Spring security 验证码

2022-04-21
java spring security

验证码（Completely Autmated Public Turing test to tell Computers and Humans Apart，CAPTCHA），中文全称为“全自动区分计算机和人类的图灵测试”，主要运用在登录、注册、提交等表单并以防止其暴力破解以及频繁提交的一种功能。
在目前，验证码技术已经衍生到滑块验证、图形验证、拼图验证等，但验证码依然被广泛使用，因其不美观而被滑块等隐藏的方式所替代，本书作者本来是不想将验证码加入进来，但实在是觉得不应该，所以才写，本书使用hutool工具集简单实现验证码。

再次之前我们需要在pom.xml文件下加入hutool的个依赖：

<dependency>
    <groupId>cn.hutool</groupId>
    <artifactId>hutool-captcha</artifactId>
    <version>5.3.10</version>
</dependency>

Controller

CaptchaController.java

package com.example.demo.controller;

import cn.hutool.captcha.CaptchaUtil;
import cn.hutool.captcha.CircleCaptcha;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStream;


@Slf4j
@RestController
public class CaptchaController {
    public final static String SESSION_KEY_IMAGE_CODE = "SESSION_KEY_IMAGE_CODE";

    @GetMapping("/code/image")
    public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
        response.setCharacterEncoding("UTF-8");
        response.setHeader("Pragma","No-chache");
        response.setHeader("Cache-Control","no-chache");
        response.setDateHeader("Expires",0);
        response.setContentType("image/jpeg");

        /*
            width @宽
            height @高
            codeCount @验证码位数
            circleCount @循环次数
         */
        CircleCaptcha captcha = CaptchaUtil.createCircleCaptcha(100,20,4,3);
        System.out.println(captcha.getCode());

        request.getSession().setAttribute(SESSION_KEY_IMAGE_CODE, captcha.getCode());
        log.info("Captcha:" + captcha.getCode() + ",already arrive deposit HttpSession");

        OutputStream outputStream = response.getOutputStream();
        captcha.write(outputStream);
        outputStream.flush();
        outputStream.close();
    }
}

configuration

WebSecurityConfiguration.java

package com.example.demo.configuration;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure (HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests()
                .antMatchers("/code/image").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/myLogin.html")
                .permitAll()
                .and()
                .csrf().disable();
    }
}

resources

static

myLogin.html

<html>
<head>
    <meta charset="UTF-8">
    <title>Loing - by Spring security</title>
</head>
<body>
<h1>The is Spring security by html</h1>
<form action="/myLogin" method="post">
    <input type="text" name="username" placeholder="user"/>&nbsp;
    <input type="password" name="password" placeholder="pass"/>
    &nbsp;
    <input type="text" placeholder="Captcha">
    <img src="/code/image">&nbsp;
    <input type="submit" value="login go">
</form>
</body>
</html>

⬅️ Go back