参考地址:https://blog.csdn.net/attackmind/article/details/52052502
参考地址:https://blog.csdn.net/jadyer/article/details/46916169
增加UsernamePasswordCaptchaCredential类继承UsernamePasswordCredential。
import org.jasig.cas.authentication.UsernamePasswordCredential;
/**
* 自定义的接收登录验证码的实体类
*/
public class UsernamePasswordCaptchaCredential extends UsernamePasswordCredential{
private static final long serialVersionUID = 7042484120233254159L;
private String captcha;
public String getCaptcha() {
return captcha;
}
public void setCaptcha(String captcha) {
this.captcha = captcha;
}
}
增加AuthenticationViaCaptchaFormAction类继承AuthenticationViaFormAction
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.web.flow.AuthenticationViaFormAction;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.RequestContext;
/**
* 用户名密码非空验证,验证码效验Action
*/
public class AuthenticationViaCaptchaFormAction extends AuthenticationViaFormAction {
public final String validateCaptcha(final RequestContext context, final Credential credential, final MessageContext messageContext){
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
HttpSession session = request.getSession();
String rand = (String)session.getAttribute("rand");
session.removeAttribute("rand");
UsernamePasswordCaptchaCredential upc = (UsernamePasswordCaptchaCredential)credential;
String captcha = upc.getCaptcha();
System.out.println("获取Session验证码-->" + rand);
System.out.println("获取表单输入验证码-->" + captcha);
if(!StringUtils.hasText(rand) || !StringUtils.hasText(captcha)){
messageContext.addMessage(new MessageBuilder().error().code("required.captcha").build());
return "error";
}
if(captcha.equals(rand)){
return "success";
}
//这段网上这么写的messageContext.addMessage(new MessageBuilder().code("required.captcha").build());
//实际上这么写是org.springframework.binding.message.INFO级别的,这会导致前台表单无法显示这里的错误信息
messageContext.addMessage(new MessageBuilder().error().code("error.authentication.captcha.bad").build());
return "error";
}
}
修改login-webflow.xml文件
第27行修改原来的验证类
<!-- 新加的用于接收前台表单验证码字段captcha的JavaBean -->
<var name="credential" class="com.cas.UsernamePasswordCaptchaCredential"/>
修改88至102行内
<view-state id="viewLoginForm" view="casLoginView" model="credential">
<binder>
<binding property="username" required="true"/>
<binding property="password" required="true"/>
<!-- 前台添加表单添加验证码字段captcha -->
<binding property="captcha" required="true"/>
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credential'"/>
<!--
<evaluate expression="samlMetadataUIParserAction" />
-->
</on-entry>
<transition on="submit" bind="true" validate="true" to="authcodeValidate"/>
</view-state>
<!-- AuthenticationViaCaptchaFormAction类中重写validateCaptcha方法 -->
<action-state id="authcodeValidate">
<evaluate expression="authenticationViaFormAction.validateCaptcha(flowRequestContext, flowScope.credential, messageContext)" />
<transition on="error" to="generateLoginTicket" />
<transition on="success" to="realSubmit" />
</action-state>
修改cas-server.xml文件
修改第305行的class
<bean id="authenticationViaFormAction" class="com.cas.AuthenticationViaCaptchaFormAction"
p:centralAuthenticationService-ref="centralAuthenticationService"
p:warnCookieGenerator-ref="warnCookieGenerator"/>