Custom image validation code filter path interception
1.1 configuration files
security.imageCodeUrl=/user,/user/*,/authentication/form
1.2 core code
package org.xyssmysql.springsecurity.learn.browser.filter; import java.io.IOException; import java.util.Arrays; import java.util.HashSet; import java.util.Set; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import org.springframework.web.filter.GenericFilterBean; import org.springframework.web.filter.OncePerRequestFilter; import org.xyssmysql.common.constant.SymbolConstant; import org.xyssmysql.common.core.exception.BusinessException; import org.xyssmysql.common.util.RequestUtil; import org.xyssmysql.springsecurity.learn.browser.controller.CommonAuthenticationFailureHandler; import org.xyssmysql.springsecurity.learn.browser.global.service.BrowserRedisService; import org.xyssmysql.springsecurity.learn.core.config.SecurityProperties; import org.xyssmysql.springsecurity.learn.core.exception.BaseAuthenticationException; /** * OncePerRequestFilter: The filter ensures that only one parity * @Desc custom filter authentication code * @author huangshiqing * @date * / @Component public class ImageCodeSecurityFilter the extends OncePerRequestFilter the implements the InitializingBean { @Autowired BrowserRedisService browserRedisService; @Autowired Private CommonAuthenticationFailureHandler commonAuthenticationFailureHandler; public the Set <String> URLs = new new HashSet <String> (); @Autowired Private securityProperties securityProperties; / * * * path matching class * / @Autowired Private doFilterInternal (the HttpServletRequest Request, the HttpServletResponse Response, the filterChain filterChain)AntPathMatcher antPathMatcher;
after // Initialization bean, field injection @Override public void afterPropertiesSet () throws ServletException { super.afterPropertiesSet (); String [] urlStrArray = StringUtils.splitByWholeSeparatorPreserveAllTokens (securityProperties.getImageCodeUrl (), SymbolConstant.comma); URLs. the addAll (Arrays.asList (urlStrArray)); } / * * * authentication code method of the filter core * / @Override protected void throws ServletException, IOException { String requestMethod = request.getMethod (); String requestURI= Request.getRequestURI (); Boolean requireFilter = to false ; for (String URL: URLs) { IF (antPathMatcher.match (URL, requestURI)) { requireFilter = to true ; BREAK ; } } // do not satisfy the conditions required to verify ( " StringUtils.endsWithIgnoreCase /authentication/form".equals(requestURI)&& (requestMethod, "POST")) IF (requireFilter) { // 1. acquired image corresponding to this session codes String imageCodeCorrect =browserRedisService.getImageCode (RequestUtil.getSessionId (Request)); // 2. if blank direct response codes need to reacquire IF (StringUtils.isEmpty (imageCodeCorrect)) { BaseAuthenticationException baseAuthenticationException = new new BaseAuthenticationException ( " Code expired! " ); // the throw BusinessException.error ( "code expired!"); commonAuthenticationFailureHandler.onAuthenticationFailure (Request, response, baseAuthenticationException); } // 3. If it is not inconsistent response codes IF (imageCodeCorrect.equals (request.getParameter! ( " imageCode "))) { BaseAuthenticationException baseAuthenticationException = new BaseAuthenticationException("验证码输入错误!"); commonAuthenticationFailureHandler.onAuthenticationFailure(request, response, baseAuthenticationException); } filterChain.doFilter(request, response); } //4.放行 else{ filterChain.doFilter(request, response); } } /*@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) IOException throws, {ServletException HttpServletRequest httpServletRequest=(HttpServletRequest) request; the HttpServletResponse HttpServletResponse = (the HttpServletResponse) Response; String requestMethod HttpServletRequest.getMethod = (); String requestURI HttpServletRequest.getRequestURI = (); // do not satisfy conditions required to verify if (( "/ authentication / form " .equals (requestURI) && StringUtils.endsWithIgnoreCase (requestMethod, "POST"))) { //. 1 acquires the image corresponding to the session codes. String imageCodeCorrect = browserRedisService.getImageCode (RequestUtil.getSessionId ((the HttpServletRequest) Request)); // 2. If it is empty you need to reacquire the direct response codes if (StringUtils.isEmpty (imageCodeCorrect)) { BaseAuthenticationException baseAuthenticationException = new BaseAuthenticationException ( "Code expired!"); CommonAuthenticationFailureHandler.onAuthenticationFailure (HttpServletRequest, HttpServletResponse, baseAuthenticationException); } .. 3 // If not inconsistent response codes if (imageCodeCorrect.equals (request.getParameter ( "imageCode ! "))) { baseAuthenticationException baseAuthenticationException new new baseAuthenticationException = (" input error codes ");! commonAuthenticationFailureHandler.onAuthenticationFailure (HttpServletRequest, HttpServletResponse, baseAuthenticationException); } the chain.doFilter (Request, Response); } //4.放行 else{ chain.doFilter(request, response); } }*/ }