From: Tang Cheng <cheng.tang@supwisdom.com>
Date: Mon, 22 Apr 2019 05:13:15 +0000 (+0800)
Subject: 测试登陆码认证
X-Git-Tag: 1.0.0^2~267
X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=c6b528d8a046c8b210ec37e3c3677951ca20a636;p=epayment%2Ffood_payapi.git

测试登陆码认证
---

diff --git a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
index c7f53601..bd8e660e 100755
--- a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
@@ -2,11 +2,9 @@ package com.supwisdom.dlpay.framework.filter;
 
 
 import com.supwisdom.dlpay.exception.ValidateCodeException;
-import com.supwisdom.dlpay.framework.security.validate.ImageCode;
 import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil;
 import com.supwisdom.dlpay.framework.security.validate.VerifyCode;
 import com.supwisdom.dlpay.framework.util.StringUtil;
-import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -20,59 +18,59 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 
-//@Component("validateCodeFilter")
-//public class ValidateCodeFilter extends OncePerRequestFilter{
-//
-//	/**
-//	 * æ ¡éªå¤±è´¥å¤çå¨
-//	 */
-//	@Autowired
-//	private AuthenticationFailureHandler myAuthenticationFailureHandler;
-//
-//	/**
-//	 * æ ¡éªæåå¤çå¨
-//	 */
-//	@Autowired
-//	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
-//
-//
-//	@Override
-//	protected void doFilterInternal(HttpServletRequest request,
-//																	HttpServletResponse response, FilterChain filterChain)
-//			throws ServletException, IOException {
-//		if (StringUtil.equals("/login/form", request.getRequestURI())
-//				&& StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {
-//			try {
-//				validate(request);
-//			} catch (ValidateCodeException e) {
-//				myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);
-//			}
-//		}
-//		filterChain.doFilter(request, response);
-//	}
-//
-//	private void validate(HttpServletRequest request) throws ValidateCodeException {
-//		VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-//		String inputCode;
-//		try {
-//			inputCode = request.getParameter("imageCode");
-//		} catch (Exception e) {
-//			throw new ValidateCodeException("è·åéªè¯ç çå¼å¤±è´¥");
-//		}
-//		if (StringUtil.isEmpty(inputCode)) {
-//			throw new ValidateCodeException("éªè¯ç çå¼ä¸è½ä¸ºç©º");
-//		}
-//		if (null == imageCode) {
-//			throw new ValidateCodeException("éªè¯ç ä¸å­å¨");
-//		}
-//		if (imageCode.isExpired()) {
-//			request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-//			throw new ValidateCodeException("éªè¯ç å·²è¿æ");
-//		}
-//		if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {
-//			throw new ValidateCodeException("éªè¯ç ä¸å¹é");
-//		}
-//		request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-//	}
-//
-//}
+@Component("validateCodeFilter")
+public class ValidateCodeFilter extends OncePerRequestFilter{
+
+	/**
+	 * æ ¡éªå¤±è´¥å¤çå¨
+	 */
+	@Autowired
+	private AuthenticationFailureHandler myAuthenticationFailureHandler;
+
+	/**
+	 * æ ¡éªæåå¤çå¨
+	 */
+	@Autowired
+	private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
+
+
+	@Override
+	protected void doFilterInternal(HttpServletRequest request,
+																	HttpServletResponse response, FilterChain filterChain)
+			throws ServletException, IOException {
+		if (StringUtil.equals("/login/form", request.getRequestURI())
+				&& StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {
+			try {
+				validate(request);
+			} catch (ValidateCodeException e) {
+				myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);
+			}
+		}
+		filterChain.doFilter(request, response);
+	}
+
+	private void validate(HttpServletRequest request) throws ValidateCodeException {
+		VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+		String inputCode;
+		try {
+			inputCode = request.getParameter("imageCode");
+		} catch (Exception e) {
+			throw new ValidateCodeException("è·åéªè¯ç çå¼å¤±è´¥");
+		}
+		if (StringUtil.isEmpty(inputCode)) {
+			throw new ValidateCodeException("éªè¯ç çå¼ä¸è½ä¸ºç©º");
+		}
+		if (null == imageCode) {
+			throw new ValidateCodeException("éªè¯ç ä¸å­å¨");
+		}
+		if (imageCode.isExpired()) {
+			request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+			throw new ValidateCodeException("éªè¯ç å·²è¿æ");
+		}
+		if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {
+			throw new ValidateCodeException("éªè¯ç ä¸å¹é");
+		}
+		request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+	}
+
+}
diff --git a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
index c5c3f7ca..56782db7 100644
--- a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
@@ -9,7 +9,7 @@ import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
 import org.springframework.stereotype.Component;
 
-//@Component("validateCodeSecurityConfig")
+@Component("validateCodeSecurityConfig")
 public class ValidateCodeSecurityConfig  extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
 	
 	@Autowired
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt
index 29c795dc..05d87093 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -2,6 +2,7 @@ package com.supwisdom.dlpay
 
 import com.supwisdom.dlpay.framework.core.JwtConfig
 import com.supwisdom.dlpay.framework.core.JwtTokenUtil
+import com.supwisdom.dlpay.framework.security.ValidateCodeSecurityConfig
 import org.jose4j.jwt.consumer.InvalidJwtException
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
@@ -91,8 +92,8 @@ class WebSecurityConfig {
         class MvcWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
             @Autowired
             lateinit var dataSource: DataSource
-//            @Autowired
-//            lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
+            @Autowired
+            lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
 //            @Autowired
 //            lateinit var userDetailsService: OperatorDetailService
 //            @Autowired
@@ -112,7 +113,8 @@ class WebSecurityConfig {
 
             override fun configure(http: HttpSecurity) {
                 // è®¾ç½® Web MVC åºç¨æé
-                http.csrf()
+                http.apply(validateCodeSecurityConfig)
+                        .and().csrf()
                         .and()
                         .authorizeRequests()
                         .antMatchers("/login", "/login/form").permitAll()