Shiro在web应用中实现验证码功能

来源：互联网发布：时间序列数据聚类分析编辑：程序博客网时间：2024/06/13 18:48

原文参照：http://www.micmiu.com/opensource/security/shiro-web-captcha/

目录结构：

概述
扩展shiro认证
验证码工具
验证码servlet
配置文件修改
修改登录页面
测试验证

[一]、概述

本文简单讲述在web应用整合shiro后，如何实现登录验证码认证的功能。

[二]、扩展shiro的认证

创建验证码异常类：CaptchaException.java

package com.micmiu.modules.support.shiro;import org.apache.shiro.authc.AuthenticationException;/** * * @author &lt;a href="http://www.micmiu.com"&gt;Michael Sun&lt;/a&gt; */public class CaptchaException extends AuthenticationException {private static final long serialVersionUID = 1L;public CaptchaException() {super();}public CaptchaException(String message, Throwable cause) {super(message, cause);}public CaptchaException(String message) {super(message);}public CaptchaException(Throwable cause) {super(cause);}}

packagecom.micmiu.modules.support.shiro;

importorg.apache.shiro.authc.AuthenticationException;

/**

* @author <a href="http://www.micmiu.com">Michael Sun</a>

publicclass CaptchaExceptionextends AuthenticationException{

privatestatic finallong serialVersionUID= 1L;

publicCaptchaException(){

super();

}

publicCaptchaException(Stringmessage,Throwable cause){

super(message,cause);

}

publicCaptchaException(Stringmessage){

super(message);

}

publicCaptchaException(Throwablecause){

super(cause);

}

扩展默认的用户认证的bean为：UsernamePasswordCaptchaToken.java

package com.micmiu.modules.support.shiro;import org.apache.shiro.authc.UsernamePasswordToken;/** * extends UsernamePasswordToken for captcha * * @author &lt;a href="http://www.micmiu.com"&gt;Michael Sun&lt;/a&gt; */public class UsernamePasswordCaptchaToken extends UsernamePasswordToken {private static final long serialVersionUID = 1L;private String captcha;public String getCaptcha() {return captcha;}public void setCaptcha(String captcha) {this.captcha = captcha;}public UsernamePasswordCaptchaToken() {super();}public UsernamePasswordCaptchaToken(String username, char[] password,boolean rememberMe, String host, String captcha) {super(username, password, rememberMe, host);this.captcha = captcha;}}

packagecom.micmiu.modules.support.shiro;

importorg.apache.shiro.authc.UsernamePasswordToken;

/**

* extends UsernamePasswordToken for captcha

* @author <a href="http://www.micmiu.com">Michael Sun</a>

public classUsernamePasswordCaptchaTokenextends UsernamePasswordToken{

privatestatic finallong serialVersionUID= 1L;

privateString captcha;

publicString getCaptcha(){

returncaptcha;

}

publicvoid setCaptcha(Stringcaptcha){

this.captcha= captcha;

}

publicUsernamePasswordCaptchaToken(){

super();

}

publicUsernamePasswordCaptchaToken(Stringusername,char[]password,

booleanrememberMe,String host,String captcha){

super(username,password,rememberMe,host);

this.captcha= captcha;

}

扩展原始默认的过滤为：FormAuthenticationCaptchaFilter.java

package com.micmiu.modules.support.shiro;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;import org.apache.shiro.web.util.WebUtils;/** * * @author &lt;a href="http://www.micmiu.com"&gt;Michael Sun&lt;/a&gt; */public class FormAuthenticationCaptchaFilter extends FormAuthenticationFilter {public static final String DEFAULT_CAPTCHA_PARAM = "captcha";private String captchaParam = DEFAULT_CAPTCHA_PARAM;public String getCaptchaParam() {return captchaParam;}protected String getCaptcha(ServletRequest request) {return WebUtils.getCleanParam(request, getCaptchaParam());}protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {String username = getUsername(request);String password = getPassword(request);String captcha = getCaptcha(request);boolean rememberMe = isRememberMe(request);String host = getHost(request);return new UsernamePasswordCaptchaToken(username,password.toCharArray(), rememberMe, host, captcha);}}

packagecom.micmiu.modules.support.shiro;

importjavax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import org.apache.shiro.authc.AuthenticationToken;

importorg.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import org.apache.shiro.web.util.WebUtils;

/**

* @author <a href="http://www.micmiu.com">Michael Sun</a>

public classFormAuthenticationCaptchaFilterextends FormAuthenticationFilter{

publicstatic finalString DEFAULT_CAPTCHA_PARAM= "captcha";

privateString captchaParam= DEFAULT_CAPTCHA_PARAM;

publicString getCaptchaParam(){

returncaptchaParam;

}

protectedString getCaptcha(ServletRequestrequest){

returnWebUtils.getCleanParam(request,getCaptchaParam());

}

protectedAuthenticationToken createToken(

ServletRequest request,ServletResponse response){

Stringusername =getUsername(request);

Stringpassword =getPassword(request);

Stringcaptcha =getCaptcha(request);

booleanrememberMe =isRememberMe(request);

Stringhost =getHost(request);

returnnew UsernamePasswordCaptchaToken(username,

password.toCharArray(),rememberMe,host,captcha);

}

修改shiro认证逻辑：ShiroDbRealm.java

package com.micmiu.framework.web.v1.system.service;import java.io.Serializable;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.AccountException;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authc.UnknownAccountException;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.authz.SimpleAuthorizationInfo;import org.apache.shiro.cache.Cache;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.subject.SimplePrincipalCollection;import org.springframework.beans.factory.annotation.Autowired;import com.micmiu.framework.web.v1.system.entity.Role;import com.micmiu.framework.web.v1.system.entity.User;import com.micmiu.modules.captcha.CaptchaServlet;import com.micmiu.modules.support.shiro.CaptchaException;import com.micmiu.modules.support.shiro.UsernamePasswordCaptchaToken;/** * 演示用户和权限的认证，使用默认 的SimpleCredentialsMatcher * * @author &lt;a href="http://www.micmiu.com"&gt;Michael Sun&lt;/a&gt; */public class ShiroDbRealm extends AuthorizingRealm {private UserService userService;/** * 认证回调函数, 登录时调用. */@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken;String username = token.getUsername();if (username == null) {throw new AccountException("Null usernames are not allowed by this realm.");}// 增加判断验证码逻辑String captcha = token.getCaptcha();String exitCode = (String) SecurityUtils.getSubject().getSession().getAttribute(CaptchaServlet.KEY_CAPTCHA);if (null == captcha || !captcha.equalsIgnoreCase(exitCode)) {throw new CaptchaException("验证码错误");}User user = userService.getUserByLoginName(username);if (null == user) {throw new UnknownAccountException("No account found for user ["+ username + "]");}return new SimpleAuthenticationInfo(new ShiroUser(user.getLoginName(),user.getName()), user.getPassword(), getName());}/** * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用. */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {ShiroUser shiroUser = (ShiroUser) principals.fromRealm(getName()).iterator().next();User user = userService.getUserByLoginName(shiroUser.getLoginName());if (user != null) {SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();for (Role role : user.getRoleList()) {// 基于Permission的权限信息info.addStringPermissions(role.getAuthList());}return info;} else {return null;}}/** * 更新用户授权信息缓存. */public void clearCachedAuthorizationInfo(String principal) {SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());clearCachedAuthorizationInfo(principals);}/** * 清除所有用户授权信息缓存. */public void clearAllCachedAuthorizationInfo() {Cache&lt;Object, AuthorizationInfo&gt; cache = getAuthorizationCache();if (cache != null) {for (Object key : cache.keys()) {cache.remove(key);}}}@Autowiredpublic void setUserService(UserService userService) {this.userService = userService;}/** * 自定义Authentication对象，使得Subject除了携带用户的登录名外还可以携带更多信息. */public static class ShiroUser implements Serializable {private static final long serialVersionUID = -1748602382963711884L;private String loginName;private String name;public ShiroUser(String loginName, String name) {this.loginName = loginName;this.name = name;}public String getLoginName() {return loginName;}/** * 本函数输出将作为默认的&lt;shiro:principal/&gt;输出. */@Overridepublic String toString() {return loginName;}public String getName() {return name;}}}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

packagecom.micmiu.framework.web.v1.system.service;

importjava.io.Serializable;

importorg.apache.shiro.SecurityUtils;

import org.apache.shiro.authc.AccountException;

importorg.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationInfo;

importorg.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.authc.SimpleAuthenticationInfo;

importorg.apache.shiro.authc.UnknownAccountException;

import org.apache.shiro.authz.AuthorizationInfo;

importorg.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.cache.Cache;

importorg.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

importorg.apache.shiro.subject.SimplePrincipalCollection;

import org.springframework.beans.factory.annotation.Autowired;

import com.micmiu.framework.web.v1.system.entity.Role;

importcom.micmiu.framework.web.v1.system.entity.User;

import com.micmiu.modules.captcha.CaptchaServlet;

importcom.micmiu.modules.support.shiro.CaptchaException;

import com.micmiu.modules.support.shiro.UsernamePasswordCaptchaToken;

/**

* 演示用户和权限的认证，使用默认的SimpleCredentialsMatcher

* @author <a href="http://www.micmiu.com">Michael Sun</a>

publicclass ShiroDbRealmextends AuthorizingRealm{

privateUserService userService;

/**

* 认证回调函数, 登录时调用.

@Override

protectedAuthenticationInfo doGetAuthenticationInfo(

AuthenticationToken authcToken)throws AuthenticationException{

UsernamePasswordCaptchaTokentoken =(UsernamePasswordCaptchaToken)authcToken;

Stringusername =token.getUsername();

if(username== null){

thrownew AccountException(

"Null usernames are not allowed by this realm.");

}

// 增加判断验证码逻辑

Stringcaptcha =token.getCaptcha();

StringexitCode =(String)SecurityUtils.getSubject().getSession()

.getAttribute(CaptchaServlet.KEY_CAPTCHA);

if(null== captcha|| !captcha.equalsIgnoreCase(exitCode)){

thrownew CaptchaException("验证码错误");

}

User user= userService.getUserByLoginName(username);

if(null== user){

thrownew UnknownAccountException("No account found for user ["

+username +"]");

}

returnnew SimpleAuthenticationInfo(newShiroUser(user.getLoginName(),

user.getName()),user.getPassword(),getName());

}

/**

* 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.

@Override

protectedAuthorizationInfo doGetAuthorizationInfo(

PrincipalCollectionprincipals){

ShiroUser shiroUser= (ShiroUser)principals.fromRealm(getName())

.iterator().next();

User user= userService.getUserByLoginName(shiroUser.getLoginName());

if(user!= null){

SimpleAuthorizationInfo info =new SimpleAuthorizationInfo();

for(Role role: user.getRoleList()){

// 基于Permission的权限信息

info.addStringPermissions(role.getAuthList());

}

returninfo;

}else {

returnnull;

}

/**

* 更新用户授权信息缓存.

publicvoid clearCachedAuthorizationInfo(Stringprincipal){

SimplePrincipalCollectionprincipals =new SimplePrincipalCollection(

principal,getName());

clearCachedAuthorizationInfo(principals);

}

/**

* 清除所有用户授权信息缓存.

publicvoid clearAllCachedAuthorizationInfo(){

Cache<Object,AuthorizationInfo>cache =getAuthorizationCache();

if(cache!= null){

for(Objectkey :cache.keys()){

cache.remove(key);

}

@Autowired

publicvoid setUserService(UserServiceuserService){

this.userService= userService;

}

/**

* 自定义Authentication对象，使得Subject除了携带用户的登录名外还可以携带更多信息.

publicstatic classShiroUser implementsSerializable {

privatestatic finallong serialVersionUID= -1748602382963711884L;

privateString loginName;

privateString name;

publicShiroUser(StringloginName,String name){

this.loginName= loginName;

this.name= name;

}

publicString getLoginName(){

returnloginName;

}

/**

* 本函数输出将作为默认的<shiro:principal/>输出.

@Override

publicString toString(){

returnloginName;

}

publicString getName(){

returnname;

}

[三]、验证码工具类

CaptchaUtil.java

package com.micmiu.modules.captcha;import java.awt.Color;import java.awt.Font;import java.awt.Graphics;import java.awt.image.BufferedImage;import java.io.File;import java.io.FileOutputStream;import java.util.Random;import javax.imageio.ImageIO;/** * 验证码工具类 * * @author &lt;a href="http://www.micmiu.com"&gt;Michael Sun&lt;/a&gt; */public class CaptchaUtil {// 随机产生的字符串private static final String RANDOM_STRS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";private static final String FONT_NAME = "Fixedsys";private static final int FONT_SIZE = 18;private Random random = new Random();private int width = 80;// 图片宽private int height = 25;// 图片高private int lineNum = 50;// 干扰线数量private int strNum = 4;// 随机产生字符数量/** * 生成随机图片 */public BufferedImage genRandomCodeImage(StringBuffer randomCode) {// BufferedImage类是具有缓冲区的Image类BufferedImage image = new BufferedImage(width, height,BufferedImage.TYPE_INT_BGR);// 获取Graphics对象,便于对图像进行各种绘制操作Graphics g = image.getGraphics();// 设置背景色g.setColor(getRandColor(200, 250));g.fillRect(0, 0, width, height);// 设置干扰线的颜色g.setColor(getRandColor(110, 120));// 绘制干扰线for (int i = 0; i &lt;= lineNum; i++) {drowLine(g);}// 绘制随机字符g.setFont(new Font(FONT_NAME, Font.ROMAN_BASELINE, FONT_SIZE));for (int i = 1; i &lt;= strNum; i++) {randomCode.append(drowString(g, i));}g.dispose();return image;}/** * 给定范围获得随机颜色 */private Color getRandColor(int fc, int bc) {if (fc &gt; 255)fc = 255;if (bc &gt; 255)bc = 255;int r = fc + random.nextInt(bc - fc);int g = fc + random.nextInt(bc - fc);int b = fc + random.nextInt(bc - fc);return new Color(r, g, b);}/** * 绘制字符串 */private String drowString(Graphics g, int i) {g.setColor(new Color(random.nextInt(101), random.nextInt(111), random.nextInt(121)));String rand = String.valueOf(getRandomString(random.nextInt(RANDOM_STRS.length())));g.translate(random.nextInt(3), random.nextInt(3));g.drawString(rand, 13 * i, 16);return rand;}/** * 绘制干扰线 */private void drowLine(Graphics g) {int x = random.nextInt(width);int y = random.nextInt(height);int x0 = random.nextInt(16);int y0 = random.nextInt(16);g.drawLine(x, y, x + x0, y + y0);}/** * 获取随机的字符 */private String getRandomString(int num) {return String.valueOf(RANDOM_STRS.charAt(num));}public static void main(String[] args) {CaptchaUtil tool = new CaptchaUtil();StringBuffer code = new StringBuffer();BufferedImage image = tool.genRandomCodeImage(code);System.out.println("&gt;&gt;&gt; random code =: " + code);try {// 将内存中的图片通过流动形式输出到客户端ImageIO.write(image, "JPEG", new FileOutputStream(new File("random-code.jpg")));} catch (Exception e) {e.printStackTrace();}}}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

packagecom.micmiu.modules.captcha;

importjava.awt.Color;

import java.awt.Font;

importjava.awt.Graphics;

import java.awt.image.BufferedImage;

importjava.io.File;

import java.io.FileOutputStream;

importjava.util.Random;

importjavax.imageio.ImageIO;

/**

* 验证码工具类

* @author <a href="http://www.micmiu.com">Michael Sun</a>

public classCaptchaUtil {

// 随机产生的字符串

privatestatic finalString RANDOM_STRS= "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

privatestatic finalString FONT_NAME= "Fixedsys";

privatestatic finalint FONT_SIZE= 18;

privateRandom random= newRandom();

privateint width= 80;// 图片宽

privateint height= 25;// 图片高

privateint lineNum= 50;// 干扰线数量

privateint strNum= 4;// 随机产生字符数量

/**

* 生成随机图片

publicBufferedImage genRandomCodeImage(StringBufferrandomCode){

// BufferedImage类是具有缓冲区的Image类

BufferedImage image= newBufferedImage(width,height,

BufferedImage.TYPE_INT_BGR);

// 获取Graphics对象,便于对图像进行各种绘制操作

Graphicsg =image.getGraphics();

// 设置背景色

g.setColor(getRandColor(200,250));

g.fillRect(0,0,width,height);

// 设置干扰线的颜色

g.setColor(getRandColor(110,120));

// 绘制干扰线

for(inti =0;i <=lineNum;i++){

drowLine(g);

}

// 绘制随机字符

g.setFont(newFont(FONT_NAME,Font.ROMAN_BASELINE,FONT_SIZE));

for(inti =1;i <=strNum;i++){

randomCode.append(drowString(g,i));

}

g.dispose();

returnimage;

}

/**

* 给定范围获得随机颜色

privateColor getRandColor(intfc,int bc){

if(fc>255)

fc= 255;

if(bc>255)

bc= 255;

intr =fc +random.nextInt(bc- fc);

intg =fc +random.nextInt(bc- fc);

intb =fc +random.nextInt(bc- fc);

returnnew Color(r,g,b);

}

/**

* 绘制字符串

privateString drowString(Graphicsg,int i){

g.setColor(newColor(random.nextInt(101),random.nextInt(111),random

.nextInt(121)));

Stringrand =String.valueOf(getRandomString(random.nextInt(RANDOM_STRS

.length())));

g.translate(random.nextInt(3),random.nextInt(3));

g.drawString(rand,13 *i,16);

returnrand;

}

/**

* 绘制干扰线

privatevoid drowLine(Graphicsg){

intx =random.nextInt(width);

inty =random.nextInt(height);

intx0 =random.nextInt(16);

inty0 =random.nextInt(16);

g.drawLine(x,y,x +x0,y +y0);

}

/**

* 获取随机的字符

privateString getRandomString(intnum){

returnString.valueOf(RANDOM_STRS.charAt(num));

}

publicstatic voidmain(String[]args){

CaptchaUtil tool= newCaptchaUtil();

StringBuffercode =new StringBuffer();

BufferedImage image= tool.genRandomCodeImage(code);

System.out.println(">>> random code =: " +code);

try{

// 将内存中的图片通过流动形式输出到客户端

ImageIO.write(image,"JPEG",new FileOutputStream(newFile(

"random-code.jpg")));

}catch (Exceptione){

e.printStackTrace();

}

[四]、创建验证码的servlet

CaptchaServlet.java

package com.micmiu.modules.captcha;import java.awt.image.BufferedImage;import java.io.IOException;import javax.imageio.ImageIO;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * * @author &lt;a href="http://www.micmiu.com"&gt;Michael Sun&lt;/a&gt; */public class CaptchaServlet extends HttpServlet {private static final long serialVersionUID = -124247581620199710L;public static final String KEY_CAPTCHA = "SE_KEY_MM_CODE";@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {// 设置相应类型,告诉浏览器输出的内容为图片resp.setContentType("image/jpeg");// 不缓存此内容resp.setHeader("Pragma", "No-cache");resp.setHeader("Cache-Control", "no-cache");resp.setDateHeader("Expire", 0);try {HttpSession session = req.getSession();CaptchaUtil tool = new CaptchaUtil();StringBuffer code = new StringBuffer();BufferedImage image = tool.genRandomCodeImage(code);session.removeAttribute(KEY_CAPTCHA);session.setAttribute(KEY_CAPTCHA, code.toString());// 将内存中的图片通过流动形式输出到客户端ImageIO.write(image, "JPEG", resp.getOutputStream());} catch (Exception e) {e.printStackTrace();}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {doGet(req, resp);}}

packagecom.micmiu.modules.captcha;

importjava.awt.image.BufferedImage;

import java.io.IOException;

import javax.imageio.ImageIO;

importjavax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

importjavax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

importjavax.servlet.http.HttpSession;

/**

* @author <a href="http://www.micmiu.com">Michael Sun</a>

publicclass CaptchaServletextends HttpServlet{

privatestatic finallong serialVersionUID= -124247581620199710L;

publicstatic finalString KEY_CAPTCHA= "SE_KEY_MM_CODE";

@Override

protectedvoid doGet(HttpServletRequestreq,HttpServletResponse resp)

throwsServletException,IOException {

// 设置相应类型,告诉浏览器输出的内容为图片

resp.setContentType("image/jpeg");

// 不缓存此内容

resp.setHeader("Pragma","No-cache");

resp.setHeader("Cache-Control","no-cache");

resp.setDateHeader("Expire",0);

try{

HttpSession session= req.getSession();

CaptchaUtil tool= newCaptchaUtil();

StringBuffercode =new StringBuffer();

BufferedImage image= tool.genRandomCodeImage(code);

session.removeAttribute(KEY_CAPTCHA);

session.setAttribute(KEY_CAPTCHA,code.toString());

// 将内存中的图片通过流动形式输出到客户端

ImageIO.write(image,"JPEG",resp.getOutputStream());

}catch (Exceptione){

e.printStackTrace();

}

@Override

protectedvoid doPost(HttpServletRequestreq,HttpServletResponse resp)

throwsServletException,IOException {

doGet(req,resp);

}

[五]、修改配置文件

在 web.xml 中增加配置：

<!-- captcha servlet config--><servlet><servlet-name>CaptchaServlet</servlet-name><servlet-class>com.micmiu.modules.captcha.CaptchaServlet</servlet-class></servlet><servlet-mapping><servlet-name>CaptchaServlet</servlet-name><url-pattern>/servlet/captchaCode</url-pattern></servlet-mapping>

<servlet-name>CaptchaServlet</servlet-name>

<servlet-class>com.micmiu.modules.captcha.CaptchaServlet</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>CaptchaServlet</servlet-name>

<url-pattern>/servlet/captchaCode</url-pattern>

</servlet-mapping>

修改 applicationContext-shiro.xml 中的配置如下：

<!-- Shiro Filter --><bean id="myCaptchaFilter" class="com.micmiu.modules.support.shiro.FormAuthenticationCaptchaFilter"/><bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"><property name="securityManager" ref="securityManager" /><property name="loginUrl" value="/login.do" /><property name="successUrl" value="/index.do" /><property name="filters">    <map>        <entry key="authc" value-ref="myCaptchaFilter"/>    </map></property><property name="filterChainDefinitions"><value>/login.do = authc/logout.do = logout/servlet/* = anon/images/** = anon/js/** = anon/css/** = anon/** = user</value></property></bean>

<propertyname="securityManager"ref="securityManager" />

<propertyname="successUrl"value="/index.do" />

<map>

</map>

</property>

<propertyname="filterChainDefinitions">

<value>

/login.do = authc

/logout.do = logout

/servlet/* = anon

/images/** = anon

/js/** = anon

/css/** = anon

/** = user

</value>

</property>

</bean>

[六]、修改登录页面

&lt;%@ page contentType="text/html;charset=UTF-8"%&gt;&lt;%@ pageimport="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"%&gt;&lt;%@ page import="org.apache.shiro.authc.ExcessiveAttemptsException"%&gt;&lt;%@ page import="org.apache.shiro.authc.IncorrectCredentialsException"%&gt;&lt;%@ include file="/include/taglibs.jsp"%&gt;&lt;html&gt;&lt;head&gt;&lt;title&gt;登录页&lt;/title&gt;&lt;/head&gt;&lt;body style="width: 99%"&gt;&lt;div&gt;&lt;c:choose&gt;&lt;c:whentest="${shiroLoginFailure eq 'com.hx.web.excep.CaptchaException'}"&gt;&lt;div class="error-msg prepend-top"&gt;验证码错误，请重试.&lt;/div&gt;&lt;/c:when&gt;&lt;c:whentest="${shiroLoginFailure eq 'org.apache.shiro.authc.UnknownAccountException'}"&gt;&lt;div class="error-msg prepend-top"&gt;该用户不存在.&lt;/div&gt;&lt;/c:when&gt;&lt;c:whentest="${shiroLoginFailure eq 'org.apache.shiro.authc.IncorrectCredentialsException'}"&gt;&lt;div class="error-msg prepend-top"&gt;用户或密码错误.&lt;/div&gt;&lt;/c:when&gt;&lt;c:when test="${shiroLoginFailure ne null}"&gt;&lt;div class="error-msg prepend-top"&gt;登录认证错误，请重试.&lt;/div&gt;&lt;/c:when&gt;&lt;/c:choose&gt;&lt;form:form id="loginForm" action="${ctx}/login.do" method="post"&gt;&lt;fieldset class="prepend-top"&gt;&lt;legend&gt;系统登录&lt;/legend&gt;&lt;div class="field"&gt;&lt;label for="username" class="field"&gt;名称:&lt;/label&gt; &lt;input type="text"id="username" name="username" size="25" value="${username}"class="required" /&gt;&lt;/div&gt;&lt;div class="field"&gt;&lt;label for="password" class="field"&gt;密码:&lt;/label&gt; &lt;inputtype="password" id="password" name="password" size="25"class="required" /&gt;&lt;/div&gt;&lt;div class="field"&gt;&lt;label for="captcha" class="field"&gt;验证码:&lt;/label&gt; &lt;input type="text"id="captcha" name="captcha" size="4" maxlength="4"class="required" /&gt;&lt;/div&gt;&lt;div class="field"&gt;&lt;label for="codeImg" class="field"&gt;&lt;/label&gt; &lt;img title="点击更换" id="img_captcha"onclick="javascript:refreshCaptcha();"src="servlet/captchaCode"&gt;(看不清&lt;a href="javascript:void(0)" onclick="javascript:refreshCaptcha()"&gt;换一张&lt;/a&gt;)&lt;/div&gt;&lt;/fieldset&gt;&lt;div&gt;&lt;input type="checkbox" id="rememberMe" name="rememberMe" /&gt; &lt;labelfor="rememberMe"&gt;记住我&lt;/label&gt; &lt;span style="padding-left: 10px;"&gt;&lt;inputid="submit" class="button" type="submit" value="登录" /&gt;&lt;/span&gt;&lt;/div&gt;&lt;div&gt;(管理员&lt;b&gt;admin/admin&lt;/b&gt;, 普通用户&lt;b&gt;user/user&lt;/b&gt;)&lt;/div&gt;&lt;/form:form&gt;&lt;/div&gt;&lt;/body&gt;&lt;script type="text/javascript"&gt;$(document).ready(function() {$("#loginForm").validate();});var _captcha_id = "#img_captcha";function refreshCaptcha() {$(_captcha_id).attr("src","servlet/captchaCode?t=" + Math.random());}&lt;/script&gt;&lt;/html&gt;

<%@page contentType="text/html;charset=UTF-8"%>

<%@page

import="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"%>

<%@page import="org.apache.shiro.authc.ExcessiveAttemptsException"%>

<%@page import="org.apache.shiro.authc.IncorrectCredentialsException"%>

<%@include file="/include/taglibs.jsp"%>

<html>

<head>

</head>

<bodystyle="width: 99%">

<div>

<c:choose>

<c:when

test="${shiroLoginFailure eq 'com.hx.web.excep.CaptchaException'}">

<divclass="error-msg prepend-top">验证码错误，请重试.</div>

</c:when>

<c:when

test="${shiroLoginFailure eq 'org.apache.shiro.authc.UnknownAccountException'}">

<divclass="error-msg prepend-top">该用户不存在.</div>

</c:when>

<c:when

test="${shiroLoginFailure eq 'org.apache.shiro.authc.IncorrectCredentialsException'}">

<divclass="error-msg prepend-top">用户或密码错误.</div>

</c:when>

<c:whentest="${shiroLoginFailure ne null}">

<divclass="error-msg prepend-top">登录认证错误，请重试.</div>

</c:when>

</c:choose>

<form:formid="loginForm"action="${ctx}/login.do"method="post">

<fieldsetclass="prepend-top">

<divclass="field">

<labelfor="username"class="field">名称:</label><inputtype="text"

id="username"name="username"size="25"value="${username}"

class="required"/>

</div>

<divclass="field">

<labelfor="password"class="field">密码:</label><input

type="password"id="password"name="password"size="25"

class="required"/>

</div>

<divclass="field">

<labelfor="captcha"class="field">验证码:</label><inputtype="text"

id="captcha"name="captcha"size="4"maxlength="4"

class="required"/>

</div>

<divclass="field">

<labelfor="codeImg"class="field"></label><imgtitle="点击更换"id="img_captcha"

onclick="javascript:refreshCaptcha();"

src="servlet/captchaCode">(看不清<ahref="javascript:void(0)"onclick="javascript:refreshCaptcha()">换一张</a>)

</div>

</fieldset>

<div>

<inputtype="checkbox"id="rememberMe"name="rememberMe"/><label

for="rememberMe">记住我</label><spanstyle="padding-left: 10px;"><input

id="submit"class="button"type="submit"value="登录"/></span>

</div>

<div>

(管理员<b>admin/admin</b>,普通用户<b>user/user</b>)

</div>

</form:form>

</div>

</body>

<scripttype="text/javascript">

$(document).ready(function(){

$("#loginForm").validate();

});

var_captcha_id ="#img_captcha";

functionrefreshCaptcha(){

$(_captcha_id).attr("src","servlet/captchaCode?t="+ Math.random());

}

</script>

</html>

[七]、验证测试

启动项目后会看到如下页面：

0 0