springsecurity3和JCaptcha的整合

最新推荐文章于 2021-05-09 18:13:25 发布
最新推荐文章于 2021-05-09 18:13:25 发布
阅读量2k 收藏 3
点赞数
文章标签: filter security spring string service url
JCaptcha是一个验证码的框架.
照着白衣的springside3的例子鼓捣了半天,弄出来感觉不复杂但是很有用.
不多说,放货.

创建一个jcaptcha包
在jcaptcha包里创建2个类:GMailEngine 和 JCaptchaFilter
GMailEngine :是JCaptcha验证码图片生成引擎,仿照JCaptcha2.0编写类似GMail验证码的样式.
JCaptchaFilter:是针对 JCaptcha 专门的过滤器(Filter).

另外 remember-me 这个功能我测试用 把系统时间更改下,确实是可以实现在两周之类免登录.


包结构



GMailEngine.java
Java代码 复制代码  收藏代码
  1. package com.sjax.myapp.jcaptcha;   
  2.   
  3. import java.awt.Color;   
  4. import java.awt.Font;   
  5. import java.awt.image.ImageFilter;   
  6.   
  7. import com.octo.captcha.component.image.backgroundgenerator.BackgroundGenerator;   
  8. import com.octo.captcha.component.image.backgroundgenerator.UniColorBackgroundGenerator;   
  9. import com.octo.captcha.component.image.color.RandomListColorGenerator;   
  10. import com.octo.captcha.component.image.deformation.ImageDeformation;   
  11. import com.octo.captcha.component.image.deformation.ImageDeformationByFilters;   
  12. import com.octo.captcha.component.image.fontgenerator.FontGenerator;   
  13. import com.octo.captcha.component.image.fontgenerator.RandomFontGenerator;   
  14. import com.octo.captcha.component.image.textpaster.DecoratedRandomTextPaster;   
  15. import com.octo.captcha.component.image.textpaster.TextPaster;   
  16. import com.octo.captcha.component.image.textpaster.textdecorator.TextDecorator;   
  17. import com.octo.captcha.component.image.wordtoimage.DeformedComposedWordToImage;   
  18. import com.octo.captcha.component.image.wordtoimage.WordToImage;   
  19. import com.octo.captcha.component.word.FileDictionary;   
  20. import com.octo.captcha.component.word.wordgenerator.ComposeDictionaryWordGenerator;   
  21. import com.octo.captcha.component.word.wordgenerator.WordGenerator;   
  22. import com.octo.captcha.engine.image.ListImageCaptchaEngine;   
  23. import com.octo.captcha.image.gimpy.GimpyFactory;   
  24.   
  25. /**  
  26.  * JCaptcha验证码图片生成引擎,仿照JCaptcha2.0编写类似GMail验证码的样式.  
  27.  *   
  28.  * @author liukai  
  29.  *   
  30.  */  
  31. public class GMailEngine extends ListImageCaptchaEngine {   
  32.   
  33.     @Override  
  34.     protected void buildInitialFactories() {   
  35.         int minWordLength = 4;   
  36.         int maxWordLength = 5;   
  37.         int fontSize = 50;   
  38.         int imageWidth = 250;   
  39.         int imageHeight = 100;   
  40.         WordGenerator dictionnaryWords = new ComposeDictionaryWordGenerator(   
  41.                 new FileDictionary("toddlist"));   
  42.   
  43.         // word2image components   
  44.         TextPaster randomPaster = new DecoratedRandomTextPaster(minWordLength,   
  45.                 maxWordLength, new RandomListColorGenerator(new Color[] {   
  46.                         new Color(2317027), new Color(2203411),   
  47.                         new Color(2367172) }), new TextDecorator[] {});   
  48.         BackgroundGenerator background = new UniColorBackgroundGenerator(   
  49.                 imageWidth, imageHeight, Color.white);   
  50.         FontGenerator font = new RandomFontGenerator(fontSize, fontSize,   
  51.                 new Font[] { new Font("nyala", Font.BOLD, fontSize),   
  52.                         new Font("Bell MT", Font.PLAIN, fontSize),   
  53.                         new Font("Credit valley", Font.BOLD, fontSize) });   
  54.         ImageDeformation postDef = new ImageDeformationByFilters(   
  55.                 new ImageFilter[] {});   
  56.         ImageDeformation backDef = new ImageDeformationByFilters(   
  57.                 new ImageFilter[] {});   
  58.         ImageDeformation textDef = new ImageDeformationByFilters(   
  59.                 new ImageFilter[] {});   
  60.   
  61.         WordToImage word2image = new DeformedComposedWordToImage(font,   
  62.                 background, randomPaster, backDef, textDef, postDef);   
  63.         addFactory(new GimpyFactory(dictionnaryWords, word2image));   
  64.     }   
  65.   
  66. }  
package com.sjax.myapp.jcaptcha;

import java.awt.Color;
import java.awt.Font;
import java.awt.image.ImageFilter;

import com.octo.captcha.component.image.backgroundgenerator.BackgroundGenerator;
import com.octo.captcha.component.image.backgroundgenerator.UniColorBackgroundGenerator;
import com.octo.captcha.component.image.color.RandomListColorGenerator;
import com.octo.captcha.component.image.deformation.ImageDeformation;
import com.octo.captcha.component.image.deformation.ImageDeformationByFilters;
import com.octo.captcha.component.image.fontgenerator.FontGenerator;
import com.octo.captcha.component.image.fontgenerator.RandomFontGenerator;
import com.octo.captcha.component.image.textpaster.DecoratedRandomTextPaster;
import com.octo.captcha.component.image.textpaster.TextPaster;
import com.octo.captcha.component.image.textpaster.textdecorator.TextDecorator;
import com.octo.captcha.component.image.wordtoimage.DeformedComposedWordToImage;
import com.octo.captcha.component.image.wordtoimage.WordToImage;
import com.octo.captcha.component.word.FileDictionary;
import com.octo.captcha.component.word.wordgenerator.ComposeDictionaryWordGenerator;
import com.octo.captcha.component.word.wordgenerator.WordGenerator;
import com.octo.captcha.engine.image.ListImageCaptchaEngine;
import com.octo.captcha.image.gimpy.GimpyFactory;

/**
 * JCaptcha验证码图片生成引擎,仿照JCaptcha2.0编写类似GMail验证码的样式.
 * 
 * @author liukai
 * 
 */
public class GMailEngine extends ListImageCaptchaEngine {

	@Override
	protected void buildInitialFactories() {
		int minWordLength = 4;
		int maxWordLength = 5;
		int fontSize = 50;
		int imageWidth = 250;
		int imageHeight = 100;
		WordGenerator dictionnaryWords = new ComposeDictionaryWordGenerator(
				new FileDictionary("toddlist"));

		// word2image components
		TextPaster randomPaster = new DecoratedRandomTextPaster(minWordLength,
				maxWordLength, new RandomListColorGenerator(new Color[] {
						new Color(23, 170, 27), new Color(220, 34, 11),
						new Color(23, 67, 172) }), new TextDecorator[] {});
		BackgroundGenerator background = new UniColorBackgroundGenerator(
				imageWidth, imageHeight, Color.white);
		FontGenerator font = new RandomFontGenerator(fontSize, fontSize,
				new Font[] { new Font("nyala", Font.BOLD, fontSize),
						new Font("Bell MT", Font.PLAIN, fontSize),
						new Font("Credit valley", Font.BOLD, fontSize) });
		ImageDeformation postDef = new ImageDeformationByFilters(
				new ImageFilter[] {});
		ImageDeformation backDef = new ImageDeformationByFilters(
				new ImageFilter[] {});
		ImageDeformation textDef = new ImageDeformationByFilters(
				new ImageFilter[] {});

		WordToImage word2image = new DeformedComposedWordToImage(font,
				background, randomPaster, backDef, textDef, postDef);
		addFactory(new GimpyFactory(dictionnaryWords, word2image));
	}

}


JCaptchaFilter.java
Java代码 复制代码  收藏代码
  1. package com.sjax.myapp.jcaptcha;   
  2.   
  3. import java.awt.image.BufferedImage;   
  4. import java.io.IOException;   
  5.   
  6. import javax.imageio.ImageIO;   
  7. import javax.servlet.Filter;   
  8. import javax.servlet.FilterChain;   
  9. import javax.servlet.FilterConfig;   
  10. import javax.servlet.ServletException;   
  11. import javax.servlet.ServletOutputStream;   
  12. import javax.servlet.ServletRequest;   
  13. import javax.servlet.ServletResponse;   
  14. import javax.servlet.http.HttpServletRequest;   
  15. import javax.servlet.http.HttpServletResponse;   
  16.   
  17. import org.apache.commons.lang.StringUtils;   
  18. import org.slf4j.Logger;   
  19. import org.slf4j.LoggerFactory;   
  20. import org.springframework.context.ApplicationContext;   
  21. import org.springframework.web.context.support.WebApplicationContextUtils;   
  22.   
  23. import com.octo.captcha.service.CaptchaService;   
  24. import com.octo.captcha.service.CaptchaServiceException;   
  25.   
  26. /**  
  27.  * 针对 JCaptcha 专门的过滤器(Filter)  
  28.  * @author liukai  
  29.  *  
  30.  */  
  31. public class JCaptchaFilter implements Filter {   
  32.   
  33.     //web.xml中的参数名定义   
  34.     public static final String PARAM_CAPTCHA_PARAMTER_NAME = "captchaParamterName";   
  35.     public static final String PARAM_CAPTCHA_SERVICE_ID = "captchaServiceId";   
  36.     public static final String PARAM_FILTER_PROCESSES_URL = "filterProcessesUrl";   
  37.     public static final String PARAM_FAILURE_URL = "failureUrl";   
  38.     public static final String PARAM_AUTO_PASS_VALUE = "autoPassValue";   
  39.   
  40.     //默认值定义   
  41.     public static final String DEFAULT_FILTER_PROCESSES_URL = "/j_spring_security_check";   
  42.     public static final String DEFAULT_CAPTCHA_SERVICE_ID = "captchaService";   
  43.     public static final String DEFAULT_CAPTCHA_PARAMTER_NAME = "j_captcha";   
  44.        
  45.     private static Logger logger = LoggerFactory.getLogger(JCaptchaFilter.class);   
  46.        
  47.     private String failureUrl;   
  48.     private String filterProcessesUrl = DEFAULT_FILTER_PROCESSES_URL;   
  49.     private String captchaServiceId = DEFAULT_CAPTCHA_SERVICE_ID;   
  50.     private String captchaParamterName = DEFAULT_CAPTCHA_PARAMTER_NAME;   
  51.     private String autoPassValue;   
  52.   
  53.     private CaptchaService captchaService;   
  54.        
  55.     /**  
  56.      * Filter回调初始化函数.  
  57.      */  
  58.     public void init(FilterConfig filterConfig) throws ServletException {   
  59.         // TODO Auto-generated method stub   
  60.         initParameters(filterConfig);   
  61.         initCaptchaService(filterConfig);   
  62.   
  63.     }   
  64.   
  65.     public void doFilter(ServletRequest theRequest, ServletResponse theResponse,   
  66.             FilterChain chain) throws IOException, ServletException {   
  67.         HttpServletRequest request = (HttpServletRequest) theRequest;   
  68.         HttpServletResponse response = (HttpServletResponse) theResponse;   
  69.         String servletPath = request.getServletPath();   
  70.         logger.info("servletPath:"+servletPath);   
  71.         //符合filterProcessesUrl为验证处理请求,其余为生成验证图片请求.   
  72.         if (StringUtils.startsWith(servletPath, filterProcessesUrl)) {   
  73.             boolean validated = validateCaptchaChallenge(request);   
  74.             if (validated) {   
  75.                 chain.doFilter(request, response);   
  76.             } else {   
  77.                 redirectFailureUrl(request, response);   
  78.             }   
  79.         } else {   
  80.             genernateCaptchaImage(request, response);   
  81.         }   
  82.     }   
  83.   
  84.     /**  
  85.      * Filter回调退出函数.  
  86.      */  
  87.     public void destroy() {   
  88.         // TODO Auto-generated method stub   
  89.   
  90.     }   
  91.        
  92.     /**  
  93.      * 初始化web.xml中定义的filter init-param.  
  94.      */  
  95.     protected void initParameters(final FilterConfig fConfig) {   
  96.         if (StringUtils.isBlank(fConfig.getInitParameter(PARAM_FAILURE_URL))) {   
  97.             throw new IllegalArgumentException("CaptchaFilter缺少failureUrl参数");   
  98.         }   
  99.   
  100.         failureUrl = fConfig.getInitParameter(PARAM_FAILURE_URL);   
  101.         logger.info("failureUrl:"+failureUrl);   
  102.   
  103.         if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_FILTER_PROCESSES_URL))) {   
  104.             filterProcessesUrl = fConfig.getInitParameter(PARAM_FILTER_PROCESSES_URL);   
  105.         }   
  106.   
  107.         if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_CAPTCHA_SERVICE_ID))) {   
  108.             captchaServiceId = fConfig.getInitParameter(PARAM_CAPTCHA_SERVICE_ID);   
  109.         }   
  110.   
  111.         if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_CAPTCHA_PARAMTER_NAME))) {   
  112.             captchaParamterName = fConfig.getInitParameter(PARAM_CAPTCHA_PARAMTER_NAME);   
  113.         }   
  114.   
  115.         if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_AUTO_PASS_VALUE))) {   
  116.             autoPassValue = fConfig.getInitParameter(PARAM_AUTO_PASS_VALUE);   
  117.         }   
  118.     }   
  119.        
  120.     /**  
  121.      * 从ApplicatonContext获取CaptchaService实例.  
  122.      */  
  123.     protected void initCaptchaService(final FilterConfig fConfig) {   
  124.         ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(fConfig.getServletContext());   
  125.         captchaService = (CaptchaService) context.getBean(captchaServiceId);   
  126.     }   
  127.        
  128.     /**  
  129.      * 生成验证码图片.  
  130.      */  
  131.     protected void genernateCaptchaImage(final HttpServletRequest request, final HttpServletResponse response)   
  132.             throws IOException {   
  133.   
  134.         setDisableCacheHeader(response);   
  135.         response.setContentType("image/jpeg");   
  136.   
  137.         ServletOutputStream out = response.getOutputStream();   
  138.         try {   
  139.             String captchaId = request.getSession(true).getId();   
  140.             BufferedImage challenge = (BufferedImage) captchaService.getChallengeForID(captchaId, request.getLocale());   
  141.             ImageIO.write(challenge, "jpg", out);   
  142.             out.flush();   
  143.         } catch (CaptchaServiceException e) {   
  144.             logger.error(e.getMessage(), e);   
  145.         } finally {   
  146.             out.close();   
  147.         }   
  148.     }   
  149.        
  150.     /**  
  151.      * 验证验证码.  
  152.      */  
  153.     protected boolean validateCaptchaChallenge(final HttpServletRequest request) {   
  154.         try {   
  155.             String captchaID = request.getSession().getId();   
  156.             logger.info("captchaID:"+captchaID);   
  157.             String challengeResponse = request.getParameter(captchaParamterName);   
  158.             logger.info("challengeResponse:"+challengeResponse);   
  159.             //自动通过值存在时,检验输入值是否等于自动通过值   
  160.             if (StringUtils.isNotBlank(autoPassValue) && autoPassValue.equals(challengeResponse)) {   
  161.                 return true;   
  162.             }   
  163.             return captchaService.validateResponseForID(captchaID, challengeResponse);   
  164.         } catch (CaptchaServiceException e) {   
  165.             logger.error(e.getMessage(), e);   
  166.             return false;   
  167.         }   
  168.     }   
  169.     /**  
  170.      * 跳转到失败页面.  
  171.      *   
  172.      * 可在子类进行扩展, 比如在session中放入SpringSecurity的Exception.  
  173.      */  
  174.     protected void redirectFailureUrl(final HttpServletRequest request, final HttpServletResponse response)   
  175.             throws IOException {   
  176.         logger.info("跳转到失败页面:"+request.getContextPath()+failureUrl);   
  177.         response.sendRedirect(request.getContextPath() + failureUrl);   
  178.     }   
  179.        
  180.     /**  
  181.      * 设置禁止客户端缓存的Header.  
  182.      */  
  183.     public static void setDisableCacheHeader(HttpServletResponse response) {   
  184.         //Http 1.0 header   
  185.         response.setDateHeader("Expires", 1L);   
  186.         response.addHeader("Pragma""no-cache");   
  187.         //Http 1.1 header   
  188.         response.setHeader("Cache-Control""no-cache, no-store, max-age=0");   
  189.     }   
  190.        
  191.   
  192. }  
package com.sjax.myapp.jcaptcha;

import java.awt.image.BufferedImage;
import java.io.IOException;

import javax.imageio.ImageIO;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import com.octo.captcha.service.CaptchaService;
import com.octo.captcha.service.CaptchaServiceException;

/**
 * 针对 JCaptcha 专门的过滤器(Filter)
 * @author liukai
 *
 */
public class JCaptchaFilter implements Filter {

	//web.xml中的参数名定义
	public static final String PARAM_CAPTCHA_PARAMTER_NAME = "captchaParamterName";
	public static final String PARAM_CAPTCHA_SERVICE_ID = "captchaServiceId";
	public static final String PARAM_FILTER_PROCESSES_URL = "filterProcessesUrl";
	public static final String PARAM_FAILURE_URL = "failureUrl";
	public static final String PARAM_AUTO_PASS_VALUE = "autoPassValue";

	//默认值定义
	public static final String DEFAULT_FILTER_PROCESSES_URL = "/j_spring_security_check";
	public static final String DEFAULT_CAPTCHA_SERVICE_ID = "captchaService";
	public static final String DEFAULT_CAPTCHA_PARAMTER_NAME = "j_captcha";
	
	private static Logger logger = LoggerFactory.getLogger(JCaptchaFilter.class);
	
	private String failureUrl;
	private String filterProcessesUrl = DEFAULT_FILTER_PROCESSES_URL;
	private String captchaServiceId = DEFAULT_CAPTCHA_SERVICE_ID;
	private String captchaParamterName = DEFAULT_CAPTCHA_PARAMTER_NAME;
	private String autoPassValue;

	private CaptchaService captchaService;
	
	/**
	 * Filter回调初始化函数.
	 */
	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub
		initParameters(filterConfig);
		initCaptchaService(filterConfig);

	}

	public void doFilter(ServletRequest theRequest, ServletResponse theResponse,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) theRequest;
		HttpServletResponse response = (HttpServletResponse) theResponse;
		String servletPath = request.getServletPath();
		logger.info("servletPath:"+servletPath);
		//符合filterProcessesUrl为验证处理请求,其余为生成验证图片请求.
		if (StringUtils.startsWith(servletPath, filterProcessesUrl)) {
			boolean validated = validateCaptchaChallenge(request);
			if (validated) {
				chain.doFilter(request, response);
			} else {
				redirectFailureUrl(request, response);
			}
		} else {
			genernateCaptchaImage(request, response);
		}
	}

	/**
	 * Filter回调退出函数.
	 */
	public void destroy() {
		// TODO Auto-generated method stub

	}
	
	/**
	 * 初始化web.xml中定义的filter init-param.
	 */
	protected void initParameters(final FilterConfig fConfig) {
		if (StringUtils.isBlank(fConfig.getInitParameter(PARAM_FAILURE_URL))) {
			throw new IllegalArgumentException("CaptchaFilter缺少failureUrl参数");
		}

		failureUrl = fConfig.getInitParameter(PARAM_FAILURE_URL);
		logger.info("failureUrl:"+failureUrl);

		if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_FILTER_PROCESSES_URL))) {
			filterProcessesUrl = fConfig.getInitParameter(PARAM_FILTER_PROCESSES_URL);
		}

		if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_CAPTCHA_SERVICE_ID))) {
			captchaServiceId = fConfig.getInitParameter(PARAM_CAPTCHA_SERVICE_ID);
		}

		if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_CAPTCHA_PARAMTER_NAME))) {
			captchaParamterName = fConfig.getInitParameter(PARAM_CAPTCHA_PARAMTER_NAME);
		}

		if (StringUtils.isNotBlank(fConfig.getInitParameter(PARAM_AUTO_PASS_VALUE))) {
			autoPassValue = fConfig.getInitParameter(PARAM_AUTO_PASS_VALUE);
		}
	}
	
	/**
	 * 从ApplicatonContext获取CaptchaService实例.
	 */
	protected void initCaptchaService(final FilterConfig fConfig) {
		ApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(fConfig.getServletContext());
		captchaService = (CaptchaService) context.getBean(captchaServiceId);
	}
	
	/**
	 * 生成验证码图片.
	 */
	protected void genernateCaptchaImage(final HttpServletRequest request, final HttpServletResponse response)
			throws IOException {

		setDisableCacheHeader(response);
		response.setContentType("image/jpeg");

		ServletOutputStream out = response.getOutputStream();
		try {
			String captchaId = request.getSession(true).getId();
			BufferedImage challenge = (BufferedImage) captchaService.getChallengeForID(captchaId, request.getLocale());
			ImageIO.write(challenge, "jpg", out);
			out.flush();
		} catch (CaptchaServiceException e) {
			logger.error(e.getMessage(), e);
		} finally {
			out.close();
		}
	}
	
	/**
	 * 验证验证码.
	 */
	protected boolean validateCaptchaChallenge(final HttpServletRequest request) {
		try {
			String captchaID = request.getSession().getId();
			logger.info("captchaID:"+captchaID);
			String challengeResponse = request.getParameter(captchaParamterName);
			logger.info("challengeResponse:"+challengeResponse);
			//自动通过值存在时,检验输入值是否等于自动通过值
			if (StringUtils.isNotBlank(autoPassValue) && autoPassValue.equals(challengeResponse)) {
				return true;
			}
			return captchaService.validateResponseForID(captchaID, challengeResponse);
		} catch (CaptchaServiceException e) {
			logger.error(e.getMessage(), e);
			return false;
		}
	}
	/**
	 * 跳转到失败页面.
	 * 
	 * 可在子类进行扩展, 比如在session中放入SpringSecurity的Exception.
	 */
	protected void redirectFailureUrl(final HttpServletRequest request, final HttpServletResponse response)
			throws IOException {
		logger.info("跳转到失败页面:"+request.getContextPath()+failureUrl);
		response.sendRedirect(request.getContextPath() + failureUrl);
	}
	
	/**
	 * 设置禁止客户端缓存的Header.
	 */
	public static void setDisableCacheHeader(HttpServletResponse response) {
		//Http 1.0 header
		response.setDateHeader("Expires", 1L);
		response.addHeader("Pragma", "no-cache");
		//Http 1.1 header
		response.setHeader("Cache-Control", "no-cache, no-store, max-age=0");
	}
	

}


然后在springsecurity的配置文件里添加,直接把文件全部拷贝过来 JCaptcha相关的配置就一段,在最下面.

application-security.xml
Java代码 复制代码  收藏代码
  1. <?xml version="1.0" encoding="UTF-8"?>   
  2. <beans xmlns="http://www.springframework.org/schema/beans"  
  3.     xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  4.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd   
  5.                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"   
  6.     default-lazy-init="true">   
  7.   
  8.     <s:authentication-manager>   
  9.         <s:authentication-provider>   
  10.             <s:password-encoder hash="md5" />   
  11.             <s:jdbc-user-service data-source-ref="dataSource" />   
  12.         </s:authentication-provider>   
  13.     </s:authentication-manager>   
  14.   
  15.     <!-- 导入自定义的springsecurity国际化文件 -->   
  16.     <bean id="messageSource"  
  17.         class="org.springframework.context.support.ReloadableResourceBundleMessageSource">   
  18.         <property name="basename" value="classpath:messages_zh_CN" />   
  19.     </bean>   
  20.     <bean id="localeResolver"  
  21.         class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" />   
  22.   
  23.     <s:http auto-config="true">   
  24.         <!-- 指定登录页面 -->   
  25.         <s:form-login login-page="/login.jsp" />   
  26.         <s:logout logout-success-url="/login.jsp" />   
  27.         <!-- 对登录页面不进行拦截,这个页面也许带有参数 -->   
  28.         <s:intercept-url pattern="/login.jsp*" filters="none" />   
  29.         <s:intercept-url pattern="/resources/**" filters="none" />   
  30.            
  31.         <s:remember-me  />   
  32.            
  33.         <!-- 会话配置管理 -->   
  34.         <s:session-management invalid-session-url="/login.jsp">   
  35.         <!-- 只允许一个人登陆,并且第二个人登陆不了 -->   
  36.             <s:concurrency-control max-sessions="1"  
  37.                 error-if-maximum-exceeded="true" />   
  38.         </s:session-management>   
  39.     </s:http>   
  40.   
  41.     <!-- 启动annotation -->   
  42.     <s:global-method-security secured-annotations="enabled" />   
  43.   
  44.   
  45.   
  46.     <!-- Jcaptcha相关的配置 -->   
  47.     <bean id="captchaService"  
  48.         class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService">   
  49.         <property name="captchaEngine">   
  50.             <bean class="com.sjax.myapp.jcaptcha.GMailEngine" />   
  51.         </property>   
  52.         <!-- 默认生成的图片180秒过期 , 可另行设置    
  53.         <property name="minGuarantedStorageDelayInSeconds" value="180" />   
  54.         -->   
  55.     </bean>   
  56.        
  57. </beans>  
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
	default-lazy-init="true">

	<s:authentication-manager>
		<s:authentication-provider>
			<s:password-encoder hash="md5" />
			<s:jdbc-user-service data-source-ref="dataSource" />
		</s:authentication-provider>
	</s:authentication-manager>

	<!-- 导入自定义的springsecurity国际化文件 -->
	<bean id="messageSource"
		class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
		<property name="basename" value="classpath:messages_zh_CN" />
	</bean>
	<bean id="localeResolver"
		class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" />

	<s:http auto-config="true">
		<!-- 指定登录页面 -->
		<s:form-login login-page="/login.jsp" />
		<s:logout logout-success-url="/login.jsp" />
		<!-- 对登录页面不进行拦截,这个页面也许带有参数 -->
		<s:intercept-url pattern="/login.jsp*" filters="none" />
		<s:intercept-url pattern="/resources/**" filters="none" />
		
		<s:remember-me  />
		
		<!-- 会话配置管理 -->
		<s:session-management invalid-session-url="/login.jsp">
		<!-- 只允许一个人登陆,并且第二个人登陆不了 -->
			<s:concurrency-control max-sessions="1"
				error-if-maximum-exceeded="true" />
		</s:session-management>
	</s:http>

	<!-- 启动annotation -->
	<s:global-method-security secured-annotations="enabled" />



	<!-- Jcaptcha相关的配置 -->
	<bean id="captchaService"
		class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService">
		<property name="captchaEngine">
			<bean class="com.sjax.myapp.jcaptcha.GMailEngine" />
		</property>
		<!-- 默认生成的图片180秒过期 , 可另行设置 
		<property name="minGuarantedStorageDelayInSeconds" value="180" />
		-->
	</bean>
	
</beans>


然后是web.xml 这就不把所有的配置列出来 ,只列出和JCaptcha相关的东西

web.xml

Java代码 复制代码  收藏代码
  1. <!-- JCaptcha`s filter -->   
  2.     <filter>   
  3.         <filter-name>jcaptchaFilter</filter-name>   
  4.         <filter-class>com.sjax.myapp.jcaptcha.JCaptchaFilter</filter-class>   
  5.         <init-param>   
  6.             <param-name>failureUrl</param-name>   
  7.             <param-value>/login.jsp</param-value>   
  8.         </init-param>   
  9.     </filter>   
  10.        
  11.     <!-- jcaptcha图片生成URL. -->   
  12.     <filter-mapping>   
  13.         <filter-name>jcaptchaFilter</filter-name>   
  14.         <url-pattern>/jcaptcha.jpg</url-pattern>   
  15.     </filter-mapping>   
  16.        
  17.     <!-- jcaptcha登录表单处理URL.   
  18.                  必须放在springSecurityFilter的filter-mapping定义之前 -->   
  19.     <filter-mapping>   
  20.         <filter-name>jcaptchaFilter</filter-name>   
  21.         <url-pattern>/j_spring_security_check</url-pattern>   
  22.     </filter-mapping>  
<!-- JCaptcha`s filter -->
	<filter>
		<filter-name>jcaptchaFilter</filter-name>
		<filter-class>com.sjax.myapp.jcaptcha.JCaptchaFilter</filter-class>
		<init-param>
			<param-name>failureUrl</param-name>
			<param-value>/login.jsp</param-value>
		</init-param>
	</filter>
	
	<!-- jcaptcha图片生成URL. -->
	<filter-mapping>
		<filter-name>jcaptchaFilter</filter-name>
		<url-pattern>/jcaptcha.jpg</url-pattern>
	</filter-mapping>
	
	<!-- jcaptcha登录表单处理URL.
	             必须放在springSecurityFilter的filter-mapping定义之前 -->
	<filter-mapping>
		<filter-name>jcaptchaFilter</filter-name>
		<url-pattern>/j_spring_security_check</url-pattern>
	</filter-mapping>


最后就是JSP页面了
login.jsp
Java代码 复制代码  收藏代码
  1. <%@ page contentType="text/html;charset=UTF-8"%>   
  2. <%@ include file="/common/taglibs.jsp"%>   
  3. <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>   
  4. <html>   
  5.     <head>   
  6.         <title>Login</title>   
  7.         <%@ include file="/common/meta.jsp"%>   
  8.         <link href="<c:url value="/resources/css/screen.css" />"  
  9.             rel="stylesheet" type="text/css" />   
  10.         <link href="<c:url value="/resources/css/ie.css" />" rel="stylesheet"  
  11.             type="text/css" />   
  12.         <script type="text/javascript"  
  13.             src="<c:url value="/resources/jquery/1.4/jquery.js" />">   
  14. </script>   
  15.     </head>   
  16.     <body>   
  17.         <div class="container">   
  18.             <%@ include file="/common/header.jsp"%>   
  19.             <div id="content">   
  20.                 <div class="span-24 last">   
  21.                     <h3>   
  22.                         用户登录   
  23.                     </h3>   
  24.                     <div class="error">   
  25.                         ${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }   
  26.                     </div>   
  27.                     <form id="loginForm" style="margin-top: 1em;"  
  28.                         action="<c:url value="/j_spring_security_check" />" method="post"">   
  29.                         <table class="noborder">   
  30.                             <tr>   
  31.                                 <td>   
  32.                                     <label for="username">   
  33.                                         用户名:   
  34.                                     </label>   
  35.                                 </td>   
  36.                                 <td>   
  37.                                     <input type="text" name="j_username" class="required" />   
  38.                                 </td>   
  39.                                 <td rowspan="3">   
  40.                                     <img id="captchaImg" src="<c:url value="/jcaptcha.jpg"/>" />   
  41.                                 </td>   
  42.                             </tr>   
  43.                             <tr>   
  44.                                 <td>   
  45.                                     <label for="password">   
  46.                                         密码:   
  47.                                     </label>   
  48.                                 </td>   
  49.                                 <td>   
  50.                                     <input type="password" name="j_password" class="required">   
  51.                                 </td>   
  52.                             </tr>   
  53.                             <tr>   
  54.                                 <td>   
  55.                                     <label for="j_captcha">   
  56.                                         验证码:   
  57.                                     </label>   
  58.                                 </td>   
  59.                                 <td>   
  60.                                     <input type='text' name='j_captcha' class="required" size='5' />   
  61.                                 </td>   
  62.                             </tr>   
  63.                             <tr>   
  64.                                 <td colspan='3'>   
  65.                                     <input type="checkbox" name="_spring_security_remember_me" />   
  66.                                     两周内记住我   
  67.                                     <span style="margin-left: 25px"><a   
  68.                                         href="javascript:refreshCaptcha()">看不清楚换一张</a>   
  69.                                     </span>   
  70.                                 </td>   
  71.                             </tr>   
  72.                             <tr>   
  73.                                 <td colspan="2">   
  74.                                     <input type="submit" class="button" value="登录">   
  75.                                 </td>   
  76.                             </tr>   
  77.                         </table>   
  78.                     </form>   
  79.                 </div>   
  80.             </div>   
  81.             <%@ include file="/common/footer.jsp"%>   
  82.         </div>   
  83.     </body>   
  84.     <script type="text/javascript">   
  85. function refreshCaptcha() {   
  86.     $('#captchaImg').hide().attr(   
  87.             'src',   
  88.             '<c:url value="/jcaptcha.jpg"/>' + '?' + Math   
  89.                     .floor(Math.random() * 100)).fadeIn();   
  90. }   
  91. </script>   
  92.   
  93. </html>  
<%@ page contentType="text/html;charset=UTF-8"%>
<%@ include file="/common/taglibs.jsp"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
	<head>
		<title>Login</title>
		<%@ include file="/common/meta.jsp"%>
		<link href="<c:url value="/resources/css/screen.css" />"
			rel="stylesheet" type="text/css" />
		<link href="<c:url value="/resources/css/ie.css" />" rel="stylesheet"
			type="text/css" />
		<script type="text/javascript"
			src="<c:url value="/resources/jquery/1.4/jquery.js" />">
</script>
	</head>
	<body>
		<div class="container">
			<%@ include file="/common/header.jsp"%>
			<div id="content">
				<div class="span-24 last">
					<h3>
						用户登录
					</h3>
					<div class="error">
						${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }
					</div>
					<form id="loginForm" style="margin-top: 1em;"
						action="<c:url value="/j_spring_security_check" />" method="post"">
						<table class="noborder">
							<tr>
								<td>
									<label for="username">
										用户名:
									</label>
								</td>
								<td>
									<input type="text" name="j_username" class="required" />
								</td>
								<td rowspan="3">
									<img id="captchaImg" src="<c:url value="/jcaptcha.jpg"/>" />
								</td>
							</tr>
							<tr>
								<td>
									<label for="password">
										密码:
									</label>
								</td>
								<td>
									<input type="password" name="j_password" class="required">
								</td>
							</tr>
							<tr>
								<td>
									<label for="j_captcha">
										验证码:
									</label>
								</td>
								<td>
									<input type='text' name='j_captcha' class="required" size='5' />
								</td>
							</tr>
							<tr>
								<td colspan='3'>
									<input type="checkbox" name="_spring_security_remember_me" />
									两周内记住我
									<span style="margin-left: 25px"><a
										href="javascript:refreshCaptcha()">看不清楚换一张</a>
									</span>
								</td>
							</tr>
							<tr>
								<td colspan="2">
									<input type="submit" class="button" value="登录">
								</td>
							</tr>
						</table>
					</form>
				</div>
			</div>
			<%@ include file="/common/footer.jsp"%>
		</div>
	</body>
	<script type="text/javascript">
function refreshCaptcha() {
	$('#captchaImg').hide().attr(
			'src',
			'<c:url value="/jcaptcha.jpg"/>' + '?' + Math
					.floor(Math.random() * 100)).fadeIn();
}
</script>

</html>



我的开发环境是STS+tomcat6.29,工程是maven项目.框架用的spring3.0.5



效果图1.




效果图2.




BTW:因为是maven项目,所以自己要配好maven路径之类的.然后install下就行了.
如果实在不喜欢或者不会用maven,源码下下来, 照着拷贝也行的.
注意要加上JCaptcha的包还有commons-lang包
其它的spring3 springsecurity3之类的包就不多说了 打开pom.xml一个一个的看吧.

  • 大小: 52.1 KB
  • 大小: 35.9 KB
  • 大小: 12.3 KB
  • security.rar (111.7 KB)
  • 描述: 项目的maven源码
  • 下载次数: 288

yjw916622874
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
security+jcaptcha(验证码)框架搭建
06-02
security+jcaptcha(验证码)框架搭建
springsecurity3和JCaptcha整合 验证码
03-26
springsecurity3和JCaptcha整合 验证码
spring security 3.0 使用 jcaptcha
haven123
05-11 95
1. 引入附件内JAR 2. 配置security.xml ........ 3. login.html增加
Spring与jcaptcha集成
白杨
05-28 1978
需求:验证码非常常见,那么在spring中使用jcaptcha进行认证那么需要集成实现:mvn:<!-- code check captcha start --> <dependency> <groupId>com.octo.captcha</groupId> <artifactId>jcaptcha</artifactId> <version>1.0</version> </depen
Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权
02-24
3. **定制Filter**:在Spring Cloud Gateway中,我们可以自定义WebFlux Filter,利用Spring Security提供的API进行认证和鉴权。这通常涉及到`@PreAuthorize`和`@Secured`等注解的使用,以控制对特定路由的访问权限。...
SpringSecurity整合Jwt过程图解
08-25
要想使用SpringSecurity和Jwt,我们需要创建一个新的Spring Boot项目,并导入相关依赖项。这些依赖项包括spring-boot-starter-securityspring-boot-starter-web和jjwt。其中,spring-boot-starter-security提供了...
Spring Security整合Oauth2实现流程详解
09-07
通过以上步骤,我们可以实现Spring Security与OAuth2的整合,为应用程序提供安全的用户认证和授权功能。理解这些概念和流程对于开发涉及用户身份验证和授权的应用至关重要。希望这篇文章能帮助你更好地理解和应用...
Spring Security整合CAS的示例代码
08-27
3. 如果票据有效,`CasAuthenticationProvider`验证用户并创建Spring Security的`Authentication`对象。 4. 用户被认证后,Spring Security将允许访问受保护的资源。 5. 当用户在CAS服务器上登出时,`SingleSignOut...
jcaptchaspring集成例子记录
softwarehe的专栏
06-07 896
@RequestMapping(value="/check", method=RequestMethod.POST)     public String check(ServletRequest theRequest, ServletResponse theResponse) {         HttpServletRequest request = (HttpServletRequest)
spring security进级篇VI JCaptcha验证编码的使用
gaojie1190的专栏
04-27 150
spring security中,可以结合jcaptcha进行使用,具体方法如下: 1.java类如下: package com.spring.security.jcaptcha; import java.awt.Color; import java.awt.Font; import java.awt.image.ImageFilter; import com.octo.ca...
Springboot+JCaptcha验证码,加入redis session共享 验证可行
haorenwoyige的专栏
05-09 484
基于上一章的优化,在redis存储过程中,无法初始化JCaptcha,经测试以下方法可行: 修改验证码生产方法,不再使用JCaptcha。 生成工具类:VerifyCodeUtils.java package cn.jeeweb.web.common.controller; import javax.imageio.ImageIO; import java.awt.*; import java.awt.geom.AffineTransform; import java.awt.image.Buff
Springboot+JCaptcha验证码,加入redis session共享
haorenwoyige的专栏
05-09 295
Springboot+JCaptcha验证码,加入redis session共享,NGINX不使用ip_hash策略:报错解决 1、问题:tomcat服务器启动web应用后,会为每个用户生成一个sessionId,以此区别不同用户。由于现在的企业级web应用都比较大,通常会部署在多个tomcat服务器上,这样就产生了问题,A服务器生成的sessionId,在B服务器是没有的,假如用户在访问的是A服务器,接着可能是访问的B服务器,由于每个sessionId是根据web服务器来生成的,而服务器间不能共享互通。
spring mvc 集成 jcaptcha 生成图形验证码
zyt_coder的专栏
09-13 977
jcaptcha是一个开源的用来生成验证码的Java开源组件maven依赖<dependency> <groupId>com.octo.captcha</groupId> <artifactId>jcaptcha</artifactId> <version>1.0</version> </dependency> 一般仓库中没有对应的jar,比如imaging
Spring中使用Jcaptcha实现校验码验证
06-27 109
本文将使用Jcaptcha实现校验码验证,并演示在Spring/SpringMVC环境下的使用方法。 1. maven依赖 <dependency> <groupId>com.octo.captcha</groupId> <artifactId>jcaptcha-all</artifactId> <v...
SpringMVC中使用Jcaptcha实现校验码验证
gzyz_lsl的博客
03-12 634
本文将使用Jcaptcha实现校验码验证,并演示在Spring/SpringMVC环境下的使用方法。 1. maven依赖Xml代码  &lt;dependency&gt;      &lt;groupId&gt;com.octo.captcha&lt;/groupId&gt;      &lt;artifactId&gt;jcaptcha-all&lt;/artifactId&gt;      ...
集成jcaptchaspring-boot+maven项目中时出现java.lang.NoSuchMethodError: com.jhlabs.image.WaterFilter的问题的解决方法
li361879355的专栏
12-30 4684
这个问题的原因是有个imaging-01012005.jar文件没有,这个jar在http://search.maven.org/库中是没有。在其官网上找到如下资源库地址http://maven.jahia.org/maven2/ 在项目的pom.xml文件中添加如下库: central-repos3 Central Repository3 http://maven.j
springsecurityspringboot整合 微服务
最新发布
10-06
通过整合Spring SecuritySpring Boot,可以实现微服务架构中的安全管理。开发人员可以通过配置文件和注解等方式,快速地定义应用程序的安全规则,并且能够方便地集成其他认证机制和权限管理服务。同时,Spring ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值