implementation 'org.bitbucket.b_c:jose4j:0.6.3'
implementation 'io.github.microutils:kotlin-logging:1.6.26'
implementation 'org.slf4j:slf4j-parent:1.7.26'
+ implementation 'com.github.penggle:kaptcha:2.3.2'
implementation group: 'com.google.code.gson', name: 'gson', version: '2.8.5'
implementation group: 'com.sun.jersey', name: 'jersey-client', version: '1.19'
implementation group: 'javax.servlet', name: 'jstl', version: '1.2'
--- /dev/null
+package com.supwisdom.dlpay.framework;
+
+import com.google.code.kaptcha.impl.DefaultKaptcha;
+import com.google.code.kaptcha.util.Config;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.Properties;
+
+@Configuration
+public class KaptchaConfig {
+ @Bean
+ public DefaultKaptcha getDefaultKaptcha(){
+ DefaultKaptcha captchaProducer = new DefaultKaptcha();
+ Properties properties = new Properties();
+ properties.setProperty("kaptcha.border", "yes");
+ properties.setProperty("kaptcha.border.color", "105,179,90");
+ properties.setProperty("kaptcha.textproducer.font.color", "blue");
+ properties.setProperty("kaptcha.image.width", "110");
+ properties.setProperty("kaptcha.image.height", "40");
+ properties.setProperty("kaptcha.textproducer.font.size", "30");
+ properties.setProperty("kaptcha.session.key", "code");
+ properties.setProperty("kaptcha.textproducer.char.length", "4");
+ properties.setProperty("kaptcha.textproducer.font.names", "宋体,楷体,微软雅黑");
+ Config config = new Config(properties);
+ captchaProducer.setConfig(config);
+ return captchaProducer;
+ }
+}
\r
\r
import com.supwisdom.dlpay.exception.ValidateCodeException;\r
+import com.supwisdom.dlpay.framework.security.CodeUtil;\r
import com.supwisdom.dlpay.framework.security.MyAuthenticationFailureHandler;\r
import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil;\r
import com.supwisdom.dlpay.framework.security.validate.VerifyCode;\r
@Component("validateCodeFilter")\r
public class ValidateCodeFilter extends OncePerRequestFilter {\r
\r
- /**\r
- * 校验失败处理器\r
- */\r
- @Autowired\r
- private MyAuthenticationFailureHandler myAuthenticationFailureHandler;\r
+ /**\r
+ * 校验失败处理器\r
+ */\r
+ @Autowired\r
+ private MyAuthenticationFailureHandler myAuthenticationFailureHandler;\r
\r
\r
- @Override\r
- protected void doFilterInternal(HttpServletRequest request,\r
- HttpServletResponse response, FilterChain filterChain)\r
- throws ServletException, IOException {\r
- String context = request.getContextPath();\r
- if (context == null || "" == context.trim()) {\r
- context = "/";\r
- }\r
- if (request.getRequestURI().isEmpty()) {\r
- filterChain.doFilter(request, response);\r
- return;\r
- }\r
- String url = request.getRequestURI();\r
- if (!"/".equals(context)) {\r
- url = url.replace(context, "");\r
- }\r
- if (StringUtil.equals("/login/form", url)\r
- && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {\r
- try {\r
- validate(request);\r
- } catch (ValidateCodeException e) {\r
- //response.setStatus(HttpStatus.OK.value());\r
- //response.setContentType("application/json;charset=UTF-8");\r
- //response.getWriter().write(objectMapper.writeValueAsString(JsonResult.error(400, e.getMessage())));\r
- //response.sendError(HttpStatus.UNAUTHORIZED.value(),e.getMessage());\r
- myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);\r
- return;\r
- }\r
- }\r
- filterChain.doFilter(request, response);\r
+ @Override\r
+ protected void doFilterInternal(HttpServletRequest request,\r
+ HttpServletResponse response, FilterChain filterChain)\r
+ throws ServletException, IOException {\r
+ String context = request.getContextPath();\r
+ if (context == null || "" == context.trim()) {\r
+ context = "/";\r
}\r
+ if (request.getRequestURI().isEmpty()) {\r
+ filterChain.doFilter(request, response);\r
+ return;\r
+ }\r
+ String url = request.getRequestURI();\r
+ if (!"/".equals(context)) {\r
+ url = url.replace(context, "");\r
+ }\r
+ if (StringUtil.equals("/login/form", url)\r
+ && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {\r
+ try {\r
+ validate(request);\r
+ } catch (ValidateCodeException e) {\r
+ //response.setStatus(HttpStatus.OK.value());\r
+ //response.setContentType("application/json;charset=UTF-8");\r
+ //response.getWriter().write(objectMapper.writeValueAsString(JsonResult.error(400, e.getMessage())));\r
+ //response.sendError(HttpStatus.UNAUTHORIZED.value(),e.getMessage());\r
+ myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);\r
+ return;\r
+ }\r
+ }\r
+ filterChain.doFilter(request, response);\r
+ }\r
\r
- private void validate(HttpServletRequest request) throws ValidateCodeException {\r
- VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
- String inputCode;\r
- try {\r
- inputCode = request.getParameter("imageCode");\r
- } catch (Exception e) {\r
- throw new ValidateCodeException("获取验证码的值失败");\r
- }\r
- if (StringUtil.isEmpty(inputCode)) {\r
- throw new ValidateCodeException("验证码不能为空");\r
- }\r
- if (null == imageCode) {\r
- throw new ValidateCodeException("验证码不存在");\r
- }\r
- if (imageCode.isExpired()) {\r
- request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
- throw new ValidateCodeException("验证码已过期");\r
- }\r
- if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {\r
- throw new ValidateCodeException("验证码不匹配");\r
- }\r
- request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+ private void validate(HttpServletRequest request) throws ValidateCodeException {\r
+ if (!CodeUtil.checkVerifyCode(request)) {\r
+ throw new ValidateCodeException("验证码不匹配");\r
+ } else {\r
+ request.getSession().removeAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);\r
}\r
+// VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+// String inputCode;\r
+// try {\r
+// inputCode = request.getParameter("imageCode");\r
+// } catch (Exception e) {\r
+// throw new ValidateCodeException("获取验证码的值失败");\r
+// }\r
+// if (StringUtil.isEmpty(inputCode)) {\r
+// throw new ValidateCodeException("验证码不能为空");\r
+// }\r
+// if (null == imageCode) {\r
+// throw new ValidateCodeException("验证码不存在");\r
+// }\r
+// if (imageCode.isExpired()) {\r
+// request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+// throw new ValidateCodeException("验证码已过期");\r
+// }\r
+// if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {\r
+// throw new ValidateCodeException("验证码不匹配");\r
+// }\r
+// request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+ }\r
\r
}\r
--- /dev/null
+package com.supwisdom.dlpay.framework.security;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class CodeUtil {
+ /**
+ * 将获取到的前端参数转为string类型
+ *
+ * @param request
+ * @param key
+ * @return
+ */
+ public static String getString(HttpServletRequest request, String key) {
+ try {
+ String result = request.getParameter(key);
+ if (result != null) {
+ result = result.trim();
+ }
+ if ("".equals(result)) {
+ result = null;
+ }
+ return result;
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ /**
+ * 验证码校验
+ *
+ * @param request
+ * @return
+ */
+ public static boolean checkVerifyCode(HttpServletRequest request) {
+ //获取生成的验证码
+ String verifyCodeExpected = (String) request.getSession()
+ .getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
+ //获取用户输入的验证码
+ String verifyCodeActual = CodeUtil.getString(request, "verifyCodeActual");
+ if (verifyCodeActual == null || !verifyCodeActual.equals(verifyCodeExpected)) {
+ return false;
+ }
+ return true;
+ }
+}
package com.supwisdom.dlpay.framework.controller
+import com.google.code.kaptcha.Producer
import com.supwisdom.dlpay.exception.TransactionCheckException
import com.supwisdom.dlpay.framework.ResponseBodyBuilder
import com.supwisdom.dlpay.framework.core.JwtConfig
import org.springframework.ui.Model
import org.springframework.web.bind.annotation.*
import org.springframework.web.context.request.ServletWebRequest
+import java.awt.image.BufferedImage
import java.io.IOException
+import java.lang.Exception
import java.security.Principal
import java.util.*
import javax.imageio.ImageIO
@RestController
class ValidateCodeController {
+ @Autowired
+ private lateinit var captchaProducer: Producer
+
@GetMapping("/code/image")
fun createCode(request: HttpServletRequest, response: HttpServletResponse) {
val imageCode = VerifyCode(60)
HttpSessionSessionStrategy().setAttribute(ServletWebRequest(request), ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY, imageCode)
- ImageIO.write(imageCode.image, "JPEG", response.outputStream)
+ val session = request.session
+ response.setDateHeader("Expires", 0)
+ response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate")
+ response.addHeader("Cache-Control", "post-check=0, pre-check=0")
+ response.setHeader("Pragma", "no-cache")
+ response.contentType = "image/jpeg"
+ //生成验证码
+ val capText = captchaProducer.createText()
+ session.setAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY, capText)
+ //向客户端写出
+ val bi = captchaProducer.createImage(capText);
+ ImageIO.write(bi, "JPEG", response.outputStream)
+ try {
+ response.outputStream.flush()
+ } catch (ex: Exception) {
+ response.outputStream.close()
+ }
}
}
<div class="layui-input-block">
<div class="layui-row inline-block">
<div class="layui-col-xs7">
- <input name="imageCode" type="text" placeholder="验证码"
+ <input name="verifyCodeActual" type="text" placeholder="验证码"
class="layui-input">
</div>
<div class="layui-col-xs5" style="padding-left: 10px;">
<div class="layui-input-block">
<div class="layui-row inline-block">
<div class="layui-col-xs7">
- <input name="imageCode" type="text" placeholder="验证码"
+ <input name="verifyCodeActual" type="text" placeholder="验证码"
class="layui-input">
</div>
<div class="layui-col-xs5" style="padding-left: 10px;">
Code Review / epayment / food_payapi.git / commitdiff
