首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 软件管理 > 软件架构设计 >

spring security3 扩充验证码

2013-11-23 
spring security3 扩展验证码security的登录参数验证主要是经过UsernamePasswordAuthenticationFilter过滤

spring security3 扩展验证码

security的登录参数验证主要是经过UsernamePasswordAuthenticationFilter过滤器

?

所以我们自己写个新的实现类类继承UsernamePasswordAuthenticationFilter,验证码工具我是使用jcaptcha,相信大家对这个也不会感觉陌生吧,至于网上也有很多这样的例子来演示如何扩展了

?

先来写个实现类继承UsernamePasswordAuthenticationFilter

?

[java] view plaincopy
  1. /**??*?重载SECURITY3的UsernamePasswordAuthenticationFilter的attemptAuthentication,?
  2. ?*?obtainUsername,obtainPassword方法(完善逻辑)?增加验证码校验模块?添加验证码属性?添加验证码功能开关属性??*??
  3. ?*?@author?shadow??*?@email?124010356@qq.com?
  4. ?*?@create?2012.04.28??*/??
  5. public?class?UsernamePasswordAuthenticationExtendFilter?extends??????????UsernamePasswordAuthenticationFilter?{??
  6. ??????//?验证码字段??
  7. ????private?String?validateCodeParameter?=?"validateCode";??????//?是否开启验证码功能??
  8. ????private?boolean?openValidateCode?=?false;????
  9. ????@Override??????public?Authentication?attemptAuthentication(HttpServletRequest?request,??
  10. ????????????HttpServletResponse?response)?throws?AuthenticationException?{??????????//?只接受POST方式传递的数据??
  11. ????????if?(!"POST".equals(request.getMethod()))??????????????throw?new?MethodErrorException("不支持非POST方式的请求!");??
  12. ??????????//?开启验证码功能的情况??
  13. ????????if?(isOpenValidateCode())??????????????checkValidateCode(request);??
  14. ??????????//?获取Username和Password??
  15. ????????String?username?=?obtainUsername(request);??????????String?password?=?obtainPassword(request);??
  16. ??????????//?UsernamePasswordAuthenticationToken实现Authentication校验??
  17. ????????UsernamePasswordAuthenticationToken?authRequest?=?new?UsernamePasswordAuthenticationToken(??????????????????username,?password);??
  18. ??????????//?允许子类设置详细属性??
  19. ????????setDetails(request,?authRequest);????
  20. ????????//?运行UserDetailsService的loadUserByUsername?再次封装Authentication??????????return?this.getAuthenticationManager().authenticate(authRequest);??
  21. ????}????
  22. ????//?匹对验证码的正确性??????public?void?checkValidateCode(HttpServletRequest?request)?{??
  23. ??????????String?jcaptchaCode?=?obtainValidateCodeParameter(request);??
  24. ????????if?(null?==?jcaptchaCode)??????????????throw?new?ValidateCodeException("验证码超时,请重新获取!");??
  25. ??????????boolean?b?=?CaptchaServiceSingleton.getInstance()??
  26. ????????????????.validateResponseForID(request.getSession().getId(),??????????????????????????jcaptchaCode);??
  27. ????????if?(!b)??????????????throw?new?ValidateCodeException("验证码不正确,请重新输入!");??
  28. ????}????
  29. ????public?String?obtainValidateCodeParameter(HttpServletRequest?request)?{??????????Object?obj?=?request.getParameter(getValidateCodeParameter());??
  30. ????????return?null?==?obj???""?:?obj.toString().trim();??????}??
  31. ??????@Override??
  32. ????protected?String?obtainUsername(HttpServletRequest?request)?{??????????Object?obj?=?request.getParameter(getUsernameParameter());??
  33. ????????return?null?==?obj???""?:?obj.toString().trim();??????}??
  34. ??????@Override??
  35. ????protected?String?obtainPassword(HttpServletRequest?request)?{??????????Object?obj?=?request.getParameter(getPasswordParameter());??
  36. ????????return?null?==?obj???""?:?obj.toString().trim();??????}??
  37. ??????public?String?getValidateCodeParameter()?{??
  38. ????????return?validateCodeParameter;??????}??
  39. ??????public?void?setValidateCodeParameter(String?validateCodeParameter)?{??
  40. ????????this.validateCodeParameter?=?validateCodeParameter;??????}??
  41. ??????public?boolean?isOpenValidateCode()?{??
  42. ????????return?openValidateCode;??????}??
  43. ??????public?void?setOpenValidateCode(boolean?openValidateCode)?{??
  44. ????????this.openValidateCode?=?openValidateCode;??????}??
  45. ??}??


很明显我们在获取username跟password之前执行一个checkValidateCode()的方法,这里就是先比较验证码,如果失败就直接抛出ValidateCodeException,这个异常自己定义个,

?

只要继承AuthenticationException就可以了

?

?

?

校验成功就直接往下执行比较username,password,然后配置xml的时候class的指向就用自己新的filter,过滤链中使用新 的filter替换掉UsernamePasswordAuthenticationFilter实现类的位置,下面是我自己的xml配置

?

过滤链里的serverCustomUsernamePasswordAuthenticationFilter实现换成是我们自己刚写的实现类,至于com.shadow.security.handler.LoginSuccessHandler和

?

com.shadow.security.handler.LoginFailureHandler这里自己实现一个AuthenticationSuccessHandler接口里面逻辑根据项目需求来设计

?

[java] view plaincopy
  1. <!--?登录认证过滤器-->??????<bean?id="usernamePasswordAuthenticationFilter"??
  2. ????????class="com.shadow.security.service.UsernamePasswordAuthenticationExtendFilter">??????????<property?name="authenticationManager"??
  3. ????????????ref="authenticationManager"?/>??????????<property?name="sessionAuthenticationStrategy"??
  4. ????????????ref="concurrentSessionControlStrategy"?/>??????????<property?name="usernameParameter"?value="username"?/>??
  5. ????????<property?name="passwordParameter"?value="password"?/>??????????<property?name="validateCodeParameter"?value="validateCode"?/>??
  6. ????????<property?name="openValidateCode"?value="true"?/>??????????<property?name="filterProcessesUrl"?value="/login"?/>??
  7. ????????<property?name="rememberMeServices"?ref="rememberMeServices"?/>??????????<property?name="authenticationSuccessHandler">??
  8. ????????????<bean??????????????????class="com.shadow.security.handler.LoginSuccessHandler">??
  9. ????????????????<property?name="indexUrl"?value="/index.jsp"?/>??????????????</bean>??
  10. ????????</property>??????????<property?name="authenticationFailureHandler">??
  11. ????????????<bean??????????????????class="com.shadow.security.handler.LoginFailureHandler"?/>??
  12. ????????</property>??????</bean>??


?

至于其他的依赖属性注入就自己根据项目来添加吧,这里就不详细说明了

读书人精选
热点排行