序:
给Shiro加入验证码,有多种方式,当然你也可以通过继承修改FormAuthenticationFilter类,通过Shiro去验证验证码。
具体实现请百度:
应用Shiro到Web Application(验证码实现)
而今天我要说的,既然使用的SpringMVC,为什么不直接在Controller中就处理验证码验证,让事情变的更简单一点呢?
一、新建ValidateCode.java验证码工具类
package org.shiro.demo.util; import java.util.Random; import java.awt.image.BufferedImage; import java.awt.Graphics; import java.awt.Font; import java.awt.Color; /** * 验证码生成器类,可生成数字、大写、小写字母及三者混合类型的验证码。 支持自定义验证码字符数量; 支持自定义验证码图片的大小; 支持自定义需排除的特殊字符; * 支持自定义干扰线的数量; 支持自定义验证码图文颜色 */ public class ValidateCode { /** * 验证码类型为仅数字 0~9 */ public static final int TYPE_NUM_ONLY = 0; /** * 验证码类型为仅字母,即大写、小写字母混合 */ public static final int TYPE_LETTER_ONLY = 1; /** * 验证码类型为数字、大写字母、小写字母混合 */ public static final int TYPE_ALL_MIXED = 2; /** * 验证码类型为数字、大写字母混合 */ public static final int TYPE_NUM_UPPER = 3; /** * 验证码类型为数字、小写字母混合 */ public static final int TYPE_NUM_LOWER = 4; /** * 验证码类型为仅大写字母 */ public static final int TYPE_UPPER_ONLY = 5; /** * 验证码类型为仅小写字母 */ public static final int TYPE_LOWER_ONLY = 6; private ValidateCode() { } /** * 生成验证码字符串 * * @param type * 验证码类型,参见本类的静态属性 * @param length * 验证码长度,大于0的整数 * @param exChars * 需排除的特殊字符(仅对数字、字母混合型验证码有效,无需排除则为null) * @return 验证码字符串 */ public static String generateTextCode(int type, int length, String exChars) { if (length <= 0) return ""; StringBuffer code = new StringBuffer(); int i = 0; Random r = new Random(); switch (type) { // 仅数字 case TYPE_NUM_ONLY: while (i < length) { int t = r.nextInt(10); if (exChars == null || exChars.indexOf(t + "") < 0) {// 排除特殊字符 code.append(t); i++; } } break; // 仅字母(即大写字母、小写字母混合) case TYPE_LETTER_ONLY: while (i < length) { int t = r.nextInt(123); if ((t >= 97 || (t >= 65 && t <= 90)) && (exChars == null || exChars.indexOf((char) t) < 0)) { code.append((char) t); i++; } } break; // 数字、大写字母、小写字母混合 case TYPE_ALL_MIXED: while (i < length) { int t = r.nextInt(123); if ((t >= 97 || (t >= 65 && t <= 90) || (t >= 48 && t <= 57)) && (exChars == null || exChars.indexOf((char) t) < 0)) { code.append((char) t); i++; } } break; // 数字、大写字母混合 case TYPE_NUM_UPPER: while (i < length) { int t = r.nextInt(91); if ((t >= 65 || (t >= 48 && t <= 57)) && (exChars == null || exChars.indexOf((char) t) < 0)) { code.append((char) t); i++; } } break; // 数字、小写字母混合 case TYPE_NUM_LOWER: while (i < length) { int t = r.nextInt(123); if ((t >= 97 || (t >= 48 && t <= 57)) && (exChars == null || exChars.indexOf((char) t) < 0)) { code.append((char) t); i++; } } break; // 仅大写字母 case TYPE_UPPER_ONLY: while (i < length) { int t = r.nextInt(91); if ((t >= 65) && (exChars == null || exChars.indexOf((char) t) < 0)) { code.append((char) t); i++; } } break; // 仅小写字母 case TYPE_LOWER_ONLY: while (i < length) { int t = r.nextInt(123); if ((t >= 97) && (exChars == null || exChars.indexOf((char) t) < 0)) { code.append((char) t); i++; } } break; } return code.toString(); } /** * 已有验证码,生成验证码图片 * * @param textCode * 文本验证码 * @param width * 图片宽度 * @param height * 图片高度 * @param interLine * 图片中干扰线的条数 * @param randomLocation * 每个字符的高低位置是否随机 * @param backColor * 图片颜色,若为null,则采用随机颜色 * @param foreColor * 字体颜色,若为null,则采用随机颜色 * @param lineColor * 干扰线颜色,若为null,则采用随机颜色 * @return 图片缓存对象 */ public static BufferedImage generateImageCode(String textCode, int width, int height, int interLine, boolean randomLocation, Color backColor, Color foreColor, Color lineColor) { BufferedImage bim = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics g = bim.getGraphics(); // 画背景图 g.setColor(backColor == null ? getRandomColor() : backColor); g.fillRect(0, 0, width, height); // 画干扰线 Random r = new Random(); if (interLine > 0) { int x = 0, y = 0, x1 = width, y1 = 0; for (int i = 0; i < interLine; i++) { g.setColor(lineColor == null ? getRandomColor() : lineColor); y = r.nextInt(height); y1 = r.nextInt(height); g.drawLine(x, y, x1, y1); } } // 写验证码 // g.setColor(getRandomColor()); // g.setColor(isSimpleColor?Color.BLACK:Color.WHITE); // 字体大小为图片高度的80% int fsize = (int) (height * 0.8); int fx = height - fsize; int fy = fsize; g.setFont(new Font("Default", Font.PLAIN, fsize)); // 写验证码字符 for (int i = 0; i < textCode.length(); i++) { fy = randomLocation ? (int) ((Math.random() * 0.3 + 0.6) * height) : fy;// 每个字符高低是否随机 g.setColor(foreColor == null ? getRandomColor() : foreColor); g.drawString(textCode.charAt(i) + "", fx, fy); fx += fsize * 0.9; } g.dispose(); return bim; } /** * 生成图片验证码 * * @param type * 验证码类型,参见本类的静态属性 * @param length * 验证码字符长度,大于0的整数 * @param exChars * 需排除的特殊字符 * @param width * 图片宽度 * @param height * 图片高度 * @param interLine * 图片中干扰线的条数 * @param randomLocation * 每个字符的高低位置是否随机 * @param backColor * 图片颜色,若为null,则采用随机颜色 * @param foreColor * 字体颜色,若为null,则采用随机颜色 * @param lineColor * 干扰线颜色,若为null,则采用随机颜色 * @return 图片缓存对象 */ public static BufferedImage generateImageCode(int type, int length, String exChars, int width, int height, int interLine, boolean randomLocation, Color backColor, Color foreColor, Color lineColor) { String textCode = generateTextCode(type, length, exChars); BufferedImage bim = generateImageCode(textCode, width, height, interLine, randomLocation, backColor, foreColor, lineColor); return bim; } /** * 产生随机颜色 * * @return */ private static Color getRandomColor() { Random r = new Random(); Color c = new Color(r.nextInt(255), r.nextInt(255), r.nextInt(255)); return c; } }
二、修改UserController.java的实现
package org.shiro.demo.controller; import java.awt.Color; import java.awt.image.BufferedImage; import java.io.IOException; import javax.imageio.ImageIO; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.util.WebUtils; import org.shiro.demo.entity.User; import org.shiro.demo.util.ValidateCode; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controller public class LoginController { @RequestMapping(value = "/login" ,method=RequestMethod.POST,produces={"application/json;charset=UTF-8"}) public String login(User currUser,HttpSession session, HttpServletRequest request){ String code = (String) session.getAttribute("validateCode"); String submitCode = WebUtils.getCleanParam(request, "validateCode"); if (StringUtils.isEmpty(submitCode) || !StringUtils.equals(code,submitCode.toLowerCase())) { return "redirect:/"; } Subject user = SecurityUtils.getSubject(); UsernamePasswordToken token = new UsernamePasswordToken(currUser.getAccount(),currUser.getPassword()); token.setRememberMe(true); try { user.login(token); return "/system/main"; }catch (AuthenticationException e) { token.clear(); return "redirect:/"; } } /** * 生成验证码 * @param request * @param response * @throws IOException */ @RequestMapping(value = "/validateCode") public void validateCode(HttpServletRequest request, HttpServletResponse response) throws IOException { response.setHeader("Cache-Control", "no-cache"); String verifyCode = ValidateCode.generateTextCode(ValidateCode.TYPE_NUM_ONLY, 4, null); request.getSession().setAttribute("validateCode", verifyCode); response.setContentType("image/jpeg"); BufferedImage bim = ValidateCode.generateImageCode(verifyCode, 90, 30, 3, true, Color.WHITE, Color.BLACK, null); ImageIO.write(bim, "JPEG", response.getOutputStream()); } }
三、修改login.jsp
<%@ page language="java" pageEncoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>shirodemo login page</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <script type="text/javascript" src='<c:url value="/resources/js/jquery-1.6.3.min.js"/>'></script> <script type="text/javascript"> <!-- function reloadValidateCode(){ $("#validateCodeImg").attr("src","<%=basePath%>/validateCode?data=" + new Date() + Math.floor(Math.random()*24)); } //--> </script> </head> <body> <form action="<%=basePath%>/login" method="post"> <ul> <li>姓 名:<input type="text" name="account" /> </li> <li>密 码:<input type="text" name="password" /> </li> <li>验证码:<input type="text" name="validateCode" /> <img id="validateCodeImg" src="<%=basePath%>/validateCode" /> <a href="#" onclick="javascript:reloadValidateCode();">看不清?</a></li> <li><input type="submit" value="确认" /> </li> </ul> </form> </body> </html>
至此,就给你的登陆页面加上验证码了。访问你的login.jsp试试?