kaptcha是一个java的验证码组件,实现验证码功能,不多说废话,直接上代码
1.pom.xml
<dependency>
<groupId>com.github.penggle</groupId>
<artifactId>kaptcha</artifactId>
<version>2.3.2</version>
</dependency>
2.创建配置类
@Configuration
public class KaptchaConfig {
@Bean(name="captchaProducer")
public DefaultKaptcha getKaptchaBean(){
DefaultKaptcha defaultKaptcha=new DefaultKaptcha();
Properties properties=new Properties();
properties.setProperty("kaptcha.textproducer.char.string", "123456789abcdefg");//验证码字符范围
properties.setProperty("kaptcha.border.color", "227,231,234");//图片边框颜色245,248,249
properties.setProperty("kaptcha.textproducer.font.color", "black");//字体颜色
properties.setProperty("kaptcha.textproducer.char.space", "2");//文字间隔
properties.setProperty("kaptcha.image.width", "125");//图片宽度
properties.setProperty("kaptcha.image.height", "45");//图片高度
properties.setProperty("kaptcha.session.key", "code");//session的key
properties.setProperty("kaptcha.textproducer.char.length", "4");//长度
properties.setProperty("kaptcha.textproducer.font.names", "宋体,楷体,微软雅黑");//字体
Config config=new Config(properties);
defaultKaptcha.setConfig(config);
return defaultKaptcha;
}
}
3.创建验证码拦截器
//验证码校验拦截器,在登陆校验前先校验验证码,如果验证码通过再进行登陆验证,此配置需要在上文提到的SecurityConfig类中配置
public class KaptchaAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
private String servletPath;
public KaptchaAuthenticationFilter(String servletPath, String failureUrl) {
super(servletPath);
this.servletPath = servletPath;
setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(failureUrl));
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if ("POST".equalsIgnoreCase(req.getMethod()) && servletPath.equals(req.getServletPath())) {
String expect = (String) req.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
if (expect != null && !expect.equalsIgnoreCase(req.getParameter("kaptcha"))) {
unsuccessfulAuthentication(req, res, new InsufficientAuthenticationException("输入的验证码不正确"));
return;
}
}
chain.doFilter(request, response);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
return null;
}
}
4.SecurityConfig验证配置类,此类是集成springsecurity后的验证类
@Override
protected void configure(HttpSecurity http) throws Exception {
//在认证用户名之前认证验证码,如果验证码错误,将不执行用户名和密码的认证
//KaptchaAuthenticationFilter参数说明:第一个是拦截的请求,第二个参数是验证码验证失败后的请求
http.addFilterBefore(new KaptchaAuthenticationFilter("/login","/authority/login?meg='验证码错误'"), UsernamePasswordAuthenticationFilter.class)
……..//代码片段,此类的其他代码参见本站“springboot+spring-security实现登录验证”该篇文章
}