优化log

src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java

@@ -171,16 +171,15 @@ public class CaptchaFiniteValidateAdvisor {
       LOGGER.info("参数无效, credential:{}", credential);
       return null;
     }
-    // 当前用户手机号
+    // 当前用户手机号和密码
     String phoneNo = credentialArr[0];
-    // 当前请求的SingleToken
     String password = credentialArr[1];
     headerParamValid = headerParamValid && ValidationUtil.validatePhoneNo(phoneNo) && StringUtils.isNotBlank(password);
     if (!headerParamValid) {
       LOGGER.info("参数无效, credential:{}, phoneNo:{}, password:{}", credential, phoneNo, password);
       return null;
     }
-    LOGGER.info("账密登录, phoneNo:{}, password:{}", phoneNo, password);
+    LOGGER.info("账密登录, phoneNo:{}", phoneNo);
     Map<String, String> phonePasswordMap = new HashMap<String, String>(2);
     phonePasswordMap.put("phoneNo", phoneNo);
     phonePasswordMap.put("password", password);

src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidateAdvisor.java

@@ -75,7 +75,7 @@ public class PasswordErrorFiniteValidateAdvisor {
     // 黑名单
     if(redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_BLACK, clientIp)){
       IPUtil.logIp(LOGGER, request);
-      LOGGER.info("Lock_ipv4: locked ip access:{}", clientIp);
+      LOGGER.info("Lock_ipv4: black ip access:{}", clientIp);
       return JsonResult.buildErrorStateResult("登录失败", null);
     }
     String lockIpv4Key = getLockIpv4Key(clientIp);

src/main/java/cn/quantgroup/xyqb/controller/external/lock/LockIpv4Controller.java

@@ -107,7 +107,7 @@ public class LockIpv4Controller implements IBaseController {
         minutes = Integer.valueOf(redisMinutes);
       }
       redisTemplate.opsForValue().set(lockIpv4Key, Boolean.TRUE.toString(), minutes, TimeUnit.MINUTES);
-      LOGGER.info("Lock_ipv4: locked ip access:{}, error overstep {} times in {} minutes, do lock {} minutes", ip, counts, Constants.IPV4_FAILED_COUNT_MINUTES, minutes);
+      LOGGER.info("Lock_ipv4: locked ip Success. ip:{}, error overstep {} times in {} minutes, do lock {} minutes", ip, counts, Constants.IPV4_FAILED_COUNT_MINUTES, minutes);
     }else{
       redisTemplate.delete(lockIpv4Key);
       LOGGER.info("Lock_ipv4: unlocked ip Success. ip:{}", ip);

src/main/java/cn/quantgroup/xyqb/controller/internal/sms/SmsController.java

@@ -349,7 +349,8 @@ public class SmsController implements IBaseController {
     try {
       smsService.getSmsSender().sendMsg(message);
       redisTemplate.opsForValue().set(key, uniqueId + ":" + randomCode, EXPIRE_MINUTES, TimeUnit.MINUTES);
-      deleteRetSendCode(phoneNo);//删除用户重置密码，多次错误逻辑
+      //删除用户重置密码，多次错误逻辑
+      deleteRetSendCode(phoneNo);
       if(needImageVlidate(clientIp,deviceId,phoneNo)){
 
         return JsonResult.buildSuccessResult("发送成功", uniqueId,0003L);

src/main/java/cn/quantgroup/xyqb/interceptors/IPWhiteListInterceptor.java

 package cn.quantgroup.xyqb.interceptors;
 
 import cn.quantgroup.xyqb.util.IPUtil;
-import cn.quantgroup.xyqb.util.ValidationUtil;
-import com.google.common.collect.Sets;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.HandlerInterceptor;
@@ -10,16 +8,15 @@ import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Set;
 
 /**
+ * 内部服务白名单拦截器
  * Created by Administrator on 2017/5/9.
+ * @Modify by renwc
+ * @date 2017-12-06
  */
 public class IPWhiteListInterceptor implements HandlerInterceptor {
     private static final Logger LOGGER = LoggerFactory.getLogger(IPWhiteListInterceptor.class);
-
-    private static final String [] allowIPs = {"139.198.7.123"};
-    private static Set<String> allowIPSet = Sets.newHashSet(allowIPs);
     private Integer isDebug;
 
     public IPWhiteListInterceptor(Integer isDebug) {
@@ -32,10 +29,10 @@ public class IPWhiteListInterceptor implements HandlerInterceptor {
             return true;
         }
         String remoteIP = IPUtil.getRemoteIP(request);
-        if(IPUtil.whiteOf(remoteIP) || ValidationUtil.validateLocalIpv4(remoteIP) || allowIPSet.contains(remoteIP)) {
+        if(IPUtil.whiteOf(remoteIP)) {
             return true;
         }
-        LOGGER.info("非法IP尝试访问,ip:[{}]",remoteIP);
+        LOGGER.info("白名单不匹配拦截：ip={}",remoteIP);
         return false;
     }
 

src/main/java/cn/quantgroup/xyqb/util/IPUtil.java

@@ -26,10 +26,11 @@ public class IPUtil {
    * 172.20.0.0/16 - 3B私有云
    * 172.30.0.0/16 - 3C私有云
    */
-  private static final Set<String> whiteAddr = Sets.newHashSet();
+  private static final Set<String> WHITE_ADDRESS = Sets.newHashSet();
+  private static final String LOCAL_ADDRESS = "127.0.0.1";
   static {
     String[] ips = {"172.16.", "172.20.", "172.30.", "192.168.3.", "192.168.4."};
-    whiteAddr.addAll(Arrays.asList(ips));
+    WHITE_ADDRESS.addAll(Arrays.asList(ips));
   }
 
   /**
@@ -39,7 +40,7 @@ public class IPUtil {
    */
   public static final boolean whiteOf(String ipv4){
     if(ValidationUtil.validateIpv4(ipv4)){
-      for(String ipField : whiteAddr){
+      for(String ipField : WHITE_ADDRESS){
         if(ipv4.startsWith(ipField)){
           return true;
         }
@@ -71,7 +72,7 @@ public class IPUtil {
    */
   public static String getRemoteIP(HttpServletRequest request) {
     String ip = request.getHeader("x-original-client-ip");
-    if (ValidationUtil.validateIpv4(ip) && !ip.startsWith("127.")) {
+    if (ValidationUtil.validateIpv4(ip) && !Objects.equals(LOCAL_ADDRESS, ip)) {
       return ip;
     }