本文介绍了SpringBoot结合SpringSecurity实现图形验证码功能,分享给大家,具体如下:
生成图形验证码
生成图形验证码的过程比较简单,和SpringSecurity也没有什么关系。所以就直接贴出代码了
根据随机数生成图片
/** * 生成图形验证码 * @param request * @return */ private ImageCode generate(ServletWebRequest request) { int width = 64; int height = 32; BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics g = image.getGraphics(); Random random = new Random(); g.setColor(getRandColor(200, 250)); g.fillRect(0, 0, width, height); g.setFont(new Font("Times New Roman", Font.ITALIC, 20)); g.setColor(getRandColor(160, 200)); for (int i = 0; i < 155; i++) { int x = random.nextInt(width); int y = random.nextInt(height); int xl = random.nextInt(12); int yl = random.nextInt(12); g.drawLine(x, y, x + xl, y + yl); } String sRand = ""; for (int i = 0; i < 4; i++) { String rand = String.valueOf(random.nextInt(10)); sRand += rand; g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110))); g.drawString(rand, 13 * i + 6, 16); } g.dispose(); return new ImageCode(image, sRand, 60); } /** * 生成随机背景条纹 * * @param fc * @param bc * @return */ private Color getRandColor(int fc, int bc) { Random random = new Random(); if (fc > 255) { fc = 255; } if (bc > 255) { bc = 255; } int r = fc + random.nextInt(bc - fc); int g = fc + random.nextInt(bc - fc); int b = fc + random.nextInt(bc - fc); return new Color(r, g, b); }
将随机数存到Session中 && 将生成的图片写到接口的响应中
@RestController public class ValidateCodeController { public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE"; private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy(); @GetMapping("/code/image") public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException { ImageCode imageCode = generate(new ServletWebRequest(request)); sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode); ImageIO.write(imageCode.getImage(), "JPEG", response.getOutputStream()); } }
在认证流程中加入图形验证码
在SpringSecurity认证流程详解中,我们有讲到,SpringSecurity是通过过滤器链来进行校验的,我们想要验证图形验证码,所以可以在认证流程之前,也就是UsernamePasswordAuthenticationFilter
之前进行校验。
自定义图形验证码的过滤器
@Component public class ValidateCodeFilter extends OncePerRequestFilter { private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy(); private AuthenticationFailureHandler authenticationFailureHandler; @Override protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { if(StringUtils.equals("/user/login", httpServletRequest.getRequestURI()) && StringUtils.equalsIgnoreCase(httpServletRequest.getMethod(), "post")) { try { // 1. 进行验证码的校验 validate(new ServletWebRequest(httpServletRequest)); } catch (ValidateCodeException e) { // 2. 如果校验不通过,调用SpringSecurity的校验失败处理器 authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e); return ; } } // 3. 校验通过,就放行 filterChain.doFilter(httpServletRequest, httpServletResponse); } }
这里验证码校验的过程比较简单,主要就是判断传过来的参数和Session中保存的是否一致,以及Session中的验证码是否过期了。
有了自己的验证码过滤器之后,我们还需要将它配置在UsernamePasswordAuthenticationFilter之前:
@Override protected void configure(HttpSecurity http) throws Exception { ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter(); validateCodeFilter.setAuthenticationFailureHandler(myAuthenticationFailureHandler); // 将我们自定义的过滤器,配置到UsernamePasswordAuthenticationFilter之前 http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) .formLogin() // 定义当需要用户登录时候,转到的登录页面。 // 后面的配置省略 }
代码下载
Spring-Security
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持亿速云。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。