⒈封装验证码类

 package cn.coreqi.security.validate;

 import java.awt.image.BufferedImage;

 import java.time.LocalDateTime;

 public class ImageCode {

     private BufferedImage image;

     private String code;

     private LocalDateTime expireTime;   //过期时间

     public ImageCode(BufferedImage image, String code, Integer expireIn) {

         this.image = image;

         this.code = code;

         this.expireTime = LocalDateTime.now().plusSeconds(expireIn);

     }

     public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {

         this.image = image;

         this.code = code;

         this.expireTime = expireTime;

     }

     public boolean isExpried(){

         return LocalDateTime.now().isAfter(expireTime);

     }

     public BufferedImage getImage() {

         return image;

     }

     public void setImage(BufferedImage image) {

         this.image = image;

     }

     public String getCode() {

         return code;

     }

     public void setCode(String code) {

         this.code = code;

     }

     public LocalDateTime getExpireTime() {

         return expireTime;

     }

     public void setExpireTime(LocalDateTime expireTime) {

         this.expireTime = expireTime;

     }

 }

⒉封装验证码控制器

 package cn.coreqi.security.controller;

 import cn.coreqi.security.validate.ImageCode;

 import com.sun.image.codec.jpeg.JPEGCodec;

 import com.sun.image.codec.jpeg.JPEGImageEncoder;

 import org.springframework.social.connect.web.HttpSessionSessionStrategy;

 import org.springframework.social.connect.web.SessionStrategy;

 import org.springframework.web.bind.annotation.GetMapping;

 import org.springframework.web.bind.annotation.RestController;

 import org.springframework.web.context.request.ServletWebRequest;

 import javax.imageio.ImageIO;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import java.awt.*;

 import java.awt.image.BufferedImage;

 import java.io.IOException;

 import java.util.Random;

 @RestController

 public class ValidateController {

     public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";

     private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

     @GetMapping("code/image")

     public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {

         ImageCode imageCode = createImageCode(request);

         sessionStrategy.setAttribute(new ServletWebRequest(request),SESSION_KEY,imageCode);

         response.setHeader("Pragma","No-cache");

         response.setHeader("Cache-Control","no-cache");

         //response.setDateHeader("Expires", 0);

         JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(response.getOutputStream());

         encoder.encode(imageCode.getImage());

         //ImageIO.write(imageCode.getImage(),"JPEG",response.getOutputStream());    //当tomcat下temp文件夹不存在则"Can't create output stream"

     }

     private ImageCode createImageCode(HttpServletRequest request) {

         int width = 67;

         int height = 23;

         BufferedImage image = new BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);

         Graphics g = image.getGraphics();

         Random random = new Random();

         g.setColor(getRandColor(200,250));

         g.fillRect(0,0,width,height);

         g.setFont(new Font("Times New Roman",Font.ITALIC,20));

         g.setColor(getRandColor(160,200));

         for (int i = 0;i < 155; i++){

             int x = random.nextInt(width);

             int y = random.nextInt(height);

             int xl = random.nextInt(12);

             int yl = random.nextInt(12);

             g.drawLine(x,y,x+xl,y+yl);

         }

         String sRand = "";

         for(int i = 0;i < 4; i++){

             String rand = String.valueOf(random.nextInt(10));

             sRand += rand;

             g.setColor(new Color(20 + random.nextInt(110),20 + random.nextInt(110),20 + random.nextInt(110)));

             g.drawString(rand,13 * i + 6,16);

         }

         g.dispose();

         return new ImageCode(image,sRand,60);

     }

     /**

      * 生成随机背景条纹

      * @param fc

      * @param bc

      * @return

      */

     private Color getRandColor(int fc, int bc) {

         Random random = new Random();

         if(fc > 255){

             fc = 255;

         }

         if(bc > 255){

             bc = 255;

         }

         int r = fc + random.nextInt(bc - fc);

         int g = fc + random.nextInt(bc - fc);

         int b = fc + random.nextInt(bc - fc);

         return new Color(r,g,b);

     }

 }

⒊放行验证码的Rest地址

⒋表单添加验证码

             <tr>

                 <td>图形验证码:</td>

                 <td>

                     <input type="text" name="imageCode">

                     <img src="/code/image">

                 </td>

             </tr>

⒌声明一个验证码异常,用于抛出特定的验证码异常

 package cn.coreqi.security.validate;

 import org.springframework.security.core.AuthenticationException;

 public class ValidateCodeException extends AuthenticationException {

     public ValidateCodeException(String msg) {

         super(msg);

     }

 }

⒍创建一个过滤器,用于验证请求中的验证码是否正确

 package cn.coreqi.security.Filter;

 import cn.coreqi.security.validate.ImageCode;

 import cn.coreqi.security.validate.ValidateCodeException;

 import org.springframework.security.web.authentication.AuthenticationFailureHandler;

 import org.springframework.social.connect.web.HttpSessionSessionStrategy;

 import org.springframework.social.connect.web.SessionStrategy;

 import org.springframework.util.StringUtils;

 import org.springframework.web.bind.ServletRequestBindingException;

 import org.springframework.web.bind.ServletRequestUtils;

 import org.springframework.web.context.request.ServletWebRequest;

 import org.springframework.web.filter.OncePerRequestFilter;

 import cn.coreqi.security.controller.*;

 import javax.servlet.FilterChain;

 import javax.servlet.ServletException;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import java.io.IOException;

 public class ValidateCodeFilter extends OncePerRequestFilter {

     private AuthenticationFailureHandler authenticationFailureHandler;

     private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

     public AuthenticationFailureHandler getAuthenticationFailureHandler() {

         return authenticationFailureHandler;

     }

     public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {

         this.authenticationFailureHandler = authenticationFailureHandler;

     }

     public SessionStrategy getSessionStrategy() {

         return sessionStrategy;

     }

     public void setSessionStrategy(SessionStrategy sessionStrategy) {

         this.sessionStrategy = sessionStrategy;

     }

     @Override

     protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {

         if (httpServletRequest.equals("/authentication/form") && httpServletRequest.getMethod().equals("post")) {

             try {

                 validate(new ServletWebRequest(httpServletRequest));

             }catch (ValidateCodeException e){

                 authenticationFailureHandler.onAuthenticationFailure(httpServletRequest,httpServletResponse,e);

                 return;

             }

         }

         filterChain.doFilter(httpServletRequest,httpServletResponse);   //如果不是登录请求,直接调用后面的过滤器链

     }

     private void validate(ServletWebRequest request) throws ServletRequestBindingException {

         ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(request,ValidateController.SESSION_KEY);

         String codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(),"imageCode");

         if(!StringUtils.hasText(codeInRequest)){

             throw new ValidateCodeException("验证码的值不能为空!");

         }

         if(codeInSession == null){

             throw new ValidateCodeException("验证码不存在!");

         }

         if(codeInSession.isExpried()){

             sessionStrategy.removeAttribute(request,ValidateController.SESSION_KEY);

             throw new ValidateCodeException("验证码已过期!");

         }

         if(!codeInSession.getCode().equals(codeInRequest)){

             throw new ValidateCodeException("验证码不正确!");

         }

         sessionStrategy.removeAttribute(request,ValidateController.SESSION_KEY);

     }

 }

⒎在SpringSecurity过滤器链中注册我们的过滤器

 package cn.coreqi.security.config;

 import cn.coreqi.security.Filter.ValidateCodeFilter;

 import org.springframework.beans.factory.annotation.Autowired;

 import org.springframework.context.annotation.Bean;

 import org.springframework.context.annotation.Configuration;

 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

 import org.springframework.security.crypto.password.NoOpPasswordEncoder;

 import org.springframework.security.crypto.password.PasswordEncoder;

 import org.springframework.security.web.authentication.AuthenticationFailureHandler;

 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

 @Configuration

 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

     @Autowired

     private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;

     @Autowired

     private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;

     @Bean

     public PasswordEncoder passwordEncoder(){

         return NoOpPasswordEncoder.getInstance();

     }

     @Override

     protected void configure(HttpSecurity http) throws Exception {

         ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();

         validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);

         //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter

         http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面

                 .formLogin()    //表单登录 UsernamePasswordAuthenticationFilter

                 .loginPage("/coreqi-signIn.html")  //指定登录页面

                 //.loginPage("/authentication/require")

                 .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址

                 .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。

                 .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把

                 .and()

                 .authorizeRequests()    //对授权请求进行配置

                 .antMatchers("/coreqi-signIn.html","/code/image").permitAll() //指定登录页面不需要身份认证

                 .anyRequest().authenticated()  //任何请求都需要身份认证

                 .and().csrf().disable();    //禁用CSRF

             //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环

     }

 }

SpringSecurity实现图形验证码功能的更多相关文章

  1. SpringSceurity(3)---图形验证码功能实现

    SpringSceurity(3)---图形验证码功能实现 有关springSceurity之前有写过两篇文章: 1.SpringSecurity(1)---认证+授权代码实现 2.SpringSec ...

  2. Tornado框架实现图形验证码功能

    图形验证码是项目开发过程中经常遇到的一个功能,在很多语言中都有对应的不同形式的图形验证码功能的封装,python 中同样也有类似的封装操作,通过绘制生成一个指定的图形数据,让前端HTML页面通过链接获 ...

  3. spring boot:spring security给用户登录增加自动登录及图形验证码功能(spring boot 2.3.1)

    一,图形验证码的用途? 1,什么是图形验证码? 验证码(CAPTCHA)是"Completely Automated Public Turing test to tell Computers ...

  4. 一百一十五:CMS系统之实现点击更换图形验证码功能

    把验证码渲染到到页面上 访问,显然,是标签有个内边距 去掉内边距 加一个class 如果放大看的话,还有问题 用js实现点击更换图形验证码:生成查询字符串的形式访问图形验证码接口的url,放到img标 ...

  5. SpringSceurity(4)---短信验证码功能实现

    SpringSceurity(4)---短信验证码功能实现 有关SpringSceurity系列之前有写文章 1.SpringSecurity(1)---认证+授权代码实现 2.SpringSecur ...

  6. Django学习笔记(17)——BBS+Blog项目开发(1)验证码功能的实现

    本文主要学习验证码功能的实现,为了项目BBS+Blog项目打下基础. 为了防止机器人频繁登陆网站或者破坏分子恶意登陆,很多用户登录和注册系统都提供了图形验证码功能. 验证码(CAPTCHA)是“Com ...

  7. .Net Core 之 图形验证码 本文介绍.Net Core下用第三方ZKWeb.System.Drawing实现验证码功能。

    本文介绍.Net Core下用第三方ZKWeb.System.Drawing实现验证码功能. 通过测试的系统: Windows 8.1 64bit Ubuntu Server 16.04 LTS 64 ...

  8. 【无私分享:ASP.NET CORE 项目实战(第十四章)】图形验证码的实现

    目录索引 [无私分享:ASP.NET CORE 项目实战]目录索引 简介 很长时间没有来更新博客了,一是,最近有些忙,二是,Core也是一直在摸索中,其实已经完成了一个框架了,并且正在准备在生产环境中 ...

  9. Java 前端加密传输后端解密以及验证码功能

    目录(?)[-] 加密解密 1 前端js加密概述 2 前后端加密解密 21 引用的js加密库 22 js加密解密 23 Java端加密解密PKCS5Padding与js的Pkcs7一致 验证码 1 概 ...

随机推荐

  1. python模块之时间模块

    一.time模块 表示时间的方式分为: 1时间戳(timestamp) 2格式化化的时间字符串(format string) 3结构化时间(struct_time) import time print ...

  2. python: 反射机制;

    import comma def run(): inp = input('请输入要调用的函数').strip(); if hasattr(comma,inp): fun = getattr(comma ...

  3. u-boot(四)命令实现

    目录 u-boot(四)命令实现 分析run_command 小结 自定义一个命令 代码 makefile title: u-boot(四)命令实现 tags: linux date: 2018-09 ...

  4. IMDB影评倾向分类 - N-Gram

    catalogue . 数据集 . 模型设计 . 训练 1. 数据集 0x1: IMDB影评数据 本数据库含有来自IMDB的25,000条影评,被标记为正面/负面两种评价 from keras.dat ...

  5. 15. 迭代器模式(Iterator Pattern)

    动机(Motivate):     在软件构建过程中,集合对象内部结构常常变化各异.但对于这些集合对象,我们希望在不暴露其内部结构的同时,可以让外部客户代码透明地访问其中包含的元素;同时这种“透明遍历 ...

  6. VScode 1.13 gocode提示dial tcp 216.239.37.1:443: connectex: A connection attempt failed because the connected..

    在将VScode升级至 1.13后让升级gocode,在升级时报出如下错误 D:\go_work\src>go get -u -v github.com/mdempsky/gocode gith ...

  7. range和xrange的区别

    range和xrange的区别 python3里面只有range,返回结果是一个生成器,官方文档是这样描述的 class range(object): """ range ...

  8. 【十二】jvm 性能调优工具之 jhat (JVM Heap Analysis Tool)

    jhat也是jdk内置的工具之一.主要是用来分析java堆的命令,可以将堆中的对象以html的形式显示出来,包括对象的数量,大小等等,并支持对象查询语言. jhat 非常耗费cpu和内存,所以一般不使 ...

  9. redis的持久化方案

    Redis的高性能是由于其将所有数据都存储在了内存中,为了使Redis在重启之后仍能保证数据不丢失,需要将数据从内存中同步到硬盘中,这一过程就是持久化. Redis支持两种方式的持久化,一种是RDB方 ...

  10. 【转】Parcelable, Serializable,Cloneable,copyProperties

    Copying ... https://blog.csdn.net/max2005/article/details/78325036 存在着三件事,整理如下 Parcelable, Serializa ...