0
我在Spring MVC Security上集成了一個Captcha插件。問題是,即使我有一個錯誤的驗證碼,但良好的憑據,它會登錄,但顯示我壞captcha。Spring Security登錄驗證碼集成
我想我的問題是在春天的安全性文件:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin**/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/jtabuleiros/play/*" access="authenticated" />
<intercept-url pattern="/details" access="hasRole('ROLE_CONCORRENTE')" />
<custom-filter ref="captchaCaptureFilter" before="FORM_LOGIN_FILTER"/>
<custom-filter ref="captchaVerifierFilter" after="FORM_LOGIN_FILTER"/>
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<!-- <authentication-manager> -->
<!-- <authentication-provider user-service-ref="myUserDetailsService" > -->
<!-- <password-encoder hash="bcrypt" /> -->
<!-- </authentication-provider> -->
<!-- </authentication-manager> -->
<beans:bean id="customUserDetailsService"
class="com.setelog.spring.service.CustomUserDetailsService">
<beans:property name="usersByUsernameQuery" value="select * from users where username = ?"/>
<beans:property name="authoritiesByUsernameQuery" value="select username, role from user_roles where username =?" />
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="userDetailsDao" class="com.setelog.spring.dao.UserDetailsDaoImpl" >
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<beans:bean id="authenticationProvider"
class="com.setelog.spring.handler.LimitLoginAuthenticationProvider">
<beans:property name="userDetailsService" ref="customUserDetailsService" />
<beans:property name="userDetailsDao" ref="userDetailsDao" />
<beans:property name="passwordEncoder" ref="encoder" />
</beans:bean>
<!-- For capturing CAPTCHA fields -->
<beans:bean id="captchaCaptureFilter" class="com.setelog.spring.businessrules.CaptchaCaptureFilter" />
<!-- For verifying CAPTCHA fields -->
<!-- Private key is assigned by the reCATPCHA service -->
<beans:bean id="captchaVerifierFilter" class="com.setelog.spring.businessrules.CaptchaVerifierFilter">
<beans:property name="useProxy" value="false"/>
<beans:property name="proxyPort" value=""/>
<beans:property name="failureUrl" value="/login?error"/>
<beans:property name="captchaCaptureFilter" ref="captchaCaptureFilter"/>
<beans:property name="privateKey" value="6LeTVQcTAAAAAI_NiPSYXAix-OKYp4KcC0aQ5ce2"/>
</beans:bean>
<authentication-manager>
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
</beans:beans>
任何幫助的建議高度讚賞
http://webdesignledger.com/tips/why-you-should-stop-using-captchas – OhadR
@OhadR我很欣賞你的建議,但我仍然喜歡解決我的問題,而不是替代 – Kunal
你的captchaVerifierFilter如果遇到錯誤的驗證碼? – ArunM