Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you about what the function of adding CAPTCHA to login in SpringSecurityOAuth2 is. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

On the basis of encapsulating a layer of RestTemplate requests. Request code, use redis to save a time-limited cache with a user name, for example, save a 60-second cache ahead of code authentication before the login request verifies the username and password.

Log in to set the verification code, which is valid for 1 minute. The verification code will expire after the login is successful or after the maximum time is reached. The verification code is stored in redis with the keyword of user name _ code, and the expiration time is set. The next step of token generation is performed after the user name and verification code match is passed. After the token is generated, the verification code is deleted.

Transform the tokenController code in (5) (this article only shows the idea of implementation, code directly generates random numbers)

@ PostMapping ("/ login") public ResponseVo login (HttpServletRequest request) throws UnsupportedEncodingException {String header = request.getHeader ("Authorization"); if (header = = null & &! header.startsWith ("Basic")) {return new ResponseVo (400, "missing parameter in request header");} String code = request.getParameter ("code"); String username = request.getParameter ("username") If (code==null) {return new ResponseVo (500, "CAPTCHA missing");} String old_code= redisTemplate.opsForValue () .get (username+ "_ code"); if (old_code==null) {return new ResponseVo (500, "CAPTCHA does not exist or has expired") } if (! code.equals (old_code)) {return new ResponseVo (500, "CAPTCHA error");} String url = "http://" + request.getRemoteAddr () +": "+ request.getServerPort () +" / oauth/token "; Map map = new HashMap (); map.put (" grant_type "," password "); map.put (" username ", username) Map.put ("password", request.getParameter ("password")); HttpHeaders headers = new HttpHeaders (); headers.set ("Authorization", header); headers.setContentType (MediaType.APPLICATION_FORM_URLENCODED); / / this mode is required, otherwise the requester cannot get grant_type HttpEntity httpEntity = new HttpEntity (headers); ResponseEntity response = restTemplate.postForEntity (url + "?" + LinkStringUtil.createLinkStringByGet (map), httpEntity, String.class) If (response.getStatusCodeValue () = = 200) {return new ResponseVo (200, "login succeeded", JSONObject.parseObject (response.getBody ();} else {return new ResponseVo (500, "login failed");} @ PostMapping ("/ getCode") public String getCode (String username) {String code = String.valueOf (Math.random () * 100) RedisTemplate.opsForValue () .set (username + "_ code", code, 60, TimeUnit.SECONDS); return "code is" + code;}

Verification passed:

Verification code invalidation or error:

This is what the function of adding CAPTCHA to login in SpringSecurityOAuth2 shared by Xiaobian is. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.