Spring 安全登录验证码集成
Spring Security Login Captcha integration
我在 Spring MVC Security 上集成了一个验证码插件。问题是,即使我的验证码错误但凭据良好,它也会登录但显示错误的验证码。
我认为我的问题出在 spring- 安全文件中:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/jtabuleiros/play/*" access="authenticated" />
<intercept-url pattern="/details" access="hasRole('ROLE_CONCORRENTE')" />
<custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/>
<custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/>
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<!-- <authentication-manager> -->
<!-- <authentication-provider user-service-ref="myUserDetailsService" > -->
<!-- <password-encoder hash="bcrypt" /> -->
<!-- </authentication-provider> -->
<!-- </authentication-manager> -->
<beans:bean id="customUserDetailsService"
class="com.setelog.spring.service.CustomUserDetailsService">
<beans:property name="usersByUsernameQuery" value="select * from users where username = ?"/>
<beans:property name="authoritiesByUsernameQuery" value="select username, role from user_roles where username =?" />
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="userDetailsDao" class="com.setelog.spring.dao.UserDetailsDaoImpl" >
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<beans:bean id="authenticationProvider"
class="com.setelog.spring.handler.LimitLoginAuthenticationProvider">
<beans:property name="userDetailsService" ref="customUserDetailsService" />
<beans:property name="userDetailsDao" ref="userDetailsDao" />
<beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<!-- For capturing CAPTCHA fields -->
<beans:bean id="captchaCaptureFilter" class="com.setelog.spring.businessrules.CaptchaCaptureFilter" />
<!-- For verifying CAPTCHA fields -->
<!-- Private key is assigned by the reCATPCHA service -->
<beans:bean id="captchaVerifierFilter" class="com.setelog.spring.businessrules.CaptchaVerifierFilter">
<beans:property name="useProxy" value="false"/>
<beans:property name="proxyPort" value=""/>
<beans:property name="failureUrl" value="/login?error"/>
<beans:property name="captchaCaptureFilter" ref="captchaCaptureFilter"/>
<beans:property name="privateKey" value="6LeTVQcTAAAAAI_NiPSYXAix-OKYp4KcC0aQ5ce2"/>
</beans:bean>
<authentication-manager>
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
</beans:beans>
非常感谢任何帮助建议
我设法通过在验证码错误时重定向到注销页面来解决我的问题。我的登录页面也是我的注销。
我在 Spring MVC Security 上集成了一个验证码插件。问题是,即使我的验证码错误但凭据良好,它也会登录但显示错误的验证码。
我认为我的问题出在 spring- 安全文件中:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/jtabuleiros/play/*" access="authenticated" />
<intercept-url pattern="/details" access="hasRole('ROLE_CONCORRENTE')" />
<custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/>
<custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/>
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<!-- <authentication-manager> -->
<!-- <authentication-provider user-service-ref="myUserDetailsService" > -->
<!-- <password-encoder hash="bcrypt" /> -->
<!-- </authentication-provider> -->
<!-- </authentication-manager> -->
<beans:bean id="customUserDetailsService"
class="com.setelog.spring.service.CustomUserDetailsService">
<beans:property name="usersByUsernameQuery" value="select * from users where username = ?"/>
<beans:property name="authoritiesByUsernameQuery" value="select username, role from user_roles where username =?" />
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="userDetailsDao" class="com.setelog.spring.dao.UserDetailsDaoImpl" >
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<beans:bean id="authenticationProvider"
class="com.setelog.spring.handler.LimitLoginAuthenticationProvider">
<beans:property name="userDetailsService" ref="customUserDetailsService" />
<beans:property name="userDetailsDao" ref="userDetailsDao" />
<beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<!-- For capturing CAPTCHA fields -->
<beans:bean id="captchaCaptureFilter" class="com.setelog.spring.businessrules.CaptchaCaptureFilter" />
<!-- For verifying CAPTCHA fields -->
<!-- Private key is assigned by the reCATPCHA service -->
<beans:bean id="captchaVerifierFilter" class="com.setelog.spring.businessrules.CaptchaVerifierFilter">
<beans:property name="useProxy" value="false"/>
<beans:property name="proxyPort" value=""/>
<beans:property name="failureUrl" value="/login?error"/>
<beans:property name="captchaCaptureFilter" ref="captchaCaptureFilter"/>
<beans:property name="privateKey" value="6LeTVQcTAAAAAI_NiPSYXAix-OKYp4KcC0aQ5ce2"/>
</beans:bean>
<authentication-manager>
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
</beans:beans>
非常感谢任何帮助建议
我设法通过在验证码错误时重定向到注销页面来解决我的问题。我的登录页面也是我的注销。