代码改变世界

cas增加验证码

2018-06-01 12:07  不痒不痛  阅读(751)  评论(0编辑  收藏  举报

参考地址:https://blog.csdn.net/attackmind/article/details/52052502

参考地址:https://blog.csdn.net/jadyer/article/details/46916169

增加UsernamePasswordCaptchaCredential类继承UsernamePasswordCredential。

import org.jasig.cas.authentication.UsernamePasswordCredential;

/**
 * 自定义的接收登录验证码的实体类
 */

public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{

	private static final long serialVersionUID = 7042484120233254159L;
	
	private String captcha;  
	
	  
    public String getCaptcha() {  
        return captcha;  
    }  
  
    public void setCaptcha(String captcha) {  
        this.captcha = captcha;  
    }
}

  增加AuthenticationViaCaptchaFormAction类继承AuthenticationViaFormAction

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.jasig.cas.authentication.Credential;
import org.jasig.cas.web.flow.AuthenticationViaFormAction;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.RequestContext;

/**
 * 用户名密码非空验证,验证码效验Action
 */

public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction  {
	
	public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){  
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);  
        HttpSession session = request.getSession();  
        String rand = (String)session.getAttribute("rand");  
        session.removeAttribute("rand");  
          
        UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential;  
        String captcha = upc.getCaptcha();  
          
        System.out.println("获取Session验证码-->" + rand);  
        System.out.println("获取表单输入验证码-->" + captcha);  
  
        if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){  
            messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build());  
            return "error";  
        }  
        if(captcha.equals(rand)){  
            return "success";  
        }  
        //这段网上这么写的messageContext.addMessage(new MessageBuilder().code("required.captcha").build());  
        //实际上这么写是org.springframework.binding.message.INFO级别的,这会导致前台表单无法显示这里的错误信息  
        messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build());  
        return "error";  
    }  
}

  修改login-webflow.xml文件

第27行修改原来的验证类
<!-- 新加的用于接收前台表单验证码字段captcha的JavaBean -->
<var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/>
修改88至102行内
    <view-state id="viewLoginForm" view="casLoginView" model="credential">
        <binder>
            <binding property="username" required="true"/>
            <binding property="password" required="true"/>
			<!-- 前台添加表单添加验证码字段captcha -->  
			<binding property="captcha" required="true"/>
        </binder>
        <on-entry>
            <set name="viewScope.commandName" value="'credential'"/>

            <!--
            <evaluate expression="samlMetadataUIParserAction" />
            -->
        </on-entry>
        <transition on="submit" bind="true" validate="true" to="authcodeValidate"/>
    </view-state>
	<!-- AuthenticationViaCaptchaFormAction类中重写validateCaptcha方法 -->
	<action-state id="authcodeValidate">      
       <evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" />      
       <transition on="error" to="generateLoginTicket" />      
       <transition on="success" to="realSubmit" />      
   </action-state>  

  修改cas-server.xml文件

修改第305行的class
  <bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction"
        p:centralAuthenticationService-ref="centralAuthenticationService"
        p:warnCookieGenerator-ref="warnCookieGenerator"/>