The repository for JCaptcha is this one:

<repository>

        <id>sourceforge-releases</id>

        <name>Sourceforge Releases</name>

        <url>https://oss.sonatype.org/content/repositories/sourceforge-releases</url>

    </repository>

<dependency>

        <groupId>com.octo.captcha</groupId>

        <artifactId>jcaptcha-integration-simple-servlet</artifactId>

        <version>2.0-alpha-1</version>

    </dependency>

Here are some configuration I made in .xml files:

web.xml

<context-param>

    <param-name>contextConfigLocation</param-name>

    <param-value>

        /WEB-INF/applicationContext.xml

        /WEB-INF/spring/spring-security.xml

    </param-value>

</context-param>

 <listener>

    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>

</listener>

<filter>

    <filter-name>springSecurityFilterChain</filter-name>

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

    <filter-name>springSecurityFilterChain</filter-name>

    <url-pattern>/*</url-pattern>

    <dispatcher>FORWARD</dispatcher>

    <dispatcher>REQUEST</dispatcher>

</filter-mapping>

<servlet>

    <servlet-name>jcaptcha</servlet-name>

    <servlet-class>com.octo.captcha.module.servlet.image.SimpleImageCaptchaServlet</servlet-class>

</servlet>

<servlet-mapping>

    <servlet-name>jcaptcha</servlet-name>

    <url-pattern>/jcaptcha.jpg</url-pattern>

</servlet-mapping>

spring-security.xml

<http auto-config="true" use-expressions="true">

    <intercept-url pattern="/resources/**" access="permitAll()" />

    <intercept-url pattern="/jcaptcha.jpg" access="permitAll()" />

    <intercept-url pattern="/**" access="isAuthenticated()" />

    <form-login login-page="/session/login/" default-target-url="/"

                authentication-failure-url="/session/loginfailed/" />

    <logout logout-success-url="/session/logout/" />

    <access-denied-handler error-page="/session/403/" />

    <!--JCaptcha Filtering-->

    <custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/>

    <!-- REMOVED custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/-->

    <anonymous />

</http>

<!-- For capturing CAPTCHA fields -->

<beans:bean id="captchaCaptureFilter" class="com.util.CaptchaCaptureFilter" />

<!-- For verifying CAPTCHA fields -->

<!-- Private key is assigned by the JCaptcha service -->

<!-- REMOVED beans:bean id="captchaVerifierFilter" class="com.util.CaptchaVerifierFilter"

      p:failureUrl="/session/loginfailed/"

      p:captchaCaptureFilter-ref="captchaCaptureFilter"/-->

    <beans:property name="sessionAuthenticationStrategy" ref="sas"/>

    <beans:property name="authenticationManager" ref="authenticationManager" />

    <beans:property name="allowSessionCreation" value="true" />

</beans:bean>

<beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">

    <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/>

    <beans:property name="maximumSessions" value="1" />

</beans:bean>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

<beans:bean id="userService" class="com.service.mybatis.UserManager" />

<beans:bean id="customAuthenticationProvider" class="com.util.MyAuthenticationProvider" p:captchaCaptureFilter-ref="captchaCaptureFilter" />

<authentication-manager alias="authenticationManager">

    <authentication-provider ref="customAuthenticationProvider" />

</authentication-manager>

<beans:bean id="accessDeniedHandler" class="com.util.ThouShaltNoPass">

    <beans:property name="accessDeniedURL" value="/session/403/" />

</beans:bean>

And these are the java classes:

MyAuthenticationProvider.java

public class MyAuthenticationProvider implements AuthenticationProvider {

@Autowired

private UserService userService;

private Logger logger = LoggerFactory.getLogger(ArtajasaAuthenticationProvider.class);

private CaptchaCaptureFilter captchaCaptureFilter;

@Override

public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    String username = String.valueOf(authentication.getPrincipal());

    String password = String.valueOf(authentication.getCredentials());

    logger.debug("Checking authentication for user {}", username);

    logger.debug("userResponse: {}", captchaCaptureFilter.getUserCaptchaResponse());

    if (StringUtils.isBlank(username)

            || StringUtils.isBlank(password)) {

        throw new BadCredentialsException("No Username and/or Password Provided.");

    }

    else if(StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) {

        throw new BadCredentialsException("Captcha Response is Empty");

    }

    else {

        // Send HTTP request to validate user's Captcha

        boolean captchaPassed = SimpleImageCaptchaServlet.validateResponse(captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse());

        // Check if valid

        if (captchaPassed) {

            logger.debug("Captcha is valid!");

            resetCaptchaFields();

            Pengguna user = userService.select(username);

            if (user == null) {

                throw new BadCredentialsException("Invalid Username and/or Password.");

            }

            if (user.getPassword().equals(new PasswordUtil().generateHash(password, user.getSalt()))) {

                List<GrantedAuthority> authorityList = (List<GrantedAuthority>) userService.getAuthorities(user);

                return new UsernamePasswordAuthenticationToken(username, password, authorityList);

            }

            else {

                throw new BadCredentialsException("Invalid Username and/or Password.");

            }

        }

        else {

            logger.debug("Captcha is invalid!");

            resetCaptchaFields();

            throw new BadCredentialsException("Invalid Captcha.");

        }

    }

}

@Override

public boolean supports(Class<?> authentication) {

    return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));

}

/**

 * Reset Captcha fields

 */

public void resetCaptchaFields() {

    captchaCaptureFilter.setUserCaptchaResponse(null);

}

public CaptchaCaptureFilter getCaptchaCaptureFilter() {

    return captchaCaptureFilter;

}

public void setCaptchaCaptureFilter(CaptchaCaptureFilter captchaCaptureFilter) {

    this.captchaCaptureFilter = captchaCaptureFilter;

}

}

CaptchaCaptureFilter.java

public class CaptchaCaptureFilter extends OncePerRequestFilter {

private Logger logger = Logger.getLogger(CaptchaCaptureFilter.class);

private String userCaptchaResponse;

private HttpServletRequest request;

@Override

public void doFilterInternal(HttpServletRequest req, HttpServletResponse res,

                             FilterChain chain) throws IOException, ServletException {

    logger.debug("Captcha capture filter");

    // Assign values only when user has submitted a Captcha value.

    // Without this condition the values will be reset due to redirection

    // and CaptchaVerifierFilter will enter an infinite loop

    if (req.getParameter("jcaptcha") != null) {

        request = req;

        userCaptchaResponse = req.getParameter("jcaptcha");

    }

    logger.debug("userResponse: " + userCaptchaResponse);

    // Proceed with the remaining filters

    chain.doFilter(req, res);

}

public String getUserCaptchaResponse() {

    return userCaptchaResponse;

}

public void setUserCaptchaResponse(String userCaptchaResponse) {

    this.userCaptchaResponse = userCaptchaResponse;

}

public HttpServletRequest getRequest() {

    return request;

}

public void setRequest(HttpServletRequest request) {

    this.request = request;

}

}

Last but not least, login.jsp

<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>

<form id="login" name="f" action="<c:url value='/j_spring_security_check'/>" method="POST">

  <div class="container">

    <div class="content">

        <div class="row">

            <div class="login-form">

                <h3>Login</h3>

                <br />

                  <fieldset>

                       <div class="clearfix">

                            username: ecr

                            <input type="text" name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>' placeholder="username@artajasa.co.id">

                       </div>

                       <div class="clearfix">

                           password: ecr123

                           <input type="password" name='j_password' placeholder="password">

                       </div>

                       <div class="clearfix">

                           <img src="../../jcaptcha.jpg" />

                           <br />

                           <input type="text" name="jcaptcha" placeholder="masukkan captcha" />

                       </div>

                       <br />

                       <button class="btn btn-primary" type="submit"><i class="icon-lock"></i> Sign in</button>

                   </fieldset>

            </div>

        </div>

    </div>

     <br />

     <c:if test="${not empty error}">

            <div class="alert alert-error">

            <button type="button" class="close" data-dismiss="alert"><i class="icon-remove"></i></button>

            Login Failed, try again.<br />

            <c:out value="${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}"/>

            </div>

          </c:if>

  </div>

done!

How to Integrate JCaptcha in Spring Security的更多相关文章

  1. Spring Security(三十六):12. Spring MVC Test Integration

    Spring Security provides comprehensive integration with Spring MVC Test Spring Security提供与Spring MVC ...

  2. Spring Security(二十七):Part II. Architecture and Implementation

    Once you are familiar with setting up and running some namespace-configuration based applications, y ...

  3. Spring Security(十二):5. Java Configuration

    General support for Java Configuration was added to Spring Framework in Spring 3.1. Since Spring Sec ...

  4. Spring Security(十一):4. Samples and Guides (Start Here)

    If you are looking to get started with Spring Security, the best place to start is our Sample Applic ...

  5. Spring Security(四):2.1 Introduction What is Spring Security?

    Spring Security provides comprehensive security services for Java EE-based enterprise software appli ...

  6. spring security 学习文档

    web service Prepared by:   Sea                                                                       ...

  7. spring-security-4 (2)spring security 基于Java配置的搭建

    一.spring security的模块 搭建spring security首先我们要导入必须的jar,即maven的依赖.spring security按模块划分,一个模块对应一个jar. spri ...

  8. Spring security 3.1 +JSF 2.0 . problem with annotating methods in ManagedBeans?

    Hy .What i am trying to do is to integrate Spring security with a Jsf+spring IOC +hibernate applicat ...

  9. Spring Security Java Config Preview--官方

    原文地址:[1]https://spring.io/blog/2013/07/02/spring-security-java-config-preview-introduction/ [2]https ...

随机推荐

  1. javascript中new Date()会存在偏差一小时的bug

    事件回顾: 因为我们的产品会有与时间转换这部分,并且流量主要集中在小程序. emmm~  获取用户出生的年/月/日/时  我们和后台协商的是换算用户选择后的时间为  年/月/日/时/分/秒  所以我们 ...

  2. 非ie浏览器必备函数常识

    场景描述: 我们都知道IE浏览器和非IE浏览器都有很多功能一样但写法不同,或者各自都有一些自己独特的方法,那么为了保持兼容性和便于编写,我们可以通过这两个方法给非IE浏览器的对象增加自己没有,但IE有 ...

  3. js中字符串处理成数字的方法

    <script> var a="11.1111"; var b="12.2222"; //第一种方法:乘以1的方法 //alert(a*1+b*1) ...

  4. DOM之一些小实验demo

    body, table{font-family: 微软雅黑; font-size: 10pt} table{border-collapse: collapse; border: solid gray; ...

  5. Custom Ribbon in SharePoint 2010 & which not wrok when migrate from 2010 to 2013

    博客地址 http://blog.csdn.net/foxdave 1. First of all, let me show you the ribbon modal in our project w ...

  6. SQLSERVER 数据调度示例,调度数据到中间表或者历史表

    USE [MeiDongPay_Test] GO /****** Object: StoredProcedure [dbo].[Job_BatchTransferOrderToMidst] Scrip ...

  7. secureCRT不能输入

    用secureCRT建了一个串口COM1后,连接上开发板后,可以正确接受和显示串口的输出,但是按键输入无效. 解决: Session Options -> Connection -> Se ...

  8. vim 编辑 windows下的文本时出现乱码, 修改配置后 已解决

    最近用VIM 查看一个 WINDOWS下的文本,打开以后发现出现乱码,具体如上图. 最后在网上找到了一个解决方法: 原文地址: https://www.zhihu.com/question/22363 ...

  9. curl查询公网出口IP

    liuzhizhi@lzz-rmbp|logs # curl ipinfo.io { "ip": "114.110.1.38", "hostname& ...

  10. Eclipse转Android Studio工程实践

    Eclipse转Android Studio工程有两种方式, 一种是兼容Eclipse,两者都可以使用,一种是全新的Android Gradle Project. 这里使用的Android Studi ...