验证码配置

1.添加验证码插件

<!-- google captcha 生成验证码 -->
<dependency>
    <groupId>com.github.penggle</groupId>
    <artifactId>kaptcha</artifactId>
    <version>2.3.2</version>
</dependency>

2.配置web.xml

<!-- 配置验证码插件servlet类 -->
<servlet>
    <servlet-name>Kaptcha</servlet-name>
    <servlet-class>com.google.code.kaptcha.servlet.KaptchaServlet</servlet-class>
    <!-- 验证码边框 -->
    <init-param>
        <param-name>kaptcha.border</param-name>
        <param-value>no</param-value>
    </init-param>
    <!-- 验证码字体颜色 -->
    <init-param>
        <param-name>kaptcha.textproducer.font.color</param-name>
        <param-value>red</param-value>
    </init-param>
    <!-- 验证码图片的长度
    <init-param>
        <param-name>kaptcha.image.width</param-name>
        <param-value>135</param-value>
    </init-param> -->
    <!-- 验证码字符串范围
    <init-param>
        <param-name>kaptcha.textproducer.char.string</param-name>
        <param-value>ACDEFHKPRSTWX345679</param-value>
    </init-param> -->
    <!-- 验证码图片高度
    <init-param>
        <param-name>kaptcha.image.height</param-name>
        <param-value>50</param-value>
    </init-param> -->
    <!-- 验证码字体大小
    <init-param>
        <param-name>kaptcha.textproducer.font.size</param-name>
        <param-value>43</param-value>
    </init-param> -->
    <!-- 干扰线 颜色 -->
    <init-param>
        <param-name>kaptcha.noise.color</param-name>
        <param-value>black</param-value>
    </init-param>
    <!-- 验证码字符串个数 -->
    <init-param>
        <param-name>kaptcha.textproducer.char.length</param-name>
        <param-value>5</param-value>
    </init-param>
    <!-- 字体样式
    <init-param>
        <param-name>kaptcha.textproducer.font.names</param-name>
        <param-value>Arial</param-value>
    </init-param>-->
</servlet>
<!-- 获取验证码的URL -->
<servlet-mapping>
    <servlet-name>Kaptcha</servlet-name>
    <url-pattern>/captcha.jpg</url-pattern>
</servlet-mapping>

3.页面配置

<section class="row">
  <label for="vCode"><spring:message code="screen.welcome.label.vCode" /></label>
  <spring:message code="screen.welcome.label.vCode.accesskey" var="vCodeAccessKey" />
  <form:input cssClass="required" cssErrorClass="error" id="vCode" size="10" tabindex="2" path="vCode"  accesskey="${vCodeAccessKey}" htmlEscape="true" autocomplete="off" />
  <img alt="<spring:message code="required.vCode" />" onclick="changeVerifyCode(this)" width="93" height="32" src="captcha.jpg">
</section>

前面三步配置好后，页面就可以显示出验证码了。

4.页面提示语

screen.welcome.label.vCode=\u9A8C\u8BC1\u7801:  
screen.welcome.label.vCode.accesskey=a
screen.welcome.label.authSourceType=\u7528\u6237\u7c7b\u578b:
screen.welcome.label.authSourceType.accesskey=a
required.vCode=\u9a8c\u8bc1\u7801\u4e0d\u80fd\u4e3a\u7a7a\u3002
error.authentication.vCode.bad=\u9a8c\u8bc1\u7801\u6709\u8bef\u3002

接下来配置自定义验证

1.先创建自定义的接收登录验证实体类

public class UsernamePasswordVCodeCredential extends UsernamePasswordCredential {

    @NotNull
    @Size(
            min=1,
            message = "required.vCode"
    )
    private String vCode;


    public String getvCode() {
        return vCode;
    }

    public void setvCode(String vCode) {
        this.vCode = vCode;
    }

}

2.修改login-webflow.xml文件

<var name="credential" class="org.jasig.cas.authentication.UsernamePasswordCredential"/>

替换为

<var name="credential" class="自定义的实体类路径"/>

修改登录流程

<view-state id="viewLoginForm" view="casLoginView" model="credential">
    <binder>
        <binding property="username" required="true"/>
        <binding property="password" required="true"/>
        
    </binder>
    <on-entry>
        <set name="viewScope.commandName" value="'credential'"/>

        <!--
        <evaluate expression="samlMetadataUIParserAction" />
        -->
    </on-entry>
    <transition on="submit" bind="true" validate="true" to="realSubmit"/>
</view-state>

修改为：

<view-state id="viewLoginForm" view="casLoginView" model="credential">
    <binder>
        <binding property="username" required="true"/>
        <binding property="password" required="true"/>
        <!--添加验证码-->
        <binding property="vCode" required="true"/>
        
    </binder>
    <on-entry>
        <set name="viewScope.commandName" value="'credential'"/>

        <!--
        <evaluate expression="samlMetadataUIParserAction" />
        -->
    </on-entry>
    <!--<transition on="submit" bind="true" validate="true" to="realSubmit"/>-->
    <!-- 修改登录流程 -->
    <transition on="submit" bind="true" validate="true" to="vCodeValidate"/>
</view-state>

在上面这段代码的下面添加这段代码

<!-- 判断验证码是否正确 -->
<action-state id="vCodeValidate">
    <evaluate expression="authenticationViaFormVCodeAction.validatorCode(flowRequestContext, flowScope.credential, messageContext)" />
    <transition on="error" to="initializeLogin" />
    <transition on="success" to="realSubmit" />
</action-state>

同时修改下面代码：

<action-state id="realSubmit">
  <evaluate
        expression="authenticationViaFormAction.submit(flowRequestContext, flowScope.credential, messageContext)"/>
  <transition on="warn" to="warn"/>
  <!--
  To enable AUP workflows, replace the 'success' transition with the following:
  <transition on="success" to="acceptableUsagePolicyCheck" />
  -->
  <transition on="success" to="sendTicketGrantingTicket"/>
  <transition on="successWithWarnings" to="showMessages"/>
  <transition on="authenticationFailure" to="handleAuthenticationFailure"/>
  <transition on="error" to="initializeLogin"/>
</action-state>

修改为

<action-state id="realSubmit">
  <evaluate
        expression="authenticationViaFormVCodeAction.submit(flowRequestContext, flowScope.credential, messageContext)"/>
  <transition on="warn" to="warn"/>
  <!--
  To enable AUP workflows, replace the 'success' transition with the following:
  <transition on="success" to="acceptableUsagePolicyCheck" />
  -->
  <transition on="success" to="sendTicketGrantingTicket"/>
  <transition on="successWithWarnings" to="showMessages"/>
  <transition on="authenticationFailure" to="handleAuthenticationFailure"/>
  <transition on="error" to="initializeLogin"/>
</action-state>

3.添加判断验证码是否正确的action

@Component("authenticationViaFormVCodeAction")
public class AuthenticationViaFormVCodeAction extends AuthenticationViaFormAction{

    //添加自定义验证方法
    public final String validatorCode(final RequestContext context, final Credential credential, final MessageContext messageContext) throws Exception {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        HttpSession session = request.getSession();

        String o = request.getParameter("useVCode");
        boolean useVCode = o == null ? true : Boolean.valueOf(o);

        if (useVCode) {
            //在session中获取生成的验证码
            String vCode = (String) session.getAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);
            session.removeAttribute(com.google.code.kaptcha.Constants.KAPTCHA_SESSION_KEY);

            //获取前台输入的内容
            UsernamePasswordVCodeCredential upvc = (UsernamePasswordVCodeCredential) credential;
            String submitVCode = upvc.getvCode();
            MessageBuilder msgBuilder = new MessageBuilder();
            //验证验证码是否正确
            if (!StringUtils.hasText(submitVCode) || !StringUtils.hasText(vCode)) {
                msgBuilder.code("required.vCode");
                messageContext.addMessage(msgBuilder.error().build());
                return "error";
            }
            if (submitVCode.equalsIgnoreCase(vCode)) {
                return "success";
            }
            msgBuilder.code("error.authentication.vCode.bad");
            messageContext.addMessage(msgBuilder.error().build());
            return "error";
        } else {
            return "success";
        }
    }

}

注意：由于cas 2.7.x 很多配置都基于注解，所以在自定义类的过程中如果使用到注解，需要到Spring配置文件中设置自动扫描，否则无法进行加载。

参考文章：
http://blog.csdn.net/bitree1/article/details/55050545