极验是一个提供验证服务的第三方库,可以有效地防止机器人攻击,提高网站的安全性。Spring Boot整合极验可以使用户在登录、注册等敏感操作上获得更好的保障。
以下是整合极验的步骤:
1.首先,需要在极验官网上注册账号,创建应用,并获得极验的ID和Key。
2.在Spring Boot项目中添加极验依赖。
<dependency>
<groupId>com.geetest.sdk</groupId>
<artifactId>gt3-sdk</artifactId>
<version>4.0.7-p3</version>
</dependency>
3.在application.yml中配置极验的ID和Key。
gt:
captcha:
id: [your_id]
key: [your_key]
4.编写验证码的Controller。
@RestController
public class CaptchaController {
@Autowired
private CaptchaService captchaService;
@GetMapping("/captcha")
public void captcha(HttpServletRequest request, HttpServletResponse response) {
captchaService.generateCaptcha(request, response);
}
}
5.编写CaptchaService。
@Service
public class CaptchaService {
@Autowired
private GeetestLib geetestLib;
public void generateCaptcha(HttpServletRequest request, HttpServletResponse response) {
String userid = UUID.randomUUID().toString();
int gtServerStatus = geetestLib.preProcess(userid);
request.getSession().setAttribute(GeetestLib.gtServerStatusSessionKey, gtServerStatus);
request.getSession().setAttribute(GeetestLib.useridSessionKey, userid);
JSONObject jsonObject = new JSONObject();
jsonObject.put(GeetestLib.gtServerStatusSessionKey, gtServerStatus);
jsonObject.put(GeetestLib.gtUserIdSessionKey, userid);
response.setContentType("application/json;charset=UTF-8");
try {
response.getWriter().write(jsonObject.toString());
} catch (IOException e) {
e.printStackTrace();
}
}
public boolean validateCaptcha(HttpServletRequest request) {
String challenge = request.getParameter(GeetestLib.geetestChallenge);
String validate = request.getParameter(GeetestLib.geetestValidate);
String seccode = request.getParameter(GeetestLib.geetestSeccode);
String userid = (String) request.getSession().getAttribute(GeetestLib.useridSessionKey);
int gtServerStatus = (int) request.getSession().getAttribute(GeetestLib.gtServerStatusSessionKey);
int gtResult = 0;
if (gtServerStatus == 1) {
gtResult = geetestLib.enhencedValidateRequest(challenge, validate, seccode, userid);
} else {
gtResult = geetestLib.failbackValidateRequest(challenge, validate, seccode);
}
return gtResult == 1;
}
}
6.在登录或注册的Controller中,调用CaptchaService的validateCaptcha方法进行验证码的验证。
@PostMapping("/login")
public String login(String username, String password, HttpServletRequest request) {
boolean captchaPassed = captchaService.validateCaptcha(request);
if (captchaPassed) {
// 验证码验证通过
// 进行登录操作
} else {
// 验证码验证失败
}
}
@PostMapping("/register")
public String register(String username, String password, HttpServletRequest request) {
boolean captchaPassed = captchaService.validateCaptcha(request);
if (captchaPassed) {
// 验证码验证通过
// 进行注册操作
} else {
// 验证码验证失败
}
}
通过以上步骤,就可以实现Spring Boot整合极验,为用户提供更好的验证服务。