jeecms v5 系统验证码的使用

阅读更多

           在jeecms v5中验证码采用的是jcaptcha实现。具体使用如下：

验证码采用请求servlet方式更新实现。

package com.jeecms.common.captcha;

import java.awt.image.BufferedImage;
import java.io.IOException;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.io.output.ByteArrayOutputStream;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import com.octo.captcha.service.CaptchaServiceException;
import com.octo.captcha.service.image.ImageCaptchaService;




/**
 * 提供验证码图片的Servlet
 */
@SuppressWarnings("serial")
public class JcaptchaServlet extends HttpServlet {
	public static final String CAPTCHA_IMAGE_FORMAT = "jpeg";

	private ImageCaptchaService captchaService;

	@Override
	public void init() throws ServletException {
		WebApplicationContext appCtx = WebApplicationContextUtils
				.getWebApplicationContext(getServletContext());
		captchaService = (ImageCaptchaService) BeanFactoryUtils
				.beanOfTypeIncludingAncestors(appCtx, ImageCaptchaService.class);
	}

	@Override
	protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		byte[] captchaChallengeAsJpeg = null;
		// the output stream to render the captcha image as jpeg into
		ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
		try {
			// get the session id that will identify the generated captcha.
			// the same id must be used to validate the response, the session id
			// is a good candidate!

			String captchaId = request.getSession(true).getId();
			BufferedImage challenge = captchaService.getImageChallengeForID(
					captchaId, request.getLocale());
			// Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
			ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
		} catch (IllegalArgumentException e) {
			response.sendError(HttpServletResponse.SC_NOT_FOUND);
			return;
		} catch (CaptchaServiceException e) {
			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return;
		}
		// catch (JimiException e) {
		// response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
		// return;
		// }

		captchaChallengeAsJpeg = jpegOutputStream.toByteArray();

		// flush it in the response
		response.setHeader("Cache-Control", "no-store");
		response.setHeader("Pragma", "no-cache");
		response.setDateHeader("Expires", 0);
		response.setContentType("image/" + CAPTCHA_IMAGE_FORMAT);

		ServletOutputStream responseOutputStream = response.getOutputStream();
		responseOutputStream.write(captchaChallengeAsJpeg);
		responseOutputStream.flush();
		responseOutputStream.close();
	}
}

 

captcha-context.xml  xml配置如下：

	
	
		
		
		
		
	
	
		
			
				
			
		
	

	
		
			
		
		
			
		
	

			
		
		
			aabbccddeefgghhkkmnnooppqqsstuuvvwxxyyzz
		
	

	
		
			
		
		
			
		
		
			
		
	

	
		
		
			26
		
		
		
			34
		
		
			
				
					Arial
					0
					32
				
			
		
	
	
		
		
			110
		
		
		
			50
		
	

	
		
		
			4
		
		
		
			4
		
		
		
			
		
		
		
			
				
			
		
		
	
		1
		
	
	
		
			
		
	
	
		
			255
		
		
			255
		
		
			255
		
	
	
		
			50
		
		
			50
		
		
			50
		
	

 

web.xml配置如下：

	
		Jcaptcha
		com.jeecms.common.captcha.JcaptchaServlet
	
	
		Jcaptcha
		/captcha.svl
	

 

验证过程如下：

com.jeecms.cms.action.admin.CmsLoginAct

	@RequestMapping(value = "/login.do", method = RequestMethod.POST)
	public String submit(String username, String password, String captcha, String message,
			HttpServletRequest request, HttpServletResponse response,
			ModelMap model) {
		Integer errorRemaining = unifiedUserMng.errorRemaining(username);
		WebErrors errors = validateSubmit(username, password, captcha,
				errorRemaining, request, response);
		if (!errors.hasErrors()) {
			try {
				String ip = RequestUtils.getIpAddr(request);
				Authentication auth = authMng.login(username, password, ip,
						request, response, session);
				// 是否需要在这里加上登录次数的更新？按正常的方式，应该在process里面处理的，不过这里处理也没大问题。
				cmsUserMng.updateLoginInfo(auth.getUid(), ip);
				CmsUser user = cmsUserMng.findById(auth.getUid());
				if (user.getDisabled()) {
					// 如果已经禁用，则退出登录。
					authMng.deleteById(auth.getId());
					session.logout(request, response);
					throw new DisabledException("user disabled");
				}
				cmsLogMng.loginSuccess(request, user, "login.log.loginSuccess");
				removeCookieErrorRemaining(request, response);
				if(user!=null){
					//登录成功返回后台首页
					return "redirect:index.do";
				}else{
					return "redirect:login.do";
				}
			} catch (UsernameNotFoundException e) {
				errors.addErrorString(e.getMessage());
				cmsLogMng.loginFailure(request, "login.log.loginFailure",
						"username=" + username );
			} catch (BadCredentialsException e) {
				errors.addErrorString(e.getMessage());
				cmsLogMng.loginFailure(request, "login.log.loginFailure",
						"username=" + username );
			} catch (DisabledException e) {
				errors.addErrorString(e.getMessage());
				cmsLogMng.loginFailure(request, "login.log.loginFailure",
						"username=" + username );
			}
		}
		// 登录失败
		writeCookieErrorRemaining(errorRemaining, request, response, model);
		errors.toModel(model);
		if (!StringUtils.isBlank(message)) {
			model.addAttribute(MESSAGE, message);
		}
		return "login";
	}