cas添加驗證碼,折騰了好久,終於整理好了,很大部分都是借鑒http://binghejinjun.iteye.com/blog/1255293這個的。但是他的有一個很不好的地方就是不能提升驗證碼錯誤!
紅色字體的為我添加的,可以提示驗證碼錯誤!很簡單,感謝。原作者。謝謝。
1. 首先,我用的cas版本是3.4.6,驗證碼采用的是CAPTCHA,所需jar包可以google搜索,部署好cas后.在web-info目錄下找到login-webflow.xml,打開,找到如下代碼:
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credentials'" />
</on-entry>
<transition on="submit" bind="true" validate="true" to="realSubmit">
<set name="flowScope.credentials" value="credentials" />
<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
此段代碼的功能是綁定cas登錄過程中的用戶名和密碼,再次我們修改如下:
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credentials'" />
</on-entry>
<transition on="submit" bind="true" validate="true" to="yzmSubmit">
<set name="flowScope.credentials" value="credentials" />
<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
也就是說,只需要修改realSubmit為yzmSubmit即可.然后加入如下配置:
<!--fan add start-->
<action-state id="yzmSubmit">
<evaluate expression="yzmViaFormAction.submit(flowRequestContext,messageContext)" />
<transition on="success" to="realSubmit" />
<transition on="error" to="viewLoginForm" />
</action-state>
<!--fan add end-->
此段配置是自定義的驗證碼驗證器,用來驗證你提交的驗證碼的正確性.
2.在web-info下找到cas-servlet.xml,打開后,加入
<!--fan add start--> <bean id="yzmViaFormAction" class="com.ivan.zhang.servlet.YzmAction" />
<!--fan add end-->此配置是注冊自定義的驗證碼
3.編寫如下類:
package com.ivan.zhang.servlet;
import com.ivan.zhang.CaptchaServiceSingleton;
import com.octo.captcha.service.image.ImageCaptchaService;
import java.io.PrintStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jasig.cas.web.support.WebUtils;
import org.springframework.webflow.core.collection.ParameterMap;
import org.springframework.webflow.execution.RequestContext;
public class YzmAction
{
public final String submit(RequestContext context)
throws Exception
{
Boolean flag = Boolean.valueOf(false);
System.out.println("YzmAction is submiting....................");
String yzm = context.getRequestParameters().get("yzm");
String captchaId = WebUtils.getHttpServletRequest(context).getSession().getId();
flag = CaptchaServiceSingleton.getInstance().validateResponseForID(captchaId,
yzm);
if (flag.booleanValue()) {
return "success";
}
//我添加的改動。提示驗證碼錯誤
MessageBuilder msgBuilder = new MessageBuilder();
msgBuilder.defaultText("驗證碼錯誤!");
messageContext.addMessage(msgBuilder.error().build());
return "error"; } }
其中,flag = CaptchaServiceSingleton.getInstance().validateResponseForID(captchaId,
yzm);
此句話是為了驗證提交的驗證碼和先前生成的驗證碼的正確性,以此作為驗證結果跳轉的依據.CaptchaServiceSingleton此類是自定義類,稍后會附加完整的類供下載調試.
4.打開web-info/view/jsp/default/ui/casLoginView.jsp,在密碼下面加入
<%--fan add start --%>
<img alt="yzm" src="captcha.jpg">
<spring:message code="screen.welcome.label.yzm.accesskey" var="yzmAccessKey" />
<form:input cssClass="required" cssErrorClass="error" id="yzm" size="25" tabindex="1" accesskey="${yzmAccessKey}" path="yzm" autocomplete="false" htmlEscape="true" />
<%--fan add end --%>
5. 最后一步則是注冊驗證碼生成器,打開web.xml文件,加入
<servlet>
<servlet-name>jcaptcha</servlet-name>
<servlet-class>com.ivan.zhang.servlet.ImageCaptchaServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jcaptcha</servlet-name>
<url-pattern>/captcha.jpg</url-pattern>
</servlet-mapping>
ok,就這么簡單.簡單解釋一下流程,web.xml中注冊的類是用來調用自定義的驗證碼生成器,以便在顯示登陸界面的時候繪制驗證碼圖片,並在session中生成標志位並記錄,當用戶提交驗證碼和用戶名密碼時,會先走自定義的驗證碼驗證器(此時會先驗證驗證碼的正確性),如果正確,再走用戶名和密碼的驗證,如果不正確,則直接跳轉回登陸頁面.yzm.jar是自定義的驗證碼生成器和驗證類,直接打包好后放到web-info/lib下.