From c6b528d8a046c8b210ec37e3c3677951ca20a636 Mon Sep 17 00:00:00 2001 From: Tang Cheng Date: Mon, 22 Apr 2019 13:13:15 +0800 Subject: [PATCH] =?utf8?q?=E6=B5=8B=E8=AF=95=E7=99=BB=E9=99=86=E7=A0=81?= =?utf8?q?=E8=AE=A4=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../framework/filter/ValidateCodeFilter.java | 114 +++++++++--------- .../security/ValidateCodeSecurityConfig.java | 2 +- .../kotlin/com/supwisdom/dlpay/security.kt | 8 +- 3 files changed, 62 insertions(+), 62 deletions(-) diff --git a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java index c7f53601..bd8e660e 100755 --- a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java +++ b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java @@ -2,11 +2,9 @@ package com.supwisdom.dlpay.framework.filter; import com.supwisdom.dlpay.exception.ValidateCodeException; -import com.supwisdom.dlpay.framework.security.validate.ImageCode; import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil; import com.supwisdom.dlpay.framework.security.validate.VerifyCode; import com.supwisdom.dlpay.framework.util.StringUtil; -import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; @@ -20,59 +18,59 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; -//@Component("validateCodeFilter") -//public class ValidateCodeFilter extends OncePerRequestFilter{ -// -// /** -// * 校验失败处理器 -// */ -// @Autowired -// private AuthenticationFailureHandler myAuthenticationFailureHandler; -// -// /** -// * 校验成功处理器 -// */ -// @Autowired -// private AuthenticationSuccessHandler myAuthenticationSuccessHandler; -// -// -// @Override -// protected void doFilterInternal(HttpServletRequest request, -// HttpServletResponse response, FilterChain filterChain) -// throws ServletException, IOException { -// if (StringUtil.equals("/login/form", request.getRequestURI()) -// && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) { -// try { -// validate(request); -// } catch (ValidateCodeException e) { -// myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e); -// } -// } -// filterChain.doFilter(request, response); -// } -// -// private void validate(HttpServletRequest request) throws ValidateCodeException { -// VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY); -// String inputCode; -// try { -// inputCode = request.getParameter("imageCode"); -// } catch (Exception e) { -// throw new ValidateCodeException("获取验证码的值失败"); -// } -// if (StringUtil.isEmpty(inputCode)) { -// throw new ValidateCodeException("验证码的值不能为空"); -// } -// if (null == imageCode) { -// throw new ValidateCodeException("验证码不存在"); -// } -// if (imageCode.isExpired()) { -// request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY); -// throw new ValidateCodeException("验证码已过期"); -// } -// if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) { -// throw new ValidateCodeException("验证码不匹配"); -// } -// request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY); -// } -// -//} +@Component("validateCodeFilter") +public class ValidateCodeFilter extends OncePerRequestFilter{ + + /** + * 校验失败处理器 + */ + @Autowired + private AuthenticationFailureHandler myAuthenticationFailureHandler; + + /** + * 校验成功处理器 + */ + @Autowired + private AuthenticationSuccessHandler myAuthenticationSuccessHandler; + + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + if (StringUtil.equals("/login/form", request.getRequestURI()) + && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) { + try { + validate(request); + } catch (ValidateCodeException e) { + myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e); + } + } + filterChain.doFilter(request, response); + } + + private void validate(HttpServletRequest request) throws ValidateCodeException { + VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY); + String inputCode; + try { + inputCode = request.getParameter("imageCode"); + } catch (Exception e) { + throw new ValidateCodeException("获取验证码的值失败"); + } + if (StringUtil.isEmpty(inputCode)) { + throw new ValidateCodeException("验证码的值不能为空"); + } + if (null == imageCode) { + throw new ValidateCodeException("验证码不存在"); + } + if (imageCode.isExpired()) { + request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY); + throw new ValidateCodeException("验证码已过期"); + } + if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) { + throw new ValidateCodeException("验证码不匹配"); + } + request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY); + } + +} diff --git a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java index c5c3f7ca..56782db7 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java +++ b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java @@ -9,7 +9,7 @@ import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; import org.springframework.stereotype.Component; -//@Component("validateCodeSecurityConfig") +@Component("validateCodeSecurityConfig") public class ValidateCodeSecurityConfig extends SecurityConfigurerAdapter { @Autowired diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt index 29c795dc..05d87093 100644 --- a/src/main/kotlin/com/supwisdom/dlpay/security.kt +++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt @@ -2,6 +2,7 @@ package com.supwisdom.dlpay import com.supwisdom.dlpay.framework.core.JwtConfig import com.supwisdom.dlpay.framework.core.JwtTokenUtil +import com.supwisdom.dlpay.framework.security.ValidateCodeSecurityConfig import org.jose4j.jwt.consumer.InvalidJwtException import org.springframework.beans.factory.annotation.Autowired import org.springframework.context.annotation.Bean @@ -91,8 +92,8 @@ class WebSecurityConfig { class MvcWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() { @Autowired lateinit var dataSource: DataSource -// @Autowired -// lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig + @Autowired + lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig // @Autowired // lateinit var userDetailsService: OperatorDetailService // @Autowired @@ -112,7 +113,8 @@ class WebSecurityConfig { override fun configure(http: HttpSecurity) { // 设置 Web MVC 应用权限 - http.csrf() + http.apply(validateCodeSecurityConfig) + .and().csrf() .and() .authorizeRequests() .antMatchers("/login", "/login/form").permitAll() -- 2.17.1