sourceforge-releasesSourceforgeReleaseshttps://oss.sonatype.org/content/repositories/sourceforge-releasescom.octo.cap" />

亚洲免费在线-亚洲免费在线播放-亚洲免费在线观看-亚洲免费在线观看视频-亚洲免费在线看-亚洲免费在线视频

How to Integrate JCaptcha in Spring Security

系統 1735 0

The repository for JCaptcha is this one:

      
        <
      
      
        repository
      
      
        >
      
      
        <
      
      
        id
      
      
        >
      
      sourceforge-releases
      
        </
      
      
        id
      
      
        >
      
      
        <
      
      
        name
      
      
        >
      
      Sourceforge Releases
      
        </
      
      
        name
      
      
        >
      
      
        <
      
      
        url
      
      
        >
      
      https://oss.sonatype.org/content/repositories/sourceforge-releases
      
        </
      
      
        url
      
      
        >
      
      
        </
      
      
        repository
      
      
        >
      
      
        <
      
      
        dependency
      
      
        >
      
      
        <
      
      
        groupId
      
      
        >
      
      com.octo.captcha
      
        </
      
      
        groupId
      
      
        >
      
      
        <
      
      
        artifactId
      
      
        >
      
      jcaptcha-integration-simple-servlet
      
        </
      
      
        artifactId
      
      
        >
      
      
        <
      
      
        version
      
      
        >
      
      2.0-alpha-1
      
        </
      
      
        version
      
      
        >
      
      
        </
      
      
        dependency
      
      
        >
      
    

Here are some configuration I made in .xml files:

web.xml

      
        <
      
      
        context-param
      
      
        >
      
      
        <
      
      
        param-name
      
      
        >
      
      contextConfigLocation
      
        </
      
      
        param-name
      
      
        >
      
      
        <
      
      
        param-value
      
      
        >
      
      
        

        /WEB-INF/applicationContext.xml

        /WEB-INF/spring/spring-security.xml

    
      
      
        </
      
      
        param-value
      
      
        >
      
      
        </
      
      
        context-param
      
      
        >
      
      
        <
      
      
        listener
      
      
        >
      
      
        <
      
      
        listener-class
      
      
        >
      
      org.springframework.security.web.session.HttpSessionEventPublisher
      
        </
      
      
        listener-class
      
      
        >
      
      
        </
      
      
        listener
      
      
        >
      
      
        <
      
      
        filter
      
      
        >
      
      
        <
      
      
        filter-name
      
      
        >
      
      springSecurityFilterChain
      
        </
      
      
        filter-name
      
      
        >
      
      
        <
      
      
        filter-class
      
      
        >
      
      org.springframework.web.filter.DelegatingFilterProxy
      
        </
      
      
        filter-class
      
      
        >
      
      
        </
      
      
        filter
      
      
        >
      
      
        <
      
      
        filter-mapping
      
      
        >
      
      
        <
      
      
        filter-name
      
      
        >
      
      springSecurityFilterChain
      
        </
      
      
        filter-name
      
      
        >
      
      
        <
      
      
        url-pattern
      
      
        >
      
      /*
      
        </
      
      
        url-pattern
      
      
        >
      
      
        <
      
      
        dispatcher
      
      
        >
      
      FORWARD
      
        </
      
      
        dispatcher
      
      
        >
      
      
        <
      
      
        dispatcher
      
      
        >
      
      REQUEST
      
        </
      
      
        dispatcher
      
      
        >
      
      
        </
      
      
        filter-mapping
      
      
        >
      
      
        <
      
      
        servlet
      
      
        >
      
      
        <
      
      
        servlet-name
      
      
        >
      
      jcaptcha
      
        </
      
      
        servlet-name
      
      
        >
      
      
        <
      
      
        servlet-class
      
      
        >
      
      com.octo.captcha.module.servlet.image.SimpleImageCaptchaServlet
      
        </
      
      
        servlet-class
      
      
        >
      
      
        </
      
      
        servlet
      
      
        >
      
      
        <
      
      
        servlet-mapping
      
      
        >
      
      
        <
      
      
        servlet-name
      
      
        >
      
      jcaptcha
      
        </
      
      
        servlet-name
      
      
        >
      
      
        <
      
      
        url-pattern
      
      
        >
      
      /jcaptcha.jpg
      
        </
      
      
        url-pattern
      
      
        >
      
      
        </
      
      
        servlet-mapping
      
      
        >
      
    

spring-security.xml

      
        <
      
      
        http 
      
      
        auto-config
      
      
        ="true"
      
      
         use-expressions
      
      
        ="true"
      
      
        >
      
      
        <
      
      
        intercept-url 
      
      
        pattern
      
      
        ="/resources/**"
      
      
         access
      
      
        ="permitAll()"
      
      
        />
      
      
        <
      
      
        intercept-url 
      
      
        pattern
      
      
        ="/jcaptcha.jpg"
      
      
         access
      
      
        ="permitAll()"
      
      
        />
      
      
        <
      
      
        intercept-url 
      
      
        pattern
      
      
        ="/**"
      
      
         access
      
      
        ="isAuthenticated()"
      
      
        />
      
      
        <
      
      
        form-login 
      
      
        login-page
      
      
        ="/session/login/"
      
      
         default-target-url
      
      
        ="/"
      
      
        

                authentication-failure-url
      
      
        ="/session/loginfailed/"
      
      
        />
      
      
        <
      
      
        logout 
      
      
        logout-success-url
      
      
        ="/session/logout/"
      
      
        />
      
      
        <
      
      
        access-denied-handler 
      
      
        error-page
      
      
        ="/session/403/"
      
      
        />
      
      
        <!--
      
      
        JCaptcha Filtering
      
      
        -->
      
      
        <
      
      
        custom-filter 
      
      
        ref
      
      
        ="captchaCaptureFilter"
      
      
         before
      
      
        ="FORM_LOGIN_FILTER"
      
      
        />
      
      
        <!--
      
      
         REMOVED custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/
      
      
        -->
      
      
        <
      
      
        anonymous 
      
      
        />
      
      
        </
      
      
        http
      
      
        >
      
      
        <!--
      
      
         For capturing CAPTCHA fields 
      
      
        -->
      
      
        <
      
      
        beans:bean 
      
      
        id
      
      
        ="captchaCaptureFilter"
      
      
         class
      
      
        ="com.util.CaptchaCaptureFilter"
      
      
        />
      
      
        <!--
      
      
         For verifying CAPTCHA fields 
      
      
        -->
      
      
        <!--
      
      
         Private key is assigned by the JCaptcha service 
      
      
        -->
      
      
        <!--
      
      
         REMOVED beans:bean id="captchaVerifierFilter" class="com.util.CaptchaVerifierFilter"

      p:failureUrl="/session/loginfailed/"

      p:captchaCaptureFilter-ref="captchaCaptureFilter"/
      
      
        -->
      
      
        <
      
      
        beans:property 
      
      
        name
      
      
        ="sessionAuthenticationStrategy"
      
      
         ref
      
      
        ="sas"
      
      
        />
      
      
        <
      
      
        beans:property 
      
      
        name
      
      
        ="authenticationManager"
      
      
         ref
      
      
        ="authenticationManager"
      
      
        />
      
      
        <
      
      
        beans:property 
      
      
        name
      
      
        ="allowSessionCreation"
      
      
         value
      
      
        ="true"
      
      
        />
      
      
        </
      
      
        beans:bean
      
      
        >
      
      
        <
      
      
        beans:bean 
      
      
        id
      
      
        ="sas"
      
      
         class
      
      
        ="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"
      
      
        >
      
      
        <
      
      
        beans:constructor-arg 
      
      
        name
      
      
        ="sessionRegistry"
      
      
         ref
      
      
        ="sessionRegistry"
      
      
        />
      
      
        <
      
      
        beans:property 
      
      
        name
      
      
        ="maximumSessions"
      
      
         value
      
      
        ="1"
      
      
        />
      
      
        </
      
      
        beans:bean
      
      
        >
      
      
        <
      
      
        beans:bean 
      
      
        id
      
      
        ="sessionRegistry"
      
      
         class
      
      
        ="org.springframework.security.core.session.SessionRegistryImpl"
      
      
        />
      
      
        <
      
      
        beans:bean 
      
      
        id
      
      
        ="userService"
      
      
         class
      
      
        ="com.service.mybatis.UserManager"
      
      
        />
      
      
        <
      
      
        beans:bean 
      
      
        id
      
      
        ="customAuthenticationProvider"
      
      
         class
      
      
        ="com.util.MyAuthenticationProvider"
      
      
         p:captchaCaptureFilter-ref
      
      
        ="captchaCaptureFilter"
      
      
        />
      
      
        <
      
      
        authentication-manager 
      
      
        alias
      
      
        ="authenticationManager"
      
      
        >
      
      
        <
      
      
        authentication-provider 
      
      
        ref
      
      
        ="customAuthenticationProvider"
      
      
        />
      
      
        </
      
      
        authentication-manager
      
      
        >
      
      
        <
      
      
        beans:bean 
      
      
        id
      
      
        ="accessDeniedHandler"
      
      
         class
      
      
        ="com.util.ThouShaltNoPass"
      
      
        >
      
      
        <
      
      
        beans:property 
      
      
        name
      
      
        ="accessDeniedURL"
      
      
         value
      
      
        ="/session/403/"
      
      
        />
      
      
        </
      
      
        beans:bean
      
      
        >
      
    

And these are the java classes:

MyAuthenticationProvider.java

      
        public
      
      
        class
      
       MyAuthenticationProvider 
      
        implements
      
      
         AuthenticationProvider {



@Autowired


      
      
        private
      
      
         UserService userService;


      
      
        private
      
       Logger logger = LoggerFactory.getLogger(ArtajasaAuthenticationProvider.
      
        class
      
      
        );


      
      
        private
      
      
         CaptchaCaptureFilter captchaCaptureFilter;



@Override


      
      
        public
      
       Authentication authenticate(Authentication authentication) 
      
        throws
      
      
         AuthenticationException {

    String username 
      
      =
      
         String.valueOf(authentication.getPrincipal());

    String password 
      
      =
      
         String.valueOf(authentication.getCredentials());

    logger.debug(
      
      "Checking authentication for user {}"
      
        , username);

    logger.debug(
      
      "userResponse: {}"
      
        , captchaCaptureFilter.getUserCaptchaResponse());

    
      
      
        if
      
      
         (StringUtils.isBlank(username)

            
      
      ||
      
         StringUtils.isBlank(password)) {

        
      
      
        throw
      
      
        new
      
       BadCredentialsException("No Username and/or Password Provided."
      
        );

    }

    
      
      
        else
      
      
        if
      
      
        (StringUtils.isBlank(captchaCaptureFilter.getUserCaptchaResponse())) {

        
      
      
        throw
      
      
        new
      
       BadCredentialsException("Captcha Response is Empty"
      
        );

    }

    
      
      
        else
      
      
         {

        
      
      
        //
      
      
         Send HTTP request to validate user's Captcha
      
      
        boolean
      
       captchaPassed =
      
         SimpleImageCaptchaServlet.validateResponse(captchaCaptureFilter.getRequest(), captchaCaptureFilter.getUserCaptchaResponse());



        
      
      
        //
      
      
         Check if valid
      
      
        if
      
      
         (captchaPassed) {

            logger.debug(
      
      "Captcha is valid!"
      
        );

            resetCaptchaFields();



            Pengguna user 
      
      =
      
         userService.select(username);

            
      
      
        if
      
       (user == 
      
        null
      
      
        ) {

                
      
      
        throw
      
      
        new
      
       BadCredentialsException("Invalid Username and/or Password."
      
        );

            }

            
      
      
        if
      
       (user.getPassword().equals(
      
        new
      
      
         PasswordUtil().generateHash(password, user.getSalt()))) {

                List
      
      <GrantedAuthority> authorityList = (List<GrantedAuthority>
      
        ) userService.getAuthorities(user);

                
      
      
        return
      
      
        new
      
      
         UsernamePasswordAuthenticationToken(username, password, authorityList);

            }

            
      
      
        else
      
      
         {

                
      
      
        throw
      
      
        new
      
       BadCredentialsException("Invalid Username and/or Password."
      
        );

            }

        }

        
      
      
        else
      
      
         {

            logger.debug(
      
      "Captcha is invalid!"
      
        );

            resetCaptchaFields();



            
      
      
        throw
      
      
        new
      
       BadCredentialsException("Invalid Captcha."
      
        );

        }

    }

}



@Override


      
      
        public
      
      
        boolean
      
       supports(Class<?>
      
         authentication) {

    
      
      
        return
      
       (UsernamePasswordAuthenticationToken.
      
        class
      
      
        .isAssignableFrom(authentication));

}




      
      
        /**
      
      
        

 * Reset Captcha fields

 
      
      
        */
      
      
        public
      
      
        void
      
      
         resetCaptchaFields() {

    captchaCaptureFilter.setUserCaptchaResponse(
      
      
        null
      
      
        );

}




      
      
        public
      
      
         CaptchaCaptureFilter getCaptchaCaptureFilter() {

    
      
      
        return
      
      
         captchaCaptureFilter;

}




      
      
        public
      
      
        void
      
      
         setCaptchaCaptureFilter(CaptchaCaptureFilter captchaCaptureFilter) {

    
      
      
        this
      
      .captchaCaptureFilter =
      
         captchaCaptureFilter;

}

}
      
    

CaptchaCaptureFilter.java

      
        public
      
      
        class
      
       CaptchaCaptureFilter 
      
        extends
      
      
         OncePerRequestFilter {




      
      
        private
      
       Logger logger = Logger.getLogger(CaptchaCaptureFilter.
      
        class
      
      
        );


      
      
        private
      
      
         String userCaptchaResponse;


      
      
        private
      
      
         HttpServletRequest request;



@Override


      
      
        public
      
      
        void
      
      
         doFilterInternal(HttpServletRequest req, HttpServletResponse res,

                             FilterChain chain) 
      
      
        throws
      
      
         IOException, ServletException {



    logger.debug(
      
      "Captcha capture filter"
      
        );



    
      
      
        //
      
      
         Assign values only when user has submitted a Captcha value.

    
      
      
        //
      
      
         Without this condition the values will be reset due to redirection

    
      
      
        //
      
      
         and CaptchaVerifierFilter will enter an infinite loop
      
      
        if
      
       (req.getParameter("jcaptcha") != 
      
        null
      
      
        ) {

        request 
      
      =
      
         req;

        userCaptchaResponse 
      
      = req.getParameter("jcaptcha"
      
        );

    }



    logger.debug(
      
      "userResponse: " +
      
         userCaptchaResponse);



    
      
      
        //
      
      
         Proceed with the remaining filters
      
      
            chain.doFilter(req, res);

}




      
      
        public
      
      
         String getUserCaptchaResponse() {

    
      
      
        return
      
      
         userCaptchaResponse;

}




      
      
        public
      
      
        void
      
      
         setUserCaptchaResponse(String userCaptchaResponse) {

    
      
      
        this
      
      .userCaptchaResponse =
      
         userCaptchaResponse;

}




      
      
        public
      
      
         HttpServletRequest getRequest() {

    
      
      
        return
      
      
         request;

}




      
      
        public
      
      
        void
      
      
         setRequest(HttpServletRequest request) {

    
      
      
        this
      
      .request =
      
         request;

}

}
      
    

Last but not least, login.jsp

      
        <%
      
      
        @ taglib prefix
      
      
        =
      
      
        '
      
      
        c' uri='http://java.sun.com/jstl/core_rt' %>
      
      
        <
      
      
        form id
      
      
        =
      
      
        "
      
      
        login
      
      
        "
      
      
         name
      
      
        =
      
      
        "
      
      
        f
      
      
        "
      
      
         action
      
      
        =
      
      
        "
      
      
        <c:url value='/j_spring_security_check'/>
      
      
        "
      
      
         method
      
      
        =
      
      
        "
      
      
        POST
      
      
        "
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        container
      
      
        "
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        content
      
      
        "
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        row
      
      
        "
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        login-form
      
      
        "
      
      
        >
      
      
        <
      
      
        h3
      
      
        >
      
      
        Login
      
      
        </
      
      
        h3
      
      
        >
      
      
        <
      
      
        br 
      
      
        />
      
      
        <
      
      
        fieldset
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        clearfix
      
      
        "
      
      
        >
      
      
        

                            username: ecr

                            
      
      
        <
      
      
        input type
      
      
        =
      
      
        "
      
      
        text
      
      
        "
      
      
         name
      
      
        =
      
      
        '
      
      
        j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>' placeholder="username@artajasa.co.id">
      
      
        </
      
      
        div
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        clearfix
      
      
        "
      
      
        >
      
      
        

                           password: ecr123

                           
      
      
        <
      
      
        input type
      
      
        =
      
      
        "
      
      
        password
      
      
        "
      
      
         name
      
      
        =
      
      
        '
      
      
        j_password' placeholder="password">
      
      
        </
      
      
        div
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        clearfix
      
      
        "
      
      
        >
      
      
        <
      
      
        img src
      
      
        =
      
      
        "
      
      
        ../../jcaptcha.jpg
      
      
        "
      
      
        />
      
      
        <
      
      
        br 
      
      
        />
      
      
        <
      
      
        input type
      
      
        =
      
      
        "
      
      
        text
      
      
        "
      
      
         name
      
      
        =
      
      
        "
      
      
        jcaptcha
      
      
        "
      
      
         placeholder
      
      
        =
      
      
        "
      
      
        masukkan captcha
      
      
        "
      
      
        />
      
      
        </
      
      
        div
      
      
        >
      
      
        <
      
      
        br 
      
      
        />
      
      
        <
      
      
        button class
      
      
        =
      
      
        "
      
      
        btn btn-primary
      
      
        "
      
      
         type
      
      
        =
      
      
        "
      
      
        submit
      
      
        "
      
      
        ><
      
      
        i class
      
      
        =
      
      
        "
      
      
        icon-lock
      
      
        "
      
      
        ></
      
      
        i
      
      
        >
      
      
         Sign in
      
      
        </
      
      
        button
      
      
        >
      
      
        </
      
      
        fieldset
      
      
        >
      
      
        </
      
      
        div
      
      
        >
      
      
        </
      
      
        div
      
      
        >
      
      
        </
      
      
        div
      
      
        >
      
      
        <
      
      
        br 
      
      
        />
      
      
        <
      
      
        c:
      
      
        if
      
      
         test
      
      
        =
      
      
        "
      
      
        ${not empty error}
      
      
        "
      
      
        >
      
      
        <
      
      
        div class
      
      
        =
      
      
        "
      
      
        alert alert-error
      
      
        "
      
      
        >
      
      
        <
      
      
        button type
      
      
        =
      
      
        "
      
      
        button
      
      
        "
      
      
         class
      
      
        =
      
      
        "
      
      
        close
      
      
        "
      
      
         data
      
      
        -
      
      
        dismiss
      
      
        =
      
      
        "
      
      
        alert
      
      
        "
      
      
        ><
      
      
        i class
      
      
        =
      
      
        "
      
      
        icon-remove
      
      
        "
      
      
        ></
      
      
        i
      
      
        ></
      
      
        button
      
      
        >
      
      
        

            Login Failed, try again.
      
      
        <
      
      
        br 
      
      
        />
      
      
        <
      
      
        c:out value
      
      
        =
      
      
        "
      
      
        ${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
      
      
        "
      
      
        />
      
      
        </
      
      
        div
      
      
        >
      
      
        </
      
      
        c:
      
      
        if
      
      
        >
      
      
        </
      
      
        div
      
      
        >
      
    

done!

How to Integrate JCaptcha in Spring Security


更多文章、技術交流、商務合作、聯系博主

微信掃碼或搜索:z360901061

微信掃一掃加我為好友

QQ號聯系: 360901061

您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。

【本文對您有幫助就好】

您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描上面二維碼支持博主2元、5元、10元、自定義金額等您想捐的金額吧,站長會非常 感謝您的哦!!!

發表我的評論
最新評論 總共0條評論
主站蜘蛛池模板: 日韩精品中文字幕在线观看 | 国产欧美日韩网站 | 欧美一区日韩一区中文字幕页 | 欧洲精品在线观看 | 一级特黄aa毛片免费观看 | 国产视频第二页 | 特级特黄一级乱仑 | 日韩精品一区二区三区在线观看l | 国产日韩欧美中文字幕 | 亚洲国产精品久久 | 成人毛片免费免费 | 性夜黄a爽爽免费视频国产 性夜影院爽黄a爽免费看网站 | 成年女人视频播放免费观看 | 毛茸茸的浓密在线视频 | 亚洲综合亚洲综合网成人 | 亚洲香蕉毛片久久网站老妇人 | 国产成人精品高清在线 | 精品无人区乱码一区二区 | 97最新| 久久久久久久国产视频 | 琪琪色在线视频 | 337p欧美超大胆日本人术艺术 | 久久久久毛片免费观看 | 久久综合久久久久 | 亚洲成人在线播放视频 | 日本综合久久 | 女人18特级一级毛片免费视频 | 午夜影院一区二区三区 | 中文字幕免费在线观看 | 国产精品美女 | 国产精品香蕉在线观看首页 | 欧美午夜在线 | 日本xoxo| 在线一区播放 | 欧美一二三区 | 搡女人视频免费 | 免费精品美女久久久久久久久久 | 亚洲综合国产一区在线 | 国产成+人+综合+欧美 亚洲 | 麻豆国产高清精品国在线 | 曰本一级毛片免费播放 |