public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest) throws AuthenticationException {
if (校验验证码不通过) {
String username = obtainUsername(httpServletRequest);
httpServletRequest.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
// 用户输入的值与看到的不一致,抛出异常
throw new AuthCodeValidationException("验证码输入不正确");
}
return super.attemptAuthentication(httpServletRequest);
}
}
配置文件中,重新定义和替换authenticationProcessingFilter
<bean id="authenticationProcessingFilter" class="com.hm.core.security.CustomAuthenticationProcessingFilter">
<s:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
其中s命名空间是指
xmlns:s="http://www.springframework.org/schema/security"