SpringSecurity實現(xiàn)圖形驗證碼功能的實例代碼

更新時間：2020年05月20日 14:29:07 作者：天天丶

Spring Security 的前身是 Acegi Security ，是 Spring 項目組中用來提供安全認證服務(wù)的框架。這篇文章主要介紹了SpringSecurity實現(xiàn)圖形驗證碼功能,需要的朋友可以參考下

Spring Security

Spring Security是一個能夠為基于Spring的企業(yè)應(yīng)用系統(tǒng)提供聲明式的安全訪問控制解決方案的安全框架。它提供了一組可以在Spring應(yīng)用上下文中配置的Bean，充分利用了Spring IoC，DI（控制反轉(zhuǎn)Inversion of Control ,DI:Dependency Injection 依賴注入）和AOP（面向切面編程）功能，為應(yīng)用系統(tǒng)提供聲明式的安全訪問控制功能，減少了為企業(yè)系統(tǒng)安全控制編寫大量重復代碼的工作。

Spring Security

下載：https://github.com/whyalwaysmea/Spring-Security

本文重點給大家介紹SpringSecurity實現(xiàn)圖形驗證碼功能，具體內(nèi)容如下：

1.開發(fā)生成圖形驗證碼接口

-> 封裝ImageCode對象，來存放圖片驗證碼的內(nèi)容、圖片以及有效時間

public class ImageCode {
 private BufferedImage image;// 圖片
 private String code;// 驗證碼
 private LocalDateTime expireTime;// 有效時間
 public ImageCode(BufferedImage image, String code, int expireIn) {
 this.image = image;
 this.code = code;
 // 出入一個秒數(shù)，自動轉(zhuǎn)為時間，如過期時間為60s，這里的expireIn就是60，轉(zhuǎn)換為當前時間上加上這個秒數(shù)
 this.expireTime = LocalDateTime.now().plusSeconds(expireIn);
 }
 public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {
 this.image = image;
 this.code = code;
 this.expireTime = expireTime;
 }
 public BufferedImage getImage() {
 return image;
 }
 public void setImage(BufferedImage image) {
 this.image = image;
 }
 public String getCode() {
 return code;
 }
 public void setCode(String code) {
 this.code = code;
 }
 public LocalDateTime getExpireTime() {
 return expireTime;
 }
 public void setExpireTime(LocalDateTime expireTime) {
 this.expireTime = expireTime;
 }
}

-> 寫一個Controller用于生成圖片和校驗驗證碼

public class ValidateCodeController {
 private static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE";
 private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy()；
 @GetMapping("/code/image")
 public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
 // 根據(jù)隨機數(shù)生成圖片
 ImageCode imageCode = createImageCode(request);
 // 將隨機數(shù)存到session中
 sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);
 // 將生成的圖片寫到接口的響應(yīng)中
 ImageIO.write(imageCode.getImage(), "JPEG", response.getOutputStream());
 }

 private ImageCode createImageCode(HttpServletRequest request) {
 // 圖片的寬高（像素）
 int width = 67;
 int height = 23;
 // 生成圖片對象
 BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
 
 Graphics g = image.getGraphics();
 // 生成隨機條紋干擾
 Random random = new Random();
 g.setColor(getRandColor(200, 250));
 g.fillRect(0, 0, width, height);
 g.setFont(new Font("Times New Roman", Font.ITALIC, 20));
 g.setColor(getRandColor(160, 200));
 for (int i = 0; i < 155; i++) {
 int x = random.nextInt(width);
 int y = random.nextInt(height);
 int xl = random.nextInt(12);
 int yl = random.nextInt(12);
 g.drawLine(x, y, xl, yl);
 }
 
 // 生成四位隨機數(shù)
 String sRand = "";
 for (int i = 0; i < 4; i++) {
 String rand = String.valueOf(random.nextInt(10));
 sRand += rand;
 g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));
 g.drawString(rand, 13 * i + 6, 16);
 }
 g.dispose();
 // 60秒有效
 return new ImageCode(image, sRand, 60);
 }

 /**
 * 生成隨機背景條紋
 * @param fc
 * @param bc
 * @return
 */
 private Color getRandColor(int fc, int bc) {
 Random random = new Random();
 if(fc > 255) {
 fc = 255;
 }
 if(bc > 255) {
 bc = 255;
 }
 int r = fc + random.nextInt(bc - fc);
 int g = fc + random.nextInt(bc - fc);
 int b = fc + random.nextInt(bc - fc);
 return new Color(r, g, b);
 }
}

第一步：根據(jù)隨機數(shù)生成圖片

ImageCode imageCode = createImageCode(request);

第二步：將隨機數(shù)存到session中

sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);

第三步：將生成的圖片寫到接口的響應(yīng)中

ImageIO.write(imageCode.getImage(), “JPEG”, response.getOutputStream());

-> 在靜態(tài)頁面中加入圖片驗證碼的標簽

<tr>
 <td>圖形驗證碼：</td>
 <td>
 <input type="text" name="imageCode">
 <img src="/code/image">
 </td>
</tr>

-> 將接口請求地址配進認證

@Override
protected void configure(HttpSecurity http) throws Exception {
 http.formLogin()
 .loginPage("/authencation/require")
 .loginProcessingUrl("/authentication/form")
 .successHandler(imoocAuthenticationSuccessHandler)
 .failureHandler(imoocAuthenticationFailureHandler)
 .and()
 .authorizeRequests()
 .antMatchers("/authencation/require", 
 securityPropertis.getBrowserPropertis().getLoginPage(),
 "/code/image").permitAll() // 加入"/code/image"地址
 .anyRequest()
 .authenticated()
 .and()
 .csrf().disable();
}

->啟動服務(wù)器訪問靜態(tài)表單

如圖所示：

圖片驗證碼

2.在認證流程中加入圖形驗證碼校驗

-> 寫一個filter進行攔截
public class ValidateCodeFilter extends OncePerRequestFilter{
 private AuthenticationFailureHandler authenticationFailureHandler;
 private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy()；
 @Override
 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 throws ServletException, IOException {
 //如果訪問的是/authentication/form并且為post請求
 if(StringUtils.equals("/authentication/form", request.getRequestURI())
 && StringUtils.equals(request.getMethod(), "post")) {
 try {
 // 驗證圖片驗證碼是否填寫正確
 validate(new ServletWebRequest(request));
 } catch (ValidateCodeException e) {
 // 拋出異常，并返回，不再訪問資源
 authenticationFailureHandler.onAuthenticationFailure(request, response, e);
 return;
 }
 }
 // 通過，執(zhí)行后面的filter
 filterChain.doFilter(request, response);
 }
 // 校驗驗證碼的邏輯
 private void validate(ServletWebRequest request) throws ServletRequestBindingException {
 ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(request, ValidateCodeController.SESSION_KEY);
 String codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(), "imageCode");
 if(StringUtils.isBlank(codeInRequest)) {
 throw new ValidateCodeException("驗證碼的值不能為空");
 }
 if(codeInSession == null){
 throw new ValidateCodeException("驗證碼不存在");
 }
 if(codeInSession.isExpried()) {
 sessionStrategy.removeAttribute(request, ValidateCodeController.SESSION_KEY);
 throw new ValidateCodeException("驗證碼已過期");
 }
 if(!StringUtils.equals(codeInSession.getCode(), codeInRequest)) {
 throw new ValidateCodeException("驗證碼不匹配");
 }
 sessionStrategy.removeAttribute(request, ValidateCodeController.SESSION_KEY);
 }
 public AuthenticationFailureHandler getAuthenticationFailureHandler() {
 return authenticationFailureHandler;
 }
 public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
 this.authenticationFailureHandler = authenticationFailureHandler;
 }
 public SessionStrategy getSessionStrategy() {
 return sessionStrategy;
 }
 public void setSessionStrategy(SessionStrategy sessionStrategy) {
 this.sessionStrategy = sessionStrategy;
 }
}

-> 配置再configure中，生效

@Override
protected void configure(HttpSecurity http) throws Exception {
 // 聲明filter
 ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
 // 配置驗證失敗執(zhí)行的handler
 validateCodeFilter.setAuthenticationFailureHandler(imoocAuthenticationFailureHandler);
 // 添加filter到認證流程
 http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
 .formLogin()
 .loginPage("/authencation/require")
 .loginProcessingUrl("/authentication/form")
 .successHandler(imoocAuthenticationSuccessHandler)
 .failureHandler(imoocAuthenticationFailureHandler)
 .and()
 .authorizeRequests()
 .antMatchers("/authencation/require", 
 securityPropertis.getBrowserPropertis().getLoginPage(),
 "/code/image").permitAll()
 .anyRequest()
 .authenticated()
 .and()
 .csrf().disable();
}

至此，圖片驗證碼驗證流程已經(jīng)全部完成。

啟動服務(wù)，進行測試即可。

總結(jié)

到此這篇關(guān)于SpringSecurity實現(xiàn)圖形驗證碼功能的實例代碼的文章就介紹到這了,更多相關(guān)SpringSecurity圖形驗證碼內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: