shiro session and verification code

session manager

  <!-- 会话管理器 -->
  <bean id ="sessionManager" class ="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    <property name="globalSessionTimeout" value ="600000"/>
    <property name ="deleteInvalidSessions" value ="true"/>
  </bean>

<!-- securityManager -->
    <bean id ="securityManager" class ="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <property name ="realm" ref ="customRealm" />
        <property name ="cacheManager" ref ="cacheManager" />
        <property name ="sessionManager" ref ="sessionManager"/>
    </bean>

verification code

Custom CustomFormAuthenticationFilter

/**
*
* <p>Title:CustomFormAuthenticationFilter</p>
* <p>Description:自定义CustomFormAuthenticationFilter，认证之前实现验证码校验</p>
* <p>PersonWeb:www.xuxiaonan.cn</p>
* @author   dinggc
* @date     2018年4月25日下午3:09:05
* @version  1.0
*/
public class CustomFormAuthenticationFilter extends FormAuthenticationFilter{
    //原FormAuthenticationFilter的认证方法
    @Override
    protected boolean onAccessDenied(ServletRequest request,ServletResponse response)throws Exception{
        //在这里验证码的校验

        //从session获取正确的验证码
        HttpServletRequest httpServletRequest = (HttpServletRequest)request;
        HttpSession session = httpServletRequest.getSession();
        String validateCode =(String) httpServletRequest.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);        
        //取出页面的验证码
        //输入的验证和session中的验证进行对比
        String randomcode = httpServletRequest.getParameter("yzm");
        if(randomcode!=null && validateCode!=null &&!randomcode.equals(validateCode)) {
            httpServletRequest.setAttribute("shiroLoginFailure", "randomCodeError");
            return true;
        }
        return super.onAccessDenied(request, response);

    }
}

configuration file

<!-- 自定义form认证过滤器 -->
  <!-- 基于form表单的身份验证过滤器，不配置也会注册过滤器，表单中的用户账号，密码及loginurl将采用默认值，建议配置 -->
  <bean id ="formAuthenticationFilter" class ="shiro.CustomFormAuthenticationFilter">
    <property name ="usernameParam" value ="username"/>
    <property name ="passwordParam" value ="password"/>
  </bean>

<property name ="filters">
            <map>
                <entry key ="authc" value-ref ="formAuthenticationFilter"/>
            </map>
        </property>