org.apache.shiro.authc.DisabledAccountException Java Examples

/**
 * 用户登录的身份验证方法
 * 
 */
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;

       String username = usernamePasswordToken.getUsername();
       
       if (username == null) {
           throw new AccountException("用户名不能为空");
       }
       
       User user = accountManager.getUserByUsername(username);
       
       if (user == null) {
           throw new UnknownAccountException("用户不存在");
       }
       
       if (user.getState().equals(State.Disable.getValue())) {
       	 throw new DisabledAccountException("你的账户已被禁用,请联系管理员开通.");
       }
       
       SessionVariable model = new SessionVariable(user);
       
       return new SimpleAuthenticationInfo(model,user.getPassword(),getName());
}
 

/**
 * 认证回调函数,登录时调用.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
        throws AuthenticationException {
    UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
    User user = accountService.findUserByLoginName(token.getUsername());
    if (user != null) {
        if (user.getStatus().equals("0")) {//disable
            throw new DisabledAccountException();
        }

        //用户对应的Menu信息
        List<Menu> menus = accountService.findMenuByUserID(user.getId());
        Subject currentUser = SecurityUtils.getSubject();
        Session session = currentUser.getSession();
        session.setAttribute("menuList", menus);

        byte[] salt = Encodes.decodeHex(user.getSalt());
        return new SimpleAuthenticationInfo(new ShiroUser(user.getId(), user.getLoginName(), user.getName()),
                user.getPassword(), ByteSource.Util.bytes(salt), getName());
    } else {
        return null;
    }
}
 

protected void setFailureAttribute(ServletRequest request,
		AuthenticationException ae) {
	String errorMessage = null;

	if (ae instanceof IncorrectCredentialsException) {
		errorMessage = "密码错误,输入错误超过当日限制,将锁定账户";
		// 登录失败日志记录
		logLoginStatus(request, LoginType.登录失败);
	} else if (ae instanceof ValidateCodeException) {
		errorMessage = "验证码错误";
	} else if (ae instanceof UnValidationAccountException) {
		errorMessage = "账号未被验证";
	} else if (ae instanceof LockedAccountException) {
		errorMessage = "密码输入错误超过当日限制,请明天再试";
	} else if (ae instanceof DisabledAccountException) {
		errorMessage = "账号被管理员锁定";
	} else if (ae instanceof UnknownAccountException) {
		errorMessage = "账号不存在";
	} else {
		errorMessage = "未知错误";
		log.fatal("登录错误-未知错误，请管理员检查", ae);
	}

	request.setAttribute(getFailureKeyAttribute(), errorMessage);
}
 

/**
 * 用户登录
 * @return
 */
@MumuLog(name = "用户登录",operater = "POST")
@RequestMapping(value = "/login",method = {RequestMethod.POST})
public ModelAndView logining(HttpServletRequest request){
    String exceptionClassName = (String) request.getAttribute("shiroLoginFailure");
    String error = null;
    if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
        error = "用户名/密码错误";
    } else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
        error = "用户名/密码错误";
    } else if(ExcessiveAttemptsException.class.getName().equals(exceptionClassName)){
        error = "输入错误次数太过，请稍后重试";
    } else if(DisabledAccountException.class.getName().equals(exceptionClassName)){
        error="账户被锁定，请联系管理员";
    }else if(AccountUnActiveException.class.getName().equals(exceptionClassName)){
        error="账户未激活，请登录邮箱激活账号！";
    }else if (exceptionClassName != null) {
        error = "错误提示：" + exceptionClassName;
    }
    Map<String,String> map=new HashMap<String,String>();
    if(error!=null){
        request.setAttribute("shiroLoginFailure", error);
        map.put("code","500");
        map.put("msg","failure");
        map.put("data",error);
        return new ModelAndView("login",map);
    }
    map.put("code","200");
    map.put("msg","success");
    map.put("data","登录成功");

    return new ModelAndView("redirect:/system/index",map);
}
 

@Test
public void testDisabledAuthentication() throws Exception {
  buildTestAuthenticationConfig(CUser.STATUS_DISABLED);
  UsernamePasswordToken upToken = new UsernamePasswordToken("username", "password");

  thrown.expect(DisabledAccountException.class);
  realm.getAuthenticationInfo(upToken);
}
 

@Override
protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) {
  UsernamePasswordToken upToken = (UsernamePasswordToken) token;

  CUser user;
  try {
    user = configuration.readUser(upToken.getUsername());
  }
  catch (UserNotFoundException e) {
    throw new UnknownAccountException("User '" + upToken.getUsername() + "' cannot be retrieved.", e);
  }

  if (user.getPassword() == null) {
    throw new CredentialsException("User '" + upToken.getUsername() + "' has no password, cannot authenticate.");
  }

  if (user.isActive()) {
    // Check for legacy user that has unsalted password hash
    // Update if unsalted password hash and valid credentials were specified
    if (hasLegacyPassword(user) && isValidCredentials(upToken, user)) {
      reHashPassword(user, new String(upToken.getPassword()));
    }

    return createAuthenticationInfo(user);
  }
  else if (CUser.STATUS_DISABLED.equals(user.getStatus())) {
    throw new DisabledAccountException("User '" + upToken.getUsername() + "' is disabled.");
  }
  else {
    throw new AccountException(
        "User '" + upToken.getUsername() + "' is in illegal status '" + user.getStatus() + "'.");
  }
}
 

@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
	if (WebHelper.isAjax((HttpServletRequest) request)) {
		Result result = Result.failure();
		if (e instanceof IncorrectCredentialsException) {
			result.message("密码错误");
		} else if (e instanceof ExpiredCredentialsException) {
			result.message("密码已过期");
		} else if (e instanceof UnknownAccountException) {
			result.message("该账号不存在");
		} else if (e instanceof DisabledAccountException) {
			result.message("该账号已禁用");
		} else if (e instanceof LockedAccountException) {
			result.message("该账号已锁定");
		} else if (e instanceof AccountException) {
			result.message("账号错误");
		} else if (e instanceof CredentialsException) {
			result.message("密码错误");
		}
		try {
			writeObject(request, response, result);
		} catch (IOException ex) {
			throw new RuntimeException(ex);
		}
		return false;
	}
	return super.onLoginFailure(token, e, request, response);
}
 

/**
 * 重写父类方法，当登录失败将异常信息设置到 request 的 attribute 中
 */
@Override
protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) {
    if (ae instanceof CaptchaException) {
        request.setAttribute(getFailureKeyAttribute(), "验证码不正确");
    } else if (ae instanceof IncorrectCredentialsException) {
        request.setAttribute(getFailureKeyAttribute(), "用户名或密码错误");
    } else if (ae instanceof DisabledAccountException) {
        request.setAttribute(getFailureKeyAttribute(), "你的账户已被禁用");
    } else {
        request.setAttribute(getFailureKeyAttribute(), "服务器出现异常");
    }
}
 

/**
 * 账号被冻结异常
 */
@ExceptionHandler(DisabledAccountException.class)
@ResponseStatus(HttpStatus.UNAUTHORIZED)
public String accountLocked(DisabledAccountException e, Model model) {
    String username = getRequest().getParameter("username");
    LogManager.me().executeLog(LogTaskFactory.loginLog(username, "账号被冻结", getIp()));
    model.addAttribute("tips", "账号被冻结");
    return "/login.html";
}
 

@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	
	UsernamePasswordToken upToken = (UsernamePasswordToken) token;
	
	if( !StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null ){
		throw new UnknownAccountException("Username or password is required.");
	}
	//密码加密
	String pwd = new String(upToken.getPassword());//Base64.encodeBase64String(new String(upToken.getPassword()).getBytes());
	//账号状态
	Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd);
  		//账号不存在 或 用户名或密码不正确
  		if("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))){
  			throw new InvalidAccountException("Username or password is incorrect, please re-enter.");
  		}
  		// 账号被禁用
	else if ("0".equals(statusMap.get("num_4"))) {
		throw new DisabledAccountException("Account is disabled.");
	}
  		//用户无所属角色
  		else if("0".equals(statusMap.get("num_3"))){
           throw new NoneRoleException();
  		}
  		
  		// 用户主体对象
  		AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd);
  		// 用户角色ID集合
  		List<String> roles = getAuthzUserDao().getRoles(model.getUserid());
  		model.setRoles(Sets.newHashSet(roles.iterator()));
  		model.setRoleid(roles.get(0));
  		// 用户权限标记集合
  		Set<String> perms =  Sets.newHashSet();
	for (String roleid : model.getRoles()) {
		perms.addAll(getAuthzRolePermsDao().getPermissions(roleid));
	}
	model.setPerms(perms);
  		// 认证信息
	return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login");
}
 

@Override
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
	
	UsernamePasswordToken upToken = (UsernamePasswordToken) token;
	
	if( !StringUtils.hasText(upToken.getUsername()) || upToken.getPassword() == null ){
		throw new UnknownAccountException("Username or password is required.");
	}
	//密码加密
	String pwd = new String(upToken.getPassword());//Base64.encodeBase64String(new String(upToken.getPassword()).getBytes());
	//账号状态
	Map<String, String> statusMap = getAuthzLoginDao().getAccountStatus(upToken.getUsername(), pwd);
  		//账号不存在 或 用户名或密码不正确
  		if("0".equals(statusMap.get("num_1")) || "0".equals(statusMap.get("num_2"))){
  			throw new InvalidAccountException("Username or password is incorrect, please re-enter.");
  		}
  		// 账号被禁用
	else if ("0".equals(statusMap.get("num_4"))) {
		throw new DisabledAccountException("Account is disabled.");
	}
  		//用户无所属角色
  		else if("0".equals(statusMap.get("num_3"))){
           throw new NoneRoleException();
  		}
  		
  		// 用户主体对象
  		AuthzLoginModel model = getAuthzLoginDao().getAccount(upToken.getUsername(), pwd);
  		// 用户角色ID集合
  		List<String> roles = getAuthzUserDao().getRoles(model.getUserid());
  		model.setRoles(Sets.newHashSet(roles.iterator()));
  		model.setRoleid(roles.get(0));
  		// 用户权限标记集合
  		Set<String> perms =  Sets.newHashSet();
	for (String roleid : model.getRoles()) {
		perms.addAll(getAuthzRolePermsDao().getPermissions(roleid));
	}
	model.setPerms(perms);
  		// 认证信息
	return new SimpleAuthenticationInfo(model, upToken.getPassword(), "login");
}
 

/**
 * 账号被冻结异常
 */
@ExceptionHandler(DisabledAccountException.class)
@ResponseStatus(HttpStatus.UNAUTHORIZED)
public String accountLocked(DisabledAccountException e, Model model) {
    String username = getRequest().getParameter("username");
    LogManager.me().executeLog(LogTaskFactory.loginLog(username, "账号被冻结", getIp()));
    model.addAttribute("tips", "账号被冻结");
    return "/login.html";
}
 

@ApiOperation(value = "login:stateless", notes = "用户登录（无状态会话）")
@ApiImplicitParams({
	@ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"),
	@ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"),
	@ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") 
})
@BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN)
@RequestMapping(value = "stateless", method = {RequestMethod.POST, RequestMethod.GET})
@ResponseBody
public Object stateless(@RequestParam String username, @RequestParam String password, String captcha,
		@ApiIgnore HttpServletRequest request, @ApiIgnore Model model) {
	
	// 直接响应登录成功的提醒
	if (SubjectUtils.isAuthenticated()) {
		// 响应成功状态信息
		return ResultUtils.success("Login Success.");
	}

	// 响应成功状态信息
	Map<String, Object> data = new HashMap<String, Object>();
	data.put("status", STATUS_FAIL);
		
	String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
	
	// 已经超出了重试限制，需要进行提醒
	if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.captcha.required"));
		data.put("captcha", "required");
	}
	// 验证码错误
	else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.captcha.incorrect"));
		data.put("captcha", "required");
	}
	// 验证码失效
	else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.captcha.invalid"));
		data.put("captcha", "required");
	}
	// 账号或密码为空
	else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.empty"));
	}
	// 账户或密码错误
	else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.invalid"));
	}
	// 账户没有启用
	else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.disabled"));
	}
	// 该用户无所属角色，禁止登录
	else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.nonerole"));
	}
	else if(StringUtils.isNotEmpty(ERROR_VALUE)) {
       	data.put("message", "Authentication Failure.");
       }
	
	return data;
}
 

@ApiOperation(value = "login:stateful", notes = "用户登录（有状态会话）")
@ApiImplicitParams({
	@ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"),
	@ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"),
	@ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") 
})
@BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN)
@RequestMapping(value = "stateful", method = {RequestMethod.POST, RequestMethod.GET})
public String stateful(@RequestParam(required = false) String username, 
		@RequestParam(required = false) String password, @RequestParam(required = false) String captcha,
		@ApiIgnore HttpServletRequest request, @ApiIgnore Model model) {
	
	
	// 如果有请求参数forceLogout表示是管理员强制退出的，在界面上显示相应的信息。
	if(request.getParameter("forceLogout") != null) {  
		model.addAttribute("message", "您已经被管理员强制退出，请重新登录");
		model.addAttribute("forceLogout", "true");
	} 
	
	// 如果用户已登录，直接转发到首页
	if (SubjectUtils.isAuthenticated()) {
		return "redirect:/index";
	}

	String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
	// 已经超出了重试限制，需要进行提醒
	if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.captcha.required"));
		model.addAttribute("captcha", "required");
	}
	// 验证码错误
	else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.captcha.incorrect"));
		model.addAttribute("captcha", "required");
	}
	// 验证码失效
	else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.captcha.invalid"));
		model.addAttribute("captcha", "required");
	}
	// 账号或密码为空
	else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.empty"));
	}
	// 账户或密码错误
	else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.invalid"));
	}
	// 账户没有启用
	else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.disabled"));
	}
	// 该用户无所属角色，禁止登录
	else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.nonerole"));
	}
	else if(StringUtils.isNotEmpty(ERROR_VALUE)) {
       	model.addAttribute("message", "Authentication Failure.");
       }
	
	/*String kick = request.getParameter("kickout");
	if (StringUtils.equals("1", kick)) {
		model.addAttribute("message", getMessage("login.account.kickout"));
	}*/

	return "html/authz/rbac0/login";
}
 

/**
 * 认证回调函数,登录时调用.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
		AuthenticationToken authcToken) throws AuthenticationException {

	SystemLoginToken token = (SystemLoginToken) authcToken;

	if (token.getUsername() == null) {
		throw new AccountException("提交表单未包含用户名.");
	}

	// 增加判断验证码逻辑
	String captcha = token.getCaptcha();
	String exitCode = (String) SecurityUtils
			.getSubject()
			.getSession()
			.getAttribute(
					com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
	if (null == captcha || !captcha.equalsIgnoreCase(exitCode)) {
		throw new ValidateCodeException("验证码错误");
	}

	UserLoginDto user = userservice.login(token.getUsername());

	if (user == null) {
		return null;
	}

	log.info("[用户登录]-[获取登录用户信息]-返回数据结果:"
			+ ToStringBuilder.reflectionToString(user));

	if (user != null && UserConstant.SUCCESS == user.getResult()) {

		// 用户没有被验证
		if (!user.isvStatus()) {
			log.info("用户没有通过邮箱验证.");
			throw new UnValidationAccountException();
		}
		
		if(user.isDisable()&&UserDisableReason.登录超过限制.equals(user.getDisableReason())){
			throw new LockedAccountException();
		}

		// 用户被锁定
		if (user.isDisable()) {
			log.info("用户被禁止登录.");
			throw new DisabledAccountException();
		}

		byte[] salt = Encodes.decodeHex(user.getSalt());

		return new SimpleAuthenticationInfo(new ShiroUser(user.getId(),
				user.getName(), user.getRole()), user.getPassword(),
				ByteSource.Util.bytes(salt), getName());
	}
	throw new UnknownAccountException();
}
 

@ApiOperation(value = "login:stateless", notes = "用户登录（无状态会话）")
@ApiImplicitParams({
	@ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"),
	@ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"),
	@ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") 
})
@BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN)
@RequestMapping(value = "stateless", method = {RequestMethod.POST, RequestMethod.GET})
@ResponseBody
public Object stateless(@RequestParam String username, @RequestParam String password, String captcha,
		@ApiIgnore HttpServletRequest request, @ApiIgnore Model model) {
	
	// 直接响应登录成功的提醒
	if (SubjectUtils.isAuthenticated()) {
		// 响应成功状态信息
		return ResultUtils.success("Login Success.");
	}

	// 响应成功状态信息
	Map<String, Object> data = new HashMap<String, Object>();
	data.put("status", STATUS_FAIL);
		
	String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
	
	// 已经超出了重试限制，需要进行提醒
	if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.captcha.required"));
		data.put("captcha", "required");
	}
	// 验证码错误
	else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.captcha.incorrect"));
		data.put("captcha", "required");
	}
	// 验证码失效
	else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.captcha.invalid"));
		data.put("captcha", "required");
	}
	// 账号或密码为空
	else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.empty"));
	}
	// 账户或密码错误
	else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.invalid"));
	}
	// 账户没有启用
	else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.disabled"));
	}
	// 该用户无所属角色，禁止登录
	else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) {
		data.put("message", getMessage("login.account.nonerole"));
	}
	else if(StringUtils.isNotEmpty(ERROR_VALUE)) {
       	data.put("message", "Authentication Failure.");
       }
	
	return data;
}
 

@ApiOperation(value = "login:stateful", notes = "用户登录（有状态会话）")
@ApiImplicitParams({
	@ApiImplicitParam(name = "username", required = true, value = "登录账户", dataType = "String"),
	@ApiImplicitParam(name = "password", required = true, value = "登录密码", dataType = "String"),
	@ApiImplicitParam(name = "captcha", value = "验证码", dataType = "String") 
})
@BusinessLog(module = Constants.AUTHZ_LOGIN, business = "用户登录", opt = BusinessType.LOGIN)
@RequestMapping(value = "stateful", method = {RequestMethod.POST, RequestMethod.GET})
public String stateful(@RequestParam(required = false) String username, 
		@RequestParam(required = false) String password, @RequestParam(required = false) String captcha,
		@ApiIgnore HttpServletRequest request, @ApiIgnore Model model) {
	
	
	// 如果有请求参数forceLogout表示是管理员强制退出的，在界面上显示相应的信息。
	if(request.getParameter("forceLogout") != null) {  
		model.addAttribute("message", "您已经被管理员强制退出，请重新登录");
		model.addAttribute("forceLogout", "true");
	} 
	
	// 如果用户已登录，直接转发到首页
	if (SubjectUtils.isAuthenticated()) {
		return "redirect:/index";
	}

	String ERROR_VALUE = (String) request.getAttribute(DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);
	// 已经超出了重试限制，需要进行提醒
	if (StringUtils.equals(NoneCaptchaException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.captcha.required"));
		model.addAttribute("captcha", "required");
	}
	// 验证码错误
	else if (StringUtils.equals(IncorrectCaptchaException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.captcha.incorrect"));
		model.addAttribute("captcha", "required");
	}
	// 验证码失效
	else if (StringUtils.equals(InvalidCaptchaException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.captcha.invalid"));
		model.addAttribute("captcha", "required");
	}
	// 账号或密码为空
	else if (StringUtils.equals(UnknownAccountException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.empty"));
	}
	// 账户或密码错误
	else if (StringUtils.equals(InvalidAccountException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.invalid"));
	}
	// 账户没有启用
	else if (StringUtils.equals(DisabledAccountException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.disabled"));
	}
	// 该用户无所属角色，禁止登录
	else if (StringUtils.equals(NoneRoleException.class.getName(), ERROR_VALUE)) {
		model.addAttribute("message", getMessage("login.account.nonerole"));
	}
	else if(StringUtils.isNotEmpty(ERROR_VALUE)) {
       	model.addAttribute("message", "Authentication Failure.");
       }
	
	/*String kick = request.getParameter("kickout");
	if (StringUtils.equals("1", kick)) {
		model.addAttribute("message", getMessage("login.account.kickout"));
	}*/

	return "html/authz/rbac0/login";
}