摘记: 本文介绍了SpringBoot结合SpringSecurity实现图形验证码功能,分享给大家,具体如下:生成图形验证码 根据随机数生成图片 将随机数存到Session中 将生成的图片写到接口的响应中 生成图形验证码的过程比较简单,和Sprin ..

本文介绍了SpringBoot结合SpringSecurity实现图形验证码功能,分享给大家,具体如下:

生成图形验证码

  1. 根据随机数生成图片
  2. 将随机数存到Session中
  3. 将生成的图片写到接口的响应中

生成图形验证码的过程比较简单,和SpringSecurity也没有什么关系。所以就直接贴出代码了

根据随机数生成图片

/**
 * 生成图形验证码
 * @param request
 * @return
 */
private ImageCode generate(ServletWebRequest request) {
 int width = 64;
 int height = 32;
 BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);

 Graphics g = image.getGraphics();

 Random random = new Random();

 g.setColor(getRandColor(200, 250));
 g.fillRect(0, 0, width, height);
 g.setFont(new Font("Times New Roman", Font.ITALIC, 20));
 g.setColor(getRandColor(160, 200));
 for (int i = 0; i < 155; i++) {
  int x = random.nextInt(width);
  int y = random.nextInt(height);
  int xl = random.nextInt(12);
  int yl = random.nextInt(12);
  g.drawLine(x, y, x + xl, y + yl);
 }

 String sRand = "";
 for (int i = 0; i < 4; i++) {
  String rand = String.valueOf(random.nextInt(10));
  sRand += rand;
  g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
  g.drawString(rand, 13 * i + 6, 16);
 }

 g.dispose();

 return new ImageCode(image, sRand, 60);

}

/**
 * 生成随机背景条纹
 *
 * @param fc
 * @param bc
 * @return
 */
private Color getRandColor(int fc, int bc) {
 Random random = new Random();
 if (fc > 255) {
  fc = 255;
 }
 if (bc > 255) {
  bc = 255;
 }
 int r = fc + random.nextInt(bc - fc);
 int g = fc + random.nextInt(bc - fc);
 int b = fc + random.nextInt(bc - fc);
 return new Color(r, g, b);
}

将随机数存到Session中 && 将生成的图片写到接口的响应中

@RestController
public class ValidateCodeController {

 public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";

 private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

 @GetMapping("/code/image")
 public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
  ImageCode imageCode = generate(new ServletWebRequest(request));
  sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);
  ImageIO.write(imageCode.getImage(), "JPEG", response.getOutputStream());
 }
}

在认证流程中加入图形验证码

SpringSecurity认证流程详解中,我们有讲到,SpringSecurity是通过过滤器链来进行校验的,我们想要验证图形验证码,所以可以在认证流程之前,也就是UsernamePasswordAuthenticationFilter之前进行校验。

自定义图形验证码的过滤器

@Component
public class ValidateCodeFilter extends OncePerRequestFilter {

 private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

 private AuthenticationFailureHandler authenticationFailureHandler;

 @Override
 protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
  if(StringUtils.equals("/user/login", httpServletRequest.getRequestURI())
    && StringUtils.equalsIgnoreCase(httpServletRequest.getMethod(), "post")) {

   try {
    // 1. 进行验证码的校验
    validate(new ServletWebRequest(httpServletRequest));
   } catch (ValidateCodeException e) {
    // 2. 如果校验不通过,调用SpringSecurity的校验失败处理器
    authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
    return ;
   }
  }
  // 3. 校验通过,就放行
  filterChain.doFilter(httpServletRequest, httpServletResponse);
 }
}

这里验证码校验的过程比较简单,主要就是判断传过来的参数和Session中保存的是否一致,以及Session中的验证码是否过期了。

有了自己的验证码过滤器之后,我们还需要将它配置在UsernamePasswordAuthenticationFilter之前:

@Override
protected void configure(HttpSecurity http) throws Exception {
 ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
 validateCodeFilter.setAuthenticationFailureHandler(myAuthenticationFailureHandler);
 // 将我们自定义的过滤器,配置到UsernamePasswordAuthenticationFilter之前
 http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
   .formLogin()     // 定义当需要用户登录时候,转到的登录页面。
   // 后面的配置省略
}

代码下载

Spring-Security

原文地址: https://blog.csdn.net/u013435893/article/details/79617872