Spring Security登錄驗證碼集成

Question

我在Spring MVC Security上集成了一個Captcha插件。問題是，即使我有一個錯誤的驗證碼，但良好的憑據，它會登錄，但顯示我壞captcha。

我想我的問題是在春天的安全性文件：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <!-- enable use-expressions --> 

    <http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/admin**/**" access="hasRole('ROLE_ADMIN')" /> 
     <intercept-url pattern="/jtabuleiros/play/*" access="authenticated" /> 
     <intercept-url pattern="/details" access="hasRole('ROLE_CONCORRENTE')" /> 


     <custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/> 
     <custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/> 


     <!-- access denied page --> 
     <access-denied-handler error-page="/403" /> 
     <form-login 
      login-page="/login" 
      default-target-url="/welcome" 
      authentication-failure-url="/login?error" 
      username-parameter="username" 
      password-parameter="password" /> 
     <logout logout-success-url="/login?logout" /> 
     <!-- enable csrf protection --> 
     <csrf /> 
    </http> 


<!-- <authentication-manager> --> 
<!--  <authentication-provider user-service-ref="myUserDetailsService" > --> 
<!--   <password-encoder hash="bcrypt" />  --> 
<!--  </authentication-provider> --> 
<!-- </authentication-manager> --> 


    <beans:bean id="customUserDetailsService" 
     class="com.setelog.spring.service.CustomUserDetailsService"> 
     <beans:property name="usersByUsernameQuery" value="select * from users where username = ?"/> 
     <beans:property name="authoritiesByUsernameQuery" value="select username, role from user_roles where username =?" /> 
     <beans:property name="dataSource" ref="dataSource" /> 
    </beans:bean> 

    <beans:bean id="userDetailsDao" class="com.setelog.spring.dao.UserDetailsDaoImpl" > 
     <beans:property name="dataSource" ref="dataSource" /> 
    </beans:bean> 

    <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> 


    <beans:bean id="authenticationProvider" 
     class="com.setelog.spring.handler.LimitLoginAuthenticationProvider"> 
     <beans:property name="userDetailsService" ref="customUserDetailsService" /> 
     <beans:property name="userDetailsDao" ref="userDetailsDao" /> 
     <beans:property name="passwordEncoder" ref="encoder" /> 

    </beans:bean> 

    <!-- For capturing CAPTCHA fields --> 
<beans:bean id="captchaCaptureFilter" class="com.setelog.spring.businessrules.CaptchaCaptureFilter" /> 

<!-- For verifying CAPTCHA fields --> 
<!-- Private key is assigned by the reCATPCHA service --> 
<beans:bean id="captchaVerifierFilter" class="com.setelog.spring.businessrules.CaptchaVerifierFilter"> 

<beans:property name="useProxy" value="false"/> 
<beans:property name="proxyPort" value=""/> 
<beans:property name="failureUrl" value="/login?error"/> 
<beans:property name="captchaCaptureFilter" ref="captchaCaptureFilter"/> 
<beans:property name="privateKey" value="6LeTVQcTAAAAAI_NiPSYXAix-OKYp4KcC0aQ5ce2"/> 

</beans:bean> 


    <authentication-manager> 
     <authentication-provider ref="authenticationProvider" /> 
    </authentication-manager> 

</beans:beans> 

任何幫助的建議高度讚賞

Answer 1

我設法通過重定向到註銷頁面，以解決我的問題，只要驗證碼是錯誤的。而我的登錄頁面也是我的註銷。