单点登录加验证码例子
在部署cas登录过程中,可能会用到验证码功能,这里简要介绍一下加入验证码的过程.
1. 首先,我用的cas版本是3.4.6,验证码采用的是CAPTCHA,所需jar包可以google搜索,部署好cas后.在web-info目录下找到login-webflow.xml,打开,找到如下代码:
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<var name="credentials" />
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credentials'" />
</on-entry>
<transition on="submit" bind="true" validate="true" to="realSubmit">
<set name="flowScope.credentials" value="credentials" />
<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
此段代码的功能是绑定cas登录过程中的用户名和密码,再次我们修改如下:
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<var name="credentials" />
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="'credentials'" />
</on-entry>
<transition on="submit" bind="true" validate="true" to="yzmSubmit">
<set name="flowScope.credentials" value="credentials" />
<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
也就是说,只需要修改realSubmit为yzmSubmit即可.然后加入如下配置:
<!--fan add start-->
<action-state id="yzmSubmit">
<evaluate expression="yzmViaFormAction.submit(flowRequestContext)" />
<transition on="success" to="realSubmit" />
<transition on="error" to="viewLoginForm" />
</action-state>
<!--fan add end-->
此段配置是自定义的验证码验证器,用来验证你提交的验证码的正确性.
2.在web-info下找到cas-servlet.xml,打开后,加入
<!--fan add start-->
<bean id="yzmViaFormAction" src="captcha.jpg">
<spring:message code="screen.welcome.label.yzm.accesskey" var="yzmAccessKey" />
<form:input csscssErrorid="yzm" size="25" tabindex="1" accesskey="${yzmAccessKey}" path="yzm" autocomplete="false" htmlEscape="true" />
<%--fan add end --%>
5. 最后一步则是注册验证码生成器,打开web.xml文件,加入
<servlet>
<servlet-name>jcaptcha</servlet-name>
<servlet-class>com.ivan.zhang.servlet.ImageCaptchaServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jcaptcha</servlet-name>
<url-pattern>/captcha.jpg</url-pattern>
</servlet-mapping>
ok,就这么简单.简单解释一下流程,web.xml中注册的类是用来调用自定义的验证码生成器,以便在显示登陆界面的时候绘制验证码图片,并在session中生成标志位并记录,当用户提交验证码和用户名密码时,会先走自定义的验证码验证器(此时会先验证验证码的正确性),如果正确,再走用户名和密码的验证,如果不正确,则直接跳转回登陆页面.yzm.jar是自定义的验证码生成器和验证类,直接打包好后放到web-info/lib下.
如有疑问,请留言
去掉 }
@Override
public boolean equals(final Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
UsernamePasswordCredentials that = (UsernamePasswordCredentials) o;
if (password != null ? !password.equals(that.password) : that.password != null) return false;
if (username != null ? !username.equals(that.username) : that.username != null) return false;
if (yzm != null ? !yzm.equals(that.yzm) : that.yzm != null) return false;
return true;
}
@Override
public int hashCode() {
int result = username != null ? username.hashCode() : 0;
result = 31 * result + (password != null ? password.hashCode() : 0);
return result;
}
}
//将这个类替换
