新增類
驗證碼controller沈条,用于返回圖片
package org.jasig.cas;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;
import javax.imageio.ImageIO;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by wangwei on 2017/7/18.
*/
public class CaptchaImageCreateController implements Controller,InitializingBean {
@Override
public ModelAndView handleRequest(HttpServletRequest request,
HttpServletResponse response) throws Exception {
ValidatorCodeUtil.ValidatorCode codeUtil = ValidatorCodeUtil.getCode();
request.getSession().setAttribute( "code", codeUtil.getCode());
// 禁止圖像緩存泻肯。
response.setHeader( "Pragma", "no-cache" );
response.setHeader( "Cache-Control", "no-cache" );
response.setDateHeader( "Expires", 0);
response.setContentType( "image/jpeg");
ServletOutputStream sos = null;
try {
// 將圖像輸出到 Servlet輸出流中竖慧。
/*System.out.println("=========***********=============");*/
sos = response.getOutputStream();
/* System.out.println(codeUtil.getImage().toString());
System.out.println("==============================");*/
ImageIO.write(codeUtil.getImage(),"JPEG",sos);
/* JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(sos) ;
encoder.encode();*/
} catch (Exception e) {
e.printStackTrace();
} finally {
if (null != sos) {
try {
sos.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return null ;
}
@Override
public void afterPropertiesSet() throws Exception {
}
}
驗證碼圖片util
package org.jasig.cas;
import java.awt.*;
import java.awt.geom.AffineTransform;
import java.awt.image.BufferedImage;
import java.util.Random;
public class ValidatorCodeUtil {
public static ValidatorCode getCode() {
// 驗證碼圖片的寬度疲吸。
int width = 120;
// 驗證碼圖片的高度。
int height = 40;
BufferedImage buffImg = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB );
Graphics2D g = buffImg.createGraphics();
// 創(chuàng)建一個隨機數(shù)生成器類狮惜。
Random random = new Random();
// 設(shè)定圖像背景色(因為是做背景高诺,所以偏淡)
g.setColor(Color. WHITE);
g.fillRect(0, 0, width, height);
// 創(chuàng)建字體碌识,字體的大小應(yīng)該根據(jù)圖片的高度來定。
Font font = new Font("", Font.HANGING_BASELINE, 28);
// 設(shè)置字體虱而。
g.setFont(font);
// 畫邊框筏餐。
g.setColor(Color. BLACK);
g.drawRect(0, 0, width - 1, height - 1);
// 隨機產(chǎn)生155條干擾線,使圖象中的認證碼不易被其它程序探測到牡拇。
// g.setColor(Color.GRAY);
// g.setColor(getRandColor(160, 200));
// for (int i = 0; i < 155; i++) {
// int x = random.nextInt(width);
// int y = random.nextInt(height);
// int xl = random.nextInt(12);
// int yl = random.nextInt(12);
// g.drawLine(x, y, x + xl, y + yl);
// }
// randomCode用于保存隨機產(chǎn)生的驗證碼魁瞪,以便用戶登錄后進行驗證。
StringBuffer randomCode = new StringBuffer();
// 設(shè)置默認生成4個驗證碼
int length = 4;
// 設(shè)置備選驗證碼:包括"a-z"和數(shù)字"0-9"
String base = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ;
int size = base.length();
// 隨機產(chǎn)生4位數(shù)字的驗證碼惠呼。
for (int i = 0; i < length; i++) {
// 得到隨機產(chǎn)生的驗證碼數(shù)字导俘。
int start = random.nextInt(size);
String strRand = base.substring(start, start + 1);
// 用隨機產(chǎn)生的顏色將驗證碼繪制到圖像中。
// 生成隨機顏色(因為是做前景剔蹋,所以偏深)
// g.setColor(getRandColor(1, 100));
// 調(diào)用函數(shù)出來的顏色相同旅薄,可能是因為種子太接近,所以只能直接生成
g.setColor( new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
g.drawString(strRand, 15 * i + 6, 24);
// 將產(chǎn)生的四個隨機數(shù)組合在一起滩租。
randomCode.append(strRand);
}
// 圖象生效
g.dispose();
ValidatorCode code = new ValidatorCode();
code.image = buffImg;
code.code = randomCode.toString();
return code;
}
public static ValidatorCode getCodeNew() {
int width = 200;
int height = 60;
BufferedImage image = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB); // 創(chuàng)建BufferedImage類的對象
Graphics g = image.getGraphics(); // 創(chuàng)建Graphics類的對象
Graphics2D g2d = (Graphics2D) g; // 通過Graphics類的對象創(chuàng)建一個Graphics2D類的對象
Random random = new Random(); // 實例化一個Random對象
Font mFont = new Font("華文宋體", Font.BOLD, 30); // 通過Font構(gòu)造字體
g.setColor(getRandColor(200, 250)); // 改變圖形的當前顏色為隨機生成的顏色
g.fillRect(0, 0, width, height); // 繪制一個填色矩形
// 畫一條折線
BasicStroke bs = new BasicStroke(2f, BasicStroke.CAP_BUTT,
BasicStroke.JOIN_BEVEL); // 創(chuàng)建一個供畫筆選擇線條粗細的對象
g2d.setStroke(bs); // 改變線條的粗細
g.setColor(Color.DARK_GRAY); // 設(shè)置當前顏色為預(yù)定義顏色中的深灰色
int[] xPoints = new int[3];
int[] yPoints = new int[3];
for (int j = 0; j < 3; j++) {
xPoints[j] = random.nextInt(width - 1);
yPoints[j] = random.nextInt(height - 1);
}
g.drawPolyline(xPoints, yPoints, 3);
// 生成并輸出隨機的驗證文字
g.setFont(mFont);
String sRand = "";
int itmp = 0;
for (int i = 0; i < 4; i++) {
if (random.nextInt(2) == 1) {
itmp = random.nextInt(26) + 65; // 生成A~Z的字母
} else {
itmp = random.nextInt(10) + 48; // 生成0~9的數(shù)字
}
char ctmp = (char) itmp;
sRand += String.valueOf(ctmp);
Color color = new Color(20 + random.nextInt(110),
20 + random.nextInt(110), 20 + random.nextInt(110));
g.setColor(color);
/**** 隨機縮放文字并將文字旋轉(zhuǎn)指定角度 **/
// 將文字旋轉(zhuǎn)指定角度
Graphics2D g2d_word = (Graphics2D) g;
AffineTransform trans = new AffineTransform();
trans.rotate(random.nextInt(45) * 3.14 / 180, 15 * i + 10, 7);
// 縮放文字
float scaleSize = random.nextFloat() + 0.8f;
if (scaleSize > 1.1f)
scaleSize = 1f;
trans.scale(scaleSize, scaleSize);
g2d_word.setTransform(trans);
/************************/
g.drawString(String.valueOf(ctmp), 30 * i + 40, 16);
}
g.dispose();
ValidatorCode code = new ValidatorCode();
code.image = image;
code.code = sRand.toString();
return code;
}
// 給定范圍獲得隨機顏色
static Color getRandColor( int fc, int bc) {
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}
/**
*
* <p class="detail">
* 驗證碼圖片封裝
* </p>
*
*
*/
public static class ValidatorCode {
private BufferedImage image ;
private String code ;
/**
* <p class="detail">
* 圖片流
* </p>
*
* @return
*/
public BufferedImage getImage() {
return image ;
}
/**
* <p class="detail">
* 驗證碼
* </p>
*
* @return
*/
public String getCode() {
return code ;
}
}
}
新增UsernamePasswordCredentialWithAuthCode類赋秀,繼承UsernamePasswordCredential,添加了驗證碼參數(shù)
package org.jasig.cas.authentication;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
/**
* Created by wangwei on 2017/7/18.
*/
public class UsernamePasswordCredentialWithAuthCode extends UsernamePasswordCredential{
/**
* 帶驗證碼的登錄界面
*/
private static final long serialVersionUID = 1L;
/** 驗證碼*/
@NotNull
@Size(min = 1, message = "required.authcode")
private String authcode;
/**
*
* @return
*/
public final String getAuthcode() {
return authcode;
}
/**
*
* @param authcode
*/
public final void setAuthcode(String authcode) {
this.authcode = authcode;
}
@Override
public boolean equals(final Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
final UsernamePasswordCredentialWithAuthCode that = (UsernamePasswordCredentialWithAuthCode) o;
if (getPassword() != null ? !getPassword().equals(that.getPassword())
: that.getPassword() != null) {
return false;
}
if (getPassword() != null ? !getPassword().equals(that.getPassword())
: that.getPassword() != null) {
return false;
}
if (authcode != null ? !authcode.equals(that.authcode)
: that.authcode != null)
return false;
return true;
}
@Override
public int hashCode() {
return new HashCodeBuilder().append(getUsername())
.append(getPassword()).append(authcode).toHashCode();
}
}
新增AuthenticationViaFormActionWithAuthCode類律想,繼承AuthenticationViaFormAction猎莲,添加了驗證碼校驗
package org.jasig.cas.web.flow;
import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.authentication.*;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.RequestContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
* Created by wangwei on 2017/7/18.
*/
@Component("authenticationViaFormActionWithAuthCode")
public class AuthenticationViaFormActionWithAuthCode extends AuthenticationViaFormAction {
private String CODE = "code";
/**
* authcode check
*/
public final String validatorCode(final RequestContext context,
final Credential credentials, final MessageContext messageContext)
throws Exception {
final HttpServletRequest request = WebUtils
.getHttpServletRequest(context);
HttpSession session = request.getSession();
String authcode = (String) session.getAttribute(CODE);
session.removeAttribute(CODE);
UsernamePasswordCredentialWithAuthCode upc = (UsernamePasswordCredentialWithAuthCode) credentials;
String submitAuthcode = upc.getAuthcode();
if (StringUtils.isEmpty(submitAuthcode)
|| StringUtils.isEmpty(authcode)) {
populateErrorsInstance(new NullAuthcodeAuthenticationException(),
messageContext);
return "error";
}
if (submitAuthcode.equals(authcode)) {
return "success";
}
populateErrorsInstance(new BadAuthcodeAuthenticationException(),
messageContext);
return "error";
}
private void populateErrorsInstance(final RootCasException e,
final MessageContext messageContext) {
try {
messageContext.addMessage(new MessageBuilder().error()
.code(e.getCode()).defaultText(e.getCode()).build());
} catch (final Exception fe) {
logger.error(fe.getMessage(), fe);
}
}
}
兩個異常類NullAuthcodeAuthenticationException與BadAuthcodeAuthenticationException
- NullAuthcodeAuthenticationException
package org.jasig.cas.authentication;
/**
* Created by wangwei on 2017/7/18.
*/
public class NullAuthcodeAuthenticationException extends RootCasException{
/** Serializable ID for unique id. */
private static final long serialVersionUID = 5501212207531289993L;
/** Code description. */
public static final String CODE = "required.authcode";
/**
* Constructs a TicketCreationException with the default exception code.
*/
public NullAuthcodeAuthenticationException() {
super(CODE);
}
/**
* Constructs a TicketCreationException with the default exception code and
* the original exception that was thrown.
*
* @param throwable the chained exception
*/
public NullAuthcodeAuthenticationException(final Throwable throwable) {
super(CODE, throwable);
}
}
- BadAuthcodeAuthenticationException
package org.jasig.cas.authentication;
/**
* Created by wangwei on 2017/7/18.
*/
public class BadAuthcodeAuthenticationException extends RootCasException {
/** Serializable ID for unique id. */
private static final long serialVersionUID = 5501212207531289993L;
/** Code description. */
public static final String CODE = "error.authentication.authcode.bad";
/**
* Constructs a TicketCreationException with the default exception code.
*/
public BadAuthcodeAuthenticationException() {
super(CODE);
}
/**
* Constructs a TicketCreationException with the default exception code and
* the original exception that was thrown.
*
* @param throwable the chained exception
*/
public BadAuthcodeAuthenticationException(final Throwable throwable) {
super(CODE, throwable);
}
}
配置修改
web.xml新增圖片獲取
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/captcha.jpg</url-pattern>
</servlet-mapping>
applicationContext.xml
<bean id="captchaImageCreateController" class="org.jasig.cas.CaptchaImageCreateController"/>
- 在handlerMappingC中添加/captcha.jpg映射,
<prop key="/captcha.jpg">captchaImageCreateController</prop>,具體內(nèi)容如下:
<bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"
p:order="1000"
p:alwaysUseFullPath="true">
<property name="mappings">
<util:properties>
<prop key="/authorizationFailure.html">passThroughController</prop>
<prop key="/statistics/ping">pingController</prop>
<prop key="/statistics/threads">threadsController</prop>
<prop key="/statistics/metrics">metricsController</prop>
<prop key="/statistics/healthcheck">healthController</prop>
<prop key="/captcha.jpg">captchaImageCreateController</prop>
</util:properties>
</property>
</bean>
login-webflow.xml修改
- 修改credential屬性技即,修改為新增的UsernamePasswordCredentialWithAuthCode著洼,具體如下:
<var name="credential" class="org.jasig.cas.authentication.UsernamePasswordCredentialWithAuthCode"/>
- 在viewLoginForm的binder中新增authcode參數(shù),并新增一個transition步驟而叼,具體如下:
<view-state id="viewLoginForm" view="casLoginView" model="credential">
<binder>
<binding property="username" required="true"/>
<binding property="password" required="true"/>
<binding property="authcode" required="true"/>
<!--
<binding property="rememberMe" />
-->
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credential'"/>
<!--
<evaluate expression="samlMetadataUIParserAction" />
-->
</on-entry>
<transition on="submit" bind="true" validate="true" to="authcodeValidate">
</transition>
</view-state>
<action-state id="authcodeValidate">
<evaluate expression="authenticationViaFormActionWithAuthCode.validatorCode(flowRequestContext, flowScope.credential, messageContext)" />
<transition on="error" to="viewLoginForm" />
<transition on="success" to="realSubmit" />
</action-state>
messages_zh_CN.properties新增
screen.welcome.label.authcode=\u9A8C\u8BC1\u7801:
screen.welcome.label.authcode.accesskey=a
required.authcode=\u5FC5\u987B\u5F55\u5165\u9A8C\u8BC1\u7801\u3002
error.authentication.authcode.bad=\u9A8C\u8BC1\u7801\u8F93\u5165\u6709\u8BEF\u3002
頁面修改
- 在casLoginView.jsp新增驗證碼身笤,代碼如下:
<section class="row">
<label for="authcode"><spring:message code="screen.welcome.label.authcode" /></label>
<spring:message code="screen.welcome.label.authcode.accesskey" var="authcodeAccessKey" />
<table>
<tr>
<td>
<form:input cssClass="required" cssErrorClass="error" id="authcode" size="10" tabindex="2" path="authcode" accesskey="${authcodeAccessKey}" htmlEscape="true" autocomplete="off"
cssStyle="margin-left: 10px;" />
</td>
<td style="vertical-align: bottom;">
</td>
</tr>
</table>
</section>
