cas增加验证码
2018-06-01 12:07 不痒不痛 阅读(751) 评论(0) 编辑 收藏 举报参考地址:https://blog.csdn.net/attackmind/article/details/52052502
参考地址:https://blog.csdn.net/jadyer/article/details/46916169
增加UsernamePasswordCaptchaCredential类继承UsernamePasswordCredential。
import org.jasig.cas.authentication.UsernamePasswordCredential; /** * 自定义的接收登录验证码的实体类 */ public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{ private static final long serialVersionUID = 7042484120233254159L; private String captcha; public String getCaptcha() { return captcha; } public void setCaptcha(String captcha) { this.captcha = captcha; } }
增加AuthenticationViaCaptchaFormAction类继承AuthenticationViaFormAction
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.jasig.cas.authentication.Credential; import org.jasig.cas.web.flow.AuthenticationViaFormAction; import org.jasig.cas.web.support.WebUtils; import org.springframework.binding.message.MessageBuilder; import org.springframework.binding.message.MessageContext; import org.springframework.util.StringUtils; import org.springframework.webflow.execution.RequestContext; /** * 用户名密码非空验证,验证码效验Action */ public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction { public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){ final HttpServletRequest request = WebUtils.getHttpServletRequest(context); HttpSession session = request.getSession(); String rand = (String)session.getAttribute("rand"); session.removeAttribute("rand"); UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential; String captcha = upc.getCaptcha(); System.out.println("获取Session验证码-->" + rand); System.out.println("获取表单输入验证码-->" + captcha); if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){ messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build()); return "error"; } if(captcha.equals(rand)){ return "success"; } //这段网上这么写的messageContext.addMessage(new MessageBuilder().code("required.captcha").build()); //实际上这么写是org.springframework.binding.message.INFO级别的,这会导致前台表单无法显示这里的错误信息 messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build()); return "error"; } }
修改login-webflow.xml文件
第27行修改原来的验证类 <!-- 新加的用于接收前台表单验证码字段captcha的JavaBean --> <var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/> 修改88至102行内 <view-state id="viewLoginForm" view="casLoginView" model="credential"> <binder> <binding property="username" required="true"/> <binding property="password" required="true"/> <!-- 前台添加表单添加验证码字段captcha --> <binding property="captcha" required="true"/> </binder> <on-entry> <set name="viewScope.commandName" value="'credential'"/> <!-- <evaluate expression="samlMetadataUIParserAction" /> --> </on-entry> <transition on="submit" bind="true" validate="true" to="authcodeValidate"/> </view-state> <!-- AuthenticationViaCaptchaFormAction类中重写validateCaptcha方法 --> <action-state id="authcodeValidate"> <evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" /> <transition on="error" to="generateLoginTicket" /> <transition on="success" to="realSubmit" /> </action-state>
修改cas-server.xml文件
修改第305行的class <bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction" p:centralAuthenticationService-ref="centralAuthenticationService" p:warnCookieGenerator-ref="warnCookieGenerator"/>