Shulou(Shulou.com)05/31 Report--

In this article Xiaobian for you to introduce in detail "Springboot+SpringSecurity how to achieve picture CAPTCHA login", the content is detailed, the steps are clear, the details are handled properly, I hope this "Springboot+SpringSecurity how to achieve picture CAPTCHA login" article can help you solve your doubts, the following follows the editor's ideas slowly in depth, together to learn new knowledge.

Effect picture

Most of the AuthenticationFailureHandler is injected directly into the Internet. I didn't understand how to inject it at that time. As soon as I wrote it, I reported an error, but I couldn't inject it. Later, I thought I new a wow, it could be OK, but I also reported an exception, java.lang.IllegalStateException: Cannot call sendError () after the response has been committed. Later, when I wanted to verify the form, I used this processor to define a global processor.

Package com.liruilong.hros.config; import com.fasterxml.jackson.databind.ObjectMapper;import com.liruilong.hros.Exception.ValidateCodeException;import com.liruilong.hros.model.RespBean;import org.springframework.context.annotation.Bean;import org.springframework.security.authentication.*;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.AuthenticationFailureHandler;import org.springframework.stereotype.Component; import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException Import java.io.PrintWriter; / * * @ Description: * @ Author: Liruilong * @ Date: 23:08 * / @ Componentpublic class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {@ Override public void onAuthenticationFailure (HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {httpServletResponse.setContentType ("application/json;charset=utf-8"); PrintWriter out = httpServletResponse.getWriter (); RespBean respBean = RespBean.error (e.getMessage ()) / / Verification code custom exception handling if (e instanceof ValidateCodeException) {respBean.setMsg (e.getMessage ()); / / Security built-in exception handling} else if (e instanceof LockedException) {respBean.setMsg ("Please contact the administrator if the account is locked!") } else if (e instanceof CredentialsExpiredException) {respBean.setMsg ("password expires please contact administrator!");} else if (e instanceof AccountExpiredException) {respBean.setMsg ("account expires please contact administrator!");} else if (e instanceof DisabledException) {respBean.setMsg ("account is disabled, please contact administrator!") } else if (e instanceof BadCredentialsException) {respBean.setMsg ("user name and password entered incorrectly, please re-enter!");} / / convert hr to Sting out.write (new ObjectMapper (). WriteValueAsString (respBean)); out.flush (); out.close ();} @ Bean public MyAuthenticationFailureHandler getMyAuthenticationFailureHandler () {return new MyAuthenticationFailureHandler ();}}

Process flow

Request login page, store the CAPTCHA result in Servlet-based session, and return CAPTCHA in JSON format

After that, the front end sends a login request, which is processed in SpringSecurity, defines a filter to inherit from OncePerRequestFilter, and then rewrites the doFilterInternal method, in which the function of verification code verification is implemented. If the verification code error is wrong, an exception message inherited from AuthenticationException verification error is written into the response message.

After that, the exception information is returned to the custom validation failure handler for processing.

The following code is written in this order:

Rely on everyone to follow the import guide, remember these two, CAPTCHA needs a dependency, and then use a tool dependency package, followed by the front-end code

Com.github.whvcse easy-captcha 1.6.2 org.apache.commons commons-lang3

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.