一、验证码功能
1、验证码接口校验
原理
图形验证码和短信验证码的校验原理都差不多,只是发验证码的方式不一样而已,在认证过滤器UsernamePasswordAuthenticationFilter之前添加ValidateCodeFilter实现验证码的验证功能,验证通过则继续过滤器链的下一个;否则抛异常,移交认证失败处理器处理,不走后面逻辑。
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
.formLogin()
.loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.successHandler(imoocAuthenticationSuccessHandler)
.failureHandler(imoocAuthenctiationFailureHandler)
.and()
.authorizeRequests()
.antMatchers("/authentication/require",
securityProperties.getBrowser().getSignInPage(),
"/code/*")
.permitAll()
.anyRequest()
.authenticated().and().csrf().disable();
/**
*
*/
package com.mysecurity.core.validate.code;
import com.mysecurity.core.properties.SecurityConstants;
import com.mysecurity.core.properties.SecurityProperties;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
* 校验验证码的过滤器
*
* @author zhailiang
*
*/
@Component("validateCodeFilter")
public class ValidateCodeFilter extends OncePerRequestFilter implements InitializingBean {
/**
* 验证码校验失败处理器
*/
@Autowired
private AuthenticationFailureHandler authenticationFailureHandler;
/**
* 系统配置信息
*/