The repository for JCaptcha is this one:

<repository>
<id>sourceforge-releases</id>
<name>Sourceforge Releases</name>
<url>https://oss.sonatype.org/content/repositories/sourceforge-releases</url>
</repository> <dependency>
<groupId>com.octo.captcha</groupId>
<artifactId>jcaptcha-integration-simple-servlet</artifactId>
<version>2.0-alpha-1</version>
</dependency>

Here are some configuration I made in .xml files:

web.xml

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener> <filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter> <filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping> <servlet>
<servlet-name>jcaptcha</servlet-name>
<servlet-class>com.octo.captcha.module.servlet.image.SimpleImageCaptchaServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>jcaptcha</servlet-name>
<url-pattern>/jcaptcha.jpg</url-pattern>
</servlet-mapping>

spring-security.xml

<http auto-config="true" use-expressions="true">
<intercept-url pattern="/resources/**" access="permitAll()" />
<intercept-url pattern="/jcaptcha.jpg" access="permitAll()" />
<intercept-url pattern="/**" access="isAuthenticated()" /> <form-login login-page="/session/login/" default-target-url="/"
authentication-failure-url="/session/loginfailed/" />
<logout logout-success-url="/session/logout/" />
<access-denied-handler error-page="/session/403/" /> <!--JCaptcha Filtering-->
<custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/>
<!-- REMOVED custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/-->
<anonymous />
</http> <!-- For capturing CAPTCHA fields -->
<beans:bean id="captchaCaptureFilter" class="com.util.CaptchaCaptureFilter" /> <!-- For verifying CAPTCHA fields -->
<!-- Private key is assigned by the JCaptcha service -->
<!-- REMOVED beans:bean id="captchaVerifierFilter" class="com.util.CaptchaVerifierFilter"
p:failureUrl="/session/loginfailed/"
p:captchaCaptureFilter-ref="captchaCaptureFilter"/--> <beans:property name="sessionAuthenticationStrategy" ref="sas"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="allowSessionCreation" value="true" />
</beans:bean> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
<beans:property name="maximumSessions" value="1" />
</beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <beans:bean id="userService" class="com.service.mybatis.UserManager" /> <beans:bean id="customAuthenticationProvider" class="com.util.MyAuthenticationProvider" p:captchaCaptureFilter-ref="captchaCaptureFilter" />
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager> <beans:bean id="accessDeniedHandler" class="com.util.ThouShaltNoPass">
<beans:property name="accessDeniedURL" value="/session/403/" />
</beans:bean>

And these are the java classes:

MyAuthenticationProvider.java

public class MyAuthenticationProvider implements AuthenticationProvider {

@Autowired
private UserService userService;
private Logger logger = LoggerFactory.getLogger(ArtajasaAuthenticationProvider.class);
private CaptchaCaptureFilter captchaCaptureFilter; @Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = String.valueOf(authentication.getPrincipal());
String password = String.valueOf(authentication.getCredentials());
logger.debug("Checking authentication for user {}", username);
logger.debug("userResponse: {}", captchaCaptureFilter.getUserCaptchaResponse());
if (StringUtils.isBlank(username)
|| StringUtils.isBlank(password)) {
throw new BadCredentialsException("No Username and/or Password Provided.");
}
else if(StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) {
throw new BadCredentialsException("Captcha Response is Empty");
}
else {
// Send HTTP request to validate user's Captcha
boolean captchaPassed = SimpleImageCaptchaServlet.validateResponse(captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse()); // Check if valid
if (captchaPassed) {
logger.debug("Captcha is valid!");
resetCaptchaFields(); Pengguna user = userService.select(username);
if (user == null) {
throw new BadCredentialsException("Invalid Username and/or Password.");
}
if (user.getPassword().equals(new PasswordUtil().generateHash(password, user.getSalt()))) {
List<GrantedAuthority> authorityList = (List<GrantedAuthority>) userService.getAuthorities(user);
return new UsernamePasswordAuthenticationToken(username, password, authorityList);
}
else {
throw new BadCredentialsException("Invalid Username and/or Password.");
}
}
else {
logger.debug("Captcha is invalid!");
resetCaptchaFields(); throw new BadCredentialsException("Invalid Captcha.");
}
}
} @Override
public boolean supports(Class<?> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
} /**
* Reset Captcha fields
*/
public void resetCaptchaFields() {
captchaCaptureFilter.setUserCaptchaResponse(null);
} public CaptchaCaptureFilter getCaptchaCaptureFilter() {
return captchaCaptureFilter;
} public void setCaptchaCaptureFilter(CaptchaCaptureFilter captchaCaptureFilter) {
this.captchaCaptureFilter = captchaCaptureFilter;
}
}

CaptchaCaptureFilter.java

public class CaptchaCaptureFilter extends OncePerRequestFilter {

private Logger logger = Logger.getLogger(CaptchaCaptureFilter.class);
private String userCaptchaResponse;
private HttpServletRequest request; @Override
public void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
FilterChain chain) throws IOException, ServletException { logger.debug("Captcha capture filter"); // Assign values only when user has submitted a Captcha value.
// Without this condition the values will be reset due to redirection
// and CaptchaVerifierFilter will enter an infinite loop
if (req.getParameter("jcaptcha") != null) {
request = req;
userCaptchaResponse = req.getParameter("jcaptcha");
} logger.debug("userResponse: " + userCaptchaResponse); // Proceed with the remaining filters
chain.doFilter(req, res);
} public String getUserCaptchaResponse() {
return userCaptchaResponse;
} public void setUserCaptchaResponse(String userCaptchaResponse) {
this.userCaptchaResponse = userCaptchaResponse;
} public HttpServletRequest getRequest() {
return request;
} public void setRequest(HttpServletRequest request) {
this.request = request;
}
}

Last but not least, login.jsp

<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>

<form id="login" name="f" action="<c:url value='/j_spring_security_check'/>" method="POST">
<div class="container"> <div class="content">
<div class="row">
<div class="login-form">
<h3>Login</h3>
<br />
<fieldset>
<div class="clearfix">
username: ecr
<input type="text" name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>' placeholder="username@artajasa.co.id">
</div>
<div class="clearfix">
password: ecr123
<input type="password" name='j_password' placeholder="password">
</div>
<div class="clearfix">
<img src="../../jcaptcha.jpg" />
<br />
<input type="text" name="jcaptcha" placeholder="masukkan captcha" />
</div>
<br />
<button class="btn btn-primary" type="submit"><i class="icon-lock"></i> Sign in</button>
</fieldset>
</div>
</div>
</div>
<br />
<c:if test="${not empty error}">
<div class="alert alert-error">
<button type="button" class="close" data-dismiss="alert"><i class="icon-remove"></i></button>
Login Failed, try again.<br />
<c:out value="${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}"/>
</div>
</c:if>
</div>

done!

How to Integrate JCaptcha in Spring Security的更多相关文章

  1. Spring Security(三十六):12. Spring MVC Test Integration

    Spring Security provides comprehensive integration with Spring MVC Test Spring Security提供与Spring MVC ...

  2. Spring Security(二十七):Part II. Architecture and Implementation

    Once you are familiar with setting up and running some namespace-configuration based applications, y ...

  3. Spring Security(十二):5. Java Configuration

    General support for Java Configuration was added to Spring Framework in Spring 3.1. Since Spring Sec ...

  4. Spring Security(十一):4. Samples and Guides (Start Here)

    If you are looking to get started with Spring Security, the best place to start is our Sample Applic ...

  5. Spring Security(四):2.1 Introduction What is Spring Security?

    Spring Security provides comprehensive security services for Java EE-based enterprise software appli ...

  6. spring security 学习文档

    web service Prepared by:   Sea                                                                       ...

  7. spring-security-4 (2)spring security 基于Java配置的搭建

    一.spring security的模块 搭建spring security首先我们要导入必须的jar,即maven的依赖.spring security按模块划分,一个模块对应一个jar. spri ...

  8. Spring security 3.1 +JSF 2.0 . problem with annotating methods in ManagedBeans?

    Hy .What i am trying to do is to integrate Spring security with a Jsf+spring IOC +hibernate applicat ...

  9. Spring Security Java Config Preview--官方

    原文地址:[1]https://spring.io/blog/2013/07/02/spring-security-java-config-preview-introduction/ [2]https ...

随机推荐

  1. UVA-10384 The Wall Pushers (IDA*)

    题目大意:走迷宫,遇到墙时可以推着墙走,但墙后还是墙时便不能推.求出一条任意的最短路径. 题目分析:这道题出的比较人性,输入的时候便是将四周的墙用二进制数表示好了,其实这样减轻了做题人的负担.IDA* ...

  2. EPANET头文件解读系列6——HASH.H

    该文件是EPANET中HASH.C的头文件,下面列出了该文件的源码以及我的中文注释 /* HASH.H**** Header file for Hash Table module HASH.C***/ ...

  3. c# winform 操作oracle数据库的Blob字段,把图片存储到数据库,保存图片到数据库

    ///c# winform 操作oracle数据库的Blob字段,把图片存储到数据库,保存图片到数据库 闲话不多说,直接上代码 using System; using System.Collectio ...

  4. js遍历json的key和value

    遍历json对象: 无规律: <script> var json = [{dd:'SB',AA:'东东',re1:123},{cccc:'dd',lk:'1qw'}]; for(var i ...

  5. 在jenkins和sonar中集成jacoco(三)--使用jacoco收集集成测试的覆盖率

    我们系统使用weblogic做服务器,集成测试框架使用的是junit+selenium. 首先,要把jacoco的jacocoagent.jar包放到部署应用的服务器上,接着在系统服务的JAVA_OP ...

  6. django2 显示图片 输出图片

    使用笨办法,指向图片的路径,然后输出图片. 首先路由设置: # 查看图片 path('tu/', ShowTuView.as_view(), name='image') 视图代码: import os ...

  7. 接口测试Fiddler实战20150921

    (写好的文章被不小心删掉了,现在补一篇) 项目背景: 1.接口URL:http://192.168.xx.xx:8080/mserver/rest/ms 2.接口参数:data=xxxxx&k ...

  8. 第8课 goto和void分析

    遭人遗弃的goto: C语言是一种面向过程的结构化语言,其中主要结构有三种,顺序执行.选择执行.循环执行.再复杂的程序也是由这三种结构组合而成的. goto破坏了结构化特性,使程序以第四种方式执行,结 ...

  9. Redis3.0集群

    Redis集群介绍 Redis 集群是一个提供在多个Redis间节点间共享数据的程序集. Redis集群并不支持处理多个keys的命令,因为这需要在不同的节点间移动数据,从而达不到像Redis那样的性 ...

  10. BZOJ5090: [Lydsy1711月赛]组题(01分数规划)

    5090: [Lydsy1711月赛]组题 Time Limit: 1 Sec  Memory Limit: 256 MBSubmit: 785  Solved: 186[Submit][Status ...