认证思路
本文将会以Shiro整合验证码为案例提供一个统一的整合第三方认证的思路,日后整合手机验证码,邮件验证码都可以使用该思路,仅需做具体修改即可。
在整合第三方认证之前,必须完成前文的与Spring Boot的整合。
具体思路就是将验证码认证和Shiro认证分开,验证码认证不由Shiro托管,由我们开发人员控制。验证时,先做验证码验证,如果验证成功,再由Shiro进行用户名和密码的认证。
认证开发
-
创建验证码工具类
public class VerifyCodeUtils { //使用到Algerian字体,系统里没有的话需要安装字体,字体只显示大写,去掉了1,0,i,o几个容易混淆的字符 public static final String VERIFY_CODES = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"; private static Random random = new Random(); /** * 使用系统默认字符源生成验证码 * @param verifySize 验证码长度 * @return */ public static String generateVerifyCode(int verifySize){ return generateVerifyCode(verifySize, VERIFY_CODES); } /** * 使用指定源生成验证码 * @param verifySize 验证码长度 * @param sources 验证码字符源 * @return */ public static String generateVerifyCode(int verifySize, String sources){ if(sources == null || sources.length() == 0){ sources = VERIFY_CODES; } int codesLen = sources.length(); Random rand = new Random(System.currentTimeMillis()); StringBuilder verifyCode = new StringBuilder(verifySize); for(int i = 0; i < verifySize; i ++){ verifyCode.append(sources.charAt(rand.nextInt(codesLen - 1))); } return verifyCode.toString(); } /** * 生成随机验证码文件,并返回验证码值 * @param w * @param h * @param outputFile * @param verifySize * @return * @throws IOException */ public static String outputVerifyImage(int w, int h, File outputFile, int verifySize) throws IOException{ String verifyCode = generateVerifyCode(verifySize); outputImage(w, h, outputFile, verifyCode); return verifyCode; } /** * 输出随机验证码图片流,并返回验证码值 * @param w * @param h * @param os * @param verifySize * @return * @throws IOException */ public static String outputVerifyImage(int w, int h, OutputStream os, int verifySize) throws IOException{ String verifyCode = generateVerifyCode(verifySize); outputImage(w, h, os, verifyCode); return verifyCode; } /** * 生成指定验证码图像文件 * @param w * @param h * @param outputFile * @param code * @throws IOException */ public static void outputImage(int w, int h, File outputFile, String code) throws IOException{ if(outputFile == null){ return; } File dir = outputFile.getParentFile(); if(!dir.exists()){ dir.mkdirs(); } try{ outputFile.createNewFile(); FileOutputStream fos = new FileOutputStream(outputFile); outputImage(w, h, fos, code); fos.close(); } catch(IOException e){ throw e; } } /** * 输出指定验证码图片流 * @param w * @param h * @param os * @param code * @throws IOException */ public static void outputImage(int w, int h, OutputStream os, String code) throws IOException{ int verifySize = code.length(); BufferedImage image = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB); Random rand = new Random(); Graphics2D g2 = image.createGraphics(); g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON); Color[] colors = new Color[5]; Color[] colorSpaces = new Color[] { Color.WHITE, Color.CYAN, Color.GRAY, Color.LIGHT_GRAY, Color.MAGENTA, Color.ORANGE, Color.PINK, Color.YELLOW }; float[] fractions = new float[colors.length]; for(int i = 0; i < colors.length; i ++){ colors[i] = colorSpaces[rand.nextInt(colorSpaces.length)]; fractions[i] = rand.nextFloat(); } Arrays.sort(fractions); g2.setColor(Color.GRAY);// 设置边框色 g2.fillRect(0, 0, w, h); Color c = getRandColor(200, 250); g2.setColor(c);// 设置背景色 g2.fillRect(0, 2, w, h-4); //绘制干扰线 Random random = new Random(); g2.setColor(getRandColor(160, 200));// 设置线条的颜色 for (int i = 0; i < 20; i ++) { int x = random.nextInt(w - 1); int y = random.nextInt(h - 1); int xl = random.nextInt(6) + 1; int yl = random.nextInt(12) + 1; g2.drawLine(x, y, x + xl + 40, y + yl + 20); } // 添加噪点 float yawpRate = 0.05f;// 噪声率 int area = (int) (yawpRate * w * h); for (int i = 0; i < area; i ++) { int x = random.nextInt(w); int y = random.nextInt(h); int rgb = getRandomIntColor(); image.setRGB(x, y, rgb); } shear(g2, w, h, c);// 使图片扭曲 g2.setColor(getRandColor(100, 160)); int fontSize = h - 4; Font font = new Font("Algerian", Font.ITALIC, fontSize); g2.setFont(font); char[] chars = code.toCharArray(); for(int i = 0; i < verifySize; i ++){ AffineTransform affine = new AffineTransform(); affine.setToRotation(Math.PI / 4 * rand.nextDouble() * (rand.nextBoolean() ? 1 : -1), (w / verifySize) * i + fontSize/2, h/2); g2.setTransform(affine); g2.drawChars(chars, i, 1, ((w-10) / verifySize) * i + 5, h/2 + fontSize/2 - 10); } g2.dispose(); ImageIO.write(image, "jpg", os); } private static Color getRandColor(int fc, int bc) { if (fc > 255) { fc = 255; } if (bc > 255) { bc = 255; } int r = fc + random.nextInt(bc - fc); int g = fc + random.nextInt(bc - fc); int b = fc + random.nextInt(bc - fc); return new Color(r, g, b); } private static int getRandomIntColor() { int[] rgb = getRandomRgb(); int color = 0; for (int c : rgb) { color = color << 8; color = color | c; } return color; } private static int[] getRandomRgb() { int[] rgb = new int[3]; for (int i = 0; i < 3; i ++) { rgb[i] = random.nextInt(255); } return rgb; } private static void shear(Graphics g, int w1, int h1, Color color) { shearX(g, w1, h1, color); shearY(g, w1, h1, color); } private static void shearX(Graphics g, int w1, int h1, Color color) { int period = random.nextInt(2); boolean borderGap = true; int frames = 1; int phase = random.nextInt(2); for (int i = 0; i < h1; i ++) { double d = (double) (period >> 1) * Math.sin((double) i / (double) period + (6.2831853071795862D * (double) phase) / (double) frames); g.copyArea(0, i, w1, 1, (int) d, 0); if (borderGap) { g.setColor(color); g.drawLine((int) d, i, 0, i); g.drawLine((int) d + w1, i, w1, i); } } } private static void shearY(Graphics g, int w1, int h1, Color color) { int period = random.nextInt(40) + 10; // 50; boolean borderGap = true; int frames = 20; int phase = 7; for (int i = 0; i < w1; i ++) { double d = (double) (period >> 1) * Math.sin((double) i / (double) period + (6.2831853071795862D * (double) phase) / (double) frames); g.copyArea(i, 0, 1, h1, 0, (int) d); if (borderGap) { g.setColor(color); g.drawLine(i, (int) d, i, 0); g.drawLine(i, (int) d + h1, i, h1); } } } } -
构建验证码接口
@GetMapping("verifyCode") public Response verifyCode() { try { List<String> data = userService.getVerifyCode(); if (data == null || data.size() == 0) { return Response.error(ResponseEnum.VERIFY_CODE_GENERATE_ERROR); } return Response.ok().data("codeKey", data.get(0)).data("codeBase64", data.get(1)); } catch (IOException e) { throw new VerifyCodeGenerateException(ResponseEnum.VERIFY_CODE_GENERATE_ERROR); } }getVerifyCode接口实现:
public List<String> getVerifyCode() throws IOException { List<String> data = new ArrayList<>(); // 生成验证码,长度为4 String codeKey = UUID.randomUUID().toString(); String code = VerifyCodeUtils.generateVerifyCode(4); // 验证码存入缓存,设置60s过期 redisUtils.set(codeKey, code, 60); // Base64转换验证码,宽100,高30 ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); VerifyCodeUtils.outputImage(100, 30, byteArrayOutputStream, code); String codeBase64 = "data:image/png;base64," + Base64Utils.encodeToString(byteArrayOutputStream.toByteArray()); // 装填数据 data.add(codeKey); data.add(codeBase64); return data; } -
Shiro中放行验证码接口
@Configuration public class ShiroConfig { @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager); shiroFilterFactoryBean.setLoginUrl("/user/login"); Map<String, String> map = new HashMap<>(); map.put("/user/register", "anon"); map.put("/user/login", "anon"); // 放行验证码接口 map.put("/user/verifyCode", "anon") map.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(map); return shiroFilterFactoryBean; } @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getRealm") Realm realm) { ... } @Bean public Realm getRealm() { ... } } -
修改用户登录DTO
@Data public class UserLoginDto implements Serializable { private static final long serialVersionUID = 1L; private String username; private String password; private String codeKey; private String code; } -
修改用户登录接口
@PostMapping("login") public Response login(@RequestBody UserLoginDto userLoginDto) { int result = userService.compareVerifyCode(userLoginDto.getCodeKey(), userLoginDto.getCode()); // 判断缓存中验证码是否过期 if (result == -1) { return Response.error(ResponseEnum.VERIFY_CODE_EXPIRED_ERROR); } // 判断验证码是否匹配,匹配成功再Shiro进行认证 if (result == 1) { Subject subject = SecurityUtils.getSubject(); try { // 登录认证 subject.login(new UsernamePasswordToken(userLoginDto.getUsername(), userLoginDto.getPassword())); // 认证成功 return Response.ok().message("登录成功"); } catch (UnknownAccountException e) { return Response.error(ResponseEnum.UNKNOWN_ACCOUNT_ERROR); } catch (IncorrectCredentialsException e) { return Response.error(ResponseEnum.INCORRECT_CREDENTIALS_ERROR); } } else { // 验证码输入错误 return Response.error(ResponseEnum.VERIFY_CODE_CONTENT_ERROR); } }compareVerifyCode接口实现:
public Integer compareVerifyCode(String codeKey, String code) { // 判断缓存中验证码是否过期 if (!redisUtils.hasKey(codeKey)) { return -1; } // 获取原验证码 String originalCode = (String) redisUtils.get(codeKey); return originalCode.equalsIgnoreCase(code) ? 1 : 0; }
