测试登陆码认证

author Tang Cheng <cheng.tang@supwisdom.com>

Mon, 22 Apr 2019 05:13:15 +0000 (13:13 +0800)

committer Tang Cheng <cheng.tang@supwisdom.com>

Mon, 22 Apr 2019 05:13:15 +0000 (13:13 +0800)
author Tang Cheng <cheng.tang@supwisdom.com>
Mon, 22 Apr 2019 05:13:15 +0000 (13:13 +0800)
committer Tang Cheng <cheng.tang@supwisdom.com>
Mon, 22 Apr 2019 05:13:15 +0000 (13:13 +0800)
diff --git a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java

index c7f5360..bd8e660 100755 (executable)
--- a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
@@ -2,11 +2,9 @@ package com.supwisdom.dlpay.framework.filter;
  \r
  \r
  import com.supwisdom.dlpay.exception.ValidateCodeException;\r
-import com.supwisdom.dlpay.framework.security.validate.ImageCode;\r
  import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil;\r
  import com.supwisdom.dlpay.framework.security.validate.VerifyCode;\r
  import com.supwisdom.dlpay.framework.util.StringUtil;\r
-import org.springframework.beans.factory.InitializingBean;\r
  import org.springframework.beans.factory.annotation.Autowired;\r
  import org.springframework.security.web.authentication.AuthenticationFailureHandler;\r
  import org.springframework.security.web.authentication.AuthenticationSuccessHandler;\r
@@ -20,59 +18,59 @@ import javax.servlet.http.HttpServletResponse;
  import java.io.IOException;\r
  \r
  \r
-//@Component("validateCodeFilter")\r
-//public class ValidateCodeFilter extends OncePerRequestFilter{\r
-//\r
-//     /**\r
-//      * 校验失败处理器\r
-//      */\r
-//     @Autowired\r
-//     private AuthenticationFailureHandler myAuthenticationFailureHandler;\r
-//\r
-//     /**\r
-//      * 校验成功处理器\r
-//      */\r
-//     @Autowired\r
-//     private AuthenticationSuccessHandler myAuthenticationSuccessHandler;\r
-//\r
-//\r
-//     @Override\r
-//     protected void doFilterInternal(HttpServletRequest request,\r
-//                                                                                                                                     HttpServletResponse response, FilterChain filterChain)\r
-//                     throws ServletException, IOException {\r
-//             if (StringUtil.equals("/login/form", request.getRequestURI())\r
-//                             && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {\r
-//                     try {\r
-//                             validate(request);\r
-//                     } catch (ValidateCodeException e) {\r
-//                             myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);\r
-//                     }\r
-//             }\r
-//             filterChain.doFilter(request, response);\r
-//     }\r
-//\r
-//     private void validate(HttpServletRequest request) throws ValidateCodeException {\r
-//             VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
-//             String inputCode;\r
-//             try {\r
-//                     inputCode = request.getParameter("imageCode");\r
-//             } catch (Exception e) {\r
-//                     throw new ValidateCodeException("获取验证码的值失败");\r
-//             }\r
-//             if (StringUtil.isEmpty(inputCode)) {\r
-//                     throw new ValidateCodeException("验证码的值不能为空");\r
-//             }\r
-//             if (null == imageCode) {\r
-//                     throw new ValidateCodeException("验证码不存在");\r
-//             }\r
-//             if (imageCode.isExpired()) {\r
-//                     request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
-//                     throw new ValidateCodeException("验证码已过期");\r
-//             }\r
-//             if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {\r
-//                     throw new ValidateCodeException("验证码不匹配");\r
-//             }\r
-//             request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
-//     }\r
-//\r
-//}\r
+@Component("validateCodeFilter")\r
+public class ValidateCodeFilter extends OncePerRequestFilter{\r
+\r
+       /**\r
+        * 校验失败处理器\r
+        */\r
+       @Autowired\r
+       private AuthenticationFailureHandler myAuthenticationFailureHandler;\r
+\r
+       /**\r
+        * 校验成功处理器\r
+        */\r
+       @Autowired\r
+       private AuthenticationSuccessHandler myAuthenticationSuccessHandler;\r
+\r
+\r
+       @Override\r
+       protected void doFilterInternal(HttpServletRequest request,\r
+                                                                                                                                       HttpServletResponse response, FilterChain filterChain)\r
+                       throws ServletException, IOException {\r
+               if (StringUtil.equals("/login/form", request.getRequestURI())\r
+                               && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {\r
+                       try {\r
+                               validate(request);\r
+                       } catch (ValidateCodeException e) {\r
+                               myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);\r
+                       }\r
+               }\r
+               filterChain.doFilter(request, response);\r
+       }\r
+\r
+       private void validate(HttpServletRequest request) throws ValidateCodeException {\r
+               VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+               String inputCode;\r
+               try {\r
+                       inputCode = request.getParameter("imageCode");\r
+               } catch (Exception e) {\r
+                       throw new ValidateCodeException("获取验证码的值失败");\r
+               }\r
+               if (StringUtil.isEmpty(inputCode)) {\r
+                       throw new ValidateCodeException("验证码的值不能为空");\r
+               }\r
+               if (null == imageCode) {\r
+                       throw new ValidateCodeException("验证码不存在");\r
+               }\r
+               if (imageCode.isExpired()) {\r
+                       request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+                       throw new ValidateCodeException("验证码已过期");\r
+               }\r
+               if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {\r
+                       throw new ValidateCodeException("验证码不匹配");\r
+               }\r
+               request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);\r
+       }\r
+\r
+}\r
diff --git a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java

index c5c3f7c..56782db 100644 (file)
--- a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
@@ -9,7 +9,7 @@ import org.springframework.security.web.DefaultSecurityFilterChain;
  import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
  import org.springframework.stereotype.Component;
  
-//@Component("validateCodeSecurityConfig")
+@Component("validateCodeSecurityConfig")
  public class ValidateCodeSecurityConfig  extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
         
         @Autowired
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt

index 29c795d..05d8709 100644 (file)
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -2,6 +2,7 @@ package com.supwisdom.dlpay
  
  import com.supwisdom.dlpay.framework.core.JwtConfig
  import com.supwisdom.dlpay.framework.core.JwtTokenUtil
+import com.supwisdom.dlpay.framework.security.ValidateCodeSecurityConfig
  import org.jose4j.jwt.consumer.InvalidJwtException
  import org.springframework.beans.factory.annotation.Autowired
  import org.springframework.context.annotation.Bean
@@ -91,8 +92,8 @@ class WebSecurityConfig {
          class MvcWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
              @Autowired
              lateinit var dataSource: DataSource
-//            @Autowired
-//            lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
+            @Autowired
+            lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
  //            @Autowired
  //            lateinit var userDetailsService: OperatorDetailService
  //            @Autowired
@@ -112,7 +113,8 @@ class WebSecurityConfig {
  
              override fun configure(http: HttpSecurity) {
                  // 设置 Web MVC 应用权限
-                http.csrf()
+                http.apply(validateCodeSecurityConfig)
+                        .and().csrf()
                          .and()
                          .authorizeRequests()
                          .antMatchers("/login", "/login/form").permitAll()
author	Tang Cheng <cheng.tang@supwisdom.com>
	Mon, 22 Apr 2019 05:13:15 +0000 (13:13 +0800)
committer	Tang Cheng <cheng.tang@supwisdom.com>
	Mon, 22 Apr 2019 05:13:15 +0000 (13:13 +0800)
src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java		patch \| blob \| history
src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java		patch \| blob \| history
src/main/kotlin/com/supwisdom/dlpay/security.kt		patch \| blob \| history