生成图形验证码接口
1.创建ImageCode
验证码类
@Data
public class ImageCode {
private String code;
private LocalDateTime expireTime;
private BufferedImage image;
public ImageCode(BufferedImage image, String code, int expireIn) {
this.code = code;
this.image = image;
//当前时间加上过期秒数=过期时间点
this.expireTime = LocalDateTime.now().plusSeconds(expireIn);
}
public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {
this.code = code;
this.expireTime = expireTime;
this.image = image;
}
public boolean isExpired() {
return LocalDateTime.now().isAfter(expireTime);
}
}
2. 创建验证码
@RestController
public class ValidateCodeController {
public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";
private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
@GetMapping("code/image")
public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
//step1,创建验证码图片
ImageCode imageCode = createImageCode();
//step2,将验证码存到session中去
sessionStrategy.setAttribute(new ServletWebRequest(request),SESSION_KEY,imageCode);
//step3,将图片通过输出流输出到响应去
ImageIO.write(imageCode.getImage(),"JPEG",response.getOutputStream());
}
private ImageCode createImageCode() {
int width = 67;
int height = 24;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
Random random = new Random();
g.setColor(getRandColor(200, 250));
g.fillRect(0, 0, width, height);
g.setFont(new Font("Times New Roman", Font.ITALIC, 20));
g.setColor(getRandColor(160, 200));
for (int i = 0; i < 155; i++) {
int x = random.nextInt(width);
int y = random.nextInt(height);
int xl = random.nextInt(12);
int yl = random.nextInt(12);
g.drawLine(x, y, x + xl, y + yl);
}
String sRand = "";
for (int i = 0; i < 4; i++) {
String rand = String.valueOf(random.nextInt(10));
sRand += rand;
g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
g.drawString(rand, 13 * i + 6, 16);
}
g.dispose();
return new ImageCode(image, sRand, 60);
}
/**
* 生成随机背景条纹
*
* @param fc
* @param bc
* @return
*/
private Color getRandColor(int fc, int bc) {
Random random = new Random();
if (fc > 255) {
fc = 255;
}
if (bc > 255) {
bc = 255;
}
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}
}
使用SpringSecurity验证图形验证码
1.自定义过滤器,代码如下:
@Component("validateCodeFilter")
public class ValidateCodeFilterextends OncePerRequestFilter implements InitializingBean {
@Autowired
private ObjectMapper objectMapper;
//和生成验证码时得key值一致
public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";
private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
//判断是否为验证图形验证码请求
if (StringUtils.equals("/authentication/form", request.getRequestURI())
&& StringUtils.equalsIgnoreCase(request.getMethod(), "post")) {
try {
validate(new ServletWebRequest(request));
logger.info("验证码校验通过");
} catch (ValidateCodeException e) {
logger.info("验证失败");
return;
}
}
filterChain.doFilter(request, response);
}
public void validate(ServletWebRequest request) {
ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(request, SESSION_KEY);
String codeInRequest;
try {
codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(),
"imageCode");//此处得参数名imageCode须和前端保持一直
} catch (ServletRequestBindingException e) {
throw new ValidateCodeException("获取验证码的值失败");
}
if (StringUtils.isBlank(codeInRequest)) {
throw new ValidateCodeException("验证码的值不能为空");
}
if (codeInSession == null) {
throw new ValidateCodeException("验证码不存在");
}
if (codeInSession.isExpired()) {
sessionStrategy.removeAttribute(request, SESSION_KEY);
throw new ValidateCodeException("验证码已过期");
}
if (!StringUtils.equals(codeInSession.getCode(), codeInRequest)) {
throw new ValidateCodeException("验证码不匹配");
}
sessionStrategy.removeAttribute(request, SESSION_KEY);
}
}
此处如果验证不通过,抛出ValidateCodeException异常,异常类如下:
public class ValidateCodeException extends AuthenticationException {
private static final long serialVersionUID = -859479206391627957L;
public ValidateCodeException(String msg) {
super(msg);
}
}
2.将该过滤器加入SpringSecurity过滤器链
SpringSecurity最核心的东西 其实是一个过滤器链,它是基于Filter技术,通过一系列内置的或自定义的安全Filter,实现接口的认证与授权。我们在使用的过程中,定义过WebSecurityConfigurerAdapter的扩展,为程序自定义配置逻辑。
@Component("validateCodeSecurityConfig")
public class ValidateCodeSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
@Autowired
private Filter validateCodeFilter;
@Override
public void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
}
到这里,SpringSecurity实现图形验证码功能就完成了。