spring security 2安全功能,添加用戶驗證碼的實現,方案有3個:
方案1、由于AuthenticationProcessingFilter過濾器是攔截/j_spring_security_check地址,他的實現類里只讀取的j_username和j_password,
沒有讀取其他的用戶登陸信息,所以我就把驗證碼(code)在login.jsp頁面和j_username拼裝在一起,在UserDetailServiceImpl類UserDetails loadUserByUsername(String userName)
方法里對傳進的userName進行拆分,分解出用戶名和驗證碼,剩下的工作不用我詳細說了。
方案2、繼承AuthenticationProcessingFilter重寫一下AuthenticationProcessingFilter類的實現類,該方案的缺點是對現有的spring security 2配置改動較大;
方案3(我推薦的),優點自己體會。
步驟1寫過濾器,代碼如下:
package com.ss3ex.core.security.service;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CodeFilter extends HttpServlet implements Filter {
/**
* 判斷用戶輸入的驗證碼是否正確
*/
private static final long serialVersionUID = -5838154525730151323L;
public void init(FilterConfig config) throws ServletException {
}
public void destroy() {
}
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String code = request.getParameter("j_code");
Cookie[] cookie = request.getCookies();
String codes = "";
for (int i = 0; cookie != null && i < cookie.length; i++) {
if ("codes".equals(cookie[i].getName())) {
codes = cookie[i].getValue();
}
}
if (!"".equals(codes) && codes != null) {
if (code.equalsIgnoreCase(codes)) {
filterChain.doFilter(request, response);
} else {
response.sendRedirect("/login.jsp?error=5");
}
} else {
response.sendRedirect("/login.jsp?error=5");
}
}
}
步驟2添加web.xml中的配置,代碼如下:
<filter>
<filter-name>CodeFilter</filter-name>
<filter-class>com.ss3ex.core.security.service.CodeFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CodeFilter</filter-name>
<url-pattern>/j_spring_security_check</url-pattern>
</filter-mapping>
注意:放在<filter-name>springSecurityFilterChain</filter-name>的前面就可以了。