这个是我Security.xml验证码配置部分 <beans>
<!-- ======================== FILTER CHAIN ======================= --> <!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager">
<ref local="channelDecisionManager"/>
</property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check=REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS
</value>
</property>
</bean>
<!--
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring ioc的功能,
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON定义了url比较前先转为小写
PATTERN_TYPE_APACHE_ANT定义了使用Apache ant的匹配模式 -->
<bean id="channelDecisionManager"
class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref local="testOnceAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"/>
</list>
</property>
</bean>
<bean id="testOnceAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.TestOnceAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>0</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>0</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterTimeInMillisCaptchaChannelProcessor">
<property name="thresold">
<value>5000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean
id="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor">
<property name="thresold">
<value>20000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="captchaEntryPoint"
class="org.acegisecurity.captcha.CaptchaEntryPoint">
<!--验证码验证失败后转向的页面!-->
<property name="captchaFormUrl">
<value>/security/login.jsp?login_error=code_error</value>
</property>
<property name="includeOriginalRequest">
<value>false</value>
</property>
<property name="includeOriginalParameters">
<value>false</value>
</property>
</bean>
<bean id="captchaValidationProcessingFilter"
class="org.acegisecurity.captcha.CaptchaValidationProcessingFilter">
<property name="captchaService">
<ref bean="captchaService"/>
</property>
<property name="captchaValidationParameter" value="j_captcha_response"/>
</bean>
<bean id="captchaService" class="com.tkgame.core.service.jcaptcha.JCaptchaServiceProxyImpl">
<property name="jcaptchaService" ref="imageCaptchaService"/>
</bean>
<bean id="imageCaptchaService" class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService">
<constructor-arg type="com.octo.captcha.service.captchastore.CaptchaStore" index="0">
<ref bean="fastHashMapCaptchaStore"/>
</constructor-arg>
<!-- (1) which captcha Engine you use -->
<constructor-arg type="com.octo.captcha.engine.CaptchaEngine" index="1">
<ref bean="captchaEngineEx"/>
</constructor-arg>
<constructor-arg index="2">
<value>180</value>
</constructor-arg>
<constructor-arg index="3">
<value>100000</value>
</constructor-arg>
<constructor-arg index="4">
<value>75000</value>
</constructor-arg>
</bean>
<bean id="fastHashMapCaptchaStore" class="com.octo.captcha.service.captchastore.FastHashMapCaptchaStore"/>
<bean id="captchaEngineEx"
class="com.tkgame.core.service.jcaptcha.engine.TkGameCaptchaEngineEx">
</bean>
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/resource/** = #NONE#
/images/**=#NONE#
/script/**=#NONE#
/css/**=#NONE#
/j_acegi_security_check = httpSessionContextIntegrationFilter, captchaValidationProcessingFilter, channelProcessingFilter, authenticationProcessingFilter, securityContextHolderAwareRequestFilter, anonymousProcessingFilter, exceptionTranslationFilter, rememberMeProcessingFilter
/** = httpSessionContextIntegrationFilter, authenticationProcessingFilter, securityContextHolderAwareRequestFilter, anonymousProcessingFilter, exceptionTranslationFilter,rememberMeProcessingFilter
</value>
</property>
</bean>
<!-- ======================== FILTER CHAIN ======================= --> <!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager">
<ref local="channelDecisionManager"/>
</property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_acegi_security_check=REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS
</value>
</property>
</bean>
<!--
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring ioc的功能,
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON定义了url比较前先转为小写
PATTERN_TYPE_APACHE_ANT定义了使用Apache ant的匹配模式 -->
<bean id="channelDecisionManager"
class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref local="testOnceAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"/>
</list>
</property>
</bean>
<bean id="testOnceAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.TestOnceAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>0</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>0</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterTimeInMillisCaptchaChannelProcessor">
<property name="thresold">
<value>5000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean
id="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor">
<property name="thresold">
<value>20000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="captchaEntryPoint"
class="org.acegisecurity.captcha.CaptchaEntryPoint">
<!--验证码验证失败后转向的页面!-->
<property name="captchaFormUrl">
<value>/security/login.jsp?login_error=code_error</value>
</property>
<property name="includeOriginalRequest">
<value>false</value>
</property>
<property name="includeOriginalParameters">
<value>false</value>
</property>
</bean>
<bean id="captchaValidationProcessingFilter"
class="org.acegisecurity.captcha.CaptchaValidationProcessingFilter">
<property name="captchaService">
<ref bean="captchaService"/>
</property>
<property name="captchaValidationParameter" value="j_captcha_response"/>
</bean>
<bean id="captchaService" class="com.tkgame.core.service.jcaptcha.JCaptchaServiceProxyImpl">
<property name="jcaptchaService" ref="imageCaptchaService"/>
</bean>
<bean id="imageCaptchaService" class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService">
<constructor-arg type="com.octo.captcha.service.captchastore.CaptchaStore" index="0">
<ref bean="fastHashMapCaptchaStore"/>
</constructor-arg>
<!-- (1) which captcha Engine you use -->
<constructor-arg type="com.octo.captcha.engine.CaptchaEngine" index="1">
<ref bean="captchaEngineEx"/>
</constructor-arg>
<constructor-arg index="2">
<value>180</value>
</constructor-arg>
<constructor-arg index="3">
<value>100000</value>
</constructor-arg>
<constructor-arg index="4">
<value>75000</value>
</constructor-arg>
</bean>
<bean id="fastHashMapCaptchaStore" class="com.octo.captcha.service.captchastore.FastHashMapCaptchaStore"/>
<bean id="captchaEngineEx"
class="com.tkgame.core.service.jcaptcha.engine.TkGameCaptchaEngineEx">
</bean>
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/resource/** = #NONE#
/images/**=#NONE#
/script/**=#NONE#
/css/**=#NONE#
/j_acegi_security_check = httpSessionContextIntegrationFilter, captchaValidationProcessingFilter, channelProcessingFilter, authenticationProcessingFilter, securityContextHolderAwareRequestFilter, anonymousProcessingFilter, exceptionTranslationFilter, rememberMeProcessingFilter
/** = httpSessionContextIntegrationFilter, authenticationProcessingFilter, securityContextHolderAwareRequestFilter, anonymousProcessingFilter, exceptionTranslationFilter,rememberMeProcessingFilter
</value>
</property>
</bean>
*/
public boolean validateReponseForId(String id, Object response) {
log.debug("validating captcha response");
try {
System.out.println(id+"--------------------------"+response);
boolean isHuman = jcaptchaService.validateResponseForID(id, response).booleanValue();
if (isHuman) {
log.debug("captcha passed");
return isHuman;
} else {
log.warn("captcha failed");
return false;
}
} catch (CaptchaServiceException cse) {
// fixes known bug in JCaptcha
log.warn("captcha validation failed due to exception", cse);
cse.printStackTrace();
return false;
}
} 异常如下:
com.octo.captcha.service.CaptchaServiceException: Invalid ID, could not valid
!
at com.octo.captcha.service.AbstractCaptchaService.validateResponseFo
(AbstractCaptchaService.java:138)
at com.octo.captcha.service.AbstractManageableCaptchaService.validate
ponseForID(AbstractManageableCaptchaService.java:364)
at com.tkgame.core.service.jcaptcha.JCaptchaServiceProxyImpl.validate
onseForId(JCaptchaServiceProxyImpl.java:35)
at org.acegisecurity.captcha.CaptchaValidationProcessingFilter.doFilt
CaptchaValidationProcessingFilter.java:92)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilte
ilterChainProxy.java:274)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFi
r(HttpSessionContextIntegrationFilter.java:191)
at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilte
ilterChainProxy.java:274)
at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.
a:148)
at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProx
ava:90)
at com.caucho.server.dispatch.FilterFilterChain.doFilter(FilterFilter
in.java:70)
at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterCh
.java:173)
at com.caucho.server.dispatch.ServletInvocation.service(ServletInvoca
n.java:229)
at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:
)
at com.caucho.server.port.TcpConnection.run(TcpConnection.java:511)
at com.caucho.util.ThreadPool.runTasks(ThreadPool.java:516)
at com.caucho.util.ThreadPool.run(ThreadPool.java:442)
at java.lang.Thread.run(Thread.java:595)
<ref local="testOnceAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"/>
</list> 这里边的属性下边属性配置缺少一个 呵呵!