles)){ + return; + } + if(request != null){ + String loginIp = IPAddressValidator.getClientIp(request); + if(StringUtils.isNotBlank(loginIp) && !supplyRoomConfigManager.isValideAdministratorLoginIP(loginIp, allRoles)){ + //记录ip登录失败记录(GZSZYY-119【登录管理】新增多个登录功能改进(ip登录失败锁定次数,验证码刷新规则修改)) + recordLoginFailIp(request); + String message = "该账户无法在当前终端登录,请使用指定的终端登录。"; + logger.error(message + "ip=" + loginIp); + if(request != null){ + request.getSession().setAttribute("message", message); + } + throw new DisabledException(message); + } + } + } + + /** * 第一次登录时,需要修改密码;检查密码复杂度; * @param currentLoginedUser 当前登录用户 * @param j_passwordAfterRsaDecrypt 用户登录密码 @@ -504,7 +537,7 @@ if(request == null){ return; } - String ip = request.getRemoteAddr(); + String ip = IPAddressValidator.getClientIp(request); if(StringUtils.isBlank(ip)){ return; }