`

应用Shiro到Web Application(验证码实现)

 
阅读更多

如果你对Shiro不了解,可以查看作者前面发表的文章:应用Shiro到Web application(基础)

五、在Shiro中实现CAPTCHA(验证码)功能<wbr></wbr>

a)<wbr><wbr><wbr><wbr> 验证码表单认证过滤器</wbr></wbr></wbr></wbr>

package com.wearereading.example.shiro;

<wbr></wbr>

importjavax.servlet.ServletRequest;

importjavax.servlet.ServletResponse;

<wbr></wbr>

importorg.apache.shiro.authc.AuthenticationToken;

importorg.apache.shiro.web.filter.authc.FormAuthenticationFilter<wbr>;</wbr>

importorg.apache.shiro.web.util.WebUtils;

<wbr></wbr>

public classCaptchaFormAuthenticatio<wbr>nFilter<strong>extends</strong> FormAuthenticationFilter<wbr>{</wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public static final</strong> String<em>DEFAULT_CAPTCHA_PARAM</em> = "captcha";</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private</strong> String captchaParam =<em>DEFAULT_CAPTCHA_PARAM</em>;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> String getCaptchaParam() {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return</strong> captchaParam;</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr> }</wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>protected</strong> String getCaptcha(ServletRequest request) {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return</strong> WebUtils.<em>getCleanParam</em>(request, getCaptchaParam());</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr> }</wbr></wbr></wbr>


protected AuthenticationToken createToken(

ServletRequest request, ServletResponse response) {

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String username = getUsername(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String password = getPassword(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String captcha = getCaptcha(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>boolean</strong> rememberMe = isRememberMe(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr> String host = getHost(request);</wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return new</strong> CaptchaUsernamePasswordT<wbr>oken(</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

username, password, rememberMe, host,captcha);

<wbr><wbr><wbr> }</wbr></wbr></wbr>

<wbr></wbr>

}

<wbr></wbr>

b)<wbr><wbr><wbr><wbr> 用户名密码令牌UsernamePasswordToken</wbr></wbr></wbr></wbr>

package com.wearereading.example.shiro;

importorg.apache.shiro.authc.UsernamePasswordToken;

public classCaptchaUsernamePasswordT<wbr>oken <strong> extends</strong> UsernamePasswordToken{</wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private static final long</strong><em>serialVersionUID</em> = 1L;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private</strong> String captcha;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> String getCaptcha() {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> return</strong> captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public void</strong> setCaptcha(String captcha) {</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> this</strong>.captcha = captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> CaptchaUsernamePasswordT<wbr>oken() {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> CaptchaUsernamePasswordT<wbr>oken(String username,<strong>char</strong>[] password,</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>boolean</strong> rememberMe, String host,String captcha) {<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(username, password, rememberMe, host);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> this</strong>.captcha = captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

}

c)<wbr><wbr><wbr><wbr> 添加AuthenticationException</wbr></wbr></wbr></wbr>

<wbr></wbr>

public classIncorrectCaptchaExceptio<wbr>n <strong> extends</strong> AuthenticationException{</wbr>

<wbr><wbr><wbr><wbr><wbr><strong>private static final long</strong><em>serialVersionUID</em> = 1L;</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n() {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n(String message, Throwable cause) {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(message, cause);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n(String message) {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(message);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>public</strong> IncorrectCaptchaExceptio<wbr>n(Throwable cause) {</wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> super</strong>(cause);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

}

<wbr></wbr>

d)<wbr><wbr><wbr><wbr> Shiro INI文件</wbr></wbr></wbr></wbr>

authc= com.wearereading.example.shiro.CaptchaFormAuthenticatio<wbr>nFilter</wbr>

<wbr></wbr>

e)<wbr><wbr><wbr><wbr> 实现Realm</wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><strong>protected</strong>AuthenticationInfo doGetAuthenticationInfo(</wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> AuthenticationToken authcToken )<strong>throws</strong>AuthenticationException {</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> CaptchaUsernamePasswordT<wbr>oken token =</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

(CaptchaUsernamePasswordT<wbr>oken) authcToken;</wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> String accountName = token.getUsername();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> //验证码 验证</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> String captcha =<strong>null</strong>;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Object obj_captcha = SecurityUtils.<em>getSubject</em>().getSession()</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

.getAttribute( SessionKey.CAPTCHA );

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Object obj_count = SecurityUtils.<em>getSubject</em>().getSession()</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

.getAttribute( SessionKey.LOGIN_FAILED_COUNT );

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>int</strong> failed_count = (obj_count ==<strong>null</strong> || !(obj_count<strong>instanceof</strong> Integer))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

?0:(Integer)obj_count;

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( obj_captcha<strong>instanceof</strong> String)</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> captcha = (String)obj_captcha;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( captcha !=<strong>null</strong> &amp;&amp; failed_count &gt;0</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &amp;&amp; !captcha.equalsIgnoreCase( token.getCaptcha() )){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>throw new</strong>IncorrectCaptchaExceptio<wbr>n("验证码错误!");</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> //用户名密码验证</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> if</strong>( accountName != <strong>null</strong> &amp;&amp; !"".equals(accountName) ){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> AccountManager accountManager =<strong>new</strong>AccountManagerImpl();</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Account account = accountManager.get( token.getUsername() );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( account !=<strong>null</strong> )</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>return new</strong> SimpleAuthenticationInfo<wbr>(</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> account.getName(),account.getPassword(), getName() );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> return null</strong>;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr>

}

<wbr></wbr>

f)<wbr><wbr><wbr><wbr><wbr> 登录页面</wbr></wbr></wbr></wbr></wbr>

<%

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Object obj = request.getAttribute(org.apache.shiro.web.filter.authc.</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

FormAuthenticationFilter<wbr>.DEFAULT_ERROR_KEY_ATTRIBUTE_NAME);</wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> boolean</strong> flag = <strong>false</strong>;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> String msg = "";<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> if</strong>( obj != <strong>null</strong> ){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( "org.apache.shiro.authc.UnknownAccountException".equals( obj ) )</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "未知帐号错误!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>else if</strong>("org.apache.shiro.authc.IncorrectCredentialsExce<wbr>ption".equals( obj ))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "密码错误!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>else if</strong>("com.wearereading.example.shiro.IncorrectCaptchaExceptio<wbr>n".equals( obj ))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "验证码错误!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>else if</strong>( "org.apache.shiro.authc.AuthenticationException".equals( obj ))</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> msg = "认证失败!";</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> flag = !"".equals(msg);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong> if</strong>( flag ){</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> out.print( msg );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> Integer count = (Integer)request.getSession().getAttribute(</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

SessionKey.LOGIN_FAILED_COUNT );

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><strong>if</strong>( count ==<strong>null</strong> )</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> count = Integer.valueOf(0);</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> count++;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> request.getSession().setAttribute(SessionKey.LOGIN_FAILED_COUNT, count );</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> }<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

%>

<form action="login.jsp" method="post">

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;用户帐号:</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;input type=<em>"text"</em><wbr> name=<em>"username"</em> id=<em>"username"</em> value=<em>""</em>/&gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;登录密码:</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;input type=<em>"password"</em> name=<em>"password"</em> id=<em>"password"</em> value=<em>""</em> /&gt;<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;验证码:</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;input type="text" name="captcha" id="captcha" size="6"/&gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;img src="/captcha" alt="captcha" /&gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

<wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr><wbr> &lt;br/&gt;&lt;input value=<em>"登录"</em> type=<em>"submit"</em> &gt;</wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr></wbr>

</form>

<wbr></wbr>

g)<wbr><wbr><wbr><wbr> CAPTCHA实现</wbr></wbr></wbr></wbr>

h)<wbr><wbr><wbr><wbr><wbr></wbr></wbr></wbr></wbr></wbr>

六、代码的开发环境

JAVA1.6

Tomcat

Eclipse

七、参考资料

http://www.captcha.net/

将 Shiro作为应用的权限基础

http://www.ibm.com/developerworks/cn/opensource/os-cn-shiro/index.html


写在后面的几句话:

此文的发表于新浪博客积沙成塔,转载请标注来源 http://blog.sina.com.cn/minssh。

文章大概写于一年前,由于原文章是Word排版,里面的代码在这里看起来有点乱(Sina不支持代码排版),请原谅!

分享到:
| 应用Shiro到Web Application(基础)
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

    shiro-web-1.3.2-API文档-中文版.zip

    赠送jar包:shiro-web-1.3.2.jar; 赠送原API文档:shiro-web-1.3.2-javadoc.jar; 赠送源代码:shiro-web-1.3.2-sources.jar; 包含翻译后的API文档:shiro-web-1.3.2-javadoc-API文档-中文(简体)版.zip 对应...

    shiro-web例子源代码

    本例子的源代码是基于Shiro-web实现的一个简单的Web应用,配合前端Bootstrap-table和Knockout.js库,虽然并不完整,但可以作为理解Shiro在Web环境中如何工作的基础。 1. **Shiro核心概念** - **身份验证...

    shiro和web整合实例

    在本实例中,我们将探讨如何将 Shiro 整合到 Web 项目中,以实现全面的安全管理。 首先,Shiro 的核心组件包括 SecurityManager、Subject、Realms 和 Caches。SecurityManager 是 Shiro 的顶级组件,负责管理 ...

    Apache shiro 1.13.0源码

    Apache Shiro 是一个强大且易用的Java安全框架,提供了认证、授权、加密和会话管理功能,简化了企业级应用的安全实现。Shiro 1.13.0 是其一个重要的版本,包含了多项更新和改进。在这个版本中,开发者可以深入理解其...

    shiro和web项目整合代码下载

    "shiro和web项目整合代码下载"这个主题表明我们将探讨如何在Spring MVC框架下集成Apache Shiro,以及实现一些常见的安全功能。 首先,Shiro的核心组件包括Subject、SecurityManager、Realms和Cryptography。Subject...

    在web项目中应用Shiro

    ### 在Web项目中应用Shiro #### 一、Shiro简介与重要性 Apache Shiro是一个强大且易用的Java安全框架,它提供了身份验证、授权、加密和会话管理功能,可以非常容易地开发出足够安全的应用。本文旨在详细介绍如何在...

    shiroweb案例

    "shiroweb案例"是针对 Shiro 在 Web 开发中的应用进行的一个简单介绍,旨在帮助初学者快速理解 Shiro 的基本概念和实现方式。 **1. Shiro 的核心组件** - **身份认证(Authentication)**:这是确认用户身份的过程...

    shiro-web api

    shiro web集成方向api,chm格式的。

    SpringBoot+Shiro登录验证码制作

    在SpringBoot和Shiro的集成中,可以将验证码生成的逻辑封装到一个过滤器中,当用户尝试登录时,先显示验证码,然后检查用户输入的验证码是否与生成的一致。 为了实现这个功能,你需要配置Shiro的...

    shiro-web-1.2.0.jar

    shiro-web-1.2.0.jar

    shirodemo实现web登陆

    Apache Shiro 是一个强大且易用的 Java 安全框架,它提供了认证、授权、加密和会话管理功能,...在 "shirodemo" 项目中,你可以看到如何将这些理论应用到实际代码中,学习 Shiro 的使用方法,并加深对 Web 安全的理解。

    shiro-web-1.2.4

    shiro-web-1.2.4

    Java安全框架Shiro在Web中的研究与应用_翁云翔.caj

    ,了解到 Shiro 是一个简单易 用且功能强大的安全框架,可以与很多第三方框架良好地耦合,并且可以在任何应 用环境中使用。接着通过介绍 Shiro 的四个基本功能:认证、授权、会话管理、加 密的相关知识,以及其...

    shiro-web-1.2.3 jar包

    shiro-web-1.2.3.jar包

    shiro-web-1.3.2-API文档-中英对照版.zip

    赠送jar包:shiro-web-1.3.2.jar 赠送原API文档:shiro-web-1.3.2-javadoc.jar 赠送源代码:shiro-web-1.3.2-sources.jar 包含翻译后的API文档:shiro-web-1.3.2-javadoc-API文档-中文(简体)-英语-对照版.zip ...

    shiro-web-1.4.0-API文档-中文版.zip

    赠送jar包:shiro-web-1.4.0.jar; 赠送原API文档:shiro-web-1.4.0-javadoc.jar; 赠送源代码:shiro-web-1.4.0-sources.jar; 赠送Maven依赖信息文件:shiro-web-1.4.0.pom; 包含翻译后的API文档:shiro-web-...

    Java中SSM+Shiro系统登录验证码的实现方法

    在Java开发中,SSM(Spring、SpringMVC、MyBatis)是一个常见的企业级Web应用框架组合,而Apache Shiro则是一个强大的安全管理框架,用于处理用户认证、授权和会话管理。当需要在SSM+Shiro系统中实现登录验证时,...

    shiro-web.zip

    Apache Shiro是一个强大且易用的Java安全框架,它提供了身份验证、授权、加密和会话管理功能,简化了企业级应用的安全实现。在“shiro-web.zip”这个压缩包中,我们可以找到与Shiro和Spring MVC整合相关的学习资源,...

    shiro-web-master.zip

    在"shiro-web-master.zip"这个压缩包中,我们很显然将要深入学习Shiro在Web环境下的应用,特别是涉及到加密技术、用户登录验证、权限控制以及利用Redis进行缓存管理等方面的知识。 1. **Shiro基础** Shiro的核心...

    shiro-web.rar

    Apache Shiro 是一个强大且易用的...通过这个"shiro-web.rar"项目,开发者可以深入理解Shiro如何与Servlet容器协同工作,以及如何在实际的Web应用中实现安全控制,这将有助于提升开发者在Web安全领域的技能和实践能力。

Magicbox
Global site tag (gtag.js) - Google Analytics