测试登陆码认证
diff --git a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
index c7f5360..bd8e660 100755
--- a/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/filter/ValidateCodeFilter.java
@@ -2,11 +2,9 @@
import com.supwisdom.dlpay.exception.ValidateCodeException;
-import com.supwisdom.dlpay.framework.security.validate.ImageCode;
import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil;
import com.supwisdom.dlpay.framework.security.validate.VerifyCode;
import com.supwisdom.dlpay.framework.util.StringUtil;
-import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -20,59 +18,59 @@
import java.io.IOException;
-//@Component("validateCodeFilter")
-//public class ValidateCodeFilter extends OncePerRequestFilter{
-//
-// /**
-// * 校验失败处理器
-// */
-// @Autowired
-// private AuthenticationFailureHandler myAuthenticationFailureHandler;
-//
-// /**
-// * 校验成功处理器
-// */
-// @Autowired
-// private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
-//
-//
-// @Override
-// protected void doFilterInternal(HttpServletRequest request,
-// HttpServletResponse response, FilterChain filterChain)
-// throws ServletException, IOException {
-// if (StringUtil.equals("/login/form", request.getRequestURI())
-// && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {
-// try {
-// validate(request);
-// } catch (ValidateCodeException e) {
-// myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);
-// }
-// }
-// filterChain.doFilter(request, response);
-// }
-//
-// private void validate(HttpServletRequest request) throws ValidateCodeException {
-// VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-// String inputCode;
-// try {
-// inputCode = request.getParameter("imageCode");
-// } catch (Exception e) {
-// throw new ValidateCodeException("获取验证码的值失败");
-// }
-// if (StringUtil.isEmpty(inputCode)) {
-// throw new ValidateCodeException("验证码的值不能为空");
-// }
-// if (null == imageCode) {
-// throw new ValidateCodeException("验证码不存在");
-// }
-// if (imageCode.isExpired()) {
-// request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-// throw new ValidateCodeException("验证码已过期");
-// }
-// if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {
-// throw new ValidateCodeException("验证码不匹配");
-// }
-// request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
-// }
-//
-//}
+@Component("validateCodeFilter")
+public class ValidateCodeFilter extends OncePerRequestFilter{
+
+ /**
+ * 校验失败处理器
+ */
+ @Autowired
+ private AuthenticationFailureHandler myAuthenticationFailureHandler;
+
+ /**
+ * 校验成功处理器
+ */
+ @Autowired
+ private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
+
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request,
+ HttpServletResponse response, FilterChain filterChain)
+ throws ServletException, IOException {
+ if (StringUtil.equals("/login/form", request.getRequestURI())
+ && StringUtil.equalsIgnoreCase(request.getMethod(), "post")) {
+ try {
+ validate(request);
+ } catch (ValidateCodeException e) {
+ myAuthenticationFailureHandler.onAuthenticationFailure(request, response, e);
+ }
+ }
+ filterChain.doFilter(request, response);
+ }
+
+ private void validate(HttpServletRequest request) throws ValidateCodeException {
+ VerifyCode imageCode = (VerifyCode) request.getSession().getAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+ String inputCode;
+ try {
+ inputCode = request.getParameter("imageCode");
+ } catch (Exception e) {
+ throw new ValidateCodeException("获取验证码的值失败");
+ }
+ if (StringUtil.isEmpty(inputCode)) {
+ throw new ValidateCodeException("验证码的值不能为空");
+ }
+ if (null == imageCode) {
+ throw new ValidateCodeException("验证码不存在");
+ }
+ if (imageCode.isExpired()) {
+ request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+ throw new ValidateCodeException("验证码已过期");
+ }
+ if (!StringUtil.equalsIgnoreCase(imageCode.getText(), inputCode)) {
+ throw new ValidateCodeException("验证码不匹配");
+ }
+ request.getSession().removeAttribute(ImageCodeUtil.LOGIN_IMAGECODE_SESSIONKEY);
+ }
+
+}
diff --git a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
index c5c3f7c..56782db 100644
--- a/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
+++ b/src/main/java/com/supwisdom/dlpay/framework/security/ValidateCodeSecurityConfig.java
@@ -9,7 +9,7 @@
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.stereotype.Component;
-//@Component("validateCodeSecurityConfig")
+@Component("validateCodeSecurityConfig")
public class ValidateCodeSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity> {
@Autowired
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt
index 29c795d..05d8709 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -2,6 +2,7 @@
import com.supwisdom.dlpay.framework.core.JwtConfig
import com.supwisdom.dlpay.framework.core.JwtTokenUtil
+import com.supwisdom.dlpay.framework.security.ValidateCodeSecurityConfig
import org.jose4j.jwt.consumer.InvalidJwtException
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
@@ -91,8 +92,8 @@
class MvcWebSecurityConfigurationAdapter : WebSecurityConfigurerAdapter() {
@Autowired
lateinit var dataSource: DataSource
-// @Autowired
-// lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
+ @Autowired
+ lateinit var validateCodeSecurityConfig: ValidateCodeSecurityConfig
// @Autowired
// lateinit var userDetailsService: OperatorDetailService
// @Autowired
@@ -112,7 +113,8 @@
override fun configure(http: HttpSecurity) {
// 设置 Web MVC 应用权限
- http.csrf()
+ http.apply(validateCodeSecurityConfig)
+ .and().csrf()
.and()
.authorizeRequests()
.antMatchers("/login", "/login/form").permitAll()