How to Integrate JCaptcha in Spring Security
2013-10-11 03:36
681 查看
The repository for JCaptcha is this one:
Here are some configuration I made in .xml files:
web.xml
spring-security.xml
And these are the java classes:
MyAuthenticationProvider.java
CaptchaCaptureFilter.java
Last but not least, login.jsp
done!
<repository> <id>sourceforge-releases</id> <name>Sourceforge Releases</name> <url>https://oss.sonatype.org/content/repositories/sourceforge-releases</url> </repository> <dependency> <groupId>com.octo.captcha</groupId> <artifactId>jcaptcha-integration-simple-servlet</artifactId> <version>2.0-alpha-1</version> </dependency>
Here are some configuration I made in .xml files:
web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml /WEB-INF/spring/spring-security.xml </param-value> </context-param> <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping> <servlet> <servlet-name>jcaptcha</servlet-name> <servlet-class>com.octo.captcha.module.servlet.image.SimpleImageCaptchaServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>jcaptcha</servlet-name> <url-pattern>/jcaptcha.jpg</url-pattern> </servlet-mapping>
spring-security.xml
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/resources/**" access="permitAll()" /> <intercept-url pattern="/jcaptcha.jpg" access="permitAll()" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <form-login login-page="/session/login/" default-target-url="/" authentication-failure-url="/session/loginfailed/" /> <logout logout-success-url="/session/logout/" /> <access-denied-handler error-page="/session/403/" /> <!--JCaptcha Filtering--> <custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/> <!-- REMOVED custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/--> <anonymous /> </http> <!-- For capturing CAPTCHA fields --> <beans:bean id="captchaCaptureFilter" class="com.util.CaptchaCaptureFilter" /> <!-- For verifying CAPTCHA fields --> <!-- Private key is assigned by the JCaptcha service --> <!-- REMOVED beans:bean id="captchaVerifierFilter" class="com.util.CaptchaVerifierFilter" p:failureUrl="/session/loginfailed/" p:captchaCaptureFilter-ref="captchaCaptureFilter"/--> <beans:property name="sessionAuthenticationStrategy" ref="sas"/> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="allowSessionCreation" value="true" /> </beans:bean> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/> <beans:property name="maximumSessions" value="1" /> </beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <beans:bean id="userService" class="com.service.mybatis.UserManager" /> <beans:bean id="customAuthenticationProvider" class="com.util.MyAuthenticationProvider" p:captchaCaptureFilter-ref="captchaCaptureFilter" /> <authentication-manager alias="authenticationManager"> <authentication-provider ref="customAuthenticationProvider" /> </authentication-manager> <beans:bean id="accessDeniedHandler" class="com.util.ThouShaltNoPass"> <beans:property name="accessDeniedURL" value="/session/403/" /> </beans:bean>
And these are the java classes:
MyAuthenticationProvider.java
public class MyAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserService userService;
private Logger logger = LoggerFactory.getLogger(ArtajasaAuthenticationProvider.class);
private CaptchaCaptureFilter captchaCaptureFilter;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = String.valueOf(authentication.getPrincipal());
String password = String.valueOf(authentication.getCredentials());
logger.debug("Checking authentication for user {}", username);
logger.debug("userResponse: {}", captchaCaptureFilter.getUserCaptchaResponse());
if (StringUtils.isBlank(username)
|| StringUtils.isBlank(password)) {
throw new BadCredentialsException("No Username and/or Password Provided.");
}
else if(StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) {
throw new BadCredentialsException("Captcha Response is Empty");
}
else {
// Send HTTP request to validate user's Captcha
boolean captchaPassed = SimpleImageCaptchaServlet.validateResponse(captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse());
// Check if valid
if (captchaPassed) {
logger.debug("Captcha is valid!");
resetCaptchaFields();
Pengguna user = userService.select(username);
if (user == null) {
throw new BadCredentialsException("Invalid Username and/or Password.");
}
if (user.getPassword().equals(new PasswordUtil().generateHash(password, user.getSalt()))) {
List<GrantedAuthority> authorityList = (List<GrantedAuthority>) userService.getAuthorities(user);
return new UsernamePasswordAuthenticationToken(username, password, authorityList);
}
else {
throw new BadCredentialsException("Invalid Username and/or Password.");
}
}
else {
logger.debug("Captcha is invalid!");
resetCaptchaFields();
throw new BadCredentialsException("Invalid Captcha.");
}
}
}
@Override
public boolean supports(Class<?> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
/**
* Reset Captcha fields
*/
public void resetCaptchaFields() {
captchaCaptureFilter.setUserCaptchaResponse(null);
}
public CaptchaCaptureFilter getCaptchaCaptureFilter() {
return captchaCaptureFilter;
}
public void setCaptchaCaptureFilter(CaptchaCaptureFilter captchaCaptureFilter) {
this.captchaCaptureFilter = captchaCaptureFilter;
}
}CaptchaCaptureFilter.java
public class CaptchaCaptureFilter extends OncePerRequestFilter {
private Logger logger = Logger.getLogger(CaptchaCaptureFilter.class);
private String userCaptchaResponse;
private HttpServletRequest request;
@Override
public void doFilterInternal(HttpServletRequest req, HttpServletResponse res,
FilterChain chain) throws IOException, ServletException {
logger.debug("Captcha capture filter");
// Assign values only when user has submitted a Captcha value.
// Without this condition the values will be reset due to redirection
// and CaptchaVerifierFilter will enter an infinite loop
if (req.getParameter("jcaptcha") != null) {
request = req;
userCaptchaResponse = req.getParameter("jcaptcha");
}
logger.debug("userResponse: " + userCaptchaResponse);
// Proceed with the remaining filters
chain.doFilter(req, res);
}
public String getUserCaptchaResponse() {
return userCaptchaResponse;
}
public void setUserCaptchaResponse(String userCaptchaResponse) {
this.userCaptchaResponse = userCaptchaResponse;
}
public HttpServletRequest getRequest() {
return request;
}
public void setRequest(HttpServletRequest request) {
this.request = request;
}
}Last but not least, login.jsp
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
<form id="login" name="f" action="<c:url value='/j_spring_security_check'/>" method="POST">
<div class="container">
<div class="content">
<div class="row">
<div class="login-form">
<h3>Login</h3>
<br />
<fieldset>
<div class="clearfix">
username: ecr
<input type="text" name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>' placeholder="username@artajasa.co.id">
</div>
<div class="clearfix">
password: ecr123
<input type="password" name='j_password' placeholder="password">
</div>
<div class="clearfix">
<img src="../../jcaptcha.jpg" />
<br />
<input type="text" name="jcaptcha" placeholder="masukkan captcha" />
</div>
<br />
<button class="btn btn-primary" type="submit"><i class="icon-lock"></i> Sign in</button>
</fieldset>
</div>
</div>
</div>
<br />
<c:if test="${not empty error}">
<div class="alert alert-error">
<button type="button" class="close" data-dismiss="alert"><i class="icon-remove"></i></button>
Login Failed, try again.<br />
<c:out value="${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}"/>
</div>
</c:if>
</div>done!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- How to change GrantedAuthority dynamically in Spring Security framework
- How to check “hasRole” in Java Code with Spring Security?
- How to create custom methods for use in spring security expression language annotations
- How to integrate custom security policy with Windows domain authentication in ASP.NET
- What is XMLHTTP? How to use security zones in Internet Explorer
- How to use fasterxml Jackson JSON serialization in Spring 4
- What is the best way to handle Invalid CSRF token found in the request when session times out in Spring security
- How to test Service Layer in Spring web app
- How to conrfig and run Spring Security 3 tutorial under Myeclipse8
- How To Get Properties Data in Spring
- How to integrate iAD in your iOS App ?
- How to integrate Identity System in Activiti
- How-to: disable the web-security-check in Chrome for Mac
- How to do conditional auto-wiring in Spring?
- How to create security string in exchange cmdlet
- Spring Form Tags - How to use Text Box, Radio Button, Check Box and Drop Down List in Spring
- How to get session information in Spring MVC 3
- How to use JDBC-Authentication of Spring Boot/Spring Security with Flyway
- How to resolve "your security settings have blocked an untrusted application from running" in Mac