This time the note is Shiro Verification code function, the last note did not do, this note continues to do.
Complete Project Download path (project download online Hui framework again, what ghost files are inside, temporarily clear, so many):
http://download.csdn.net/download/u013845177/9992748
Related LIB package path:
http://download.csdn.net/download/u013845177/9992728
Modify the Lsformauthenticationfilter.java class for the previous custom authentication form.
In Lsformauthenticationfilter.java, modify the following:
Package Cn.common;
Import Javax.servlet.ServletRequest;
Import Javax.servlet.ServletResponse;
Import Javax.servlet.http.HttpServletRequest;
Import org.apache.shiro.session.Session;
Import Org.apache.shiro.subject.Subject;
Import Org.apache.shiro.web.filter.authc.FormAuthenticationFilter; Custom Login Form Authentication public class Lsformauthenticationfilter extends Formauthenticationfilter {@Override protected Boolean on AccessDenied (ServletRequest request, servletresponse response, Object mappedvalue) throws Exception {<!--verification code work can start-->//1, Icodec.java in the generation of a verification code, will be placed in the session, which is saved in the sessions of the verification code String Icode = (string) (HttpServletRequest) Reque
ST). GetSession (). getattribute ("Icode");
The validation code String code = request.getparameter ("code") passed over the page; if (icode!= null && code!= NULL) {if (!icode.equals (code)) {//2, two yards different//3, Shirologinfailure is the Shiro parameter key , this sets the authentication error message Request.setattribute ("Shirologinfailure", "codeerror");//4, which is available in the login () method in Loginc.java, if the obtained ShiRologinfailure=codeerror, indicating that the verification code error, and to do judgment processing, on a note//5, Access denied, not to the user and password authentication there processing, direct return.
You can view the Dogetauthenticationinfo () method in a custom Lsrealm.java, and the method does not perform return True when the validation code is incorrect;
} <!--verification code function End-->//6, verify code consistent, continue to walk user name and password Authentication return super.onaccessdenied (Request, response, mappedvalue); }
}
Finally, in the Loginc.java login () method in the login () to add a judgment, when the return of the information is Codeerror, is to know that the validation error
The Loginc.java Login () method has the following code:
@Controller public
class Loginc extends controllersupport{
//Login page
@RequestMapping ("login")
public String Login (model model, HttpServletRequest request) {
//set a basepath so that you can get the project name
directly from the user ${basepath} in the JSP page GetSession (). setattribute ("BasePath", Request.getservletcontext (). Getcontextpath ());
This is the core
String exceptionclassname = (string) request.getattribute ("Shirologinfailure");
if (exceptionclassname!=null) {
if (UnknownAccountException.class.getName (). Equals (Exceptionclassname)) {
Model.addattribute ("msg", "account does not exist");
} else if (IncorrectCredentialsException.class.getName (). Equals (
exceptionclassname)) {
Model.addattribute ("msg", "Incorrect password");
} else if ("Codeerror". Equals (Exceptionclassname)) {//Lsformauthenticationfilter.java set Request.setattribute (" Shirologinfailure "," Codeerror ");
Model.addattribute ("msg", "Incorrect authentication Code");
} else {
Model.addattribute ("msg", "Unknown Error");
}
return "Login";
......
Ok... So much for the captcha.