1.security.xml配置

1. <!--负责认证处理的filter --> 
2. <beans:bean id="authenticationProcessingFilter" class="com.XXX.security.filter.KMSAuthenticationProcessingFilter"> 
3.     <custom-filter before="AUTHENTICATION_PROCESSING_FILTER"/> 
4.     <beans:property name="authenticationManager" ref="authenticationManager"/> 
5.     <beans:property name="validateRandom" value="true"/> 
6. </beans:bean> 

2.authenticationProcessingFilter 

1. package com.XXX.security.filter; 
2.  
3. import org.springframework.security.Authentication; 
4. import org.springframework.security.AuthenticationException; 
5. import org.springframework.security.SpringSecurityMessageSource; 
6. import org.springframework.security.providers.AbstractAuthenticationToken; 
7. import org.springframework.security.providers.UsernamePasswordAuthenticationToken; 
8. import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; 
9. import org.springframework.security.util.TextUtils; 
10.  
11. import javax.servlet.http.HttpServletRequest; 
12. import javax.servlet.http.HttpSession; 
13.  
14. /** 
15.  * @author: jetyou@foxmail.com 
16.  * @date: 2011-10-20 
17.  * @time: 16:02:01 
18.  * @desc: 
19.  */ 
20. public class KmsAuthenticationProcessingFilter extends AuthenticationProcessingFilter { 
21.     public static final String SPRING_SECURITY_FORM_RANDOM_KEY = "j_random"; 
22.     public boolean isValidateRandom = true; 
23.     public String typeParameter = SPRING_SECURITY_FORM_TYPE_KEY; 
24.     public String randomParameter = SPRING_SECURITY_FORM_RANDOM_KEY; 
25.  
26.     public Authentication attemptAuthentication(HttpServletRequest request) throws AuthenticationException { 
27.  
            HttpSession session = request.getSession(false); 
28.         //如果验证验证码 
29.         if (isValidateRandom) { 
30.             String requestRandom = request.getParameter(SPRING_SECURITY_FORM_TYPE_KEY); 
31.             String sessionRandom = (String) session.getAttribute(SPRING_SECURITY_FORM_RANDOM_KEY); 
32.             validateRandom(requestRandom, sessionRandom); 
33.         } 
34.           XXX; 
35.         return this.getAuthenticationManager().authenticate(authRequest); 
36.     } 
37.  
38.     /** 
39.      * Provided so that subclasses may configure what is put into the authentication request's details 
40.      * property. 
41.      * 
42.      * @param request     that an authentication request is being created for 
43.      * @param authRequest the authentication request object that should have its details set 
44.      */ 
45.     protected void setDetail(HttpServletRequest request, AbstractAuthenticationToken authRequest) { 
46.         authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); 
47.     } 
48.  
49.     /** 
50.      * 验证验证码 
51.      * 
52.      * @param requestRandom 
53.      * @param sessionRandom 
54.      */ 
55.     protected void validateRandom(String requestRandom, String sessionRandom) { 
56.         if (requestRandom == null || sessionRandom == null || requestRandom.trim().equals("") || sessionRandom.trim().equals("")) 
57.             throw new BadRandomCodeException(messages.getMessage("KmsAuthenticationProcessingFilter.badRandom", "Bad Random Code")); 
58.         if (!requestRandom.toLowerCase().equals(sessionRandom.toLowerCase())) 
59.             throw new BadRandomCodeException(messages.getMessage("KmsAuthenticationProcessingFilter.badRandom", "Bad Random Code")); 
60.  
61.     }
62.     protected String obtainRandom(HttpServletRequest request) { 
63.         return request.getParameter(randomParameter); 
64.     } 
65.  
66.  
67.     public void setValidateRandom(boolean validateRandom) { 
68.         isValidateRandom = validateRandom; 
69.     } 
70.  
71.  
72.     public void setRandomParameter(String randomParameter) { 
73.         this.randomParameter = randomParameter; 
74.     } 
75.   
76. } 

3.web.xml 

1. <servlet>  
2.        <servlet-name>Kaptcha</servlet-name>  
3.        <servlet-class>com.google.code.kaptcha.servlet.KaptchaServlet</servlet-class>  
4.        <init-param>  
5.            <param-name>kaptcha.border</param-name>  
6.            <param-value>no</param-value>  
7.        </init-param>  
8.        <init-param>  
9.            <param-name>kaptcha.border.color</param-name>  
10.            <param-value>red</param-value>  
11.        </init-param>  
12.        <init-param>  
13.            <param-name>kaptcha.border.thickness</param-name>  
14.            <param-value>4</param-value>  
15.        </init-param>  
16.        <init-param>  
17.            <param-name>kaptcha.p_w_picpath.width</param-name>  
18.            <param-value>60</param-value>  
19.        </init-param>  
20.        <init-param>  
21.            <param-name>kaptcha.p_w_picpath.height</param-name>  
22.            <param-value>30</param-value>  
23.        </init-param>  
24.        <init-param>  
25.            <param-name>kaptcha.producer.impl</param-name>  
26.            <param-value>com.google.code.kaptcha.impl.DefaultKaptcha </param-value>  
27.        </init-param>  
28.        <init-param>  
29.            <param-name>kaptcha.textproducer.impl</param-name>  
30.            <param-value>com.google.code.kaptcha.text.impl.DefaultTextCreator</param-value>  
31.        </init-param>  
32.        <init-param>  
33.            <param-name>kaptcha.textproducer.char.string</param-name>  
34.            <param-value>abcde2345678gfynmnpwx </param-value>  
35.        </init-param>  
36.        <init-param>  
37.            <param-name>kaptcha.textproducer.char.length</param-name>  
38.            <param-value>4</param-value>  
39.        </init-param>  
40.        <init-param>  
41.            <param-name>kaptcha.textproducer.font.names</param-name>  
42.            <param-value>Arial, Courier</param-value>  
43.        </init-param>  
44.        <init-param>  
45.            <param-name>kaptcha.textproducer.font.size</param-name>  
46.            <param-value>20</param-value>  
47.        </init-param>  
48.        <init-param>  
49.            <param-name>kaptcha.textproducer.font.color</param-name>  
50.            <param-value>black</param-value>  
51.        </init-param>  
52.        <init-param>  
53.            <param-name>kaptcha.noise.impl</param-name>  
54.            <param-value>com.google.code.kaptcha.impl.NoNoise </param-value>  
55.        </init-param>  
56.        <init-param>  
57.            <param-name>kaptcha.noise.color</param-name>  
58.            <param-value>black</param-value>  
59.        </init-param>  
60.        <init-param>  
61.            <param-name>kaptcha.obscurificator.impl</param-name>  
62.            <param-value>com.google.code.kaptcha.impl.ShadowGimpy</param-value>  
63.        </init-param>  
64.        <init-param>  
65.            <param-name>kaptcha.background.impl</param-name>  
66.            <param-value>com.google.code.kaptcha.impl.DefaultBackground</param-value>  
67.        </init-param>  
68.        <init-param>  
69.            <param-name>kaptcha.background.clear.to</param-name>  
70.            <param-value>white</param-value>  
71.        </init-param>  
72.        <init-param>  
73.            <param-name>kaptcha.word.impl</param-name>  
74.            <param-value>com.google.code.kaptcha.text.impl.DefaultWordRenderer</param-value>  
75.        </init-param>  
76.        <init-param> 
77.         <!--设置session中 验证码的key值 --> 
78.            <param-name>kaptcha.session.key</param-name>  
79.            <param-value>KAPTCHA_SESSION_KEY</param-value>  
80.        </init-param>  
81.        <init-param> 
82.         <!--设置session中 验证码的value值 -->  
83.            <param-name>kaptcha.session.date</param-name>  
84.            <param-value>KAPTCHA_SESSION_DATE</param-value>  
85.        </init-param>  
86.    </servlet>  
87.    <servlet-mapping>  
88.        <servlet-name>Kaptcha</servlet-name>  
89.        <url-pattern>/Kaptcha.jpg</url-pattern>  
90.    </servlet-mapping> 

3.login.html 

1. <tr> 
2. <td height="34" align="right">验证码：</td> 
3. <td><input type="text" name="j_random" class="tclss" class="required tyno" minlength="4" /></td>
4. <td><img id='kaptchaImage' src='Kaptcha.jpg' title="请点击刷新" alt="请点击刷新" style="cursor:pointer;"/>
5. </td>
6. </tr>