本文介绍了一个基于Spring Security的自定义登录过滤器实现,该实现包括了对验证码的校验逻辑。通过配置文件定义了不同URL的访问权限,并实现了自定义的身份认证过程。
[url]http://hszdz.iteye.com/blog/337652[/url]
<http entry-point-ref="authenticationProcessingFilterEntryPoint">
<intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<intercept-url pattern="/user/**" access="ROLE_USER,ROLE_ADMIN"/>
</http>
<authentication-provider user-service-ref="securityManager"/>
<beans:bean id="authenticationProcessingFilter" class="haotian.haocms.security.CustomAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="defaultTargetUrl" value="/user/userList.action"/>
</beans:bean>
<authentication-manager alias="authenticationManager"/>
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<beans:property name="loginFormUrl" value="/loginPage.action"/>
<beans:property name="forceHttps" value="false"/>
</beans:bean>public Authentication attemptAuthentication(
HttpServletRequest httpServletRequest)
throws AuthenticationException {
String check_code = httpServletRequest.getParameter("j_checkcode");
String sys_code = (String) httpServletRequest.getSession()
.getAttribute(checkCodeName);
if (sys_code == null) {
throw new AuthCodeValidationException("验证码不正确");
} else if (!sys_code.equals(check_code)) {
String username = obtainUsername(httpServletRequest);
httpServletRequest.getSession().setAttribute(
SPRING_SECURITY_LAST_USERNAME_KEY, username);
// 用户输入的值与看到的不一致,抛出异常
throw new AuthCodeValidationException("验证码输入不正确");
}
return super.attemptAuthentication(httpServletRequest);
} 
扫一扫
2134
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
