改造CAS单点登录 --- 验证码
来源:互联网 发布:淘宝哪家店羊绒布料好 编辑:程序博客网 时间:2024/05/16 23:43
至于CAS原理问题这就不多介绍了,想了解的可以参考:
http://blog.chinaunix.net/uid-22816738-id-3525939.html
1.添加支持验证码jar包
在cas-server-core的pom.xml添加
<dependency> <groupId>com.google.code.kaptcha</groupId> <artifactId>kaptcha</artifactId> <version>2.3</version> <classifier>jdk15</classifier> </dependency>
2.web.xml添加验证码映射
<servlet><servlet-name>Kaptcha</servlet-name><servlet-class>com.google.code.kaptcha.servlet.KaptchaServlet</servlet-class><init-param><param-name>kaptcha.border</param-name><param-value>no</param-value></init-param><init-param><param-name>kaptcha.textproducer.char.space</param-name><param-value>5</param-value></init-param><init-param><param-name>kaptcha.textproducer.char.length</param-name><param-value>5</param-value></init-param></servlet><servlet-mapping><servlet-name>Kaptcha</servlet-name><url-pattern>/captcha.jpg</url-pattern></servlet-mapping>
3.UsernamePasswordCredentials增加验证码属性
/** The authcode. */ @NotNull @Size(min=1, message = "required.authcode") private String authcode; public String getAuthcode() {return authcode;}public void setAuthcode(String authcode) {this.authcode = authcode;}/** * @return Returns the password. */ public final String getPassword() { return this.password; }
@Override public boolean equals(final Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; UsernamePasswordCredentials that = (UsernamePasswordCredentials) o; if (password != null ? !password.equals(that.password) : that.password != null) return false; if (username != null ? !username.equals(that.username) : that.username != null) return false; if (authcode != null ? !authcode.equals(that.authcode) : that.authcode != null) return false; return true; } @Override public int hashCode() { int result = username != null ? username.hashCode() : 0; result = 31 * result + (password != null ? password.hashCode() : 0); result = 31 * result + (authcode != null ? authcode.hashCode() : 0); return result; }
4.AuthenticationViaFormAction增加验证方法
public final String validatorCode(final RequestContext context, final Credentials credentials, final MessageContext messageContext) throws Exception { final HttpServletRequest request = WebUtils.getHttpServletRequest(context); HttpSession session = request.getSession(); String authcode = (String)session.getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);session.removeAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY); UsernamePasswordCredentials upc = (UsernamePasswordCredentials)credentials;String submitAuthcode =upc.getAuthcode(); if(!StringUtils.hasText(submitAuthcode) || !StringUtils.hasText(authcode)){ populateErrorsInstance(new NullAuthcodeAuthenticationException(),messageContext); return "error"; } if(submitAuthcode.equals(authcode)){ return "success"; } populateErrorsInstance(new BadAuthcodeAuthenticationException(),messageContext); return "error"; }
NullAuthcodeAuthenticationException 、BadAuthcodeAuthenticationException为定义的异常类,取得异常编码
/* * Licensed to Jasig under one or more contributor license * agreements. See the NOTICE file distributed with this work * for additional information regarding copyright ownership. * Jasig licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a * copy of the License at the following location: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */package org.jasig.cas.authentication.handler;import org.jasig.cas.ticket.TicketException;/** * The exception to throw when we know the authcode is null * * @author Scott Battaglia * @version $Revision$ $Date$ * @since 3.0 */public class NullAuthcodeAuthenticationException extends TicketException {/** Serializable ID for unique id. */ private static final long serialVersionUID = 5501212207531289993L; /** Code description. */ public static final String CODE = "required.authcode"; /** * Constructs a TicketCreationException with the default exception code. */ public NullAuthcodeAuthenticationException() { super(CODE); } /** * Constructs a TicketCreationException with the default exception code and * the original exception that was thrown. * * @param throwable the chained exception */ public NullAuthcodeAuthenticationException(final Throwable throwable) { super(CODE, throwable); }}
/* * Licensed to Jasig under one or more contributor license * agreements. See the NOTICE file distributed with this work * for additional information regarding copyright ownership. * Jasig licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a * copy of the License at the following location: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */package org.jasig.cas.authentication.handler;import org.jasig.cas.ticket.TicketException;/** * The exception to throw when we know the authcoe is not correct * * @author Scott Battaglia * @version $Revision$ $Date$ * @since 3.0 */public class BadAuthcodeAuthenticationException extends TicketException {/** Serializable ID for unique id. */ private static final long serialVersionUID = 5501212207531289993L; /** Code description. */ public static final String CODE = "error.authentication.authcode.bad"; /** * Constructs a TicketCreationException with the default exception code. */ public BadAuthcodeAuthenticationException() { super(CODE); } /** * Constructs a TicketCreationException with the default exception code and * the original exception that was thrown. * * @param throwable the chained exception */ public BadAuthcodeAuthenticationException(final Throwable throwable) { super(CODE, throwable); }}
5.login_webflow.xml 修改登录验证流程
<view-state id="viewLoginForm" view="casLoginView" model="credentials"> <binder> <binding property="username" /> <binding property="password" /> <binding property="authcode" /> </binder> <on-entry> <set name="viewScope.commandName" value="'credentials'" /> </on-entry><transition on="submit" bind="true" validate="true" to="authcodeValidate"> <evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" /> </transition></view-state><action-state id="authcodeValidate"> <evaluate expression="authenticationViaFormAction.validatorCode(flowRequestContext, flowScope.credentials, messageContext)" /> <transition on="error" to="generateLoginTicket" /> <transition on="success" to="realSubmit" /> </action-state>
6.增加国际化显示信息
在messages_zh_CN.properties文件中添加,其他国家语言类似添加
screen.welcome.label.authcode=\u9A8C\u8BC1\u7801:screen.welcome.label.authcode.accesskey=arequired.authcode=\u5FC5\u987B\u5F55\u5165\u9A8C\u8BC1\u7801\u3002error.authentication.authcode.bad=\u9A8C\u8BC1\u7801\u8F93\u5165\u6709\u8BEF\u3002
7.登录页面casLoginView.jsp添加验证码输入框
<div class="row fl-controls-left"> <label for="authcode"><spring:message code="screen.welcome.label.authcode" /></label> <spring:message code="screen.welcome.label.authcode.accesskey" var="authcodeAccessKey" /> <table><tr><td><form:input cssClass="required" cssErrorClass="error" id="authcode" size="10" tabindex="2" path="authcode" accesskey="${authcodeAccessKey}" htmlEscape="true" autocomplete="off" /></td><td align="left" valign="bottom" style="vertical-align: bottom;"> <img alt="<spring:message code="required.authcode" />" onclick="this.src='captcha.jpg?'+Math.random()" width="93" height="30" src="captcha.jpg"> </td></tr></table> </div> <div class="row check"> <input id="warn" name="warn" value="true" tabindex="3" accesskey="<spring:message code="screen.welcome.label.warn.accesskey" />" type="checkbox" /> <label for="warn"><spring:message code="screen.welcome.label.warn" /></label> </div>
ok,完成。启动看一下效果。
0 0
- 改造CAS单点登录 --- 验证码
- [SSO单点登录]CAS 配置验证码
- 改造CAS单点登录 --- 部署测试
- 单点登录(五)cas改造——使用jdbc进行用户验证
- 为CAS单点登录服务器增加验证码功能
- 改造CAS单点登录 --- 自定义登陆页面(客户端)
- 改造CAS单点登录 --- 自定义登陆页面(服务端)
- SSO单点登录系列5:cas单点登录增加验证码功能完整步骤
- SSO单点登录系列5:cas单点登录增加验证码功能完整步骤
- CAS单点登录服务器端验证重写
- cas单点登录改为数据库验证用户
- 基于CAS的单点登录SSO[2]: 改造cas-overlays-template支持MySQL数据库
- 基于CAS的单点登录SSO[3]: 改造cas-overlays-template支持Redis存储Ticket
- CAS单点登录(三)--服务端改造(登录页及登录方式的自定义)
- 单点登录CAS使用记(四):为登录页面加上验证码
- CAS单点登录及数据库验证登录简易小例
- Jeesite单点登录集成Cas另加自定义登录验证
- Jeesite单点登录集成Cas另加自定义登录验证
- ASP.NET MVC4细嚼慢咽---(5)js css文件合并
- CentOS-6.5安装Cmake
- Bash技巧
- 集合求交集问题
- Winform中DataGridView中下拉列表体验不好解决办法
- 改造CAS单点登录 --- 验证码
- 源码推荐(2月8日):iOS集成测试框架--KIF 滚动屏幕时隐藏toolbar
- PHP 正则表达式详解
- vs2010 mfc 如何重写子窗口的OnInitDialog函数
- Java中&&与&,||与|的区别
- cocos2d-x用create_project.py创建项目报错
- Linux上安装JDK1.7与Tomcat7.0
- 小米1的QQ 与电脑上的同时在线
- Linux DMA详解