⒈封装验证码类

 package cn.coreqi.security.validate;

 import java.awt.image.BufferedImage;

 import java.time.LocalDateTime;

 public class ImageCode {

     private BufferedImage image;

     private String code;

     private LocalDateTime expireTime;   //过期时间

     public ImageCode(BufferedImage image, String code, Integer expireIn) {

         this.image = image;

         this.code = code;

         this.expireTime = LocalDateTime.now().plusSeconds(expireIn);

     }

     public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {

         this.image = image;

         this.code = code;

         this.expireTime = expireTime;

     }

     public boolean isExpried(){

         return LocalDateTime.now().isAfter(expireTime);

     }

     public BufferedImage getImage() {

         return image;

     }

     public void setImage(BufferedImage image) {

         this.image = image;

     }

     public String getCode() {

         return code;

     }

     public void setCode(String code) {

         this.code = code;

     }

     public LocalDateTime getExpireTime() {

         return expireTime;

     }

     public void setExpireTime(LocalDateTime expireTime) {

         this.expireTime = expireTime;

     }

 }

⒉封装验证码控制器

 package cn.coreqi.security.controller;

 import cn.coreqi.security.validate.ImageCode;

 import com.sun.image.codec.jpeg.JPEGCodec;

 import com.sun.image.codec.jpeg.JPEGImageEncoder;

 import org.springframework.social.connect.web.HttpSessionSessionStrategy;

 import org.springframework.social.connect.web.SessionStrategy;

 import org.springframework.web.bind.annotation.GetMapping;

 import org.springframework.web.bind.annotation.RestController;

 import org.springframework.web.context.request.ServletWebRequest;

 import javax.imageio.ImageIO;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import java.awt.*;

 import java.awt.image.BufferedImage;

 import java.io.IOException;

 import java.util.Random;

 @RestController

 public class ValidateController {

     public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";

     private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

     @GetMapping("code/image")

     public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {

         ImageCode imageCode = createImageCode(request);

         sessionStrategy.setAttribute(new ServletWebRequest(request),SESSION_KEY,imageCode);

         response.setHeader("Pragma","No-cache");

         response.setHeader("Cache-Control","no-cache");

         //response.setDateHeader("Expires", 0);

         JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(response.getOutputStream());

         encoder.encode(imageCode.getImage());

         //ImageIO.write(imageCode.getImage(),"JPEG",response.getOutputStream());    //当tomcat下temp文件夹不存在则"Can't create output stream"

     }

     private ImageCode createImageCode(HttpServletRequest request) {

         int width = 67;

         int height = 23;

         BufferedImage image = new BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);

         Graphics g = image.getGraphics();

         Random random = new Random();

         g.setColor(getRandColor(200,250));

         g.fillRect(0,0,width,height);

         g.setFont(new Font("Times New Roman",Font.ITALIC,20));

         g.setColor(getRandColor(160,200));

         for (int i = 0;i < 155; i++){

             int x = random.nextInt(width);

             int y = random.nextInt(height);

             int xl = random.nextInt(12);

             int yl = random.nextInt(12);

             g.drawLine(x,y,x+xl,y+yl);

         }

         String sRand = "";

         for(int i = 0;i < 4; i++){

             String rand = String.valueOf(random.nextInt(10));

             sRand += rand;

             g.setColor(new Color(20 + random.nextInt(110),20 + random.nextInt(110),20 + random.nextInt(110)));

             g.drawString(rand,13 * i + 6,16);

         }

         g.dispose();

         return new ImageCode(image,sRand,60);

     }

     /**

      * 生成随机背景条纹

      * @param fc

      * @param bc

      * @return

      */

     private Color getRandColor(int fc, int bc) {

         Random random = new Random();

         if(fc > 255){

             fc = 255;

         }

         if(bc > 255){

             bc = 255;

         }

         int r = fc + random.nextInt(bc - fc);

         int g = fc + random.nextInt(bc - fc);

         int b = fc + random.nextInt(bc - fc);

         return new Color(r,g,b);

     }

 }

⒊放行验证码的Rest地址

⒋表单添加验证码

             <tr>

                 <td>图形验证码:</td>

                 <td>

                     <input type="text" name="imageCode">

                     <img src="/code/image">

                 </td>

             </tr>

⒌声明一个验证码异常,用于抛出特定的验证码异常

 package cn.coreqi.security.validate;

 import org.springframework.security.core.AuthenticationException;

 public class ValidateCodeException extends AuthenticationException {

     public ValidateCodeException(String msg) {

         super(msg);

     }

 }

⒍创建一个过滤器,用于验证请求中的验证码是否正确

 package cn.coreqi.security.Filter;

 import cn.coreqi.security.validate.ImageCode;

 import cn.coreqi.security.validate.ValidateCodeException;

 import org.springframework.security.web.authentication.AuthenticationFailureHandler;

 import org.springframework.social.connect.web.HttpSessionSessionStrategy;

 import org.springframework.social.connect.web.SessionStrategy;

 import org.springframework.util.StringUtils;

 import org.springframework.web.bind.ServletRequestBindingException;

 import org.springframework.web.bind.ServletRequestUtils;

 import org.springframework.web.context.request.ServletWebRequest;

 import org.springframework.web.filter.OncePerRequestFilter;

 import cn.coreqi.security.controller.*;

 import javax.servlet.FilterChain;

 import javax.servlet.ServletException;

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import java.io.IOException;

 public class ValidateCodeFilter extends OncePerRequestFilter {

     private AuthenticationFailureHandler authenticationFailureHandler;

     private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

     public AuthenticationFailureHandler getAuthenticationFailureHandler() {

         return authenticationFailureHandler;

     }

     public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {

         this.authenticationFailureHandler = authenticationFailureHandler;

     }

     public SessionStrategy getSessionStrategy() {

         return sessionStrategy;

     }

     public void setSessionStrategy(SessionStrategy sessionStrategy) {

         this.sessionStrategy = sessionStrategy;

     }

     @Override

     protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {

         if (httpServletRequest.equals("/authentication/form") && httpServletRequest.getMethod().equals("post")) {

             try {

                 validate(new ServletWebRequest(httpServletRequest));

             }catch (ValidateCodeException e){

                 authenticationFailureHandler.onAuthenticationFailure(httpServletRequest,httpServletResponse,e);

                 return;

             }

         }

         filterChain.doFilter(httpServletRequest,httpServletResponse);   //如果不是登录请求,直接调用后面的过滤器链

     }

     private void validate(ServletWebRequest request) throws ServletRequestBindingException {

         ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(request,ValidateController.SESSION_KEY);

         String codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(),"imageCode");

         if(!StringUtils.hasText(codeInRequest)){

             throw new ValidateCodeException("验证码的值不能为空!");

         }

         if(codeInSession == null){

             throw new ValidateCodeException("验证码不存在!");

         }

         if(codeInSession.isExpried()){

             sessionStrategy.removeAttribute(request,ValidateController.SESSION_KEY);

             throw new ValidateCodeException("验证码已过期!");

         }

         if(!codeInSession.getCode().equals(codeInRequest)){

             throw new ValidateCodeException("验证码不正确!");

         }

         sessionStrategy.removeAttribute(request,ValidateController.SESSION_KEY);

     }

 }

⒎在SpringSecurity过滤器链中注册我们的过滤器

 package cn.coreqi.security.config;

 import cn.coreqi.security.Filter.ValidateCodeFilter;

 import org.springframework.beans.factory.annotation.Autowired;

 import org.springframework.context.annotation.Bean;

 import org.springframework.context.annotation.Configuration;

 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

 import org.springframework.security.crypto.password.NoOpPasswordEncoder;

 import org.springframework.security.crypto.password.PasswordEncoder;

 import org.springframework.security.web.authentication.AuthenticationFailureHandler;

 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

 @Configuration

 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

     @Autowired

     private AuthenticationSuccessHandler coreqiAuthenticationSuccessHandler;

     @Autowired

     private AuthenticationFailureHandler coreqiAuthenticationFailureHandler;

     @Bean

     public PasswordEncoder passwordEncoder(){

         return NoOpPasswordEncoder.getInstance();

     }

     @Override

     protected void configure(HttpSecurity http) throws Exception {

         ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();

         validateCodeFilter.setAuthenticationFailureHandler(coreqiAuthenticationFailureHandler);

         //http.httpBasic()    //httpBasic登录 BasicAuthenticationFilter

         http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)    //加载用户名密码过滤器的前面

                 .formLogin()    //表单登录 UsernamePasswordAuthenticationFilter

                 .loginPage("/coreqi-signIn.html")  //指定登录页面

                 //.loginPage("/authentication/require")

                 .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址

                 .successHandler(coreqiAuthenticationSuccessHandler) //登录成功以后要用我们自定义的登录成功处理器,不用Spring默认的。

                 .failureHandler(coreqiAuthenticationFailureHandler) //自己体会把

                 .and()

                 .authorizeRequests()    //对授权请求进行配置

                 .antMatchers("/coreqi-signIn.html","/code/image").permitAll() //指定登录页面不需要身份认证

                 .anyRequest().authenticated()  //任何请求都需要身份认证

                 .and().csrf().disable();    //禁用CSRF

             //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环

     }

 }

SpringSecurity实现图形验证码功能的更多相关文章

  1. SpringSceurity(3)---图形验证码功能实现

    SpringSceurity(3)---图形验证码功能实现 有关springSceurity之前有写过两篇文章: 1.SpringSecurity(1)---认证+授权代码实现 2.SpringSec ...

  2. Tornado框架实现图形验证码功能

    图形验证码是项目开发过程中经常遇到的一个功能,在很多语言中都有对应的不同形式的图形验证码功能的封装,python 中同样也有类似的封装操作,通过绘制生成一个指定的图形数据,让前端HTML页面通过链接获 ...

  3. spring boot:spring security给用户登录增加自动登录及图形验证码功能(spring boot 2.3.1)

    一,图形验证码的用途? 1,什么是图形验证码? 验证码(CAPTCHA)是"Completely Automated Public Turing test to tell Computers ...

  4. 一百一十五:CMS系统之实现点击更换图形验证码功能

    把验证码渲染到到页面上 访问,显然,是标签有个内边距 去掉内边距 加一个class 如果放大看的话,还有问题 用js实现点击更换图形验证码:生成查询字符串的形式访问图形验证码接口的url,放到img标 ...

  5. SpringSceurity(4)---短信验证码功能实现

    SpringSceurity(4)---短信验证码功能实现 有关SpringSceurity系列之前有写文章 1.SpringSecurity(1)---认证+授权代码实现 2.SpringSecur ...

  6. Django学习笔记(17)——BBS+Blog项目开发(1)验证码功能的实现

    本文主要学习验证码功能的实现,为了项目BBS+Blog项目打下基础. 为了防止机器人频繁登陆网站或者破坏分子恶意登陆,很多用户登录和注册系统都提供了图形验证码功能. 验证码(CAPTCHA)是“Com ...

  7. .Net Core 之 图形验证码 本文介绍.Net Core下用第三方ZKWeb.System.Drawing实现验证码功能。

    本文介绍.Net Core下用第三方ZKWeb.System.Drawing实现验证码功能. 通过测试的系统: Windows 8.1 64bit Ubuntu Server 16.04 LTS 64 ...

  8. 【无私分享:ASP.NET CORE 项目实战(第十四章)】图形验证码的实现

    目录索引 [无私分享:ASP.NET CORE 项目实战]目录索引 简介 很长时间没有来更新博客了,一是,最近有些忙,二是,Core也是一直在摸索中,其实已经完成了一个框架了,并且正在准备在生产环境中 ...

  9. Java 前端加密传输后端解密以及验证码功能

    目录(?)[-] 加密解密 1 前端js加密概述 2 前后端加密解密 21 引用的js加密库 22 js加密解密 23 Java端加密解密PKCS5Padding与js的Pkcs7一致 验证码 1 概 ...

随机推荐

  1. qml: 以鼠标为中心进行放缩;

    import QtQuick 2.9 import QtQuick.Window 2.2 import QtQuick.Controls 2.2 Window { visible: true widt ...

  2. js和jQuery中的事件绑定与普通事件

    普通事件,是指直接对元素进行事件注册,然后触发 而事件绑定是将事件注册到元素上 两者区别就是在于普通事件不可以重复添加多个事件,若添加也会覆盖,只会触发其中一个事件(最后注册的那个) 而事件绑定是可以 ...

  3. layui(四)——table组件常见用法总结

    table是 layui 最核心的组成之一.它用于对表格进行一些列功能和动态化数据操作,涵盖了日常业务所涉及的几乎全部需求.支持固定表头.固定行.固定列左/列右,支持拖拽改变列宽度,支持排序,支持多级 ...

  4. BFC规范

    BFC规范 BFC规范是什么? BFC规范也叫块级格式化上下文.是指一个独立的容器. 如何触发BFC? 我们可以通过一下几种方式触发BFC 1.通过浮动触发:float(除none) 2.通过绝对\固 ...

  5. 那些年我们没能bypass的xss filter[from wooyun]

    原文链接:http://zone.wooyun.org/content/6899 小弟初学xss才10天.不过个人很喜欢收集xss payload.在这里把自己平时挖xss时会用到的payloads列 ...

  6. 【1】【leetcode-92】 反转链表 II

    (没过,以为简单,结构链表指针搞得很复杂出错.是有捷径的,很典型题目要记住) 反转链表 II(medium) 反转从位置 m 到 n 的链表.请使用一趟扫描完成反转. 说明:1 ≤ m ≤ n ≤ 链 ...

  7. HDU 6425(羽毛球组合 **)

    题意是说有四种同学,没有球拍没有球的( a ),只有球拍的( b ),只有球的( c ),既有球拍又有球的( d ):现在要去打羽毛球,每个人都可以选择去或者不去,问有多少种无法打羽毛球的情况. 无法 ...

  8. 启用SQL Server 2014 中的OLE 自动化功能

    企业中很多架构都在快走向Service概念,尽量采用平台服务方式提供给各个Application使用.因此,个系统都会去呼叫像是Web Service,WCF或ODATA…等等各种类型的服务.一般来说 ...

  9. 如何在Mac上搭建自己的服务器——Nginx

    1.安装Homebrew 打开终端,输入: ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/ ...

  10. 上传文件服务与web服务分离

    业务场景:1. 后端服务为java web应用,使用tomcat容器,多实例集群化部署.2. 前端使用nginx作为后端应用的反向代理. 业务需求:现在需要在java web应用端上传文件,同时还要能 ...