一、自定義認證邏輯
生成驗證碼工具
|
1
2
3
4
5
|
<dependency> <groupId>com.github.penggle</groupId> <artifactId>kaptcha</artifactId> <version>2.3.2</version></dependency> |
添加Kaptcha配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
@Configurationpublic class KaptchaConfig { @Bean Producer kaptcha() { Properties properties = new Properties(); properties.setProperty("kaptcha.image.width", "150"); properties.setProperty("kaptcha.image.height", "50"); properties.setProperty("kaptcha.textproducer.char.string", "0123456789"); properties.setProperty("kaptcha.textproducer.char.length", "4"); Config config = new Config(properties); DefaultKaptcha defaultKaptcha = new DefaultKaptcha(); defaultKaptcha.setConfig(config); return defaultKaptcha; }} |
生成驗證碼文本,放入HttpSession中
根據驗證碼文本生成圖片 通過IO流寫出到前端。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
@RestControllerpublic class LoginController { @Autowired Producer producer; @GetMapping("/vc.jpg") public void getVerifyCode(HttpServletResponse resp, HttpSession session) throws IOException { resp.setContentType("image/jpeg"); String text = producer.createText(); session.setAttribute("kaptcha", text); BufferedImage image = producer.createImage(text); try(ServletOutputStream out = resp.getOutputStream()) { ImageIO.write(image, "jpg", out); } } @RequestMapping("/index") public String index() { return "login success"; } @RequestMapping("/hello") public String hello() { return "hello spring security"; }} |
form表單
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
<!DOCTYPE html><html lang="en" xmlns:th="http://www.thymeleaf.org"><head> <meta charset="UTF-8"> <title>登錄</title> <link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="external nofollow" rel="stylesheet" id="bootstrap-css"> <script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script> <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script></head><style> #login .container #login-row #login-column #login-box { border: 1px solid #9C9C9C; background-color: #EAEAEA; }</style><body><div id="login"> <div class="container"> <div id="login-row" class="row justify-content-center align-items-center"> <div id="login-column" class="col-md-6"> <div id="login-box" class="col-md-12"> <form id="login-form" class="form" action="/doLogin" method="post"> <h3 class="text-center text-info">登錄</h3> <div th:text="${SPRING_SECURITY_LAST_EXCEPTION}"></div> <div class="form-group"> <label for="username" class="text-info">用戶名:</label><br> <input type="text" name="uname" id="username" class="form-control"> </div> <div class="form-group"> <label for="password" class="text-info">密碼:</label><br> <input type="text" name="passwd" id="password" class="form-control"> </div> <div class="form-group"> <label for="kaptcha" class="text-info">驗證碼:</label><br> <input type="text" name="kaptcha" id="kaptcha" class="form-control"> <img src="/vc.jpg" alt=""> </div> <div class="form-group"> <input type="submit" name="submit" class="btn btn-info btn-md" value="登錄"> </div> </form> </div> </div> </div> </div></div></body> |
驗證碼圖片地址為我們在Controller中定義的驗證碼接口地址。
身份認證是AuthenticationProvider的authenticate方法完成,因此驗證碼可以在此之前完成:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
public class KaptchaAuthenticationProvider extends DaoAuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { HttpServletRequest req = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String kaptcha = req.getParameter("kaptcha"); String sessionKaptcha = (String) req.getSession().getAttribute("kaptcha"); if (kaptcha != null && sessionKaptcha != null && kaptcha.equalsIgnoreCase(sessionKaptcha)) { return super.authenticate(authentication); } throw new AuthenticationServiceException("驗證碼輸入錯誤"); }} |
配置AuthenticationManager:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean AuthenticationProvider kaptchaAuthenticationProvider() { InMemoryUserDetailsManager users = new InMemoryUserDetailsManager(User.builder() .username("xiepanapn").password("{noop}123").roles("admin").build()); KaptchaAuthenticationProvider provider = new KaptchaAuthenticationProvider(); provider.setUserDetailsService(users); return provider; } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { ProviderManager manager = new ProviderManager(kaptchaAuthenticationProvider()); return manager; } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/vc.jpg").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/mylogin.html") .loginProcessingUrl("/doLogin") .defaultSuccessUrl("/index.html") .failureForwardUrl("/mylogin.html") .usernameParameter("uname") .passwordParameter("passwd") .permitAll() .and() .csrf().disable(); }} |
- 配置UserDetailsService提供的數據源
- 提供AuthenticationProvider實例并配置UserDetailsService
- 重寫authenticationManagerBean方法提供一個自己的ProviderManager并自定義AuthenticationManager實例。
二、自定義過濾器
LoginFilter繼承UsernamePasswordAuthenticationFilter 重寫attemptAuthentication方法:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
public class LoginFilter extends UsernamePasswordAuthenticationFilter { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { if (!request.getMethod().equals("POST")) { throw new AuthenticationServiceException( "Authentication method not supported: " + request.getMethod()); } String kaptcha = request.getParameter("kaptcha"); String sessionKaptcha = (String) request.getSession().getAttribute("kaptcha"); if (!StringUtils.isEmpty(kaptcha) && !StringUtils.isEmpty(sessionKaptcha) && kaptcha.equalsIgnoreCase(sessionKaptcha)) { return super.attemptAuthentication(request, response); } throw new AuthenticationServiceException("驗證碼輸入錯誤"); }} |
在SecurityConfig中配置LoginFilter
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
@Configurationpublic class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("javaboy") .password("{noop}123") .roles("admin"); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Bean LoginFilter loginFilter() throws Exception { LoginFilter loginFilter = new LoginFilter(); loginFilter.setFilterProcessesUrl("/doLogin"); loginFilter.setAuthenticationManager(authenticationManagerBean()); loginFilter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/hello")); loginFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/mylogin.html")); return loginFilter; } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/vc.jpg").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/mylogin.html") .permitAll() .and() .csrf().disable(); http.addFilterAt(loginFilter(), UsernamePasswordAuthenticationFilter.class); }} |
顯然第二種比較簡單
總結
到此這篇關于Spring Security添加驗證碼的兩種方式的文章就介紹到這了,更多相關Spring Security添加驗證碼內容請搜索服務器之家以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持服務器之家!
原文鏈接:https://juejin.cn/post/7016269020861038623
