扩展acegi以支持验证码等

最新推荐文章于 2020-11-19 14:28:27 发布
最新推荐文章于 2020-11-19 14:28:27 发布
阅读量127 收藏
点赞数
分类专栏: Acegi 文章标签: Acegi Security 框架 J#
主要是通用改写扩展authenticationProcessingFilter类来实现,当然还有开源框架JCaptcha来生成验证码 

public class AuthenticationProcessingFilter implements Filter, InitializingBean, ApplicationEventPublisherAware { 
public static final String ACEGI_SAVED_REQUEST_KEY = "ACEGI_SAVED_REQUEST_KEY"; 
public static final String ACEGI_SECURITY_LAST_EXCEPTION_KEY = "ACEGI_SECURITY_LAST_EXCEPTION"; 

public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username"; 
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password"; 
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME"; 

private ApplicationEventPublisher eventPublisher; 
private AuthenticationDetailsSource authenticationDetailsSource = new AuthenticationDetailsSourceImpl(); 
private AuthenticationManager authenticationManager; 

private String authenticationFailureUrl; 
private String defaultTargetUrl; 
private String filterProcessesUrl = getDefaultFilterProcessesUrl(); 
private boolean alwaysUseDefaultTargetUrl = false; 

private RememberMeServices rememberMeServices = new NullRememberMeServices(); 
protected MessageSourceAccessor messages = AcegiMessageSource.getAccessor(); 
private Properties exceptionMappings = new Properties(); 
private boolean continueChainBeforeSuccessfulAuthentication = false; 
public boolean isContinueChainBeforeSuccessfulAuthentication() { 
return continueChainBeforeSuccessfulAuthentication; 
} 
public void setContinueChainBeforeSuccessfulAuthentication( 
boolean continueChainBeforeSuccessfulAuthentication) { 
this.continueChainBeforeSuccessfulAuthentication = continueChainBeforeSuccessfulAuthentication; 
} 
public String getDefaultFilterProcessesUrl() { 
return "/j_acegi_security_check"; 
} 
public void destroy() {} 

public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { 
if (!(request instanceof HttpServletRequest)) { 
throw new ServletException("Can only process HttpServletRequest"); 
} 
if (!(response instanceof HttpServletResponse)) { 
throw new ServletException("Can only process HttpServletResponse"); 
} 
HttpServletRequest httpRequest = (HttpServletRequest) request; 
HttpServletResponse httpResponse = (HttpServletResponse) response; 

String username = obtainUsername(httpRequest); 
String password = obtainPassword(httpRequest); 
if (username == null) { 
username = ""; 
} 
if (password == null) { 
password = ""; 
} 
if (requiresAuthentication(httpRequest, httpResponse)) { 
Authentication authResult; 
try { 
//加入验证码 
if(!onPreAuthentication(httpRequest, httpResponse)){ 
httpRequest.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, 
username); 
throw new AuthenticationCodeException("请输入正确的验证码!"); 
} 

UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, 
password); 
setDetails(httpRequest, authRequest); 
httpRequest.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,username); 
authResult = this.getAuthenticationManager().authenticate(authRequest); 
// Authentication success 
if (continueChainBeforeSuccessfulAuthentication) { 
filterChain.doFilter(httpRequest, httpResponse); 
} 
//可以在此加入验证成功后的功能代码 
successfulAuthentication(httpRequest, httpResponse, authResult); 
String targetUrl = alwaysUseDefaultTargetUrl ? null : obtainFullRequestUrl(httpRequest); 
if (targetUrl == null) { 
targetUrl = getDefaultTargetUrl(); 
} 
if (!targetUrl.startsWith("http://") && !targetUrl.startsWith("https://")) { 
targetUrl = httpRequest.getContextPath() + targetUrl; 
} 
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(targetUrl)); 
return ; 
} catch (AuthenticationException failed) { 
// Authentication failed 
unsuccessfulAuthentication(httpRequest, httpResponse, failed); 
String failureUrl = exceptionMappings.getProperty(failed.getClass().getName(), authenticationFailureUrl); 
if (!failureUrl.startsWith("http://") && !failureUrl.startsWith("https://")) { 
failureUrl = httpRequest.getContextPath() + failureUrl; 
} 
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(failureUrl)); 
return; 
} 
} 

filterChain.doFilter(request, response); 
} 

public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response) 
throws AuthenticationException, IOException{ 
String username = obtainUsername(request); 
String password = obtainPassword(request); 
// System.out.println("username: "+username +" passward:"+password) ; 
if (username == null) { 
username = ""; 
} 
if (password == null) { 
password = ""; 
} 
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, 
password); 
setDetails(request, authRequest); 
request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, 
username); 
return this.getAuthenticationManager().authenticate(authRequest); 
} 

protected void setDetails(HttpServletRequest request, 
UsernamePasswordAuthenticationToken authRequest) { 
authRequest.setDetails(new WebAuthenticationDetails(request)); 
} 


protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) { 
String uri = request.getRequestURI(); 
int pathParamIndex = uri.indexOf(';'); 
if (pathParamIndex > 0) { 
uri = uri.substring(0, pathParamIndex); 
} 

return uri.endsWith(request.getContextPath() + filterProcessesUrl); 
} 


public void init(FilterConfig arg0) throws ServletException {} 

public void afterPropertiesSet() throws Exception {} 

public void setApplicationEventPublisher(ApplicationEventPublisher context) { 
this.eventPublisher = context; 
} 

public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { 
Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); 
this.authenticationDetailsSource = authenticationDetailsSource; 
} 


public boolean isAlwaysUseDefaultTargetUrl() { 
return alwaysUseDefaultTargetUrl; 
} 

public void setAlwaysUseDefaultTargetUrl(boolean alwaysUseDefaultTargetUrl) { 
this.alwaysUseDefaultTargetUrl = alwaysUseDefaultTargetUrl; 
} 

public String getAuthenticationFailureUrl() { 
return authenticationFailureUrl; 
} 

public void setAuthenticationFailureUrl(String authenticationFailureUrl) { 
this.authenticationFailureUrl = authenticationFailureUrl; 
} 

public String getDefaultTargetUrl() { 
return defaultTargetUrl; 
} 

public void setDefaultTargetUrl(String defaultTargetUrl) { 
this.defaultTargetUrl = defaultTargetUrl; 
} 

public String getFilterProcessesUrl() { 
return filterProcessesUrl; 
} 

public void setFilterProcessesUrl(String filterProcessesUrl) { 
this.filterProcessesUrl = filterProcessesUrl; 
} 

protected String obtainPassword(HttpServletRequest request) { 
String password=request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY); 
if(password!=null){ 
return MD5.toMD5(request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY)); 
} 
return password; 
} 


protected String obtainUsername(HttpServletRequest request) { 
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY); 
} 

//加入验证码 
protected boolean onPreAuthentication(HttpServletRequest request, HttpServletResponse response) 
throws AuthenticationException, IOException { 
String randNum=request.getParameter("randNum"); 
String rand=(String)request.getSession().getAttribute("rand"); 
if(rand.equals(randNum)){ 
return true; 
} 
return false; 
} 
//可以在此加入验证成功后的功能代码 
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, 
Authentication authResult) throws IOException {} 
protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, 
AuthenticationException failed) throws IOException {} 

protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, 
Authentication authResult) throws IOException { 
//logger.info("Authentication success: " + authResult.toString()); 
SecurityContextHolder.getContext().setAuthentication(authResult); 
onSuccessfulAuthentication(request, response, authResult); 
rememberMeServices.loginSuccess(request, response, authResult); 
// Fire event 
if (this.eventPublisher != null) { 
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); 
} 
} 
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, 
AuthenticationException failed) throws IOException { 
SecurityContextHolder.getContext().setAuthentication(null); 
//logger.info("Updated SecurityContextHolder to contain null Authentication"); 
try { 
request.getSession().setAttribute(ACEGI_SECURITY_LAST_EXCEPTION_KEY, failed); 
} catch (Exception ignored) {} 
onUnsuccessfulAuthentication(request, response, failed); 
rememberMeServices.loginFail(request, response); 
} 
public static String obtainFullRequestUrl(HttpServletRequest request) { 
SavedRequest savedRequest = (SavedRequest) request.getSession() 
.getAttribute(ACEGI_SAVED_REQUEST_KEY); 
return (savedRequest == null) ? null : savedRequest.getFullRequestUrl(); 
} 
public Properties getExceptionMappings() { 
return exceptionMappings; 
} 
public void setExceptionMappings(Properties exceptionMappings) { 
this.exceptionMappings = exceptionMappings; 
} 
public MessageSourceAccessor getMessages() { 
return messages; 
} 
public void setMessages(MessageSourceAccessor messages) { 
this.messages = messages; 
} 
public RememberMeServices getRememberMeServices() { 
return rememberMeServices; 
} 
public void setRememberMeServices(RememberMeServices rememberMeServices) { 
this.rememberMeServices = rememberMeServices; 
} 
public ApplicationEventPublisher getEventPublisher() { 
return eventPublisher; 
} 
public void setEventPublisher(ApplicationEventPublisher eventPublisher) { 
this.eventPublisher = eventPublisher; 
} 
public AuthenticationDetailsSource getAuthenticationDetailsSource() { 
return authenticationDetailsSource; 
} 
public AuthenticationManager getAuthenticationManager() { 
return authenticationManager; 
} 
public void setAuthenticationManager(AuthenticationManager authenticationManager) { 
this.authenticationManager = authenticationManager; 
} 
}

huangfengjing
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
jcaptcha的验证码例子
02-23
在实际开发中,你可能还需要考虑一些额外的细节,比如优化验证码的性能、调整图像的复杂度以平衡用户体验和安全性,以及处理音频验证码以满足视觉障碍用户的需要。 总之,`jCaptcha`提供了一种强大且灵活的方式来...
JAVA上百实例源码以及开源项目
01-03
在有状态SessionBean中,用累加器,以对话状态存储起来,创建EJB对象,并将当前的计数器初始化,调用每一个EJB对象的count()方法,保证Bean正常被激活和钝化,EJB对象是用完毕,从内存中清除…… Java Socket 聊天...
acegi 添加验证码
tobeno2的专栏
07-28 134
            <bean id="authenticationProcessingFilter"         class="com.pixel.hibernate.HomeAloneAuthenticationProcessingFilter">         <property name="authenticationManager">          ...
Acegi 扩展验证码认证[原创]
Aspen13的专栏
11-24 220
很多网站的用户登录,从安全上考虑.不仅需要输入用户名和密码,而且也需要输入"验证码",何为验证码这里不着解释,网上也有很多说明.下面给出在Acegi框架下的实现验证码功能的主要代码. 一.新建AuthenticationProcessingFilter 类 java 代码 import net.sf.acegisecurity.Authentication;        ...
关于spring acegi框架验证码的加入
hezhaomeng的专栏
09-13 113
用spring的acegi框架做安全验证时还要对验证码进行验证的操作 这时候要对它的源码做下修改了。。。 protected void onPreAuthentication(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws AuthenticationExcept...
spring security OAuth2AuthenticationProcessingFilter的token认证流程解析
a807719447的专栏
11-19 1775
在ResourceServer中需要对token进行校验需要走如下过滤器,我们来分析下token校验的认证过程是什么样的 OAuth2AuthenticationProcessingFilter.doFilter public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { final boolean debug = l
JAVA上百实例源码以及开源项目源代码
12-11
支持旋转和透明度设置 摘要:Java源码,文件操作,图片水印 util实现Java图片水印添加功能,有添加图片水印和文字水印,可以设置水印位置,透明度、设置对线段锯齿状边缘处理、水印图片的路径,水印一般格式是gif,png,...
java开源包1
06-28
JCaptcha4Struts2 是一个 Struts2的插件,用来增加验证码支持,使用时只需要用一个 JSP 标签 (<jcaptcha:image label="Type the text "/> ) 即可,直接在 struts.xml 中进行配置,使用强大的 JCaptcha来生成验证码...
java开源包11
06-28
JCaptcha4Struts2 是一个 Struts2的插件,用来增加验证码支持,使用时只需要用一个 JSP 标签 (<jcaptcha:image label="Type the text "/> ) 即可,直接在 struts.xml 中进行配置,使用强大的 JCaptcha来生成验证码...
Acegi Authentication代码分析
阿布客栈
06-18 3741
1.在Acegi中是由认证管理器确定用户身份。一个认证管理器由借口AuthenticationManager实现。public interface AuthenticationManager { // ~Methods ==================================================================
Acegi的研究
Hello World!
03-15 1626
原文网址:http://rmn190.iteye.com/category/29638 Acegi(一):酝酿将近一年后的提高 过年后回到公司,工作上的事还没有正式开始, 于是就又开始学习Acegi这个框架了. 说起这个框架,真是有太多话想说:这个框架是除SSH外我自己独立学习分析的第一个框架, 从这方面第一篇博客 到现在快一年了, 这么长时间里断断续续在用, 也偶尔心血来潮地以de
Re: 学习Acegi-认证(authentication)
jiwenke的专栏
08-02 111
acegi不是很熟悉但很感兴趣,请问如果通过了认证以后,相关的应用代码怎样获得当前主体的信息?比如登录的用户名什么的,因为有时候应用代码需要的到这些相关的信息来进行相关的处理。只看到说这些信息会存在ContextHolder里面,但具体怎么取出来使用呢?看了一下手册,是不是这样使用: Inside the SecurityContextHolder we store details of the...
6通过场景分析acegi的设计原理
party
04-08 95
首先描述最简单的身份验证后台的处理过程 1、 用户输入需要确认自己身份的信息,如账号与密码或许需要其它信息 2、 也许你希望提供多种有方式的验证形式,由系统选择最合适的那一种,如从数据库(DAO)或是通过身份验证中心的服务(ACS)统一管理等 3、 根据账号找到指定源中的用户、密码及所拥有的权限(如果没找到就抛出异常)等用户的身份信息,验证用户输入的信息与源中返回的信息是否一致(如密码) ...
基于Spring Security实现手机验证码登录
weixin_42858906的博客
10-04 3841
基于Spring Security实现手机验证码登录 2017年06月28日 14:35:19 jiangshanwe 阅读数:3945 标签: spring security验证码 更多 个人分类: spring-security 版权声明:本文为博主原创文章,转载需注明出处。 https://blog.csdn.net/jiangshanwe/article/details/738421...
使用Acegi进行身份认证[之二]
neil-jh
10-10 117
成功登录系统的后置处理一般的业务系统在用户登录成功后,需要在数据库中记录一条相应的用户登录日志。我们可以通过Acegi提供的事件机制来完成这一功能。当用户身份认证成功后,Acegi会产生一个AuthenticationSuccessEvent事件,该事件是org.springframework.context.ApplicationEvent的子类,所以AuthenticationSuccessE...
学习Acegi-认证(authentication) (转载)
amwayy的专栏
10-29 165
最近两星期在学习acegi,过程中感谢JavaEye,SpringSide和在网上提供acegi学习心得的网友们。 为了加深自己的认识,准备写下一些DEMO,希望可以给准备学习acegi的同学一些帮助。 作为安全服务离不开认证和授权这两个主要组成部分。而这篇文章就是针对acegi的认证服务。 《学习Acegi-认证(authentication)》 代码环境基于: JDK1.5...
Acegi将资源权限数据存储到数据库.pdf
最新发布
07-13
在实际的项目开发中,我们认识了一个叫丹丹的女孩,她对Acegi框架的资源配置动态扩展实现有着深入的研究。她提出了将资源权限数据存储到数据库的方案,并设计了相应的E-R模型来支持这一功能。通过她的努力和研究,...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值