内部邀请码:C8E245J (不写邀请码,没有现金送)
国内私募机构九鼎控股打造,九鼎投资是在全国股份转让系统挂牌的公众公司,股票代码为430719,为“中国PE第一股”,市值超1000亿元。
在部署cas登录过程中,可能会用到验证码功能,这里简要介绍一下加入验证码的过程.
1. 首先,我用的cas版本是3.4.6,验证码采用的是CAPTCHA,所需jar包可以google搜索,部署好cas后.在web-info目录下找到login-webflow.xml,打开,找到如下代码:
<view-state id="viewLoginForm" view="casLoginView" model="credentials"> <var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" /> <binder> <binding property="username" /> <binding property="password" /> </binder> <on-entry> <set name="viewScope.commandName" value="'credentials'" /> </on-entry> <transition on="submit" bind="true" validate="true" to="realSubmit"> <set name="flowScope.credentials" value="credentials" /> <evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" /> </transition> </view-state>
此段代码的功能是绑定cas登录过程中的用户名和密码,再次我们修改如下:
<view-state id="viewLoginForm" view="casLoginView" model="credentials"> <var name="credentials" class="org.jasig.cas.authentication.principal.UsernamePasswordCredentials" /> <binder> <binding property="username" /> <binding property="password" /> </binder> <on-entry> <set name="viewScope.commandName" value="'credentials'" /> </on-entry> <transition on="submit" bind="true" validate="true" to="yzmSubmit"> <set name="flowScope.credentials" value="credentials" /> <evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" /> </transition> </view-state>
也就是说,只需要修改realSubmit为yzmSubmit即可.然后加入如下配置:
<action-state id="yzmSubmit"> <evaluate expression="yzmViaFormAction.submit(flowRequestContext)" /> <transition on="success" to="realSubmit" /> <transition on="error" to="viewLoginForm" /> </action-state>
此段配置是自定义的验证码验证器,用来验证你提交的验证码的正确性.
2. 在web-info下找到cas-servlet.xml,打开后,加入
<bean id="yzmViaFormAction" class="com.ivan.zhang.servlet.YzmAction" />
3. 编写如下类:
package com.ivan.zhang.servlet; import com.ivan.zhang.CaptchaServiceSingleton; import com.octo.captcha.service.image.ImageCaptchaService; import java.io.PrintStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.jasig.cas.web.support.WebUtils; import org.springframework.webflow.core.collection.ParameterMap; import org.springframework.webflow.execution.RequestContext; public class YzmAction { public final String submit(RequestContext context) throws Exception { Boolean flag = Boolean.valueOf(false); System.out.println("YzmAction is submiting...................."); String yzm = context.getRequestParameters().get("yzm"); String captchaId = WebUtils.getHttpServletRequest(context).getSession().getId(); flag = CaptchaServiceSingleton.getInstance().validateResponseForID(captchaId, yzm); if (flag.booleanValue()) { return "success"; } return "error"; } }
其中, flag = CaptchaServiceSingleton.getInstance().validateResponseForID(captchaId, yzm);
此句话是为了验证提交的验证码和先前生成的验证码的正确性,以此作为验证结果跳转的依据.CaptchaServiceSingleton此类是自定义类,稍后会附加完整的类供下载调试.
4. 打开web-info/view/jsp/default/ui/casLoginView.jsp,在密码下面加入
<img alt="yzm" src="captcha.jpg"> <spring:message code="screen.welcome.label.yzm.accesskey" var="yzmAccessKey" /> <form:input cssClass="required" cssErrorClass="error" id="yzm" size="25" tabindex="1" accesskey="${yzmAccessKey}" path="yzm" autocomplete="false" htmlEscape="true" />
5. 最后一步则是注册验证码生成器,打开web.xml文件,加入
<servlet> <servlet-name>jcaptcha</servlet-name> <servlet-class>com.ivan.zhang.servlet.ImageCaptchaServlet</servlet-class> <load-on-startup>0</load-on-startup> </servlet> <servlet-mapping> <servlet-name>jcaptcha</servlet-name> <url-pattern>/captcha.jpg</url-pattern> </servlet-mapping>
ok,就这么简单.简单解释一下流程,web.xml中注册的类是用来调用自定义的验证码生成器,以便在显示登陆界面的时候绘制验证码图片,并在session中生成标志位并记录,当用户提交验证码和用户名密码时,会先走自定义的验证码验证器(此时会先验证验证码的正确性),如果正确,再走用户名和密码的验证,如果不正确,则直接跳转回登陆页面.yzm.jar是自定义的验证码生成器和验证类,直接打包好后放到web-info/lib下.
如有疑问,请留言
文件地址:
http://files.cnblogs.com/AloneSword/alonesword-cas-customize-login-randomcode.zip