自己先创建一个拦截器 实现 GenericFilterBean接口
重写doFilter()方法
public class ValidateFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
if ("POST".equalsIgnoreCase(request.getMethod()) && "/doLogin".equals(request.getServletPath())) {
String codePre = request.getParameter("verifyCode");
~~//获取之前生成验证码的值~~
String sessioinCode = (String) request.getSession().getAttribute("validateCode");
//打印
System.out.println(codePre+":::;"+sessioinCode);
if (StringUtils.isEmpty(codePre)) {
// 手动设置异常
request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", new DisabledException("验证码不能为空"));
request.getRequestDispatcher("/error1").forward(request, response);
}
if(!codePre.toLowerCase().equals(sessioinCode.toLowerCase())){
// 手动设置异常
request.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", new DisabledException("验证码错误"));
request.getRequestDispatcher("/error1").forward(request, response);
}else{
chain.doFilter(request, response);
}
}else{
chain.doFilter(request, response);
}
}
}
然后在configure方法中设置
@Override
protected void configure(HttpSecurity http) throws Exception {
//将这个拦截器设置在 登陆拦截之前执行
http.addFilterBefore(new ValidateFilter(),UsernamePasswordAuthenticationFilter.class);
}