SpringBoot结合SpringSecurity实现图形验证码功能

/** * 生成图形验证码 * @param request * @return */private ImageCode generate(ServletWebRequest request) { int width = 64; int height = 32; BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics g = image.getGraphics(); Random random = new Random(); g.setColor(getRandColor(200, 250)); g.fillRect(0, 0, width, height); g.setFont(new Font("Times New Roman", Font.ITALIC, 20)); g.setColor(getRandColor(160, 200)); for (int i = 0; i < 155; i++) {  int x = random.nextInt(width);  int y = random.nextInt(height);  int xl = random.nextInt(12);  int yl = random.nextInt(12);  g.drawLine(x, y, x + xl, y + yl); } String sRand = ""; for (int i = 0; i < 4; i++) {  String rand = String.valueOf(random.nextInt(10));  sRand += rand;  g.setColor(new Color(20 + random.nextInt(110), 20 + random.nextInt(110), 20 + random.nextInt(110)));  g.drawString(rand, 13 * i + 6, 16); } g.dispose(); return new ImageCode(image, sRand, 60);}/** * 生成随机背景条纹 * * @param fc * @param bc * @return */private Color getRandColor(int fc, int bc) { Random random = new Random(); if (fc > 255) {  fc = 255; } if (bc > 255) {  bc = 255; } int r = fc + random.nextInt(bc - fc); int g = fc + random.nextInt(bc - fc); int b = fc + random.nextInt(bc - fc); return new Color(r, g, b);}

@RestControllerpublic class ValidateCodeController { public static final String SESSION_KEY = "SESSION_KEY_IMAGE_CODE"; private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy(); @GetMapping("/code/image") public void createCode(HttpServletRequest request, HttpServletResponse response) throws IOException {  ImageCode imageCode = generate(new ServletWebRequest(request));  sessionStrategy.setAttribute(new ServletWebRequest(request), SESSION_KEY, imageCode);  ImageIO.write(imageCode.getImage(), "JPEG", response.getOutputStream()); }}

@Componentpublic class ValidateCodeFilter extends OncePerRequestFilter { private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy(); private AuthenticationFailureHandler authenticationFailureHandler; @Override protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {  if(StringUtils.equals("/user/login", httpServletRequest.getRequestURI())    && StringUtils.equalsIgnoreCase(httpServletRequest.getMethod(), "post")) {   try {    // 1. 进行验证码的校验    validate(new ServletWebRequest(httpServletRequest));   } catch (ValidateCodeException e) {    // 2. 如果校验不通过，调用SpringSecurity的校验失败处理器    authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);    return ;   }  }  // 3. 校验通过，就放行  filterChain.doFilter(httpServletRequest, httpServletResponse); }} 

@Overrideprotected void configure(HttpSecurity http) throws Exception { ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter(); validateCodeFilter.setAuthenticationFailureHandler(myAuthenticationFailureHandler); // 将我们自定义的过滤器，配置到UsernamePasswordAuthenticationFilter之前 http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)   .formLogin()     // 定义当需要用户登录时候，转到的登录页面。   // 后面的配置省略}