java source code of ImageCodeFilter

FEBS-Security-master
- febs-system
  - src
    - main
      - resources
        mapper
        system
        DeptMapper.xml
        DictMapper.xml
        MenuMapper.xml
        UserMapper.xml
        RoleMapper.xml
      - java
        cc
        mrbird
        system
        dao
        DeptMapper.java
        RoleMapper.java
        MenuMapper.java
        LogMapper.java
        UserMapper.java
        DictMapper.java
        RoleMenuMapper.java
        UserConnectionMapper.java
        UserRoleMapper.java
        service
        impl
        DeptServiceImpl.java
        RoleServiceImpl.java
        LogServiceImpl.java
        MenuServiceImpl.java
        DictServiceImpl.java
        RoleMenuServiceImpl.java
        UserServiceImpl.java
        UserRoleServiceImpl.java
        UserConnectionImpl.java
        UserService.java
        UserRoleService.java
        RoleMenuServie.java
        UserConnectionService.java
        DictService.java
        RoleService.java
        MenuService.java
        DeptService.java
        LogService.java
        domain
        RoleMenu.java
        UserRole.java
        SysLog.java
        Dict.java
        RoleWithMenu.java
        Menu.java
        MyUser.java
        Dept.java
        Role.java
        UserConnection.java
        UserWithRole.java
  - pom.xml
- init.sql
- images
- pom.xml
- febs-quartz
  - src
    - main
      - resources
        mapper
        quartz
        JobMapper.xml
      - java
        cc
        mrbird
        quartz
        dao
        JobLogMapper.java
        JobMapper.java
        task
        TestTask.java
        util
        ScheduleJob.java
        ScheduleRunnable.java
        ScheduleUtils.java
        config
        ScheduleConfig.java
        service
        impl
        JobServiceImpl.java
        JobLogServiceImpl.java
        JobService.java
        JobLogService.java
        domain
        Job.java
        JobLog.java
  - pom.xml
- LICENSE
- febs-security
  - src
    - main
      - java
        cc
        mrbird
        security
        code
        ValidateCode.java
        img
        ImageCodeGenerator.java
        ImageCodeFilter.java
        ImageCode.java
        ValidateCodeGenerator.java
        sms
        SmsCodeGenerator.java
        SmsCodeAuthenticationProvider.java
        DefaultSmsSender.java
        SmsCodeFilter.java
        SmsCodeAuthenticationFilter.java
        SmsCodeAuthenticationToken.java
        SmsCodeSender.java
        properties
        ImageCodeProperties.java
        FebsSecurityProperties.java
        QQProperties.java
        SocialProperties.java
        SessionProperties.java
        SmsCodeProperties.java
        WeiXinProperties.java
        ValidateCodeProperties.java
        xss
        XssHttpServletRequestWrapper.java
        XssFilter.java
        JsoupUtil.java
        social
        qq
        api
        QQImpl.java
        QQUserInfo.java
        QQ.java
        config
        QQAutoConfig.java
        connect
        QQOAuth2Template.java
        QQConnectionFactory.java
        QQAdapter.java
        QQServiceProvider.java
        SocialConnectedView.java
        SocialConnectionStatusView.java
        FebsSpringSocialConfigurer.java
        weixin
        api
        WeiXinUserInfo.java
        WeiXinImpl.java
        WeiXin.java
        config
        WeixinAutoConfiguration.java
        connect
        WeiXinOAuth2Template.java
        WeiXinAdapter.java
        WeiXinConnectionFactory.java
        WeiXinServiceProvider.java
        WeiXinAccessGrant.java
        SocialUserInfo.java
        config
        FebsSocialWebAutoConfiguration.java
        FebsSecurityConfig.java
        FebsSocialConfig.java
        FebsSmsCodeAuthenticationSecurityConfig.java
        service
        FebsUserDetailService.java
        exception
        FebsCredentialExcetion.java
        ValidateCodeException.java
        domain
        LoginType.java
        FebsUserDetails.java
        FebsSocialUserDetails.java
        handler
        FebsAuthenticationSucessHandler.java
        FebsLogoutHandler.java
        FebsAuthenticationFailureHandler.java
        FebsAuthenticationAccessDeniedHandler.java
        session
        FebsInvalidSessionStrategy.java
        FebsExpiredSessionStrategy.java
  - pom.xml
- .gitattributes
- febs-common
  - src
    - main
      - resources
        config
        mybatis-generator.xml
      - java
        cc
        mrbird
        common
        utils
        poi
        POIUtils.java
        pojo
        ExportItem.java
        ExportHandler.java
        convert
        TimeConvert.java
        ExportConvert.java
        ExcelUtils.java
        HttpUtils.java
        SpringContextUtils.java
        AddressUtils.java
        QiniuOssUtil.java
        HttpContextUtils.java
        FileUtils.java
        DateUtil.java
        FebsUtil.java
        IPUtils.java
        TreeUtils.java
        properties
        FebsProperies.java
        FebsOssProperties.java
        FebsQiniuProperties.java
        config
        AsyncExecutorPoolConfig.java
        RedisConfig.java
        MyBatisConfig.java
        MyMapper.java
        service
        impl
        BaseService.java
        RedisServiceImpl.java
        RedisService.java
        IService.java
        exception
        FileDownloadException.java
        LimitAccessException.java
        interceptor
        SqlStatementInterceptor.java
        annotation
        Limit.java
        ExportConfig.java
        Log.java
        CronTag.java
        aspect
        LimitAspect.java
        domain
        RedisInfo.java
        ResponseBo.java
        LimitType.java
        QueryRequest.java
        Tree.java
        EnumOss.java
        FebsConstant.java
  - pom.xml
- readme.md
- .gitignore
- febs-web
  - src
    - main
      - resources
        application.yml
        ip2region
        templates
        social_regist.html
        error
        404.html
        403.html
        500.html
        common
        main.html
        aside.html
        common.html
        footer.html
        header.html
        job
        log
        log.html
        job
        job.html
        jobAdd.html
        others
        one
        paint.html
        yuwen.html
        essay.html
        weather
        weather.html
        article
        article.html
        movie
        movieDetail.html
        coming.html
        hot.html
        movieComments.html
        connect
        bind_success.html
        unbind_success.html
        system
        redis
        terminal.html
        info.html
        user
        profile.html
        user.html
        updatePassword.html
        userAdd.html
        menu
        menuIcon.html
        menu.html
        menuAdd.html
        log
        log.html
        dept
        dept.html
        deptAdd.html
        monitor
        online.html
        dict
        dictAdd.html
        dict.html
        role
        roleAdd.html
        role.html
        index.html
        login.html
        logback-spring.xml
        banner.txt
        static
        img
        social
        QQ_bind.svg
        QQ.svg
        wechat.svg
        wechat_bind.svg
        favicon.ico
        avatar
        20180414165927.jpg
        20180414170003.jpg
        20180414165827.jpg
        default.jpg
        20180414165754.jpg
        20180414165846.jpg
        20180414165815.jpg
        20180414165855.jpg
        20180414165920.jpg
        20180414165821.jpg
        20180414165955.jpg
        20180414165834.jpg
        20180414165936.jpg
        20180414165914.jpg
        20180414165840.jpg
        20180414165942.jpg
        20180414165947.jpg
        20180414165909.jpg
        file
        city.json
        fonts
        roboto
        Roboto-Medium-webfont.eot
        Roboto-Medium-webfont.svg
        Roboto-Bold-webfont.ttf
        Roboto-Light-webfont.eot
        Roboto-Bold-webfont.eot
        Roboto-Regular-webfont.svg
        Roboto-Medium-webfont.ttf
        Roboto-Regular-webfont.ttf
        Roboto-Light-webfont.svg
        Roboto-Regular-webfont.eot
        Roboto-Bold-webfont.svg
        Roboto-Light-webfont.woff
        Roboto-Bold-webfont.woff
        Roboto-Light-webfont.ttf
        Roboto-Regular-webfont.woff
        Roboto-Medium-webfont.woff
        js
        iCheck
        icheck.js
        common.js
        bootstrap
        bootstrap.min.js
        tether
        tether.min.js
        waves
        waves.min.js
        jquery.min.js
        highchart
        highcharts.js
        exporting.js
        highcharts-zh_CN.js
        jquery-scrollLock
        jquery-scrollLock.min.js
        sweetalert2
        sweetalert2.js
        jquery-validate
        additional-methods.min.js
        jquery.validate.min.js
        messages_zh.min.js
        bootstrap-table
        locale
        bootstrap-table-zh-CN.js
        bootstrap-table.min.js
        jsTree
        jstree.js
        daterangepicker
        daterangepicker.js
        moment.min.js
        jqTreeGrid
        jquery.treegrid.extension.js
        jquery.treegrid.js
        bootstrap-notify
        bootstrap-notify.min.js
        jquery.scrollbar
        jquery.scrollbar.min.js
        multiple-select
        multiple-select.js
        autocomplete
        autocomplete.js
        autocomplete_weather.js
        app
        socialRegist.js
        job
        log
        jobLog.js
        job
        jobAdd.js
        job.js
        jobEdit.js
        others
        weather
        weather.js
        article
        article.js
        movie
        coming.js
        hot.js
        login.js
        system
        redis
        info.js
        terminal.js
        user
        updatePassword.js
        userEdit.js
        userAdd.js
        user.js
        profile.js
        menu
        menuEdit.js
        menuUrlAndPermsList.js
        menuAdd.js
        menu.js
        log
        log.js
        dept
        deptAdd.js
        deptEdit.js
        dept.js
        monitor
        online.js
        dict
        dict.js
        dictEdit.js
        dictAdd.js
        role
        roleEdit.js
        roleAdd.js
        role.js
        index.js
        dropzone
        dropzone.min.js
        css
        iCheck
        minimal
        minimal.css
        aero.css
        grey.css
        _all.css
        green.css
        blue.css
        yellow.css
        pink.css
        purple.css
        orange.css
        red.css
        login.css
        sweetalert2
        sweetalert2.css
        bootstrap-table
        bootstrap-table.css
        jsTree
        style.min.css
        throbber.gif
        daterangepicker
        daterangepicker.css
        jqTreeGrid
        jquery.treegrid.css
        jquery.scrollbar
        jquery.scrollbar.css
        multiple-select
        multiple-select.css
        autocomplete
        autocomplete.css
        material-design-iconic-font
        fonts
        Material-Design-Iconic-Font.ttf
        Material-Design-Iconic-Font.eot
        Material-Design-Iconic-Font.woff
        Material-Design-Iconic-Font.woff2
        css
        material-design-iconic-font.min.css
        animate
        animate.min.css
      - java
        cc
        mrbird
        web
        common
        thymeleaf
        config
        DialectConfig.java
        dict
        DictSelectProcessor.java
        DictShowProcessor.java
        DictDialect.java
        service
        InitService.java
        aspect
        LogAspect.java
        domain
        UserOnLine.java
        handler
        GlobalExceptionHandler.java
        controller
        security
        ExceptionController.java
        SocialController.java
        ValidateCodeController.java
        MobileController.java
        SessionController.java
        test
        TestController.java
        base
        BaseController.java
        RedisController.java
        FileController.java
        others
        ArticleController.java
        WeatherController.java
        MovieController.java
        quartz
        JobController.java
        JobLogController.java
        system
        DictController.java
        UserController.java
        LoginController.java
        MenuController.java
        RoleController.java
        LogController.java
        DeptController.java
        FesbApplicationTest.java
        FebsApplication.java
  - pom.xml

package cc.mrbird.security.code.img;

import cc.mrbird.common.domain.FebsConstant;
import cc.mrbird.security.exception.ValidateCodeException;
import cc.mrbird.security.properties.FebsSecurityProperties;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.social.connect.web.HttpSessionSessionStrategy;
import org.springframework.social.connect.web.SessionStrategy;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

public class ImageCodeFilter extends OncePerRequestFilter implements InitializingBean {

    private AuthenticationFailureHandler authenticationFailureHandler;

    private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();

    private Set<String> url = new HashSet<>();

    private FebsSecurityProperties securityProperties;

    private AntPathMatcher pathMatcher = new AntPathMatcher();

    @Override
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        String[] configUrls = StringUtils.splitByWholeSeparatorPreserveAllTokens(securityProperties.getCode().getImage().getUrl(), ",");
        url.addAll(Arrays.asList(configUrls));
        url.add(securityProperties.getCode().getImage().getLoginProcessingUrl());
    }

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {

        boolean match = false;
        for (String u : url) {
            if (pathMatcher.match(u, httpServletRequest.getRequestURI())) {
                match = true;
            }
        }
        if (match) {
            try {
                validateCode(new ServletWebRequest(httpServletRequest));
            } catch (ValidateCodeException e) {
                authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void validateCode(ServletWebRequest servletWebRequest) throws ServletRequestBindingException {
        ImageCode codeInSession = (ImageCode) sessionStrategy.getAttribute(servletWebRequest, FebsConstant.SESSION_KEY_IMAGE_CODE);
        String codeInRequest = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "imageCode");

        if (StringUtils.isBlank(codeInRequest)) {
            throw new ValidateCodeException("验证码不能为空！");
        }
        if (codeInSession == null) {
            throw new ValidateCodeException("验证码不存在，请重新发送！");
        }
        if (codeInSession.isExpire()) {
            sessionStrategy.removeAttribute(servletWebRequest, FebsConstant.SESSION_KEY_IMAGE_CODE);
            throw new ValidateCodeException("验证码已过期，请重新发送！");
        }
        if (!StringUtils.equalsIgnoreCase(codeInSession.getCode(), codeInRequest)) {
            throw new ValidateCodeException("验证码不正确！");
        }
        sessionStrategy.removeAttribute(servletWebRequest, FebsConstant.SESSION_KEY_IMAGE_CODE);

    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    public void setSecurityProperties(FebsSecurityProperties securityProperties) {
        this.securityProperties = securityProperties;
    }
}