Spring Security 实现图片验证码登陆（二）

重构图形验证码接口

验证码基本参数可配置

验证码拦截的接口可配置

验证码的生成逻辑

图形验证码基本参数配置

/**
* application.properties配置
* Created by ZhuPengWei on 2017/11/28.
*/
@ConfigurationProperties(prefix = "spring.security")  //读取配置文件中所有以spring.security开头的文件
public class SecurityProperties {
/**
* 浏览器配置
*/
private BrowserProperties browserProperties = new BrowserProperties();

/**
* 校验类型
*/
private ValidateCodeProperties validateCodeProperties = new ValidateCodeProperties();
............
}

/**
* 生成图片配置
* Created by ZhuPengWei on 2017/12/2.
*/
public class ImageCodeProperties {

// 图片长度
private int length = 4;
// 图片宽度
private int weight = 67;
// 图片高度
private int height = 23;
// 图片失效时间
private int expire = 60;
// 图片过滤器 哪些情况下需要验证码
private String url;

}

application.properties

#设置验证码的大小长度 过去时间等等
spring.security.validateCodeProperties.image.length = 5
spring.security.validateCodeProperties.image.weight = 67
spring.security.validateCodeProperties.image.height = 23
spring.security.validateCodeProperties.image.expire = 60
#哪些情况下需要生成图片验证码
spring.security.validateCodeProperties.image.url = /image,/image/*

/**
* OncePerRequestFilter顾名思义，他能够确保在一次请求只通过一次filter，而不需要重复执行
* 实现InitializingBean的目的是在其他参数组装完毕之后去初始化参数的值
* Created by ZhuPengWei on 2017/12/1.
*/
public class ValidationCodeFilter extends OncePerRequestFilter implements InitializingBean {

private AuthenticationFailureHandler authenticationFailureHandler;

private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

private Set<String> urls = new HashSet<String>();

private SecurityProperties securityProperties;
// Spring工具类
private AntPathMatcher pathMatcher = new AntPathMatcher();

@Override
public void afterPropertiesSet() throws ServletException {
super.afterPropertiesSet();
// 覆盖父类的实现
String[] configUrls = StringUtils.split(securityProperties.getValidateCodeProperties().getImage().getUrl(), ",");
for (String url : configUrls) {
urls.add(url);
}
urls.add("/authentication/form");
}
@Override
protected void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain ) throws ServletException, IOException
{
boolean action = false;
for ( String url : urls )
{
if ( pathMatcher.match( url, request.getRequestURI() ) )
{
action = true;
break;
}
}
if ( action && StringUtils.equalsIgnoreCase( "post", request.getMethod() ) )
{
try {
validate( new ServletWebRequest( request ) );
} catch ( ValidateCodeException e ) {
authenticationFailureHandler.onAuthenticationFailure( request, response, e );
/* 不继续执行 */
return;
}
}
/* 继续执行下一步 */
filterChain.doFilter( request, response );
}

}

/**
* security配置
* Created by ZhuPengWei on 2017/11/27.
*/
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
/* 处理密码加密解密逻辑 */
@Bean
public PasswordEncoder passwordEncoder() {
return (new BCryptPasswordEncoder());
}

@Autowired
private SecurityProperties securityProperties;
@Autowired
private SelfDefineAuthenticationFailureHandler selfDefineAuthenticationFailureHandler;
@Autowired
private SelfDefineAuthenticationSuccessHandler selfDefineAuthenticationSuccessHandler;

@Override
protected void configure(HttpSecurity http) throws Exception {
ValidationCodeFilter validationCodeFilter = new ValidationCodeFilter();
/* 设置错误失败处理器 */
validationCodeFilter.setAuthenticationFailureHandler(selfDefineAuthenticationFailureHandler);
/* 注入 */
validationCodeFilter.setSecurityProperties(securityProperties);
/* 初始化方法 */
validationCodeFilter.afterPropertiesSet();

http.addFilterBefore(validationCodeFilter,UsernamePasswordAuthenticationFilter.class).formLogin() /* 表单登陆 */
/* .loginPage("/index_standard.html") // 自定义登陆页面 */
.loginPage("/authentication/require").permitAll().loginProcessingUrl("/authentication/form").successHandler(selfDefineAuthenticationSuccessHandler)
.failureHandler(selfDefineAuthenticationFailureHandler).and().authorizeRequests() /* 请求授权 */
.antMatchers("/index_standard.html",securityProperties.getBrowserProperties().getLoginPage(),"/code/image").permitAll() /* 匹配页面 */
.anyRequest() /* 任何请求 */
.authenticated() /* 都需要认证 */
.and().csrf().disable(); /* 关闭跨站请求攻击 */
}
}

常见的代码开发的一个思想

以增量的方式去适应变化 ：当出现变化的时候，不如说图形验证码的逻辑出现改变了，原来的逻辑不满足了，那么处理的方式不是去修改原来的代码，而是新加了一段代码。

重构这件事情是永无止境的，代码永远可以变得更好