You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
3.2 KiB
66 lines
3.2 KiB
package cc.bnblogs.springsecurity.validate.smscode; |
|
|
|
import cc.bnblogs.springsecurity.Exception.ValidateCodeException; |
|
import cc.bnblogs.springsecurity.controller.ValidateCodeController; |
|
import org.apache.commons.lang3.StringUtils; |
|
import org.springframework.beans.factory.annotation.Autowired; |
|
import org.springframework.security.web.authentication.AuthenticationFailureHandler; |
|
import org.springframework.social.connect.web.HttpSessionSessionStrategy; |
|
import org.springframework.social.connect.web.SessionStrategy; |
|
import org.springframework.stereotype.Component; |
|
import org.springframework.web.bind.ServletRequestBindingException; |
|
import org.springframework.web.bind.ServletRequestUtils; |
|
import org.springframework.web.context.request.ServletWebRequest; |
|
import org.springframework.web.filter.OncePerRequestFilter; |
|
|
|
import javax.servlet.FilterChain; |
|
import javax.servlet.ServletException; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
|
|
@Component |
|
public class SmsCodeFilter extends OncePerRequestFilter { |
|
|
|
@Autowired |
|
private AuthenticationFailureHandler authenticationFailureHandler; |
|
|
|
private final SessionStrategy sessionStrategy = new HttpSessionSessionStrategy(); |
|
|
|
@Override |
|
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { |
|
if (StringUtils.equalsIgnoreCase("/login/mobile", httpServletRequest.getRequestURI()) |
|
&& StringUtils.equalsIgnoreCase(httpServletRequest.getMethod(), "post")) { |
|
try { |
|
validateCode(new ServletWebRequest(httpServletRequest)); |
|
} catch (ValidateCodeException e) { |
|
authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e); |
|
return; |
|
} |
|
} |
|
filterChain.doFilter(httpServletRequest, httpServletResponse); |
|
} |
|
|
|
private void validateCode(ServletWebRequest servletWebRequest) throws ServletRequestBindingException { |
|
String smsCodeInRequest = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "smsCode"); |
|
String mobileInRequest = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "smsCode"); |
|
|
|
SmsCode codeInSession = (SmsCode) sessionStrategy.getAttribute(servletWebRequest, ValidateCodeController.SESSION_KEY_SMS_CODE + mobileInRequest); |
|
|
|
if (StringUtils.isBlank(smsCodeInRequest)) { |
|
throw new ValidateCodeException("验证码不能为空!"); |
|
} |
|
if (codeInSession == null) { |
|
throw new ValidateCodeException("验证码不存在!"); |
|
} |
|
if (codeInSession.isExpire()) { |
|
sessionStrategy.removeAttribute(servletWebRequest, ValidateCodeController.SESSION_KEY_SMS_CODE); |
|
throw new ValidateCodeException("验证码已过期!"); |
|
} |
|
if (!StringUtils.equalsIgnoreCase(codeInSession.getCode(), smsCodeInRequest)) { |
|
throw new ValidateCodeException("验证码不正确!"); |
|
} |
|
sessionStrategy.removeAttribute(servletWebRequest, ValidateCodeController.SESSION_KEY_SMS_CODE); |
|
|
|
} |
|
} |