jeecms v5 系统验证码的使用

           在jeecms v5中验证码采用的是jcaptcha实现。具体使用如下：

验证码采用请求servlet方式更新实现。

package com.jeecms.common.captcha;

import java.awt.image.BufferedImage;
import java.io.IOException;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.io.output.ByteArrayOutputStream;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import com.octo.captcha.service.CaptchaServiceException;
import com.octo.captcha.service.image.ImageCaptchaService;




/**
 * 提供验证码图片的Servlet
 */
@SuppressWarnings("serial")
public class JcaptchaServlet extends HttpServlet {
	public static final String CAPTCHA_IMAGE_FORMAT = "jpeg";

	private ImageCaptchaService captchaService;

	@Override
	public void init() throws ServletException {
		WebApplicationContext appCtx = WebApplicationContextUtils
				.getWebApplicationContext(getServletContext());
		captchaService = (ImageCaptchaService) BeanFactoryUtils
				.beanOfTypeIncludingAncestors(appCtx, ImageCaptchaService.class);
	}

	@Override
	protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		byte[] captchaChallengeAsJpeg = null;
		// the output stream to render the captcha image as jpeg into
		ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
		try {
			// get the session id that will identify the generated captcha.
			// the same id must be used to validate the response, the session id
			// is a good candidate!

			String captchaId = request.getSession(true).getId();
			BufferedImage challenge = captchaService.getImageChallengeForID(
					captchaId, request.getLocale());
			// Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
			ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
		} catch (IllegalArgumentException e) {
			response.sendError(HttpServletResponse.SC_NOT_FOUND);
			return;
		} catch (CaptchaServiceException e) {
			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
			return;
		}
		// catch (JimiException e) {
		// response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
		// return;
		// }

		captchaChallengeAsJpeg = jpegOutputStream.toByteArray();

		// flush it in the response
		response.setHeader("Cache-Control", "no-store");
		response.setHeader("Pragma", "no-cache");
		response.setDateHeader("Expires", 0);
		response.setContentType("image/" + CAPTCHA_IMAGE_FORMAT);

		ServletOutputStream responseOutputStream = response.getOutputStream();
		responseOutputStream.write(captchaChallengeAsJpeg);
		responseOutputStream.flush();
		responseOutputStream.close();
	}
}

captcha-context.xml  xml配置如下：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
	default-lazy-init="true">

	<!--kaptcha验证码
		<bean id="captchaProducer"
			class="com.google.code.kaptcha.impl.DefaultKaptcha">
			<property name="config">
				<bean class="com.google.code.kaptcha.util.Config">
					<constructor-arg type="java.util.Properties">
						<value>kaptcha.border=yes</value>
					</constructor-arg>
				</bean>
			</property>
		</bean>
		-->
	<bean id="captchaService" class="com.octo.captcha.service.multitype.GenericManageableCaptchaService">
		<constructor-arg index="0" ref="imageEngine"/>
		<constructor-arg type="int" index="1" value="180"/>
		<constructor-arg type="int" index="2" value="100000"/>
		<constructor-arg type="int" index="3" value="75000"/>
	</bean>
	<bean id="imageEngine" class="com.octo.captcha.engine.GenericCaptchaEngine">
		<constructor-arg index="0">
			<list>
				<ref bean="captchaFactory"/>
			</list>
		</constructor-arg>
	</bean>

	<bean id="captchaFactory" class="com.octo.captcha.image.gimpy.GimpyFactory">
		<constructor-arg>
			<ref bean="wordgen"/>
		</constructor-arg>
		<constructor-arg>
			<ref bean="wordtoimage"/>
		</constructor-arg>
	</bean>

	<bean id="wordgen" class= "com.octo.captcha.component.word.wordgenerator.RandomWordGenerator">		
		<!--可选字符-->
		<constructor-arg>
			<value>aabbccddeefgghhkkmnnooppqqsstuuvvwxxyyzz</value>
		</constructor-arg>
	</bean>

	<bean id="wordtoimage" class="com.octo.captcha.component.image.wordtoimage.ComposedWordToImage">
		<constructor-arg index="0">
			<ref bean="fontGenRandom"/>
		</constructor-arg>
		<constructor-arg index="1">
			<ref bean="backGenUni"/>
		</constructor-arg>
		<constructor-arg index="2">
			<ref bean="decoratedPaster"/>
		</constructor-arg>
	</bean>

	<bean id="fontGenRandom" class="com.octo.captcha.component.image.fontgenerator.RandomFontGenerator">
		<!--最小字体-->
		<constructor-arg index="0">
			<value>26</value>
		</constructor-arg>
		<!--最大字体-->
		<constructor-arg index="1">
			<value>34</value>
		</constructor-arg>
		<constructor-arg index="2">
			<list>
				<bean class="java.awt.Font">
					<constructor-arg index="0"><value>Arial</value></constructor-arg>
					<constructor-arg index="1"><value>0</value></constructor-arg>
					<constructor-arg index="2"><value>32</value></constructor-arg>
				</bean>
			</list>
		</constructor-arg>
	</bean>
	<bean id="backGenUni" class="com.octo.captcha.component.image.backgroundgenerator.UniColorBackgroundGenerator">
		<!--背景宽度-->
		<constructor-arg index="0">
			<value>110</value>
		</constructor-arg>
		<!--背景高度-->
		<constructor-arg index="1">
			<value>50</value>
		</constructor-arg>
	</bean>

	<bean id="decoratedPaster" class="com.octo.captcha.component.image.textpaster.DecoratedRandomTextPaster">
		<!--最大字符长度-->
		<constructor-arg type="java.lang.Integer" index="0">
			<value>4</value>
		</constructor-arg>
		<!--最小字符长度-->
		<constructor-arg type="java.lang.Integer" index="1">
			<value>4</value>
		</constructor-arg>
		<!--文本颜色-->
		<constructor-arg index="2">
			<ref bean="colorGen"/>
		</constructor-arg>
		<!--文本混淆-->
		<constructor-arg index="3">
			<list>
				<!--<ref bean="baffleDecorator"/>-->
			</list>
		</constructor-arg>
	</bean>	
	<bean id="baffleDecorator" class="com.octo.captcha.component.image.textpaster.textdecorator.BaffleTextDecorator">
		<constructor-arg type="java.lang.Integer" index="0"><value>1</value></constructor-arg>
		<constructor-arg type="java.awt.Color" index="1"><ref bean="colorWrite"/></constructor-arg>
	</bean>
	<bean id="colorGen" class="com.octo.captcha.component.image.color.SingleColorGenerator">
		<constructor-arg type="java.awt.Color" index="0">
			<ref bean="colorBlack"/>
		</constructor-arg>
	</bean>
	<bean id="colorWrite" class="java.awt.Color">
		<constructor-arg type="int" index="0">
			<value>255</value>
		</constructor-arg>
		<constructor-arg type="int" index="1">
			<value>255</value>
		</constructor-arg>
		<constructor-arg type="int" index="2">
			<value>255</value>
		</constructor-arg>
	</bean>
	<bean id="colorBlack" class="java.awt.Color">
		<constructor-arg type="int" index="0">
			<value>50</value>
		</constructor-arg>
		<constructor-arg type="int" index="1">
			<value>50</value>
		</constructor-arg>
		<constructor-arg type="int" index="2">
			<value>50</value>
		</constructor-arg>
	</bean>
</beans>

web.xml配置如下：

	<servlet>
		<servlet-name>Jcaptcha</servlet-name>
		<servlet-class>com.jeecms.common.captcha.JcaptchaServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>Jcaptcha</servlet-name>
		<url-pattern>/captcha.svl</url-pattern>
	</servlet-mapping>

验证过程如下：

com.jeecms.cms.action.admin.CmsLoginAct

	@RequestMapping(value = "/login.do", method = RequestMethod.POST)
	public String submit(String username, String password, String captcha, String message,
			HttpServletRequest request, HttpServletResponse response,
			ModelMap model) {
		Integer errorRemaining = unifiedUserMng.errorRemaining(username);
		WebErrors errors = validateSubmit(username, password, captcha,
				errorRemaining, request, response);
		if (!errors.hasErrors()) {
			try {
				String ip = RequestUtils.getIpAddr(request);
				Authentication auth = authMng.login(username, password, ip,
						request, response, session);
				// 是否需要在这里加上登录次数的更新？按正常的方式，应该在process里面处理的，不过这里处理也没大问题。
				cmsUserMng.updateLoginInfo(auth.getUid(), ip);
				CmsUser user = cmsUserMng.findById(auth.getUid());
				if (user.getDisabled()) {
					// 如果已经禁用，则退出登录。
					authMng.deleteById(auth.getId());
					session.logout(request, response);
					throw new DisabledException("user disabled");
				}
				cmsLogMng.loginSuccess(request, user, "login.log.loginSuccess");
				removeCookieErrorRemaining(request, response);
				if(user!=null){
					//登录成功返回后台首页
					return "redirect:index.do";
				}else{
					return "redirect:login.do";
				}
			} catch (UsernameNotFoundException e) {
				errors.addErrorString(e.getMessage());
				cmsLogMng.loginFailure(request, "login.log.loginFailure",
						"username=" + username );
			} catch (BadCredentialsException e) {
				errors.addErrorString(e.getMessage());
				cmsLogMng.loginFailure(request, "login.log.loginFailure",
						"username=" + username );
			} catch (DisabledException e) {
				errors.addErrorString(e.getMessage());
				cmsLogMng.loginFailure(request, "login.log.loginFailure",
						"username=" + username );
			}
		}
		// 登录失败
		writeCookieErrorRemaining(errorRemaining, request, response, model);
		errors.toModel(model);
		if (!StringUtils.isBlank(message)) {
			model.addAttribute(MESSAGE, message);
		}
		return "login";
	}