public class CustomAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest) throws AuthenticationException {
if (校驗驗證碼不通過) {
String username = obtainUsername(httpServletRequest);
httpServletRequest.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username);
// 用戶輸入的值與看到的不一致,拋出異常
throw new AuthCodeValidationException("驗證碼輸入不正確");
}
return super.attemptAuthentication(httpServletRequest);
}
}
配置文件中,重新定義和替換authenticationProcessingFilter
<bean id="authenticationProcessingFilter" class="com.hm.core.security.CustomAuthenticationProcessingFilter">
<s:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
其中s命名空間是指
xmlns:s="http://www.springframework.org/schema/security"