登录加入验证码校验

ABCpril · ABCpril · commit 8bc4368cd864 · 2021-11-11T18:27:52.000+08:00
diff --git a/multi-user-table-mybatis/pom.xml b/multi-user-table-mybatis/pom.xml
@@ -65,6 +65,12 @@
             <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
         </dependency>
+<!--        验证码依赖-->
+        <dependency>
+            <groupId>com.github.penggle</groupId>
+            <artifactId>kaptcha</artifactId>
+            <version>2.3.2</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/config/KaptchaAuthenticationProvider.java b/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/config/KaptchaAuthenticationProvider.java
@@ -0,0 +1,32 @@
+package com.sspath.multiusertablemybatis.config;
+
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @FileName: KaptchaAuthenticationProvider.java
+ * @Description: 重写authenticate方法，在数据库查询用户名密码前，做验证码校验
+ *               重写DaoAuthenticationProvider的additionalAuthenticationChecks方法，是在数据库查询后检测验证码，不符合验证码初衷
+ * @Author: ABCpril
+ * @Date: 2021/11/11
+ */
+public class KaptchaAuthenticationProvider extends DaoAuthenticationProvider {
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        HttpServletRequest req = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
+        String kaptcha = req.getParameter("kaptcha");
+        String sessionKaptcha = (String) req.getSession().getAttribute("kaptcha");
+        if (kaptcha != null && sessionKaptcha != null && kaptcha.equalsIgnoreCase(sessionKaptcha)) {
+            return super.authenticate(authentication);
+        }
+        throw new AuthenticationServiceException("验证码输入错误");
+    }
+
+
+}
diff --git a/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/config/KaptchaConfig.java b/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/config/KaptchaConfig.java
@@ -0,0 +1,33 @@
+package com.sspath.multiusertablemybatis.config;
+
+import com.google.code.kaptcha.Producer;
+import com.google.code.kaptcha.impl.DefaultKaptcha;
+import com.google.code.kaptcha.util.Config;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.Properties;
+
+/**
+ * @FileName: KaptchaConfig.java
+ * @Description: 验证码配置类
+ * @Author: ABCpril
+ * @Date: 2021/11/11
+ */
+
+@Configuration
+public class KaptchaConfig {
+    @Bean
+    Producer kaptcha() {
+        Properties properties = new Properties();
+        properties.setProperty("kaptcha.image.width", "150");
+        properties.setProperty("kaptcha.image.height", "50");
+        properties.setProperty("kaptcha.textproducer.cha.string", "0123456789");
+        properties.setProperty("kaptcha.textproducer.char.length", "4");
+        Config config = new Config(properties);
+        DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
+        defaultKaptcha.setConfig(config);
+        return defaultKaptcha;
+    }
+
+}
diff --git a/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/config/SecurityConfig.java b/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/config/SecurityConfig.java
@@ -6,6 +6,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -25,22 +26,44 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     MyUserDetailsService2 myUserDetailsService2;
 
-    @Override
+//    @Override
+//    @Bean
+//    public AuthenticationManager authenticationManagerBean() throws Exception {
+//        DaoAuthenticationProvider dao1 = new DaoAuthenticationProvider();
+//        dao1.setUserDetailsService(myUserDetailsService);
+//
+//        DaoAuthenticationProvider dao2 = new DaoAuthenticationProvider();
+//        dao2.setUserDetailsService(myUserDetailsService2);
+//
+//        ProviderManager manager = new ProviderManager(dao1, dao2);
+//        return manager;
+//    }
+
     @Bean
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        DaoAuthenticationProvider dao1 = new DaoAuthenticationProvider();
-        dao1.setUserDetailsService(myUserDetailsService);
+    AuthenticationProvider kaptchaAuthenticationProvider() {
+        KaptchaAuthenticationProvider provider = new KaptchaAuthenticationProvider();
+        provider.setUserDetailsService(myUserDetailsService);
+        return provider;
+    }
 
-        DaoAuthenticationProvider dao2 = new DaoAuthenticationProvider();
-        dao2.setUserDetailsService(myUserDetailsService2);
+    @Bean
+    AuthenticationProvider kaptchaAuthenticationProvider2() {
+        KaptchaAuthenticationProvider provider2 = new KaptchaAuthenticationProvider();
+        provider2.setUserDetailsService(myUserDetailsService2);
+        return provider2;
+    }
 
-        ProviderManager manager = new ProviderManager(dao1, dao2);
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        ProviderManager manager = new ProviderManager(kaptchaAuthenticationProvider(), kaptchaAuthenticationProvider2());
         return manager;
     }
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
+                .antMatchers("/vc.jpg").permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .formLogin()
diff --git a/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/controller/KaptchaController.java b/multi-user-table-mybatis/src/main/java/com/sspath/multiusertablemybatis/controller/KaptchaController.java
@@ -0,0 +1,37 @@
+package com.sspath.multiusertablemybatis.controller;
+
+import com.google.code.kaptcha.Producer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.imageio.ImageIO;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.awt.image.BufferedImage;
+import java.io.IOException;
+
+/**
+ * @FileName: KaptchaController.java
+ * @Description: 验证码请求接口，验证码文本写入session，验证码图片通过IO流写出到前端
+ * @Author: ABCpril
+ * @Date: 2021/11/11
+ */
+
+@RestController
+public class KaptchaController {
+    @Autowired
+    Producer producer;
+
+    @GetMapping("/vc.jpg")
+    public void getVerifyCode(HttpServletResponse resp, HttpSession session) throws IOException {
+        resp.setContentType("image/jpeg");
+        String text = producer.createText();
+        session.setAttribute("kaptcha", text);
+        BufferedImage image = producer.createImage(text);
+        try(ServletOutputStream out = resp.getOutputStream()) {
+            ImageIO.write(image, "jpg", out);
+        }
+    }
+}
diff --git a/multi-user-table-mybatis/src/main/resources/templates/mylogin.html b/multi-user-table-mybatis/src/main/resources/templates/mylogin.html
@@ -29,6 +29,11 @@ <h3 class="text-center text-info">登录</h3>
                             <label for="password" class="text-info">密码:</label><br>
                             <input type="text" name="passwd" id="password" class="form-control">
                         </div>
+                        <div class="form-group">
+                            <label for="kaptcha" class="text-info">验证码:</label><br>
+                            <input type="text" name="kaptcha" id="kaptcha" class="form-control">
+                            <img src="/vc.jpg" alt="">
+                        </div>
                         <div class="form-group">
                             <input type="submit" name="submit" class="btn btn-info btn-md" value="登录">
                         </div>
