CAS版本:cas-server-3.4.11,cas-client-3.2.1
1、当然是在登录页面(casLoginView.jsp)增加验证码的输入框(这里我命名为:vcode)。
2、增加vcode输入框后,那相应的,在接收表单的java bean里面也要加上vcode属性,CAS接收和验证登录表单的java bean是UsernamePasswordCredentials,这里我是增加了一个自己的UsernamePasswordVCodeCredentials的类,当然这里要继承UsernamePasswordCredentials类;
public class UsernamePasswordVCodeCredentials extends UsernamePasswordCredentials { private static final long serialVersionUID = 1L; @NotNull @Size(min=1,message = "required.vcode")/*这里需要到相应的属性文件里面增加描述*/ private String vcode; public String getVcode() { return vcode; } public void setVcode(String vcode) { this.vcode = vcode; } }
更改login-webflow.xml配置
将:
<var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" />>
换成
<var name="credentials" class="net.bean.UsernamePasswordVCodeCredentials" />
然后需要增加对vcode的校验方法了,这里我也是增加一个类,就叫MyAuthenticationViaFormAction
public class MyAuthenticationViaFormAction extends AuthenticationViaFormAction { private final String ERROR="error"; private final String SUCCESS="success"; public final String validatorCode(final RequestContext context, final Credentials credentials, final MessageContext messageContext) throws Exception { String vcode=(String)WebUtils.getHttpServletRequest(context).getSession().getAttribute("vcode"); UsernamePasswordVCodeCredentials upv=(UsernamePasswordVCodeCredentials)credentials; if(StringUtils.isBlank(upv.getVcode()) || StringUtils.isBlank(vcode)) return ERROR; if(upv.getVcode().equals(vcode)){ return SUCCESS; } MessageBuilder msgBuilder=new MessageBuilder(); msgBuilder.defaultText("验证码有误!"); messageContext.addMessage(msgBuilder.error().build()); return ERROR; } }
那加了校验类之后,当然配置也得改了,在cas-servlet.xml里面找到
<bean id="authenticationViaFormAction" class="org.jasig.cas.web.flow.AuthenticationViaFormAction" p:centralAuthenticationService-ref="centralAuthenticationService" p:warnCookieGenerator-ref="warnCookieGenerator"/>
改成
<bean id="authenticationViaFormAction" class="net.validator.MyAuthenticationViaFormAction" p:centralAuthenticationService-ref="centralAuthenticationService" p:warnCookieGenerator-ref="warnCookieGenerator" />
然后在login-webflow.xml里面找到id="viewLoginForm"这个位置,将这个view-state换成;
<view-state id="viewLoginForm" view="casLoginView" model="credentials"> <binder> <binding property="username" /> <binding property="password" /> <binding property="vcode" /> </binder> <on-entry> <set name="viewScope.commandName" value="'credentials'" /> </on-entry> <transition on="submit" bind="true" validate="true" to="validatorCode"> <evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" /> </transition> </view-state> <action-state id="validatorCode"> <evaluate expression="authenticationViaFormAction.validatorCode(flowRequestContext, flowScope.credentials, messageContext)" /> <transition on="error" to="generateLoginTicket" /> <transition on="success" to="realSubmit" /> </action-state> ...........
到这里就配置完成了(发现spring webflow还挺有意思的............)