cas增加验证码

参考地址：https://blog.csdn.net/attackmind/article/details/52052502

参考地址：https://blog.csdn.net/jadyer/article/details/46916169

增加UsernamePasswordCaptchaCredential类继承UsernamePasswordCredential。

import org.jasig.cas.authentication.UsernamePasswordCredential;

/**
 * 自定义的接收登录验证码的实体类
 */

public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{

	private static final long serialVersionUID = 7042484120233254159L;

	private String captcha;  

    public String getCaptcha() {
        return captcha;
    }  

    public void setCaptcha(String captcha) {
        this.captcha = captcha;
    }
}

　　增加AuthenticationViaCaptchaFormAction类继承AuthenticationViaFormAction

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.jasig.cas.authentication.Credential;
import org.jasig.cas.web.flow.AuthenticationViaFormAction;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.RequestContext;

/**
 * 用户名密码非空验证，验证码效验Action
 */

public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction  {

	public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        HttpSession session = request.getSession();
        String rand = (String)session.getAttribute("rand");
        session.removeAttribute("rand");  

        UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential;
        String captcha = upc.getCaptcha();  

        System.out.println("获取Session验证码-->" + rand);
        System.out.println("获取表单输入验证码-->" + captcha);  

        if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){
            messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build());
            return "error";
        }
        if(captcha.equals(rand)){
            return "success";
        }
        //这段网上这么写的messageContext.addMessage(new MessageBuilder().code("required.captcha").build());
        //实际上这么写是org.springframework.binding.message.INFO级别的,这会导致前台表单无法显示这里的错误信息
        messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build());
        return "error";
    }
}

　　修改login-webflow.xml文件

第27行修改原来的验证类
<!-- 新加的用于接收前台表单验证码字段captcha的JavaBean -->
<var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/>
修改88至102行内
    <view-state id="viewLoginForm" view="casLoginView" model="credential">
        <binder>
            <binding property="username" required="true"/>
            <binding property="password" required="true"/>
			<!-- 前台添加表单添加验证码字段captcha -->
			<binding property="captcha" required="true"/>
        </binder>
        <on-entry>
            <set name="viewScope.commandName" value="'credential'"/>

            <!--
            <evaluate expression="samlMetadataUIParserAction" />
            -->
        </on-entry>
        <transition on="submit" bind="true" validate="true" to="authcodeValidate"/>
    </view-state>
	<!-- AuthenticationViaCaptchaFormAction类中重写validateCaptcha方法 -->
	<action-state id="authcodeValidate">
       <evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" />
       <transition on="error" to="generateLoginTicket" />
       <transition on="success" to="realSubmit" />
   </action-state>

　　修改cas-server.xml文件

修改第305行的class
  <bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction"
        p:centralAuthenticationService-ref="centralAuthenticationService"
        p:warnCookieGenerator-ref="warnCookieGenerator"/>