cas增加验证码

参考地址:https://blog.csdn.net/attackmind/article/details/52052502

参考地址:https://blog.csdn.net/jadyer/article/details/46916169

增加UsernamePasswordCaptchaCredential类继承UsernamePasswordCredential。

import org.jasig.cas.authentication.UsernamePasswordCredential;

/**
* 自定义的接收登录验证码的实体类
*/ public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{ private static final long serialVersionUID = 7042484120233254159L; private String captcha; public String getCaptcha() {
return captcha;
} public void setCaptcha(String captcha) {
this.captcha = captcha;
}
}

  增加AuthenticationViaCaptchaFormAction类继承AuthenticationViaFormAction

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession; import org.jasig.cas.authentication.Credential;
import org.jasig.cas.web.flow.AuthenticationViaFormAction;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.RequestContext; /**
* 用户名密码非空验证,验证码效验Action
*/ public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction { public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
HttpSession session = request.getSession();
String rand = (String)session.getAttribute("rand");
session.removeAttribute("rand"); UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential;
String captcha = upc.getCaptcha(); System.out.println("获取Session验证码-->" + rand);
System.out.println("获取表单输入验证码-->" + captcha); if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){
messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build());
return "error";
}
if(captcha.equals(rand)){
return "success";
}
//这段网上这么写的messageContext.addMessage(new MessageBuilder().code("required.captcha").build());
//实际上这么写是org.springframework.binding.message.INFO级别的,这会导致前台表单无法显示这里的错误信息
messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build());
return "error";
}
}

  修改login-webflow.xml文件

第27行修改原来的验证类
<!-- 新加的用于接收前台表单验证码字段captcha的JavaBean -->
<var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/>
修改88至102行内
<view-state id="viewLoginForm" view="casLoginView" model="credential">
<binder>
<binding property="username" required="true"/>
<binding property="password" required="true"/>
<!-- 前台添加表单添加验证码字段captcha -->
<binding property="captcha" required="true"/>
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credential'"/> <!--
<evaluate expression="samlMetadataUIParserAction" />
-->
</on-entry>
<transition on="submit" bind="true" validate="true" to="authcodeValidate"/>
</view-state>
<!-- AuthenticationViaCaptchaFormAction类中重写validateCaptcha方法 -->
<action-state id="authcodeValidate">
<evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" />
<transition on="error" to="generateLoginTicket" />
<transition on="success" to="realSubmit" />
</action-state>

  修改cas-server.xml文件

修改第305行的class
<bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"/>

  

上一篇:laravel 图片验证码


下一篇:SqlServer数据库同时备份到两台服务器上(并自动删除过期文件)