8 lat temu · 104f77d38c
--- a/gkaqv2/trunk/modules/frame/src/main/java/com/xt/js/gkaq/frame/system/CaptchaValidateFilter.java
+++ b/gkaqv2/trunk/modules/frame/src/main/java/com/xt/js/gkaq/frame/system/CaptchaValidateFilter.java
@@ -0,0 +1,51 @@
 
				+package com.xt.js.gkaq.frame.system;

			
 
				+

			
 
				+import javax.servlet.ServletRequest;

			
 
				+import javax.servlet.ServletResponse;

			
 
				+import javax.servlet.http.HttpServletRequest;

			
 
				+

			
 
				+import org.apache.shiro.SecurityUtils;

			
 
				+import org.apache.shiro.web.filter.AccessControlFilter;

			
 
				+import org.apache.shiro.web.util.WebUtils;

			
 
				+

			
 
				+public class CaptchaValidateFilter extends AccessControlFilter {

			
 
				+    private boolean captchaEbabled = true;//是否开启验证码支持  

			
 
				+    private String captchaParam = "captcha";//前台提交的验证码参数名  

			
 
				+    private String failureKeyAttribute = "shiroLoginFailure"; //验证失败后存储到的属性名  

			
 
				+    /** session中保存验证码 */

			
 
				+    public static final String SESSION_CAPTCHA_PARAM = "captcha";

			
 
				+

			
 
				+    public void setCaptchaEbabled(boolean captchaEbabled) {

			
 
				+        this.captchaEbabled = captchaEbabled;

			
 
				+    }

			
 
				+

			
 
				+    public void setCaptchaParam(String jcaptchaParam) {

			
 
				+        this.captchaParam = jcaptchaParam;

			
 
				+    }

			
 
				+

			
 
				+    public void setFailureKeyAttribute(String failureKeyAttribute) {

			
 
				+        this.failureKeyAttribute = failureKeyAttribute;

			
 
				+    }

			
 
				+

			
 
				+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)

			
 
				+            throws Exception {

			
 
				+        //1、设置验证码是否开启属性，页面可以根据该属性来决定是否显示验证码  

			
 
				+        request.setAttribute("jcaptchaEbabled", captchaEbabled);

			
 
				+        HttpServletRequest httpServletRequest = WebUtils.toHttp(request);

			
 
				+        //2、判断验证码是否禁用 或不是表单提交（允许访问）  

			
 
				+        if (captchaEbabled == false || !"post".equalsIgnoreCase(httpServletRequest.getMethod())) { return true; }

			
 
				+        //3、此时是表单提交，验证验证码是否正确  

			
 
				+        return validateResponse(httpServletRequest, httpServletRequest.getParameter(captchaParam));

			
 
				+    }

			
 
				+

			
 
				+    private boolean validateResponse(HttpServletRequest request, String captcha) {

			
 
				+        String toCompare = (String) SecurityUtils.getSubject().getSession().getAttribute(SESSION_CAPTCHA_PARAM);

			
 
				+        return toCompare.equalsIgnoreCase(captcha);

			
 
				+    }

			
 
				+

			
 
				+    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {

			
 
				+        //如果验证码失败了，存储失败key属性  

			
 
				+        request.setAttribute(failureKeyAttribute, "captcha_error");

			
 
				+        return true;

			
 
				+    }

			
 
				+}
			
--- a/gkaqv2/trunk/modules/frame/src/main/java/com/xt/js/gkaq/frame/system/GkaqFormAuthenticationFilter.java
+++ b/gkaqv2/trunk/modules/frame/src/main/java/com/xt/js/gkaq/frame/system/GkaqFormAuthenticationFilter.java
@@ -17,12 +17,18 @@ import com.yuanxd.tools.utils.Assert;
 
				  */
			
 
				 public class GkaqFormAuthenticationFilter extends FormAuthenticationFilter {
			
 
				 
			
 
				-	@Override
			
 
				-	protected boolean onLoginSuccess(AuthenticationToken token, org.apache.shiro.subject.Subject subject,
			
 
				-			ServletRequest request, ServletResponse response) throws Exception {
			
 
				-		Object principal = subject.getPrincipal();
			
 
				-		Assert.isInstanceOf(UserModel.class, principal);
			
 
				-		UserModel u = (UserModel) principal;
			
 
				-		return super.onLoginSuccess(token, subject, request, response);
			
 
				-	}
			
 
				+    @Override
			
 
				+    protected boolean onLoginSuccess(AuthenticationToken token, org.apache.shiro.subject.Subject subject,
			
 
				+            ServletRequest request, ServletResponse response) throws Exception {
			
 
				+        Object principal = subject.getPrincipal();
			
 
				+        Assert.isInstanceOf(UserModel.class, principal);
			
 
				+        //        UserModel u = (UserModel) principal;
			
 
				+        return super.onLoginSuccess(token, subject, request, response);
			
 
				+    }
			
 
				+
			
 
				+    @Override
			
 
				+    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
			
 
				+        if (request.getAttribute(getFailureKeyAttribute()) != null) { return true; }
			
 
				+        return super.onAccessDenied(request, response);
			
 
				+    }
			
 
				 }