/** Handles request for saving / updating account */
  @RequestMapping(value = "/insert", method = RequestMethod.POST)
  public @ResponseBody void insert(
      @RequestParam(value = "username", required = true) String username,
      @RequestParam(value = "name", required = false) String name,
      @RequestParam(value = "surname", required = false) String surname,
      @RequestParam(value = "telephoneNumber", required = true) String telephoneNumber,
      @RequestParam(value = "verificationText", required = true) String verificationText,
      HttpServletRequest request,
      HttpServletResponse response) {

    logger.debug("Received a request to insert an account");

    // validate captcha
    Boolean isResponseCorrect = false;
    String sessionId = request.getSession().getId();

    // Call the Service method
    try {
      isResponseCorrect = captchaService.validateResponseForID(sessionId, verificationText);
      if (isResponseCorrect == false) {
        response.sendError(500, "Provided captcha text was wrong.");
        return;
      }
    } catch (Exception e) {
      e.printStackTrace();
      return;
    }

    accountService.insert(new Account(username, name, surname, telephoneNumber));
  }
Exemple #2
0
  @GET
  @Path("captcha.jpg")
  @Produces("application/octet-stream")
  public Response getImage(@QueryParam("token") String token) throws Exception {

    BufferedImage image = imageCaptchaService.getImageChallengeForID(token);

    ByteArrayOutputStream os = new ByteArrayOutputStream();
    ImageIO.write(image, "jpg", os);
    final InputStream is = new ByteArrayInputStream(os.toByteArray());

    StreamingOutput stream =
        new StreamingOutput() {
          @Override
          public void write(OutputStream os) throws IOException {
            IOUtils.copy(is, os);
          }
        };

    return Response.status(Status.OK)
        .header("Cache-Control", "no-transform,public,max-age=300,s-maxage=900")
        .header("Content-Type", "image/jpeg")
        .entity(stream)
        .build();
  }
  /** ��֤�ص�����, ��¼ʱ����. */
  @Override
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
      throws AuthenticationException {

    CaptchaUsernamePasswordToken token = (CaptchaUsernamePasswordToken) authcToken;
    String parm = token.getCaptcha();
    try {
      if (!imageCaptchaService.validateResponseForID(
          SecurityUtils.getSubject().getSession().getId().toString(), parm)) {
        throw new IncorrectCaptchaException("��֤�����");
      }
    } catch (Exception e) {
      throw new IncorrectCaptchaException("��֤�����");
    }

    String username = token.getUsername();

    if (username == null) {
      throw new AccountException("Null usernames are not allowed by this realm.");
    }

    Connection conn = null;
    AuthenticationInfo info = null;
    try {
      conn = dataSource.getConnection();

      String password = getPasswordForUser(conn, username);

      if (password == null) {
        throw new UnknownAccountException("No account found for user [" + username + "]");
      }

      SimpleAuthenticationInfo simpleAuthenticationInfo =
          new SimpleAuthenticationInfo(username, password, getName());

      simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(username));

      info = simpleAuthenticationInfo;

    } catch (SQLException e) {
      final String message = "There was a SQL error while authenticating user [" + username + "]";
      if (log.isErrorEnabled()) {
        log.error(message, e);
      }

      throw new AuthenticationException(message, e);
    } finally {
      JdbcUtils.closeConnection(conn);
    }

    return info;
  }
Exemple #4
0
 /**
  * 1:验证码是否为null 2:验证码 是否正确 3:用户是否为NUll 4:密码是否为NUll 5:用户是否正确 6密码是否正确 Md5 纯生Md5 放进Session
  * 跳转ReturnUrl
  *
  * @param buyer
  * @param captcha
  * @param returnUrl
  * @return
  */
 @RequestMapping(value = "/shopping/login.shtml", method = RequestMethod.POST)
 public String login(
     Buyer buyer, String captcha, String returnUrl, ModelMap model, HttpServletRequest request) {
   // 验证码是否为null
   if (StringUtils.isNotBlank(captcha)) {
     // 1:JSESSIONID
     // 2验证码
     if (imageCaptchaService.validateResponseForID(
         sessionProvider.getSessionId(request), captcha)) {
       if (null != buyer && StringUtils.isNotBlank(buyer.getUsername())) {
         if (StringUtils.isNotBlank(buyer.getPassword())) {
           Buyer b = buyerService.getBuyerByKey(buyer.getUsername());
           if (null != b) {
             //
             if (b.getPassword().equals(md5Pwd.encode(buyer.getPassword()))) {
               // 把用户对象放在Session
               sessionProvider.setAttribute(request, Constants.BUYER_SESSION, b);
               if (StringUtils.isNotBlank(returnUrl)) {
                 return "redirect:" + returnUrl;
               } else {
                 // 个人中心
                 return "redirect:/buyer/index.shtml";
               }
             } else {
               model.addAttribute("error", "密码错误");
             }
           } else {
             model.addAttribute("error", "用户名输入错误");
           }
         } else {
           model.addAttribute("error", "请输入密码");
         }
       } else {
         model.addAttribute("error", "请输入用户名");
       }
     } else {
       model.addAttribute("error", "验证码输入错误");
     }
   } else {
     model.addAttribute("error", "请填写验证码");
   }
   return "buyer/login";
 }
Exemple #5
0
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    byte[] captchaChallengeAsJpeg = null;
    // the output stream to render the captcha image as jpeg into
    ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
    try {
      // get the session id that will identify the generated captcha.
      // the same id must be used to validate the response, the session id
      // is a good candidate!

      String captchaId = session.getSessionId(request, response);
      BufferedImage challenge =
          captchaService.getImageChallengeForID(captchaId, request.getLocale());
      // Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
      ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
    } catch (IllegalArgumentException e) {
      response.sendError(HttpServletResponse.SC_NOT_FOUND);
      return;
    } catch (CaptchaServiceException e) {
      response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
      return;
    }
    // catch (JimiException e) {
    // response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
    // return;
    // }

    captchaChallengeAsJpeg = jpegOutputStream.toByteArray();

    // flush it in the response
    response.setHeader("Cache-Control", "no-store");
    response.setHeader("Pragma", "no-cache");
    response.setDateHeader("Expires", 0);
    response.setContentType("image/" + CAPTCHA_IMAGE_FORMAT);

    ServletOutputStream responseOutputStream = response.getOutputStream();
    responseOutputStream.write(captchaChallengeAsJpeg);
    responseOutputStream.flush();
    responseOutputStream.close();
  }
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    byte[] captchaChallengeAsJpeg = null;
    ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();

    String captchaId = request.getSession(true).getId();

    BufferedImage challenge = captchaService.getImageChallengeForID(captchaId, request.getLocale());
    ImageIO.write(challenge, "jpeg", jpegOutputStream);
    captchaChallengeAsJpeg = jpegOutputStream.toByteArray();

    response.setHeader("Cache-Control", "no-store");
    response.setHeader("Pragma", "no-cache");
    response.setDateHeader("Expires", 0);
    response.setContentType("image/jpeg");
    ServletOutputStream os = response.getOutputStream();
    os.write(captchaChallengeAsJpeg);
    os.flush();
    os.close();
  }
Exemple #7
0
  @POST
  @Path("resolve")
  @Produces("application/json")
  public Response resolve(@FormParam("token") String token, @FormParam("answer") String answer) {

    Map<String, String> ret = new HashMap<String, String>();

    boolean validated = false;

    try {
      validated = imageCaptchaService.validateResponseForID(token, answer);
    } catch (Exception e) {
      ret.put("exception", e.getMessage());
      e.printStackTrace();
    }

    ret.put("answer", answer);
    ret.put("token", token);
    ret.put("validated", "" + validated);

    return Response.status(Status.OK).entity(ret).build();
  }
  /**
   * 校验验证码
   *
   * @return 是否正确
   */
  public boolean validateCaptcha() {
    HttpServletRequest request = ServletActionContext.getRequest();
    try {
      // log.info(this.captchaCode);
      if (!imageCaptchaService.validateResponseForID(
          request.getSession().getId(), this.captchaCode.trim())) {
        this.addActionError("验证码不正确");
        if (this.log.isInfoEnabled()) {
          this.log.info("验证码不正确");
        }
        return false;
      }

    } catch (CaptchaServiceException e) {
      this.addActionError("验证码验证出错");
      log.warn("验证码验证出错", e);
      return false;
    } catch (Exception e) {
      this.addActionError("验证码验证出错");
      log.error("验证码验证出错");
      return false;
    }
    return true;
  }