jcaptchaauthenticationprocessingfilter.java

来自「移动彩信管理平台」· Java 代码 · 共 165 行

package com.my7g.zj.mobile.mms.util;


import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AbstractProcessingFilter;
import com.my7g.zj.mobile.mms.exception.JcaptchaNullException;


public class JcaptchaAuthenticationProcessingFilter extends
		AbstractProcessingFilter {

	public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";

	public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";

	public static final String ACEGI_SECURITY_FORM_JCAPTCHA_KEY = "j_captcha_response";

	public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request)
			throws AuthenticationException {
		String username = obtainUsername(request);
		String password = obtainPassword(request);
		System.out.println(username+password);
		if (username == null) {
			username = "";
		}

		if (password == null) {
			password = "";
		}
		// 验证验证码
		AuthenticationException lastException = null;
		String captchaResponse = request
				.getParameter(ACEGI_SECURITY_FORM_JCAPTCHA_KEY);
		if ((request != null) && request instanceof HttpServletRequest
				&& (captchaResponse != null)) {
			logger.debug("captcha validation parameter found");
			// validate the request against CaptchaServiceProxy
			boolean valid = false;
			logger.debug("try to validate");
			// get session
			HttpSession session = ((HttpServletRequest) request).getSession();
			if (session != null&&session.getAttribute(
					ACEGI_SECURITY_FORM_JCAPTCHA_KEY)!=null) {
				String id = session.getAttribute(
						ACEGI_SECURITY_FORM_JCAPTCHA_KEY).toString();
				valid = id.equals(captchaResponse);
				logger.debug("captchaServiceProxy says : request is valid = "
						+ valid);
				if (valid) {
					logger.debug("update the context");
				} else {
					lastException = new JcaptchaNullException("输入的验证码不正确......");
					logger.debug("captcha test failed");
				}
				//清除session中的验证码
				session.removeAttribute(ACEGI_SECURITY_FORM_JCAPTCHA_KEY);
			} else {
				logger
						.debug("no session found, user don't even ask a captcha challenge");
			}
		} else {
			logger.debug("captcha validation parameter not found, do nothing");
		}
		if (lastException != null) {
			throw lastException;
		}

		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
				username, password);
		//System.out.println("---------"+authRequest);
		// Place the last username attempted into HttpSession for views
		request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY,
				username);

		// Allow subclasses to set the "details" property
		setDetails(request, authRequest);

		return this.getAuthenticationManager().authenticate(authRequest);
	}

	/**
	 * This filter by default responds to <code>/j_acegi_security_check</code>.
	 * 
	 * @return the default
	 */
	public String getDefaultFilterProcessesUrl() {
		return "/j_acegi_security_check";
	}

	public void init(FilterConfig filterConfig) throws ServletException {
	}

	/**
	 * Enables subclasses to override the composition of the password, such as
	 * by including additional values and a separator.
	 * <p>
	 * This might be used for example if a postcode/zipcode was required in
	 * addition to the password. A delimiter such as a pipe (|) should be used
	 * to separate the password and extended value(s). The
	 * <code>AuthenticationDao</code> will need to generate the expected
	 * password in a corresponding manner.
	 * </p>
	 * 
	 * @param request
	 *            so that request attributes can be retrieved
	 * 
	 * @return the password that will be presented in the
	 *         <code>Authentication</code> request token to the
	 *         <code>AuthenticationManager</code>
	 */
	protected String obtainPassword(HttpServletRequest request) {
		return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
	}

	/**
	 * Enables subclasses to override the composition of the username, such as
	 * by including additional values and a separator.
	 * 
	 * @param request
	 *            so that request attributes can be retrieved
	 * 
	 * @return the username that will be presented in the
	 *         <code>Authentication</code> request token to the
	 *         <code>AuthenticationManager</code>
	 */
	protected String obtainUsername(HttpServletRequest request) {
		return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
	}

	/**
	 * 
	 * @param request
	 * @return
	 */
	protected String obtainJcaptcha(HttpServletRequest request) {
		return request.getParameter(ACEGI_SECURITY_FORM_JCAPTCHA_KEY);
	}

	/**
	 * Provided so that subclasses may configure what is put into the
	 * authentication request's details property.
	 * 
	 * @param request
	 *            that an authentication request is being created for
	 * @param authRequest
	 *            the authentication request object that should have its details
	 *            set
	 */
	protected void setDetails(HttpServletRequest request,
			UsernamePasswordAuthenticationToken authRequest) {
		authRequest.setDetails(authenticationDetailsSource
				.buildDetails(request));
	}

}