SpringSecurity實(shí)現(xiàn)圖形驗(yàn)證碼功能的實(shí)例代碼

更新時(shí)間：2020年05月20日 14:29:07 作者：天天丶

Spring Security 的前身是 Acegi Security ，是 Spring 項(xiàng)目組中用來提供安全認(rèn)證服務(wù)的框架。這篇文章主要介紹了SpringSecurity實(shí)現(xiàn)圖形驗(yàn)證碼功能,需要的朋友可以參考下

Spring Security

Spring Security是一個(gè)能夠?yàn)榛赟pring的企業(yè)應(yīng)用系統(tǒng)提供聲明式的安全訪問控制解決方案的安全框架。它提供了一組可以在Spring應(yīng)用上下文中配置的Bean，充分利用了Spring IoC，DI（控制反轉(zhuǎn)Inversion of Control ,DI:Dependency Injection 依賴注入）和AOP（面向切面編程）功能，為應(yīng)用系統(tǒng)提供聲明式的安全訪問控制功能，減少了為企業(yè)系統(tǒng)安全控制編寫大量重復(fù)代碼的工作。

Spring Security

下載：https://github.com/whyalwaysmea/Spring-Security

本文重點(diǎn)給大家介紹SpringSecurity實(shí)現(xiàn)圖形驗(yàn)證碼功能，具體內(nèi)容如下：

1.開發(fā)生成圖形驗(yàn)證碼接口

-> 封裝ImageCode對(duì)象，來存放圖片驗(yàn)證碼的內(nèi)容、圖片以及有效時(shí)間

public class ImageCode {
 private BufferedImage image;// 圖片
 private String code;// 驗(yàn)證碼
 private LocalDateTime expireTime;// 有效時(shí)間
 public ImageCode(BufferedImage image, String code, int expireIn) {
 this.image = image;
 this.code = code;
 // 出入一個(gè)秒數(shù)，自動(dòng)轉(zhuǎn)為時(shí)間，如過期時(shí)間為60s，這里的expireIn就是60，轉(zhuǎn)換為當(dāng)前時(shí)間上加上這個(gè)秒數(shù)
 this.expireTime = LocalDateTime.now().plusSeconds(expireIn);
 }
 public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {
 this.image = image;
 this.code = code;
 this.expireTime = expireTime;
 }
 public BufferedImage getImage() {
 return image;
 }
 public void setImage(BufferedImage image) {
 this.image = image;
 }
 public String getCode() {
 return code;
 }
 public void setCode(String code) {
 this.code = code;
 }
 public LocalDateTime getExpireTime() {
 return expireTime;
 }
 public void setExpireTime(LocalDateTime expireTime) {
 this.expireTime = expireTime;
 }
}

-> 寫一個(gè)Controller用于生成圖片和校驗(yàn)驗(yàn)證碼

public class ValidateCodeController {
 private static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";
 private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy()；
 @GetMapping("/code/image")
 public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
 // 根據(jù)隨機(jī)數(shù)生成圖片
 ImageCode imageCode = createImageCode(request);
 // 將隨機(jī)數(shù)存到session中
 sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);
 // 將生成的圖片寫到接口的響應(yīng)中
 ImageIO.write(imageCode.getImage(), "JPEG", response.getOutputStream());
 }

 private ImageCode createImageCode(HttpServletRequest request) {
 // 圖片的寬高（像素）
 int width = 67;
 int height = 23;
 // 生成圖片對(duì)象
 BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
 
 Graphics g = image.getGraphics();
 // 生成隨機(jī)條紋干擾
 Random random = new Random();
 g.setColor(getRandColor(200, 250));
 g.fillRect(0, 0, width, height);
 g.setFont(new Font("Times New Roman", Font.ITALIC, 20));
 g.setColor(getRandColor(160, 200));
 for (int i = 0; i < 155; i++) {
 int x = random.nextInt(width);
 int y = random.nextInt(height);
 int xl = random.nextInt(12);
 int yl = random.nextInt(12);
 g.drawLine(x, y, xl, yl);
 }
 
 // 生成四位隨機(jī)數(shù)
 String sRand = "";
 for (int i = 0; i < 4; i++) {
 String rand = String.valueOf(random.nextInt(10));
 sRand += rand;
 g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
 g.drawString(rand, 13 * i + 6, 16);
 }
 g.dispose();
 // 60秒有效
 return new ImageCode(image, sRand, 60);
 }

 /**
 * 生成隨機(jī)背景條紋
 * @param fc
 * @param bc
 * @return
 */
 private Color getRandColor(int fc, int bc) {
 Random random = new Random();
 if(fc > 255) {
 fc = 255;
 }
 if(bc > 255) {
 bc = 255;
 }
 int r = fc + random.nextInt(bc - fc);
 int g = fc + random.nextInt(bc - fc);
 int b = fc + random.nextInt(bc - fc);
 return new Color(r, g, b);
 }
}

第一步：根據(jù)隨機(jī)數(shù)生成圖片

ImageCode imageCode = createImageCode(request);

第二步：將隨機(jī)數(shù)存到session中

sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);

第三步：將生成的圖片寫到接口的響應(yīng)中

ImageIO.write(imageCode.getImage(), “JPEG”, response.getOutputStream());

-> 在靜態(tài)頁面中加入圖片驗(yàn)證碼的標(biāo)簽

<tr>
 <td>圖形驗(yàn)證碼：</td>
 <td>
 <input type="text" name="imageCode">
 <img src="/code/image">
 </td>
</tr>

-> 將接口請(qǐng)求地址配進(jìn)認(rèn)證

@Override
protected void configure(HttpSecurity http) throws Exception {
 http.formLogin()
 .loginPage("/authencation/require")
 .loginProcessingUrl("/authentication/form")
 .successHandler(imoocAuthenticationSuccessHandler)
 .failureHandler(imoocAuthenticationFailureHandler)
 .and()
 .authorizeRequests()
 .antMatchers("/authencation/require", 
 securityPropertis.getBrowserPropertis().getLoginPage(),
 "/code/image").permitAll() // 加入"/code/image"地址
 .anyRequest()
 .authenticated()
 .and()
 .csrf().disable();
}

->啟動(dòng)服務(wù)器訪問靜態(tài)表單

如圖所示：

圖片驗(yàn)證碼

2.在認(rèn)證流程中加入圖形驗(yàn)證碼校驗(yàn)

-> 寫一個(gè)filter進(jìn)行攔截
public class ValidateCodeFilter extends OncePerRequestFilter{
 private AuthenticationFailureHandler authenticationFailureHandler;
 private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy()；
 @Override
 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 throws ServletException, IOException {
 //如果訪問的是/authentication/form并且為post請(qǐng)求
 if(StringUtils.equals("/authentication/form", request.getRequestURI())
 && StringUtils.equals(request.getMethod(), "post")) {
 try {
 // 驗(yàn)證圖片驗(yàn)證碼是否填寫正確
 validate(new ServletWebRequest(request));
 } catch (ValidateCodeException e) {
 // 拋出異常，并返回，不再訪問資源
 authenticationFailureHandler.onAuthenticationFailure(request, response, e);
 return;
 }
 }
 // 通過，執(zhí)行后面的filter
 filterChain.doFilter(request, response);
 }
 // 校驗(yàn)驗(yàn)證碼的邏輯
 private void validate(ServletWebRequest request) throws ServletRequestBindingException {
 ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(request, ValidateCodeController.SESSION_KEY);
 String codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(), "imageCode");
 if(StringUtils.isBlank(codeInRequest)) {
 throw new ValidateCodeException("驗(yàn)證碼的值不能為空");
 }
 if(codeInSession == null){
 throw new ValidateCodeException("驗(yàn)證碼不存在");
 }
 if(codeInSession.isExpried()) {
 sessionStrategy.removeAttribute(request, ValidateCodeController.SESSION_KEY);
 throw new ValidateCodeException("驗(yàn)證碼已過期");
 }
 if(!StringUtils.equals(codeInSession.getCode(), codeInRequest)) {
 throw new ValidateCodeException("驗(yàn)證碼不匹配");
 }
 sessionStrategy.removeAttribute(request, ValidateCodeController.SESSION_KEY);
 }
 public AuthenticationFailureHandler getAuthenticationFailureHandler() {
 return authenticationFailureHandler;
 }
 public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
 this.authenticationFailureHandler = authenticationFailureHandler;
 }
 public SessionStrategy getSessionStrategy() {
 return sessionStrategy;
 }
 public void setSessionStrategy(SessionStrategy sessionStrategy) {
 this.sessionStrategy = sessionStrategy;
 }
}

-> 配置再configure中，生效

@Override
protected void configure(HttpSecurity http) throws Exception {
 // 聲明filter
 ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
 // 配置驗(yàn)證失敗執(zhí)行的handler
 validateCodeFilter.setAuthenticationFailureHandler(imoocAuthenticationFailureHandler);
 // 添加filter到認(rèn)證流程
 http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
 .formLogin()
 .loginPage("/authencation/require")
 .loginProcessingUrl("/authentication/form")
 .successHandler(imoocAuthenticationSuccessHandler)
 .failureHandler(imoocAuthenticationFailureHandler)
 .and()
 .authorizeRequests()
 .antMatchers("/authencation/require", 
 securityPropertis.getBrowserPropertis().getLoginPage(),
 "/code/image").permitAll()
 .anyRequest()
 .authenticated()
 .and()
 .csrf().disable();
}

至此，圖片驗(yàn)證碼驗(yàn)證流程已經(jīng)全部完成。

啟動(dòng)服務(wù)，進(jìn)行測(cè)試即可。

總結(jié)

到此這篇關(guān)于SpringSecurity實(shí)現(xiàn)圖形驗(yàn)證碼功能的實(shí)例代碼的文章就介紹到這了,更多相關(guān)SpringSecurity圖形驗(yàn)證碼內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: