Java 将验证码与 Spring Security 集成
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/217511/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Integrating Captcha with Spring Security
提问by Pavel Rodionov
What is appropriate way to integrate SpringSecurity with Capcha ?
将 SpringSecurity 与 Capcha 集成的合适方法是什么?
I have following use case : When user will tries to login, if we he failed to login N times, captcha will be displayed, so authentication will be using three parameters : username, password, captcha. But Spring Security doesn't support built in Captcha handling.
我有以下用例:当用户尝试登录时,如果他登录 N 次失败,将显示验证码,因此身份验证将使用三个参数:用户名、密码、验证码。但是 Spring Security 不支持内置的验证码处理。
I just start thinking about implementation. And have following variants:
我只是开始考虑实施。并有以下变体:
- Adding separate security filter in Spring Security filter stack,
- Entirely rewrite AuthenticationProcessingFilter to support some Captcha
- Use some programmatic authentication with interception captcha logic and then transfering username and password to Spring Security
- 在 Spring Security 过滤器堆栈中添加单独的安全过滤器,
- 完全重写 AuthenticationProcessingFilter 以支持一些验证码
- 使用一些带有拦截验证码逻辑的程序化身份验证,然后将用户名和密码传输到 Spring Security
As a Captcha implementation I think about JCaptcha, but what your thougths?
作为验证码实现,我考虑了 JCaptcha,但是您的想法是什么?
回答by myabc
As an alternative to using JCaptcha, if you'd like to use the reCAPTCHA Serviceon your site, then check out the free Section 4.4 (direct PDF link) of the new Spring in Practicebook (currently in beta).
作为使用 JCaptcha 的替代方法,如果您想在您的站点上使用reCAPTCHA 服务,请查看新的Spring in Practice书(目前处于测试阶段)的免费第 4.4 节(直接 PDF 链接)。
This shows you integration with Spring MVC and Spring Validation. Since the integration is on the front-end, w/external APIs, Spring Security doesn't really come into the picture here.
这向您展示了与 Spring MVC 和 Spring Validation 的集成。由于集成在前端,带有外部 API,因此 Spring Security 并没有真正出现在这里。
I am not sure what your use case is? Are you hoping to use captchas as an alternative to authentication to prove "human"-ness?
我不确定您的用例是什么?您是否希望使用验证码作为身份验证的替代方法来证明“人性”?
回答by marioosh
I've done integration with reCaptcha and Spring Security (Spring Web Flow + JSF) by defining custom security filter. Maybe it isn't most elegant, but works good. You can look at my blog - unfortunately in polish, but maybe will help You or someone...
我通过定义自定义安全过滤器完成了与 reCaptcha 和 Spring Security(Spring Web Flow + JSF)的集成。也许它不是最优雅的,但效果很好。你可以看看我的博客 - 不幸的是波兰语,但也许会帮助你或其他人......
回答by chris
Take a look at this article: Spring Security 3: Integrating reCAPTCHA Service.
看看这篇文章:Spring Security 3:集成 reCAPTCHA 服务。
This uses two filters to make reCAPTCHA integration as seamless and unobstrusive as possible. That means your existing Spring Security implementation will not break. No need to touch existing classes
这使用两个过滤器来使 reCAPTCHA 集成尽可能无缝和不引人注目。这意味着您现有的 Spring Security 实现不会中断。无需接触现有的类
