Shiro在web應用中實現驗證碼功能

原文參照：http://www.micmiu.com/opensource/security/shiro-web-captcha/

目錄結構：

1. 概述
2. 擴展shiro認證
3. 驗證碼工具
4. 驗證碼servlet
5. 配置文件修改
6. 修改登錄頁面
7. 測試驗證

[一]、概述

本文簡單講述在web應用整合shiro後，如何實現登錄驗證碼認證的功能。

[二]、擴展shiro的認證

創建驗證碼異常類：CaptchaException.java

package com.micmiu.modules.support.shiro; import org.apache.shiro.authc.AuthenticationException; /** * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class CaptchaException extends AuthenticationException { private static final long serialVersionUID = 1L; public CaptchaException() { super(); } public CaptchaException(String message, Throwable cause) { super(message, cause); } public CaptchaException(String message) { super(message); } public CaptchaException(Throwable cause) { super(cause); } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37

package com.micmiu.modules.support.shiro;   import org.apache.shiro.authc.AuthenticationException;   /** * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class CaptchaException extends AuthenticationException {   private static final long serialVersionUID = 1L;   public CaptchaException() {   super();   }   public CaptchaException(String message, Throwable cause) {   super(message, cause);   }   public CaptchaException(String message) {   super(message);   }   public CaptchaException(Throwable cause) {   super(cause);   }   }

擴展默認的用戶認證的bean爲：UsernamePasswordCaptchaToken.java

package com.micmiu.modules.support.shiro; import org.apache.shiro.authc.UsernamePasswordToken; /** * extends UsernamePasswordToken for captcha * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class UsernamePasswordCaptchaToken extends UsernamePasswordToken { private static final long serialVersionUID = 1L; private String captcha; public String getCaptcha() { return captcha; } public void setCaptcha(String captcha) { this.captcha = captcha; } public UsernamePasswordCaptchaToken() { super(); } public UsernamePasswordCaptchaToken(String username, char[] password, boolean rememberMe, String host, String captcha) { super(username, password, rememberMe, host); this.captcha = captcha; } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

package com.micmiu.modules.support.shiro;   import org.apache.shiro.authc.UsernamePasswordToken;   /** * extends UsernamePasswordToken for captcha * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class UsernamePasswordCaptchaToken extends UsernamePasswordToken {   private static final long serialVersionUID = 1L;   private String captcha;   public String getCaptcha() { return captcha; }   public void setCaptcha(String captcha) { this.captcha = captcha; }   public UsernamePasswordCaptchaToken() { super();   }   public UsernamePasswordCaptchaToken(String username, char[] password, boolean rememberMe, String host, String captcha) { super(username, password, rememberMe, host); this.captcha = captcha; }   }

擴展原始默認的過濾爲：FormAuthenticationCaptchaFilter.java

package com.micmiu.modules.support.shiro; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.util.WebUtils; /** * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class FormAuthenticationCaptchaFilter extends FormAuthenticationFilter { public static final String DEFAULT_CAPTCHA_PARAM = "captcha"; private String captchaParam = DEFAULT_CAPTCHA_PARAM; public String getCaptchaParam() { return captchaParam; } protected String getCaptcha(ServletRequest request) { return WebUtils.getCleanParam(request, getCaptchaParam()); } protected AuthenticationToken createToken( ServletRequest request, ServletResponse response) { String username = getUsername(request); String password = getPassword(request); String captcha = getCaptcha(request); boolean rememberMe = isRememberMe(request); String host = getHost(request); return new UsernamePasswordCaptchaToken(username, password.toCharArray(), rememberMe, host, captcha); } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51

package com.micmiu.modules.support.shiro;   import javax.servlet.ServletRequest; import javax.servlet.ServletResponse;   import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.web.filter.authc.FormAuthenticationFilter; import org.apache.shiro.web.util.WebUtils;   /** * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class FormAuthenticationCaptchaFilter extends FormAuthenticationFilter {   public static final String DEFAULT_CAPTCHA_PARAM = "captcha";   private String captchaParam = DEFAULT_CAPTCHA_PARAM;   public String getCaptchaParam() {   return captchaParam;   }   protected String getCaptcha(ServletRequest request) {   return WebUtils.getCleanParam(request, getCaptchaParam());   }   protected AuthenticationToken createToken(   ServletRequest request, ServletResponse response) {   String username = getUsername(request);   String password = getPassword(request);   String captcha = getCaptcha(request);   boolean rememberMe = isRememberMe(request);   String host = getHost(request);   return new UsernamePasswordCaptchaToken(username, password.toCharArray(), rememberMe, host, captcha);   }   }

修改shiro認證邏輯：ShiroDbRealm.java

package com.micmiu.framework.web.v1.system.service; import java.io.Serializable; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AccountException; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cache.Cache; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import com.micmiu.framework.web.v1.system.entity.Role; import com.micmiu.framework.web.v1.system.entity.User; import com.micmiu.modules.captcha.CaptchaServlet; import com.micmiu.modules.support.shiro.CaptchaException; import com.micmiu.modules.support.shiro.UsernamePasswordCaptchaToken; /** * 演示用戶和權限的認證，使用默認 的SimpleCredentialsMatcher * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class ShiroDbRealm extends AuthorizingRealm { private UserService userService; /** * 認證回調函數, 登錄時調用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken; String username = token.getUsername(); if (username == null) { throw new AccountException( "Null usernames are not allowed by this realm."); } // 增加判斷驗證碼邏輯 String captcha = token.getCaptcha(); String exitCode = (String) SecurityUtils.getSubject().getSession() .getAttribute(CaptchaServlet.KEY_CAPTCHA); if (null == captcha || !captcha.equalsIgnoreCase(exitCode)) { throw new CaptchaException("驗證碼錯誤"); } User user = userService.getUserByLoginName(username); if (null == user) { throw new UnknownAccountException("No account found for user [" + username + "]"); } return new SimpleAuthenticationInfo(new ShiroUser(user.getLoginName(), user.getName()), user.getPassword(), getName()); } /** * 授權查詢回調函數, 進行鑑權但緩存中無用戶的授權信息時調用. */ @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { ShiroUser shiroUser = (ShiroUser) principals.fromRealm(getName()) .iterator().next(); User user = userService.getUserByLoginName(shiroUser.getLoginName()); if (user != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for (Role role : user.getRoleList()) { // 基於Permission的權限信息 info.addStringPermissions(role.getAuthList()); } return info; } else { return null; } } /** * 更新用戶授權信息緩存. */ public void clearCachedAuthorizationInfo(String principal) { SimplePrincipalCollection principals = new SimplePrincipalCollection( principal, getName()); clearCachedAuthorizationInfo(principals); } /** * 清除所有用戶授權信息緩存. */ public void clearAllCachedAuthorizationInfo() { Cache<Object, AuthorizationInfo> cache = getAuthorizationCache(); if (cache != null) { for (Object key : cache.keys()) { cache.remove(key); } } } @Autowired public void setUserService(UserService userService) { this.userService = userService; } /** * 自定義Authentication對象，使得Subject除了攜帶用戶的登錄名外還可以攜帶更多信息. */ public static class ShiroUser implements Serializable { private static final long serialVersionUID = -1748602382963711884L; private String loginName; private String name; public ShiroUser(String loginName, String name) { this.loginName = loginName; this.name = name; } public String getLoginName() { return loginName; } /** * 本函數輸出將作爲默認的<shiro:principal/>輸出. */ @Override public String toString() { return loginName; } public String getName() { return name; } } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143

package com.micmiu.framework.web.v1.system.service;   import java.io.Serializable;   import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AccountException; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cache.Cache; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.springframework.beans.factory.annotation.Autowired;   import com.micmiu.framework.web.v1.system.entity.Role; import com.micmiu.framework.web.v1.system.entity.User; import com.micmiu.modules.captcha.CaptchaServlet; import com.micmiu.modules.support.shiro.CaptchaException; import com.micmiu.modules.support.shiro.UsernamePasswordCaptchaToken;   /** * 演示用戶和權限的認證，使用默認 的SimpleCredentialsMatcher * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class ShiroDbRealm extends AuthorizingRealm {   private UserService userService;   /** * 認證回調函數, 登錄時調用. */ @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authcToken) throws AuthenticationException { UsernamePasswordCaptchaToken token = (UsernamePasswordCaptchaToken) authcToken;   String username = token.getUsername(); if (username == null) { throw new AccountException( "Null usernames are not allowed by this realm."); } // 增加判斷驗證碼邏輯 String captcha = token.getCaptcha(); String exitCode = (String) SecurityUtils.getSubject().getSession() .getAttribute(CaptchaServlet.KEY_CAPTCHA); if (null == captcha || !captcha.equalsIgnoreCase(exitCode)) { throw new CaptchaException("驗證碼錯誤"); }   User user = userService.getUserByLoginName(username); if (null == user) { throw new UnknownAccountException("No account found for user [" + username + "]"); } return new SimpleAuthenticationInfo(new ShiroUser(user.getLoginName(), user.getName()), user.getPassword(), getName());   }   /** * 授權查詢回調函數, 進行鑑權但緩存中無用戶的授權信息時調用. */ @Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { ShiroUser shiroUser = (ShiroUser) principals.fromRealm(getName()) .iterator().next(); User user = userService.getUserByLoginName(shiroUser.getLoginName()); if (user != null) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); for (Role role : user.getRoleList()) { // 基於Permission的權限信息 info.addStringPermissions(role.getAuthList()); } return info; } else { return null; } }   /** * 更新用戶授權信息緩存. */ public void clearCachedAuthorizationInfo(String principal) { SimplePrincipalCollection principals = new SimplePrincipalCollection( principal, getName()); clearCachedAuthorizationInfo(principals); }   /** * 清除所有用戶授權信息緩存. */ public void clearAllCachedAuthorizationInfo() { Cache<Object, AuthorizationInfo> cache = getAuthorizationCache(); if (cache != null) { for (Object key : cache.keys()) { cache.remove(key); } } }   @Autowired public void setUserService(UserService userService) { this.userService = userService; }   /** * 自定義Authentication對象，使得Subject除了攜帶用戶的登錄名外還可以攜帶更多信息. */ public static class ShiroUser implements Serializable {   private static final long serialVersionUID = -1748602382963711884L; private String loginName; private String name;   public ShiroUser(String loginName, String name) { this.loginName = loginName; this.name = name; }   public String getLoginName() { return loginName; }   /** * 本函數輸出將作爲默認的<shiro:principal/>輸出. */ @Override public String toString() { return loginName; }   public String getName() { return name; } } }

[三]、驗證碼工具類

CaptchaUtil.java

package com.micmiu.modules.captcha; import java.awt.Color; import java.awt.Font; import java.awt.Graphics; import java.awt.image.BufferedImage; import java.io.File; import java.io.FileOutputStream; import java.util.Random; import javax.imageio.ImageIO; /** * 驗證碼工具類 * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class CaptchaUtil { // 隨機產生的字符串 private static final String RANDOM_STRS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; private static final String FONT_NAME = "Fixedsys"; private static final int FONT_SIZE = 18; private Random random = new Random(); private int width = 80;// 圖片寬 private int height = 25;// 圖片高 private int lineNum = 50;// 干擾線數量 private int strNum = 4;// 隨機產生字符數量 /** * 生成隨機圖片 */ public BufferedImage genRandomCodeImage(StringBuffer randomCode) { // BufferedImage類是具有緩衝區的Image類 BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR); // 獲取Graphics對象,便於對圖像進行各種繪製操作 Graphics g = image.getGraphics(); // 設置背景色 g.setColor(getRandColor(200, 250)); g.fillRect(0, 0, width, height); // 設置干擾線的顏色 g.setColor(getRandColor(110, 120)); // 繪製干擾線 for (int i = 0; i <= lineNum; i++) { drowLine(g); } // 繪製隨機字符 g.setFont(new Font(FONT_NAME, Font.ROMAN_BASELINE, FONT_SIZE)); for (int i = 1; i <= strNum; i++) { randomCode.append(drowString(g, i)); } g.dispose(); return image; } /** * 給定範圍獲得隨機顏色 */ private Color getRandColor(int fc, int bc) { if (fc > 255) fc = 255; if (bc > 255) bc = 255; int r = fc + random.nextInt(bc - fc); int g = fc + random.nextInt(bc - fc); int b = fc + random.nextInt(bc - fc); return new Color(r, g, b); } /** * 繪製字符串 */ private String drowString(Graphics g, int i) { g.setColor(new Color(random.nextInt(101), random.nextInt(111), random .nextInt(121))); String rand = String.valueOf(getRandomString(random.nextInt(RANDOM_STRS .length()))); g.translate(random.nextInt(3), random.nextInt(3)); g.drawString(rand, 13 * i, 16); return rand; } /** * 繪製干擾線 */ private void drowLine(Graphics g) { int x = random.nextInt(width); int y = random.nextInt(height); int x0 = random.nextInt(16); int y0 = random.nextInt(16); g.drawLine(x, y, x + x0, y + y0); } /** * 獲取隨機的字符 */ private String getRandomString(int num) { return String.valueOf(RANDOM_STRS.charAt(num)); } public static void main(String[] args) { CaptchaUtil tool = new CaptchaUtil(); StringBuffer code = new StringBuffer(); BufferedImage image = tool.genRandomCodeImage(code); System.out.println(">>> random code =: " + code); try { // 將內存中的圖片通過流動形式輸出到客戶端 ImageIO.write(image, "JPEG", new FileOutputStream(new File( "random-code.jpg"))); } catch (Exception e) { e.printStackTrace(); } } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121

package com.micmiu.modules.captcha;   import java.awt.Color; import java.awt.Font; import java.awt.Graphics; import java.awt.image.BufferedImage; import java.io.File; import java.io.FileOutputStream; import java.util.Random;   import javax.imageio.ImageIO;   /** * 驗證碼工具類 * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class CaptchaUtil {   // 隨機產生的字符串 private static final String RANDOM_STRS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";   private static final String FONT_NAME = "Fixedsys"; private static final int FONT_SIZE = 18;   private Random random = new Random();   private int width = 80;// 圖片寬 private int height = 25;// 圖片高 private int lineNum = 50;// 干擾線數量 private int strNum = 4;// 隨機產生字符數量   /** * 生成隨機圖片 */ public BufferedImage genRandomCodeImage(StringBuffer randomCode) { // BufferedImage類是具有緩衝區的Image類 BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR); // 獲取Graphics對象,便於對圖像進行各種繪製操作 Graphics g = image.getGraphics(); // 設置背景色 g.setColor(getRandColor(200, 250)); g.fillRect(0, 0, width, height);   // 設置干擾線的顏色 g.setColor(getRandColor(110, 120));   // 繪製干擾線 for (int i = 0; i <= lineNum; i++) { drowLine(g); } // 繪製隨機字符 g.setFont(new Font(FONT_NAME, Font.ROMAN_BASELINE, FONT_SIZE)); for (int i = 1; i <= strNum; i++) { randomCode.append(drowString(g, i)); } g.dispose(); return image; }   /** * 給定範圍獲得隨機顏色 */ private Color getRandColor(int fc, int bc) { if (fc > 255) fc = 255; if (bc > 255) bc = 255; int r = fc + random.nextInt(bc - fc); int g = fc + random.nextInt(bc - fc); int b = fc + random.nextInt(bc - fc); return new Color(r, g, b); }   /** * 繪製字符串 */ private String drowString(Graphics g, int i) { g.setColor(new Color(random.nextInt(101), random.nextInt(111), random .nextInt(121))); String rand = String.valueOf(getRandomString(random.nextInt(RANDOM_STRS .length()))); g.translate(random.nextInt(3), random.nextInt(3)); g.drawString(rand, 13 * i, 16); return rand; }   /** * 繪製干擾線 */ private void drowLine(Graphics g) { int x = random.nextInt(width); int y = random.nextInt(height); int x0 = random.nextInt(16); int y0 = random.nextInt(16); g.drawLine(x, y, x + x0, y + y0); }   /** * 獲取隨機的字符 */ private String getRandomString(int num) { return String.valueOf(RANDOM_STRS.charAt(num)); }   public static void main(String[] args) { CaptchaUtil tool = new CaptchaUtil(); StringBuffer code = new StringBuffer(); BufferedImage image = tool.genRandomCodeImage(code); System.out.println(">>> random code =: " + code); try { // 將內存中的圖片通過流動形式輸出到客戶端 ImageIO.write(image, "JPEG", new FileOutputStream(new File( "random-code.jpg"))); } catch (Exception e) { e.printStackTrace(); }   } }

[四]、創建驗證碼的servlet

CaptchaServlet.java

package com.micmiu.modules.captcha; import java.awt.image.BufferedImage; import java.io.IOException; import javax.imageio.ImageIO; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class CaptchaServlet extends HttpServlet { private static final long serialVersionUID = -124247581620199710L; public static final String KEY_CAPTCHA = "SE_KEY_MM_CODE"; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // 設置相應類型,告訴瀏覽器輸出的內容爲圖片 resp.setContentType("image/jpeg"); // 不緩存此內容 resp.setHeader("Pragma", "No-cache"); resp.setHeader("Cache-Control", "no-cache"); resp.setDateHeader("Expire", 0); try { HttpSession session = req.getSession(); CaptchaUtil tool = new CaptchaUtil(); StringBuffer code = new StringBuffer(); BufferedImage image = tool.genRandomCodeImage(code); session.removeAttribute(KEY_CAPTCHA); session.setAttribute(KEY_CAPTCHA, code.toString()); // 將內存中的圖片通過流動形式輸出到客戶端 ImageIO.write(image, "JPEG", resp.getOutputStream()); } catch (Exception e) { e.printStackTrace(); } } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } }

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57

package com.micmiu.modules.captcha;   import java.awt.image.BufferedImage; import java.io.IOException;   import javax.imageio.ImageIO; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession;   /** * * @author <a href="http://www.micmiu.com">Michael Sun</a> */ public class CaptchaServlet extends HttpServlet {   private static final long serialVersionUID = -124247581620199710L;   public static final String KEY_CAPTCHA = "SE_KEY_MM_CODE";   @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // 設置相應類型,告訴瀏覽器輸出的內容爲圖片 resp.setContentType("image/jpeg"); // 不緩存此內容 resp.setHeader("Pragma", "No-cache"); resp.setHeader("Cache-Control", "no-cache"); resp.setDateHeader("Expire", 0); try {   HttpSession session = req.getSession();   CaptchaUtil tool = new CaptchaUtil(); StringBuffer code = new StringBuffer(); BufferedImage image = tool.genRandomCodeImage(code); session.removeAttribute(KEY_CAPTCHA); session.setAttribute(KEY_CAPTCHA, code.toString());   // 將內存中的圖片通過流動形式輸出到客戶端 ImageIO.write(image, "JPEG", resp.getOutputStream());   } catch (Exception e) { e.printStackTrace(); }   }   @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); }   }

[五]、修改配置文件

在 web.xml 中增加配置：

XHTML

<!-- captcha servlet config--> <servlet> <servlet-name>CaptchaServlet</servlet-name> <servlet-class>com.micmiu.modules.captcha.CaptchaServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>CaptchaServlet</servlet-name> <url-pattern>/servlet/captchaCode</url-pattern> </servlet-mapping>

1 2 3 4 5 6 7 8 9

<!-- captcha servlet config--> <servlet> <servlet-name>CaptchaServlet</servlet-name> <servlet-class>com.micmiu.modules.captcha.CaptchaServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>CaptchaServlet</servlet-name> <url-pattern>/servlet/captchaCode</url-pattern> </servlet-mapping>

修改 applicationContext-shiro.xml 中的配置如下：

XHTML

<!-- Shiro Filter --> <bean id="myCaptchaFilter" class="com.micmiu.modules.support.shiro.FormAuthenticationCaptchaFilter"/> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.do" /> <property name="successUrl" value="/index.do" /> <property name="filters"> <map> <entry key="authc" value-ref="myCaptchaFilter"/> </map> </property> <property name="filterChainDefinitions"> <value> /login.do = authc /logout.do = logout /servlet/* = anon /images/** = anon /js/** = anon /css/** = anon /** = user </value> </property> </bean>

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

<!-- Shiro Filter --> <bean id="myCaptchaFilter" class="com.micmiu.modules.support.shiro.FormAuthenticationCaptchaFilter"/>   <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login.do" /> <property name="successUrl" value="/index.do" /> <property name="filters">     <map>         <entry key="authc" value-ref="myCaptchaFilter"/>     </map> </property> <property name="filterChainDefinitions"> <value> /login.do = authc /logout.do = logout /servlet/* = anon /images/** = anon /js/** = anon /css/** = anon /** = user </value> </property> </bean>

[六]、修改登錄頁面

login.jsp

&lt;%@ page contentType="text/html;charset=UTF-8"%&gt; &lt;%@ page import="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"%&gt; &lt;%@ page import="org.apache.shiro.authc.ExcessiveAttemptsException"%&gt; &lt;%@ page import="org.apache.shiro.authc.IncorrectCredentialsException"%&gt; &lt;%@ include file="/include/taglibs.jsp"%&gt; &lt;html&gt; &lt;head&gt; &lt;title&gt;登錄頁&lt;/title&gt; &lt;/head&gt; &lt;body style="width: 99%"&gt; &lt;div&gt; &lt;c:choose&gt; &lt;c:when test="${shiroLoginFailure eq 'com.hx.web.excep.CaptchaException'}"&gt; &lt;div class="error-msg prepend-top"&gt;驗證碼錯誤，請重試.&lt;/div&gt; &lt;/c:when&gt; &lt;c:when test="${shiroLoginFailure eq 'org.apache.shiro.authc.UnknownAccountException'}"&gt; &lt;div class="error-msg prepend-top"&gt;該用戶不存在.&lt;/div&gt; &lt;/c:when&gt; &lt;c:when test="${shiroLoginFailure eq 'org.apache.shiro.authc.IncorrectCredentialsException'}"&gt; &lt;div class="error-msg prepend-top"&gt;用戶或密碼錯誤.&lt;/div&gt; &lt;/c:when&gt; &lt;c:when test="${shiroLoginFailure ne null}"&gt; &lt;div class="error-msg prepend-top"&gt;登錄認證錯誤，請重試.&lt;/div&gt; &lt;/c:when&gt; &lt;/c:choose&gt; &lt;form:form id="loginForm" action="${ctx}/login.do" method="post"&gt; &lt;fieldset class="prepend-top"&gt; &lt;legend&gt;系統登錄&lt;/legend&gt; &lt;div class="field"&gt; &lt;label for="username" class="field"&gt;名稱:&lt;/label&gt; &lt;input type="text" id="username" name="username" size="25" value="${username}" class="required" /&gt; &lt;/div&gt; &lt;div class="field"&gt; &lt;label for="password" class="field"&gt;密碼:&lt;/label&gt; &lt;input type="password" id="password" name="password" size="25" class="required" /&gt; &lt;/div&gt; &lt;div class="field"&gt; &lt;label for="captcha" class="field"&gt;驗證碼:&lt;/label&gt; &lt;input type="text" id="captcha" name="captcha" size="4" maxlength="4" class="required" /&gt; &lt;/div&gt; &lt;div class="field"&gt; &lt;label for="codeImg" class="field"&gt;&lt;/label&gt; &lt;img title="點擊更換" id="img_captcha" onclick="javascript:refreshCaptcha();" src="servlet/captchaCode"&gt;(看不清&lt;a href="javascript:void(0)" onclick="javascript:refreshCaptcha()"&gt;換一張&lt;/a&gt;) &lt;/div&gt; &lt;/fieldset&gt; &lt;div&gt; &lt;input type="checkbox" id="rememberMe" name="rememberMe" /&gt; &lt;label for="rememberMe"&gt;記住我&lt;/label&gt; &lt;span style="padding-left: 10px;"&gt;&lt;input id="submit" class="button" type="submit" value="登錄" /&gt;&lt;/span&gt; &lt;/div&gt; &lt;div&gt; (管理員&lt;b&gt;admin/admin&lt;/b&gt;, 普通用戶&lt;b&gt;user/user&lt;/b&gt;) &lt;/div&gt; &lt;/form:form&gt; &lt;/div&gt; &lt;/body&gt; &lt;script type="text/javascript"&gt; $(document).ready(function() { $("#loginForm").validate(); }); var _captcha_id = "#img_captcha"; function refreshCaptcha() { $(_captcha_id).attr("src","servlet/captchaCode?t=" + Math.random()); } &lt;/script&gt; &lt;/html&gt;

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75

<%@ page contentType="text/html;charset=UTF-8"%> <%@ page import="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"%> <%@ page import="org.apache.shiro.authc.ExcessiveAttemptsException"%> <%@ page import="org.apache.shiro.authc.IncorrectCredentialsException"%> <%@ include file="/include/taglibs.jsp"%> <html> <head> <title>登錄頁</title>   </head> <body style="width: 99%"> <div> <c:choose> <c:when test="${shiroLoginFailure eq 'com.hx.web.excep.CaptchaException'}"> <div class="error-msg prepend-top">驗證碼錯誤，請重試.</div> </c:when> <c:when test="${shiroLoginFailure eq 'org.apache.shiro.authc.UnknownAccountException'}"> <div class="error-msg prepend-top">該用戶不存在.</div> </c:when> <c:when test="${shiroLoginFailure eq 'org.apache.shiro.authc.IncorrectCredentialsException'}"> <div class="error-msg prepend-top">用戶或密碼錯誤.</div> </c:when> <c:when test="${shiroLoginFailure ne null}"> <div class="error-msg prepend-top">登錄認證錯誤，請重試.</div> </c:when> </c:choose> <form:form id="loginForm" action="${ctx}/login.do" method="post"> <fieldset class="prepend-top"> <legend>系統登錄</legend> <div class="field"> <label for="username" class="field">名稱:</label> <input type="text" id="username" name="username" size="25" value="${username}" class="required" /> </div> <div class="field"> <label for="password" class="field">密碼:</label> <input type="password" id="password" name="password" size="25" class="required" /> </div> <div class="field"> <label for="captcha" class="field">驗證碼:</label> <input type="text" id="captcha" name="captcha" size="4" maxlength="4" class="required" /> </div> <div class="field"> <label for="codeImg" class="field"></label> <img title="點擊更換" id="img_captcha" onclick="javascript:refreshCaptcha();" src="servlet/captchaCode">(看不清<a href="javascript:void(0)" onclick="javascript:refreshCaptcha()">換一張</a>) </div> </fieldset> <div> <input type="checkbox" id="rememberMe" name="rememberMe" /> <label for="rememberMe">記住我</label> <span style="padding-left: 10px;"><input id="submit" class="button" type="submit" value="登錄" /></span> </div> <div> (管理員<b>admin/admin</b>, 普通用戶<b>user/user</b>) </div> </form:form> </div> </body> <script type="text/javascript"> $(document).ready(function() { $("#loginForm").validate(); }); var _captcha_id = "#img_captcha"; function refreshCaptcha() { $(_captcha_id).attr("src","servlet/captchaCode?t=" + Math.random()); } </script> </html>

[七]、驗證測試

啓動項目後會看到如下頁面：