应用Shiro到Web Application(验证码实现)

最新推荐文章于 2025-09-10 21:15:00 发布
最新推荐文章于 2025-09-10 21:15:00 发布 · 64 阅读 · 0
文章标签:

#开发工具 #java

本文详细介绍了如何使用Shiro框架实现Web应用中的验证码登录功能,并提供了完整的代码实现及登录页面展示。包括验证码表单认证过滤器、用户名密码令牌、错误处理与登录页面设计。

如果你对Shiro不了解,可以查看作者前面发表的文章:应用Shiro到Web application(基础)

五、在Shiro中实现CAPTCHA(验证码)功能<wbr></wbr>

a)<wbr><wbr><wbr><wbr> 验证码表单认证过滤器</wbr></wbr></wbr></wbr>

package com.wearereading.example.shiro;

<wbr></wbr>

importjavax.servlet.ServletRequest;

importjavax.servlet.ServletResponse;

<wbr></wbr>

importorg.apache.shiro.authc.AuthenticationToken;

importorg.apache.shiro.web.filter.authc.FormAuthenticationFilter<wbr>;</wbr>

importorg.apache.shiro.web.util.WebUtils;

<wbr></wbr>

public classCaptchaFormAuthenticatio<wbr>nFilter<strong>extends</strong> FormAuthenticationFilter<wbr>{</wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public static final</strong> String<em>DEFAULT_CAPTCHA_PARAM</em> = "captcha";</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private</strong> String captchaParam =<em>DEFAULT_CAPTCHA_PARAM</em>;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> String getCaptchaParam() {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return</strong> captchaParam;</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr> }</wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>protected</strong> String getCaptcha(ServletRequest request) {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return</strong> WebUtils.<em>getCleanParam</em>(request, getCaptchaParam());</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr> }</wbr></wbr></wbr>


protected AuthenticationToken createToken(

ServletRequest request, ServletResponse response) {

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String username = getUsername(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String password = getPassword(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String captcha = getCaptcha(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>boolean</strong> rememberMe = isRememberMe(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String host = getHost(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return new</strong> CaptchaUsernamePasswordT<wbr>oken(</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

username, password, rememberMe, host,captcha);

<wbr><wbr><wbr> }</wbr></wbr></wbr>

<wbr></wbr>

}

<wbr></wbr>

b)<wbr><wbr><wbr><wbr> 用户名密码令牌UsernamePasswordToken</wbr></wbr></wbr></wbr>

package com.wearereading.example.shiro;

importorg.apache.shiro.authc.UsernamePasswordToken;

public classCaptchaUsernamePasswordT<wbr>oken <strong> extends</strong> UsernamePasswordToken{</wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private static final long</strong><em>serialVersionUID</em> = 1L;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private</strong> String captcha;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> String getCaptcha() {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> return</strong> captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public void</strong> setCaptcha(String captcha) {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> this</strong>.captcha = captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> CaptchaUsernamePasswordT<wbr>oken() {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> CaptchaUsernamePasswordT<wbr>oken(String username,<strong>char</strong>[] password,</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>boolean</strong> rememberMe, String host,String captcha) {<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(username, password, rememberMe, host);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> this</strong>.captcha = captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

}

c)<wbr><wbr><wbr><wbr> 添加AuthenticationException</wbr></wbr></wbr></wbr>

<wbr></wbr>

public classIncorrectCaptchaExceptio<wbr>n <strong> extends</strong> AuthenticationException{</wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private static final long</strong><em>serialVersionUID</em> = 1L;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n() {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n(String message, Throwable cause) {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(message, cause);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n(String message) {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(message);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n(Throwable cause) {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(cause);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

}

<wbr></wbr>

d)<wbr><wbr><wbr><wbr> Shiro INI文件</wbr></wbr></wbr></wbr>

authc= com.wearereading.example.shiro.CaptchaFormAuthenticatio<wbr>nFilter</wbr>

<wbr></wbr>

e)<wbr><wbr><wbr><wbr> 实现Realm</wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>protected</strong>AuthenticationInfo doGetAuthenticationInfo(</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> AuthenticationToken authcToken )<strong>throws</strong>AuthenticationException {</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> CaptchaUsernamePasswordT<wbr>oken token =</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

(CaptchaUsernamePasswordT<wbr>oken) authcToken;</wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> String accountName = token.getUsername();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> //验证码 验证</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> String captcha =<strong>null</strong>;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Object obj_captcha = SecurityUtils.<em>getSubject</em>().getSession()</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

.getAttribute( SessionKey.CAPTCHA );

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Object obj_count = SecurityUtils.<em>getSubject</em>().getSession()</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

.getAttribute( SessionKey.LOGIN_FAILED_COUNT );

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>int</strong> failed_count = (obj_count == <strong>null</strong> || !(obj_count<strong>instanceof</strong> Integer))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

?0:(Integer)obj_count;

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( obj_captcha <strong>instanceof</strong> String)</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> captcha = (String)obj_captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( captcha != <strong>null</strong> &amp;&amp; failed_count &gt;0</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &amp;&amp; !captcha.equalsIgnoreCase( token.getCaptcha() )){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>throw new</strong>IncorrectCaptchaExceptio<wbr>n("验证码错误!");</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> //用户名密码验证</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> if</strong>( accountName != <strong>null</strong> &amp;&amp; !"".equals(accountName) ){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> AccountManager accountManager =<strong>new</strong>AccountManagerImpl();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Account account = accountManager.get( token.getUsername() );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( account != <strong>null</strong> )</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return new</strong> SimpleAuthenticationInfo<wbr>(</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> account.getName(),account.getPassword(), getName() );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> return null</strong>;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

}

<wbr></wbr>

f)<wbr><wbr><wbr><wbr><wbr> 登录页面</wbr></wbr></wbr></wbr></wbr>

<%

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Object obj = request.getAttribute(org.apache.shiro.web.filter.authc.</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

FormAuthenticationFilter<wbr>.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);</wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> boolean</strong> flag = <strong>false</strong>;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> String msg = "";<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> if</strong>( obj != <strong>null</strong> ){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( "org.apache.shiro.authc.UnknownAccountException".equals( obj ) )</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "未知帐号错误!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>else if</strong>("org.apache.shiro.authc.IncorrectCredentialsExce<wbr>ption".equals( obj ))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "密码错误!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>else if</strong>("com.wearereading.example.shiro.IncorrectCaptchaExceptio<wbr>n".equals( obj ))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "验证码错误!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>else if</strong>( "org.apache.shiro.authc.AuthenticationException".equals( obj ))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "认证失败!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> flag = !"".equals(msg);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> if</strong>( flag ){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> out.print( msg );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Integer count = (Integer)request.getSession().getAttribute(</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

SessionKey.LOGIN_FAILED_COUNT );

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( count == <strong>null</strong> )</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> count = Integer.valueOf(0);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> count++;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> request.getSession().setAttribute(SessionKey.LOGIN_FAILED_COUNT, count );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

%>

<form action="login.jsp" method="post">

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;用户帐号:</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;input type=<em>"text"</em><wbr> name=<em>"username"</em> id=<em>"username"</em> value=<em>""</em>/&gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;登录密码:</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;input type=<em>"password"</em> name=<em>"password"</em> id=<em>"password"</em> value=<em>""</em> /&gt;<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;验证码:</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;input type="text" name="captcha" id="captcha" size="6"/&gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;img src="/captcha" alt="captcha" /&gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;&lt;input value=<em>"登录"</em> type=<em>"submit"</em> &gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

</form>

<wbr></wbr>

g)<wbr><wbr><wbr><wbr> CAPTCHA实现</wbr></wbr></wbr></wbr>

h)<wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr>

六、代码的开发环境

JAVA1.6

Tomcat

Eclipse

七、参考资料

http://www.captcha.net/

将 Shiro作为应用的权限基础

http://www.ibm.com/developerworks/cn/opensource/os-cn-shiro/index.html


写在后面的几句话:

此文的发表于新浪博客积沙成塔,转载请标注来源 http://blog.sina.com.cn/minssh。

文章大概写于一年前,由于原文章是Word排版,里面的代码在这里看起来有点乱(Sina不支持代码排版),请原谅!

iteye_3224
关注
SpringBoot集成shiro+redis+jwt实现无状态授权验证
liangshitian的博客
01-03 3万+
前言 1.放弃Cookie,Session,使用JWT进行鉴权,完全实现无状态鉴权。 2.JWT密钥支持过期时间;jwt作为创建验证token工具,并选择一种验证方式与算法。 3.使用redis做缓存处理,缓存token等等登录信息,以实现单点登录与超时登录功能。 4.密码加密(采用AES-128 + Base64的方式)。 5.根据RefreshToken自动刷新AccessToken...
SpringBoot整合shiro实现登录认证和授权
Java小白的博客
10-18 545
使用用Jedis 或者StringRedisTemplate。自定义认证过和退出登录滤器,方便自定义返回值。自定义session管理器(即token)自定义 AuthorizingRealm。自定义的RedisSessionDao。用户-》角色-》权限(多对多)使用Redis缓存时,可以使用。自定义ShiroConfig。
应用ShiroWeb Application(基础)
程序员!我当定了!
09-30 4900
一、简介 如果你正想学习权限方面的知识,或者正打算把Shiro作为权限组件集成到自己的web application中,或许正在为Shiro如何实现CAPTCHA(验证码)功能而伤透脑筋。那么,本文正是为你准备的。本文简单介绍权限方面的基础知识并以实际例子,带你进入Shiro的世界。 二、权限基础 a)    认证(你是谁?) 判断你(被认证者)是谁的过程。通常被认证者提供用户
Shiro验证码
qq_43654581的博客
10-16 2243
账号登录时,根据图片输入验证码,校验失败拒绝登录
Web 项目中应用 Apache Shiro
码上笔记
08-31 470
文章来源:https://www.ibm.com/developerworks/cn/java/j-lo-shiro/ 用户权限模型 在揭开 Shiro 面纱之前,我们需要认知用户权限模型。本文所提到用户权限模型,指的是用来表达用户信息及用户权限信息的数据模型。即能证明“你是谁?”、“你能访问多少受保护资源?”。为实现一个较为灵活的用户权限数据模型,通常把用户信息单独用一个实体表示,用
springboot+shiro实现验证码
01-24 655
shiro使用FormAuthenticationFilter进行表单认证,验证校验的功能应该加在FormAuthenticationFilter中,在认证之前进行验证码校验。 需要写FormAuthenticationFilter的子类,继承FormAuthenticationFilter...
SpringBoot2.0 整合 Shiro+JWT+Redis 实现图形、短信验证码登陆
m0_67394360的博客
04-08 1327
这里使用到了Redis来实现JWT的过期刷新,话不多说,具体的实现代码如下 1.自定义AuthenticationToken类 public final class JwtToken implements AuthenticationToken { private static final long serialVersionUID = 1L; private String jwttoken; public JwtToken(String jwttoken) { super(); thi..
JavaWeb|Springboot整合Shiro实现登录验证
算法与编程之美
10-07 607
欢迎点击「算法与编程之美」↑关注我们!本文首发于微信公众号:"算法与编程之美",欢迎关注,及时了解更多此系列文章。欢迎加入团队圈子!与作者面对面!直接点击!1 关于Shi...
SpringBoot+Shiro+kaptcha验证码实现用户登录和根据角色跳转页面
学而不思则忘
06-28 2330
这篇文章主要实现用户登录功能:用户输入自己的账号、密码以及验证码后,会进行身份验证,认证通过的系统会自动判断该用户的身份,跳转到不同的管理界面。 要实现的功能 用户登录判断 根据用户角色自动跳转不同的页面 加入验证码进行验证 开发前的准备 文件目录 设置和连接数据库 建立数据库 在Navicat中建立一个数据库,并建立一张用户表(用来存储要登录的用户) 用户登录主要用到下面这张user表,这里事先输入了用户名和密码(用于测试,到后面可以自己添加、修改等)。 CREATE TABLE `user`.
SpringMVC+Apache Shiro+JPA(hibernate)案例教学(三)给Shiro登录验证加上验证码
落叶的博客
03-21 463
序: 给Shiro加入验证码,有多种方式,当然你也可以通过继承修改FormAuthenticationFilter类,通过Shiro去验证验证码。 具体实现请百度:  应用ShiroWeb Application(验证码实现) 而今天我要说的,既然使用的SpringMVC,为什么不直接在Controller中就处理验证码验证,让事情变的更简单一点呢? 一、新建Valida
web中采用shiro实现登录认证与权限授权管理
java_mdzy的博客
11-01 953
Apache ShiroJava的一个安全框架。 官网对shiro的介绍:Apache Shiro™ is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With S
Spring Boot整合Shiro + JSP教程(用户认证,权限管理,图片验证码
Coding for freedom
11-02 1155
在此首先感谢**编程不良人**up主提供的视频教程 代码都是跟着up的视频敲的,遇到的一些问题也是通过优快云博主提供的教程解决的,在此也感谢那些提供bug解决方案的前辈们~ 项目完整代码已经发布到github上面,有需要的朋友可以自取 1.权限管理 1.1 什么是权限管理 ​ 涉及到用户参与的系统都要涉及权限管理,权限管理属于系统安全范畴。权限管理实现的是对用户访问系统的控制,按照安全规则或者安全策略控制用户可以访问而且只能访问自己被授权的资源。 ​ 权限管理包括 用户身份认证 和 授权 两部分.
Shiro 入门教程 - Shiro 拦截器机制
smart_an的专栏
07-19 1046
Shiro 使用了与 Servlet 一样的 Filter 接口进行扩展;NameableFilter 给 Filter 起个名字,如果没有设置默认就是 FilterName;还记得之前的如 authc 吗?当我们组装拦截器链时会根据这个名字找到相应的拦截器实例;OncePerRequestFilter 用于防止多次执行 Filter 的;也就是说一次请求只会走一次拦截器链;
【Vue3】02-Vue3工程目录分析
qq_52161797的博客
09-08 905
本文介绍了Vue3工程目录结构及关键文件作用。主要内容包括:1).vscode/extensions.json配置VS Code插件推荐;2)public目录存放静态资源;3)src目录存放主要开发文件;4)env.d.ts解决TS文件类型识别问题及常见依赖错误处理;5)index.html作为项目入口文件;6)package.json管理项目依赖;7)tsconfig相关文件配置TypeScript。文章还提供了项目运行方法(npm run dev)和常见权限问题的解决方案,帮助开发者快速理解和上手Vue
vue3+TS项目配置Eslint+prettier+husky语法校验
qq_44423029的博客
09-10 122
本文配置了Eslint+prettier+husky。其中ESLint 负责代码质量检查,Prettier 负责代码格式统一,Husky 通过 Git 钩子在提交时自动执行检查与格式化,三者结合确保代码规范、风格一致且无低级错误。
ssh远程登录服务器
huiguo_的博客
09-08 211
本文介绍了通过SSH密钥实现本地与服务器安全连接的完整流程:1) 在本机生成公钥/私钥对;2) 将公钥上传至服务器并设置权限;3) 配置服务器SSH参数(启用RSA认证、公钥登录和root登录);4) 重启SSH服务使配置生效;5) 最后演示了在VSCode中使用私钥连接服务器的具体方法。整个流程包含详细的命令行操作和配置说明,并配有步骤截图辅助理解。
调试 cuda kernel
eloudy的专栏
09-07 843
调试 CUDA Kernel 并进入__device__函数是 CUDA 开发中一项非常重要的技能。这主要依赖于 NVIDIA 的官方调试器(用于系统级分析)(用于内核级分析) 以及经典的(命令行调试器)。这里将重点介绍两种最常用和强大的方法:使用(图形化界面,推荐)(命令行)
vim笔记:配置笔记(长期记录)
最新发布
憧憬,思考,奋斗,飞翔
09-10 92
【代码】vim笔记:配置笔记(长期记录)
ShiroWeb应用实现登录功能的教程
本文将详细介绍如何使用Shiro实现一个Web应用程序的登录功能。 首先,我们需要创建一个web项目,并引入Shiro框架的相关依赖。Shiro依赖通常包括Shiro核心库以及可能需要的其他模块,比如Shiro与Spring的集成模块...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值