com.google.code.kaptcha.Constants Java Examples

/**
 * 留言板 发言
 *
 * @param guestbook
 * @return
 */
@PostMapping("/guestbook")
@ResponseBody
public Result saveGuestbook(@Valid Guestbook guestbook, String captcha, HttpServletRequest request) throws Exception {

    String capText = (String) request.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
    if (StringUtils.isEmpty(capText)) {
        throw new GlobalException(500, "验证码失效");
    }

    if (!capText.equals(captcha)) {
        throw new GlobalException(500, "验证码不正确");
    }

    guestbook.setIp(IPUtil.getIpAddr(request));
    String city = IPUtil.getCity(guestbook.getIp());
    guestbook.setIpAddr(city == null ? "未知" : city);
    this.guestbookService.save(guestbook);
    return Result.success();
}
 

@RequestMapping("/captcha/kaptcha-image.do")
public ModelAndView handleRequest(HttpServletRequest request,
		HttpServletResponse response) throws Exception {

   	// Header Preparation for Image creation 
	response.setDateHeader("Expires", 0);
	response.setHeader("Cache-Control",	"no-store, no-cache, must-revalidate");
	response.addHeader("Cache-Control", "post-check=0, pre-check=0");
	response.setHeader("Pragma", "no-cache");
	response.setContentType("image/jpeg");

	// Generation of Captcha Text
	String capText = captchaProducer.createText();
	request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, capText);
			
	// Generation of the image
	BufferedImage bi = captchaProducer.createImage(capText);
	ServletOutputStream out = response.getOutputStream();
	ImageIO.write(bi, "jpg", out);
	try {
		out.flush();
	} finally {
		out.close();
	}
	return null;
}
 

@RequestMapping("/captcha.jpg")
public void captcha(HttpServletResponse response)throws ServletException, IOException {
	response.setHeader("Cache-Control", "no-store, no-cache");
	response.setContentType("image/jpeg");

	//生成文字验证码
	String text = producer.createText();
	//生成图片验证码
	BufferedImage image = producer.createImage(text);
	//保存到shiro session
	ShiroUtils.setSessionAttribute(Constants.KAPTCHA_SESSION_KEY, text);

	ServletOutputStream out = response.getOutputStream();
	ImageIO.write(image, "jpg", out);
	IOUtils.closeQuietly(out);
}
 

/**
 * 点击登录执行的动作
 *
 * @author fengshuonan
 * @Date 2018/12/23 5:42 PM
 */
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public ResponseData loginVali(HttpServletRequest request, HttpServletResponse response) {

    String username = super.getPara("username");
    String password = super.getPara("password");

    if (ToolUtil.isOneEmpty(username, password)) {
        throw new RequestEmptyException("账号或密码为空！");
    }

    //验证验证码是否正确
    if (ConstantsContext.getKaptchaOpen()) {
        String kaptcha = super.getPara("kaptcha").trim();
        String code = (String) super.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
        if (ToolUtil.isEmpty(kaptcha) || !kaptcha.equalsIgnoreCase(code)) {
            throw new InvalidKaptchaException();
        }
    }

    //登录并创建token
    String token = authService.login(username, password);

    return new SuccessResponseData(token);
}
 

/**
 * 登录
 */
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Map<String, Object> login(String username, String password, String captcha)throws IOException {
	String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
	if(!captcha.equalsIgnoreCase(kaptcha)){
		return R.error("验证码不正确");
	}

	//用户信息
	SysUserEntity user = sysUserService.queryByUserName(username);

	//账号不存在、密码错误
	if(user == null || !user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		return R.error("账号或密码不正确");
	}

	//账号锁定
	if(user.getStatus() == 0){
		return R.error("账号已被锁定,请联系管理员");
	}

	//生成token，并保存到数据库
	R r = sysUserTokenService.createToken(user.getUserId());
	return r;
}
 

@RequestMapping("captcha.jpg")
public void captcha(HttpServletResponse response)throws ServletException, IOException {
	response.setHeader("Cache-Control", "no-store, no-cache");
	response.setContentType("image/jpeg");

	//生成文字验证码
	String text = producer.createText();
	//生成图片验证码
	BufferedImage image = producer.createImage(text);
	//保存到shiro session
	ShiroUtils.setSessionAttribute(Constants.KAPTCHA_SESSION_KEY, text);

	ServletOutputStream out = response.getOutputStream();
	ImageIO.write(image, "jpg", out);
	IOUtils.closeQuietly(out);
}
 

@Override
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
    Session session = SecurityUtils.getSubject().getSession();
    //获取登录错误次数
    Integer number = (Integer) session.getAttribute(getLoginIncorrectNumberKeyAttribute());

    //首次登录，将该数量记录在session中
    if (number == null) {
        number = 1;
        session.setAttribute(getLoginIncorrectNumberKeyAttribute(), number);
    }
    //如果登录次数大于allowIncorrectNumber，需要判断验证码是否一致
    if (number > getAllowIncorrectNumber()) {
        //获取当前验证码
        String currentCaptcha = (String) session.getAttribute(Constants.KAPTCHA_SESSION_KEY);
        //获取用户输入的验证码
        String submitCaptcha = getCaptcha(request);
        //如果验证码不匹配，登录失败
        if (StringUtils.isEmpty(submitCaptcha) || !StringUtils.equals(currentCaptcha, submitCaptcha.toLowerCase())) {
            return onLoginFailure(this.createToken(request, response), new CaptchaException(), request, response);
        }
    }
    return super.executeLogin(request, response);
}
 

@ResponseBody
@RequestMapping(value = "/captcha.jpg",method = {RequestMethod.GET})
public byte[] generateCapcha() throws Exception{
	response.setDateHeader("Expires", 0);     
       response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");    
       response.addHeader("Cache-Control", "post-check=0, pre-check=0");    
       response.setHeader("Pragma", "no-cache");    
       response.setContentType("image/jpg");    
       String capText = captchaProducer.createText();    
       request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, capText);    
       BufferedImage bi = captchaProducer.createImage(capText);
       ByteArrayOutputStream out = new ByteArrayOutputStream();
       ImageIO.write(bi, "jpg", out); 

       return  out.toByteArray();
	
}
 

@ResponseBody
@RequestMapping(value = "/captcha.jpg",method = {RequestMethod.GET})
public byte[] generateCapcha() throws Exception{
	response.setDateHeader("Expires", 0);     
       response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");    
       response.addHeader("Cache-Control", "post-check=0, pre-check=0");    
       response.setHeader("Pragma", "no-cache");    
       response.setContentType("image/jpg");    
       String capText = captchaProducer.createText();    
       request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, capText);    
       BufferedImage bi = captchaProducer.createImage(capText);
       ByteArrayOutputStream out = new ByteArrayOutputStream();
       ImageIO.write(bi, "jpg", out); 

       return  out.toByteArray();
	
}
 

@RequestMapping("captcha.jpg")
public String verification(HttpServletResponse response, HttpServletRequest request) throws IOException {
    response.setDateHeader("Expires", 0);
    response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
    response.setHeader("Pragma", "no-cache");
    response.setContentType("image/jpeg");

    String capText = captchaProducer.createText();
    request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, capText);

    try (ServletOutputStream out = response.getOutputStream()) {
        ImageIO.write(captchaProducer.createImage(capText), "jpg", out);
        out.flush();
    }
    return null;
}
 

@GetMapping("captcha.jpg")
public void captcha(HttpServletResponse response) throws ServletException, IOException {
	response.setHeader("Cache-Control", "no-store, no-cache");
	response.setContentType("image/jpeg");

	// 生成文字验证码
	String text = producer.createText();
	// 生成图片验证码
	BufferedImage image = producer.createImage(text);
	// 保存到验证码到 session
	ShiroUtils.setSessionAttribute(Constants.KAPTCHA_SESSION_KEY, text);

	ServletOutputStream out = response.getOutputStream();
	ImageIO.write(image, "jpg", out);	
	IOUtils.closeQuietly(out);
}
 

/**
 * 获取登录的图片验证码
 */
@RequestMapping(value = "/imgcode", method = RequestMethod.GET)
public void captcha(HttpServletRequest request, HttpServletResponse response )
		throws ServletException, IOException {
	Subject currentUser = SecurityUtils.getSubject();
	Session session = currentUser.getSession();
	Producer captchaProducer = KaptchaProducerAgency.getKaptchaProducerExample();
	response.setDateHeader("Expires", 0);
	// Set standard HTTP/1.1 no-cache headers.
	response.setHeader("Cache-Control",
			"no-store, no-cache, must-revalidate");
	// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
	response.addHeader("Cache-Control", "post-check=0, pre-check=0");
	// Set standard HTTP/1.0 no-cache header.
	response.setHeader("Pragma", "no-cache");
	// return a jpeg
	response.setContentType("image/jpeg");
	// create the text for the image
	String capText = captchaProducer.createText();
	log.debug("******************验证码是: " + capText + "******************");
	// store the text in the session
	session.setAttribute(Constants.KAPTCHA_SESSION_KEY, capText	);
	// create the image with the text
	BufferedImage bi = captchaProducer.createImage(capText);
	ServletOutputStream out = response.getOutputStream();
	// write the data out
	ImageIO.write(bi, "jpg", out);
	try {
		out.flush();
	} finally {
		out.close();
	}
}
 

@RequestMapping("/code.do")
  public String getKaptchaImage(HttpServletRequest request,
						  HttpServletResponse response) throws Exception {
// Set to expire far in the past.
response.setDateHeader("Expires", 0);
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache-Control",
		"no-store, no-cache, must-revalidate");
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma", "no-cache");

// return a jpeg
response.setContentType("image/jpeg");

// create the text for the image
String capText = captchaProducer.createText();

// store the text in the session
request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY,
		capText);

// create the image with the text
BufferedImage bi = captchaProducer.createImage(capText);

ServletOutputStream out = response.getOutputStream();

// write the data out
ImageIO.write(bi, "jpg", out);
try {
	out.flush();
} finally {
	out.close();
}
return null; 
  }
 

@RequestMapping("image")
public void getKaptchaImage(HttpServletRequest request, HttpServletResponse response) throws Exception {
	HttpSession session = request.getSession();
	String code = (String) session.getAttribute(Constants.KAPTCHA_SESSION_KEY);
	LOG.debug("******************验证码是:{}******************",code);
	
	response.setDateHeader("Expires", 0);
	// Set standard HTTP/1.1 no-cache headers.
	response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
	// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
	response.addHeader("Cache-Control", "post-check=0, pre-check=0");
	// Set standard HTTP/1.0 no-cache header.
	response.setHeader("Pragma", "no-cache");
	// return a jpeg
	response.setContentType("image/jpeg");

	// create the text for the image
	String capText = captchaProducer.createText();
	// store the text in the session
	session.setAttribute(Constants.KAPTCHA_SESSION_KEY, capText);

	// create the image with the text
	BufferedImage bi = captchaProducer.createImage(capText);
	ServletOutputStream out = response.getOutputStream();

	// write the data out
	ImageIO.write(bi, "jpg", out);
	try {
		out.flush();
	} finally {
		out.close();
	}
}
 

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
    String verification = request.getParameter("code");
    String captcha = (String) request.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);

    if (!captcha.contentEquals(verification)) {
        throw new CaptchaException("captcha code not matched!");
    }
    return super.attemptAuthentication(request, response);
}
 

/**
 * login:. <br/>
 *
 * @author Hongbin Yuan
 * @param request
 * @param response
 * @return
 * @since JDK 1.6
 */
@RequestMapping(value = "login.do")
@ResponseBody
public AjaxResponseBean login(
		@RequestParam("userName") String userName,
		@RequestParam("password") String password,
		@RequestParam("verificationCode") String verificationCode,
		HttpServletRequest request,
		HttpServletResponse response) {
	try {
		HttpSession session = request.getSession();  
        String code = (String) session.getAttribute(Constants.KAPTCHA_SESSION_KEY); 
        // 清空session中的验证码
        session.setAttribute(Constants.KAPTCHA_SESSION_KEY,"");
        
        if(!code.equalsIgnoreCase(verificationCode)){
        	return AjaxResponseBean.getErrorResponseBean("登录错误,验证码错误!");
        }
		
		Object result = this.loginBusiness.login(userName, password);
		if(result != null){ // 登录成功
			session.setAttribute(GlobalParam.sessionUserKey, result); // 存放到session
			return AjaxResponseBean.getReturnValueResponseBean(result);
		}
		return AjaxResponseBean.Const.ERROR_RESPONSE_BEAN;
	} catch (Exception e) {
		LogFactory.systemLog.error("登录错误" + e.getMessage());
		return AjaxResponseBean.getErrorResponseBean("登录错误:" + e.getMessage());
	}
}
 

@RequestMapping("/image.do")  
  public String getKaptchaImage(HttpServletRequest request, HttpServletResponse response) throws Exception {  
// Set to expire far in the past.
response.setDateHeader("Expires", 0);
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache-Control",
		"no-store, no-cache, must-revalidate");
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache-Control", "post-check=0, pre-check=0");
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma", "no-cache");

// return a jpeg
response.setContentType("image/jpeg");

// create the text for the image
String capText = captchaProducer.createText();

// store the text in the session
request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY,
		capText);

// create the image with the text
BufferedImage bi = captchaProducer.createImage(capText);

ServletOutputStream out = response.getOutputStream();

// write the data out
ImageIO.write(bi, "jpg", out);
try {
	out.flush();
} finally {
	out.close();
}
return null; 
  }
 

public boolean validateResponse(HttpServletRequest request, String validateCode)
{
    Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
    String code = String.valueOf(obj != null ? obj : "");
    if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code))
    {
        return false;
    }
    return true;
}
 

/**
 * 登录
 */
@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
public Result login(String username, String password, String captcha)throws IOException {
	//验证码
	if(SpringContextUtils.getBean(KaptchaConfig.class).getKaptchaOpen()){
		String kaptcha = getKaptcha(Constants.KAPTCHA_SESSION_KEY);
		if(!captcha.equalsIgnoreCase(kaptcha)){
			return Result.error("验证码不正确");
		}
	}

	//用户信息
	SysUser user = sysUserService.queryByUserName(username);

	//账号不存在
	if(user == null) {
		return Result.error("账号不存在");
	}

	//密码错误
	if(!user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		return Result.error("密码不正确");
	}

	//账号锁定
	if(Constant.UserStatus.DISABLE.getValue() == user.getStatus()){
		return Result.error("账号已被锁定,请联系管理员");
	}

	//生成token，并保存到数据库
	Map<String, Object> result=sysUserTokenService.createToken(user.getId());
	Result r =Result.ok().put(result);
	return r;
}
 

@Bean
    public ServletRegistrationBean kaptchaServlet() {
        ServletRegistrationBean servlet = new ServletRegistrationBean(new KaptchaServlet(), "/kaptcha.jpg");
        servlet.addInitParameter(Constants.KAPTCHA_SESSION_CONFIG_KEY, Constants.KAPTCHA_SESSION_KEY);//session key
        servlet.addInitParameter(Constants.KAPTCHA_TEXTPRODUCER_FONT_SIZE, "50");//字体大小
        servlet.addInitParameter(Constants.KAPTCHA_BORDER, "no");
        servlet.addInitParameter(Constants.KAPTCHA_BORDER_COLOR, "105,179,90");
        servlet.addInitParameter(Constants.KAPTCHA_TEXTPRODUCER_FONT_SIZE, "45");
        servlet.addInitParameter(Constants.KAPTCHA_TEXTPRODUCER_CHAR_LENGTH, "4");
        servlet.addInitParameter(Constants.KAPTCHA_TEXTPRODUCER_FONT_NAMES, "宋体,楷体,微软雅黑");
        servlet.addInitParameter(Constants.KAPTCHA_TEXTPRODUCER_FONT_COLOR, "blue");
        servlet.addInitParameter(Constants.KAPTCHA_IMAGE_WIDTH, "125");
        servlet.addInitParameter(Constants.KAPTCHA_IMAGE_HEIGHT, "60");
        //可以设置很多属性,具体看com.google.code.kaptcha.Constants
//		kaptcha.border  是否有边框  默认为true  我们可以自己设置yes，no
//		kaptcha.border.color   边框颜色   默认为Color.BLACK
//		kaptcha.border.thickness  边框粗细度  默认为1
//		kaptcha.producer.impl   验证码生成器  默认为DefaultKaptcha
//		kaptcha.textproducer.impl   验证码文本生成器  默认为DefaultTextCreator
//		kaptcha.textproducer.char.string   验证码文本字符内容范围  默认为abcde2345678gfynmnpwx
//		kaptcha.textproducer.char.length   验证码文本字符长度  默认为5
//		kaptcha.textproducer.font.names    验证码文本字体样式  默认为new Font("Arial", 1, fontSize), new Font("Courier", 1, fontSize)
//		kaptcha.textproducer.font.size   验证码文本字符大小  默认为40
//		kaptcha.textproducer.font.color  验证码文本字符颜色  默认为Color.BLACK
//		kaptcha.textproducer.char.space  验证码文本字符间距  默认为2
//		kaptcha.noise.impl    验证码噪点生成对象  默认为DefaultNoise
//		kaptcha.noise.color   验证码噪点颜色   默认为Color.BLACK
//		kaptcha.obscurificator.impl   验证码样式引擎  默认为WaterRipple
//		kaptcha.word.impl   验证码文本字符渲染   默认为DefaultWordRenderer
//		kaptcha.background.impl   验证码背景生成器   默认为DefaultBackground
//		kaptcha.background.clear.from   验证码背景颜色渐进   默认为Color.LIGHT_GRAY
//		kaptcha.background.clear.to   验证码背景颜色渐进   默认为Color.WHITE
//		kaptcha.image.width   验证码图片宽度  默认为200
//		kaptcha.image.height  验证码图片高度  默认为50
        return servlet;
    }
 

@SysLog("用户登录")
@PostMapping("/login")
public Result login(@Valid LoginVo loginVo, HttpSession session) throws GlobalException {

    try {

        String capText = (String) session.getAttribute(Constants.KAPTCHA_SESSION_KEY);

        if (!capText.equals(loginVo.getCaptcha())) {
            throw new GlobalException(400,"验证码不正确");
        }

        session.removeAttribute(Constants.KAPTCHA_SESSION_KEY);

        User user = this.userService.findByUsername(loginVo.getUsername());

        if (user == null) {
            throw new GlobalException(403,"用户名不存在");
        }

        if (!user.getPassword().equals(DigestUtils.md5Hex(loginVo.getPassword()))) {
            throw new GlobalException(403,"密码不正确");
        }

        if (user.getStatus() == 0) {
            throw new GlobalException(403,"该用户被禁用");
        }

        user.setPassword(null);

        session.setAttribute(UserConstant.LOGIN_USER,user);
        return Result.success("/admin/index");

    } catch (GlobalException e) {
        throw new GlobalException(500,e.getMessage());
    }
}
 

@GetMapping(value = {"/captcha","/captcha.do"})
public void getKaptchaImage(HttpServletResponse response, HttpSession session) throws Exception {
    response.setDateHeader("Expires", 0);
    response.setHeader("Pragma", "no-cache");
    response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
    response.addHeader("Cache-Control", "post-check=0, pre-check=0");
    response.setContentType("image/jpeg");
    //生成验证码
    String capText = captchaProducer.createText();
    session.setAttribute(Constants.KAPTCHA_SESSION_KEY, capText);
    //向客户端写出
    BufferedImage bi = captchaProducer.createImage(capText);
    ServletOutputStream out = response.getOutputStream();
    ImageIO.write(bi, "jpg", out);
}
 

/**
 * 点击登录执行的动作
 */
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String loginVali() {

    String username = super.getPara("username").trim();
    String password = super.getPara("password").trim();
    String remember = super.getPara("remember");

    //验证验证码是否正确
    if (KaptchaUtil.getKaptchaOnOff()) {
        String kaptcha = super.getPara("kaptcha").trim();
        String code = (String) super.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
        if (ToolUtil.isEmpty(kaptcha) || !kaptcha.equalsIgnoreCase(code)) {
            throw new InvalidKaptchaException();
        }
    }

    Subject currentUser = ShiroKit.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());

    if ("on".equals(remember)) {
        token.setRememberMe(true);
    } else {
        token.setRememberMe(false);
    }

    currentUser.login(token);

    ShiroUser shiroUser = ShiroKit.getUser();
    super.getSession().setAttribute("shiroUser", shiroUser);
    super.getSession().setAttribute("username", shiroUser.getAccount());

    LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp()));

    ShiroKit.getSession().setAttribute("sessionFlag", true);

    return REDIRECT + "/admin";
}
 

public boolean validateResponse(HttpServletRequest request, String validateCode)
{
    Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
    String code = String.valueOf(obj != null ? obj : "");
    if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code))
    {
        return false;
    }
    return true;
}
 

/**
 * 点击登录执行的动作
 */
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String loginVali() {

    String username = super.getPara("username").trim();
    String password = super.getPara("password").trim();
    String remember = super.getPara("remember");

    //验证验证码是否正确
    if (KaptchaUtil.getKaptchaOnOff()) {
        String kaptcha = super.getPara("kaptcha").trim();
        String code = (String) super.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
        if (ToolUtil.isEmpty(kaptcha) || !kaptcha.equalsIgnoreCase(code)) {
            throw new InvalidKaptchaException();
        }
    }

    Subject currentUser = ShiroKit.getSubject();
    UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());

    if ("on".equals(remember)) {
        token.setRememberMe(true);
    } else {
        token.setRememberMe(false);
    }

    currentUser.login(token);

    ShiroUser shiroUser = ShiroKit.getUser();
    super.getSession().setAttribute("shiroUser", shiroUser);
    super.getSession().setAttribute("username", shiroUser.getAccount());

    LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp()));

    ShiroKit.getSession().setAttribute("sessionFlag", true);

    return REDIRECT + "/";
}
 

@PostMapping("login")
  public CommonResult login(@RequestBody LoginBean loginBean, HttpServletRequest request) {
      String username = loginBean.getName();
      String password = loginBean.getPassword();
      String captcha = loginBean.getCaptcha();
      // 从session中获取之前保存的验证码跟前台传来的验证码进行匹配
      Object kaptcha = request.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
      if(kaptcha == null){
          return CommonResult.error("验证码已失效");
      }
if(!captcha.equals(kaptcha)){
	return CommonResult.error("验证码不正确");
}
      SysUser user = userService.findByName(username);
      if (user == null) {
          return CommonResult.error("用户名不存在");
      }
      String passwdWithSalt = PasswordUtil.encryptPassword(password, user.getSalt());
      if (!StringUtils.equals(user.getPassword(), passwdWithSalt)) {
          return CommonResult.error("密码错误");
      }
      userService.updateLoginTime(user);
      String token = JWTUtil.sign(username, passwdWithSalt);
      LocalDateTime expireTime = LocalDateTime.now().plusSeconds(properties.getJwtTimeOut());
      String expireTimeStr = DateUtil.formatFullTime(expireTime);
      JWTToken jwtToken = new JWTToken(token, expireTimeStr);
      Map<String, Object> map = new HashMap<>();
      map.put("token", jwtToken.getToken());
      return CommonResult.success("登录成功", map);
  }
 

@GetMapping("captcha.jpg")
public void captcha(HttpServletResponse response, HttpServletRequest request) throws ServletException, IOException {
    response.setHeader("Cache-Control", "no-store, no-cache");
    response.setContentType("image/jpeg");
    // 生成文字验证码
    String text = producer.createText();
    // 生成图片验证码
    BufferedImage image = producer.createImage(text);
    // 保存到验证码到 session
    request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, text);
    ServletOutputStream out = response.getOutputStream();
    ImageIO.write(image, "jpg", out);
    out.close();
}
 

public boolean validateResponse(HttpServletRequest request, String validateCode)
{
    Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
    String code = String.valueOf(obj != null ? obj : "");
    return !StringUtils.isEmpty(validateCode) && validateCode.equalsIgnoreCase(code);
}
 

private boolean validateResponse(String validateCode) {
    Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
    String code = String.valueOf(obj != null ? obj : "");
    return !StrUtil.isEmpty(validateCode) && validateCode.equalsIgnoreCase(code);
}
 

/**
 * 
 * @Title: loginDo 
 * @Description: 平台登录
 * @param @param username
 * @param @param password
 * @return Response 返回类型,如果成功返回跳转的URL
 * @throws
 */
@RequestMapping(value = "/login")
@ResponseBody
public Response login(String username, String password, String logincode , Response response ) {
	String msg = "";
	Subject currentUser = SecurityUtils.getSubject();
	Session session = currentUser.getSession();
	String codeSession = (String) session.getAttribute(Constants.KAPTCHA_SESSION_KEY);
	if (StringUtils.isBlank(logincode) || StringUtils.isBlank(codeSession)
			|| !logincode.equals(codeSession)) {
		response.setStateCode(StateCode.LOGIN_FAIL);
		msg = "验证码不正确,朋友！";
	} else {
		AuthenticationToken token = new UsernamePasswordToken(username,password);
		Account account = accountService.findByLoginName(username);
		try {
			currentUser.login(token);
			account.setPassword("");
			// 获取当前登录用户的岗位信息。
			CurrentInfo currentInfo = currentUserInfoService.findCurrentUserInfo(account);
			Employee emplpyee = currentInfo.getEmployee();
			if (emplpyee == null || emplpyee.getDefaultPostId() == null) {
				throw new AccountNoActiceException();
			}
			long defaultPostId = emplpyee.getDefaultPostId();

			// 遍历岗位信息,如果有一个岗位不需要过滤权限,那么这个人不需要过滤权限
			Set<Post> postSet = currentInfo.getPostList();
			Iterator<Post> it = postSet.iterator();
			if (it.hasNext()) {
				Post post = it.next();
				if (post.getNeedFilter() == null) {// 当前登录的员工不需要过滤任何权限
					currentInfo.setNeedFilter(false);
				}
				if (post.getId() == defaultPostId) {// 该人的默认岗位
					currentInfo.setDefaultPostId(defaultPostId);// 保存到SESSION里，快速获取
					currentInfo.setIndexPage(post.getIndexPage());// 保存到SESSION里，快速获取
					currentUser.getSession().setAttribute("currentInfo", currentInfo);
					response.setStateCode(StateCode.OK);
					response.setData("index.html");// 把该人应该跳转的页面返回到客户端
				}
			}

			msg = "登录成功";
		} catch (UnknownAccountException uae) {
			response.setStateCode(StateCode.LOGIN_FAIL);
			msg = "用户不存在！";
		} catch (IncorrectCredentialsException ice) {
			response.setStateCode(StateCode.LOGIN_FAIL);
			msg = "用户名或密码错误！";
		} catch (LockedAccountException lae) {
			response.setStateCode(StateCode.LOGIN_FAIL);
			msg = "用户为锁定状态！";
		} catch (AuthenticationException ae) {
			response.setStateCode(StateCode.LOGIN_FAIL);
			ae.printStackTrace();
			msg = "登录失败！";
		} catch (AccountNoActiceException ana) {
			response.setStateCode(StateCode.LOGIN_FAIL);
			msg = "该帐号未激活！";
		} catch (Exception e) {
			response.setStateCode(StateCode.LOGIN_FAIL);
			e.printStackTrace();
			msg = "平台繁忙！";
		}
	}
	response.setMessage(msg);
	currentUser.getSession().removeAttribute(Constants.KAPTCHA_SESSION_KEY);
	return response;
}