本文介紹了springboot結合springsecurity實現(xiàn)圖形驗證碼功能,分享給大家,具體如下:
生成圖形驗證碼
- 根據(jù)隨機數(shù)生成圖片
- 將隨機數(shù)存到session中
- 將生成的圖片寫到接口的響應中
生成圖形驗證碼的過程比較簡單,和springsecurity也沒有什么關系。所以就直接貼出代碼了
根據(jù)隨機數(shù)生成圖片
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
/** * 生成圖形驗證碼 * @param request * @return */private imagecode generate(servletwebrequest request) { int width = 64; int height = 32; bufferedimage image = new bufferedimage(width, height, bufferedimage.type_int_rgb); graphics g = image.getgraphics(); random random = new random(); g.setcolor(getrandcolor(200, 250)); g.fillrect(0, 0, width, height); g.setfont(new font("times new roman", font.italic, 20)); g.setcolor(getrandcolor(160, 200)); for (int i = 0; i < 155; i++) { int x = random.nextint(width); int y = random.nextint(height); int xl = random.nextint(12); int yl = random.nextint(12); g.drawline(x, y, x + xl, y + yl); } string srand = ""; for (int i = 0; i < 4; i++) { string rand = string.valueof(random.nextint(10)); srand += rand; g.setcolor(new color(20 + random.nextint(110), 20 + random.nextint(110), 20 + random.nextint(110))); g.drawstring(rand, 13 * i + 6, 16); } g.dispose(); return new imagecode(image, srand, 60);}/** * 生成隨機背景條紋 * * @param fc * @param bc * @return */private color getrandcolor(int fc, int bc) { random random = new random(); if (fc > 255) { fc = 255; } if (bc > 255) { bc = 255; } int r = fc + random.nextint(bc - fc); int g = fc + random.nextint(bc - fc); int b = fc + random.nextint(bc - fc); return new color(r, g, b);} |
將隨機數(shù)存到session中 && 將生成的圖片寫到接口的響應中
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
@restcontrollerpublic class validatecodecontroller { public static final string session_key = "session_key_image_code"; private sessionstrategy sessionstrategy = new httpsessionsessionstrategy(); @getmapping("/code/image") public void createcode(httpservletrequest request, httpservletresponse response) throws ioexception { imagecode imagecode = generate(new servletwebrequest(request)); sessionstrategy.setattribute(new servletwebrequest(request), session_key, imagecode); imageio.write(imagecode.getimage(), "jpeg", response.getoutputstream()); }} |
在認證流程中加入圖形驗證碼
在springsecurity認證流程詳解中,我們有講到,springsecurity是通過過濾器鏈來進行校驗的,我們想要驗證圖形驗證碼,所以可以在認證流程之前,也就是usernamepasswordauthenticationfilter之前進行校驗。
自定義圖形驗證碼的過濾器
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
@componentpublic class validatecodefilter extends onceperrequestfilter { private sessionstrategy sessionstrategy = new httpsessionsessionstrategy(); private authenticationfailurehandler authenticationfailurehandler; @override protected void dofilterinternal(httpservletrequest httpservletrequest, httpservletresponse httpservletresponse, filterchain filterchain) throws servletexception, ioexception { if(stringutils.equals("/user/login", httpservletrequest.getrequesturi()) && stringutils.equalsignorecase(httpservletrequest.getmethod(), "post")) { try { // 1. 進行驗證碼的校驗 validate(new servletwebrequest(httpservletrequest)); } catch (validatecodeexception e) { // 2. 如果校驗不通過,調用springsecurity的校驗失敗處理器 authenticationfailurehandler.onauthenticationfailure(httpservletrequest, httpservletresponse, e); return ; } } // 3. 校驗通過,就放行 filterchain.dofilter(httpservletrequest, httpservletresponse); }} |
這里驗證碼校驗的過程比較簡單,主要就是判斷傳過來的參數(shù)和session中保存的是否一致,以及session中的驗證碼是否過期了。
有了自己的驗證碼過濾器之后,我們還需要將它配置在usernamepasswordauthenticationfilter之前:
|
1
2
3
4
5
6
7
8
9
|
@overrideprotected void configure(httpsecurity http) throws exception { validatecodefilter validatecodefilter = new validatecodefilter(); validatecodefilter.setauthenticationfailurehandler(myauthenticationfailurehandler); // 將我們自定義的過濾器,配置到usernamepasswordauthenticationfilter之前 http.addfilterbefore(validatecodefilter, usernamepasswordauthenticationfilter.class) .formlogin() // 定義當需要用戶登錄時候,轉到的登錄頁面。 // 后面的配置省略} |
代碼下載
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支持服務器之家。
原文鏈接:https://blog.csdn.net/u013435893/article/details/79617872
