cas增加驗證碼
阿新 • • 發佈:2018-06-01
XP pri In spring support detail property then username
參考地址:https://blog.csdn.net/attackmind/article/details/52052502
參考地址:https://blog.csdn.net/jadyer/article/details/46916169
增加UsernamePasswordCaptchaCredential類繼承UsernamePasswordCredential。
import org.jasig.cas.authentication.UsernamePasswordCredential;
/**
* 自定義的接收登錄驗證碼的實體類
*/
public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{
private static final long serialVersionUID = 7042484120233254159L;
private String captcha;
public String getCaptcha() {
return captcha;
}
public void setCaptcha(String captcha) {
this.captcha = captcha;
}
}
增加AuthenticationViaCaptchaFormAction類繼承AuthenticationViaFormAction
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.web.flow.AuthenticationViaFormAction;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.RequestContext;
/**
* 用戶名密碼非空驗證,驗證碼效驗Action
*/
public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction {
public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
HttpSession session = request.getSession();
String rand = (String)session.getAttribute("rand");
session.removeAttribute("rand");
UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential;
String captcha = upc.getCaptcha();
System.out.println("獲取Session驗證碼-->" + rand);
System.out.println("獲取表單輸入驗證碼-->" + captcha);
if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){
messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build());
return "error";
}
if(captcha.equals(rand)){
return "success";
}
//這段網上這麽寫的messageContext.addMessage(new MessageBuilder().code("required.captcha").build());
//實際上這麽寫是org.springframework.binding.message.INFO級別的,這會導致前臺表單無法顯示這裏的錯誤信息
messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build());
return "error";
}
}
修改login-webflow.xml文件
第27行修改原來的驗證類
<!-- 新加的用於接收前臺表單驗證碼字段captcha的JavaBean -->
<var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/>
修改88至102行內
<view-state id="viewLoginForm" view="casLoginView" model="credential">
<binder>
<binding property="username" required="true"/>
<binding property="password" required="true"/>
<!-- 前臺添加表單添加驗證碼字段captcha -->
<binding property="captcha" required="true"/>
</binder>
<on-entry>
<set name="viewScope.commandName" value="‘credential‘"/>
<!--
<evaluate expression="samlMetadataUIParserAction" />
-->
</on-entry>
<transition on="submit" bind="true" validate="true" to="authcodeValidate"/>
</view-state>
<!-- AuthenticationViaCaptchaFormAction類中重寫validateCaptcha方法 -->
<action-state id="authcodeValidate">
<evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" />
<transition on="error" to="generateLoginTicket" />
<transition on="success" to="realSubmit" />
</action-state>
修改cas-server.xml文件
修改第305行的class
<bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"/>
cas增加驗證碼