基于OAuth2.0授權系統的驗證碼功能的實(shí)現
發(fā)布時(shí)間:2021-07-05 18:40
來(lái)源:腳本之家
閱讀:0
作者:hanxiaozhang2018
欄目: 開(kāi)發(fā)技術(shù)
前言:
前一陣子���,我自己一直在寫(xiě)一套后臺管理系統《》����,后臺技術(shù)?�;赟pringCloud組件實(shí)現的��,授權則是使用的OAuth2.0����。為了讓系統的功能更加健全��,我在系統內添加了驗證碼功能����,具體實(shí)現如下:
正文:
我這套系統授權基于OAuth2.0實(shí)現�,登錄的是http://xxxx/oauth/token獲取access_token�����。調用其他接口時(shí)�,帶上access_token進(jìn)行權限認證���。所以我要想加驗證碼����,需要把驗證碼值放到http://xxxx/oauth/token鏈接上傳到服務(wù)器進(jìn)行驗證�����。又因為我使用了Zuul網(wǎng)關(guān)�����,作為網(wǎng)站的入口��。我選擇在使用Zuul網(wǎng)關(guān)的Filter過(guò)濾器進(jìn)行校驗驗證碼��。
驗證碼我使用的是EasyCaptcha�����,git地址如下:https://gitee.com/whvse/EasyCaptcha��。為了快速校驗驗證信息�,我把驗證碼的值緩存到Redis中����,具有代碼實(shí)現如下:
1.集成EasyCaptcha:
<dependencies>
<dependency>
<groupId>com.github.whvcse</groupId>
<artifactId>easy-captcha</artifactId>
<version>1.6.2</version>
</dependency>
</dependencies>
2.生成驗證碼并保存到Redis中:
/**
* 驗證碼
*
* @return
*/
@GetMapping("/captcha")
public Result captcha() {
String captchaKey = "captcha_" + UUID.randomUUID();
// 三個(gè)參數分別為寬�、高���、位數
SpecCaptcha captcha = new SpecCaptcha(130, 60, 4);
// 設置字體 有默認字體�,可以不用設置
captcha.setFont(new Font("Verdana", Font.PLAIN, 32));
// 設置類(lèi)型�����,純數字����、純字母��、字母數字混合
captcha.setCharType(Captcha.TYPE_ONLY_NUMBER);
log.info("key: [{}] ,code: [{}]", captchaKey, captcha.text());
// 存入Redis ���,默認兩分鐘
redisBaseUtil.set(captchaKey, captcha.text(), 2, TimeUnit.MINUTES);
Map<String, Object> map = new HashMap<>(4);
map.put("captchaKey", captchaKey);
map.put("image", captcha.toBase64());
return Result.success(map);
}
3. 校驗驗證碼的Filter:
package com.hanxiaozhang.filter;
import com.hanxiaozhang.constant.Constant;
import com.hanxiaozhang.redis.util.RedisUtil;
import com.hanxiaozhang.result.ResultCode;
import com.hanxiaozhang.result.Result;
import com.hanxiaozhang.util.JsonUtil;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;
/**
* 〈一句話(huà)功能簡(jiǎn)述〉<br>
* 〈驗證碼過(guò)濾器〉
*
* @author hanxinghua
* @create 2021/4/4
* @since 1.0.0
*/
@Slf4j
@Component
public class CaptchaFilter extends ZuulFilter {
@Autowired
private RedisUtil redisBaseUtil;
@Override
public String filterType() {
return FilterConstants.PRE_TYPE;
}
@Override
public int filterOrder() {
return 0;
}
@Override
public boolean shouldFilter() {
return true;
}
@Override
public Object run() {
RequestContext currentContext = RequestContext.getCurrentContext();
HttpServletRequest serverHttpRequest = currentContext.getRequest();
String uri = serverHttpRequest.getRequestURI();
if (uri.contains("/oauth/token")) {
String method = serverHttpRequest.getMethod();
// 處理跨域Post發(fā)送兩次請求
if (Constant.OPTIONS.equals(method)) {
return null;
}
Map<String, String[]> parameterMap = serverHttpRequest.getParameterMap();
String[] captchaKeys = null, captchaCodes = null;
if (!parameterMap.isEmpty()
&& (captchaKeys = parameterMap.get("captcha_key")) != null
&& (captchaCodes = parameterMap.get("captcha_code")) != null) {
String captchaKey = captchaKeys[0];
String captchaCode = captchaCodes[0];
log.info("Request Captcha Parameters: key: [{}] ,code: [{}]", captchaKey, captchaCode);
String redisCaptchaCode = redisBaseUtil.get(captchaKey);
String responseBody = null;
if (redisCaptchaCode == null) {
responseBody = JsonUtil.beanToJson(Result.error(ResultCode.LOGIN_CAPTCHA_EXPIRE));
} else if (!captchaCode.trim().equalsIgnoreCase(redisCaptchaCode)) {
responseBody = JsonUtil.beanToJson(Result.error(ResultCode.LOGIN_CAPTCHA_ERROR));
}
if (responseBody != null) {
currentContext.setSendZuulResponse(false);
currentContext.setResponseStatusCode(200);
currentContext.getResponse().setContentType(Constant.APP_JSON_UTF_8);
log.info("Response Parameters: \n [{}]", responseBody);
currentContext.setResponseBody(responseBody);
}
}
}
return null;
}
}
4.使用����,這里使用《》:
4.1 獲取驗證碼:
GET http://localhost/api/system/captcha
4.2 校驗驗證碼:
POST http://localhost/api/system/oauth/token?username={{username}}&password={{password}}&grant_type=password&scope={{scope}}&client_id={{client_id}}&client_secret={{client_secret}}&captcha_key=captcha_23cacfe5-2751-44af-a34d-5e795caeb46a&captcha_code=5594
成功返回如下:
過(guò)期返回如下:
錯誤返回如下:
以上就是基于OAuth2.0授權系統的驗證碼功能的實(shí)現的詳細內容��,更多關(guān)于OAuth2.0授權系統驗證碼的資料請關(guān)注腳本之家其它相關(guān)文章�!
