spring security2.x 登陆验证码

CodeFilter过滤器：

public class CodeFilter extends HttpServlet implements Filter {

	private static final long serialVersionUID = 1L;

	/* (non-Javadoc)
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain filterChain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		String code = request.getParameter("j_code");
		String codes = request.getSession().getAttribute("rand").toString();
		if (!"".equals(codes) && codes != null) {
			if (code.equalsIgnoreCase(codes)) {
				request.getSession().removeAttribute("rand");
				filterChain.doFilter(request, response);
			} else {
				response.sendRedirect("ceshi/login.jsp?error=true");
			}
		} else {
			response.sendRedirect("ceshi/login.jsp?error=true");
		}
	}

	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub

	}

}

 

修改web.xml

<!-- 验证码过滤 -->
	<filter>
		<filter-name>CodeFilter</filter-name>
		<filter-class>
			com.zh.dl.security.code.CodeFilter
		</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>CodeFilter</filter-name>
		<url-pattern>/j_spring_security_check</url-pattern>
	</filter-mapping>



	<!-- spring Security 过滤器 -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

注意：验证码的过滤器必须放在springSecurityFilterChain过滤器之前