import org.jasig.cas.authentication.UsernamePasswordCredential;

/**

 * 自定义的接收登录验证码的实体类

 */

public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{

	private static final long serialVersionUID = 7042484120233254159L;

	private String captcha;  

    public String getCaptcha() {

        return captcha;

    }  

    public void setCaptcha(String captcha) {

        this.captcha = captcha;

    }

}

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpSession;

import org.jasig.cas.authentication.Credential;

import org.jasig.cas.web.flow.AuthenticationViaFormAction;

import org.jasig.cas.web.support.WebUtils;

import org.springframework.binding.message.MessageBuilder;

import org.springframework.binding.message.MessageContext;

import org.springframework.util.StringUtils;

import org.springframework.webflow.execution.RequestContext;

/**

 * 用户名密码非空验证，验证码效验Action

 */

public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction  {

	public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){

        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);

        HttpSession session = request.getSession();

        String rand = (String)session.getAttribute("rand");

        session.removeAttribute("rand");  

        UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential;

        String captcha = upc.getCaptcha();  

        System.out.println("获取Session验证码-->" + rand);

        System.out.println("获取表单输入验证码-->" + captcha);  

        if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){

            messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build());

            return "error";

        }

        if(captcha.equals(rand)){

            return "success";

        }

        //这段网上这么写的messageContext.addMessage(new MessageBuilder().code("required.captcha").build());

        //实际上这么写是org.springframework.binding.message.INFO级别的,这会导致前台表单无法显示这里的错误信息

        messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build());

        return "error";

    }

}

第27行修改原来的验证类

<!-- 新加的用于接收前台表单验证码字段captcha的JavaBean -->

<var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/>

修改88至102行内

    <view-state id="viewLoginForm" view="casLoginView" model="credential">

        <binder>

            <binding property="username" required="true"/>

            <binding property="password" required="true"/>

			<!-- 前台添加表单添加验证码字段captcha -->

			<binding property="captcha" required="true"/>

        </binder>

        <on-entry>

            <set name="viewScope.commandName" value="'credential'"/>

            <!--

            <evaluate expression="samlMetadataUIParserAction" />

            -->

        </on-entry>

        <transition on="submit" bind="true" validate="true" to="authcodeValidate"/>

    </view-state>

	<!-- AuthenticationViaCaptchaFormAction类中重写validateCaptcha方法 -->

	<action-state id="authcodeValidate">

       <evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" />

       <transition on="error" to="generateLoginTicket" />

       <transition on="success" to="realSubmit" />

   </action-state>

修改第305行的class

  <bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction"

        p:centralAuthenticationService-ref="centralAuthenticationService"

        p:warnCookieGenerator-ref="warnCookieGenerator"/>