6-5

imooc-security-app/src/main/java/com/imooc/security/app/ImoocResourceServerConfig.java

@@ -52,8 +52,8 @@ public void configure(HttpSecurity http) throws Exception {
 			.successHandler(imoocAuthenticationSuccessHandler)
 			.failureHandler(imoocAuthenticationFailureHandler);
 
-		http//.apply(validateCodeSecurityConfig)
-			//	.and()
+		http.apply(validateCodeSecurityConfig)
+				.and()
 			.apply(smsCodeAuthenticationSecurityConfig)
 				.and()
 			.apply(imoocSocialSecurityConfig)

imooc-security-app/src/main/java/com/imooc/security/app/validate/code/impl/RedisValidateCodeRepository.java

@@ -0,0 +1,86 @@
+/**
+ * 
+ */
+package com.imooc.security.app.validate.code.impl;
+
+import java.util.concurrent.TimeUnit;
+
+import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.ServletWebRequest;
+
+import com.imooc.security.core.validate.code.ValidateCode;
+import com.imooc.security.core.validate.code.ValidateCodeException;
+import com.imooc.security.core.validate.code.ValidateCodeRepository;
+import com.imooc.security.core.validate.code.ValidateCodeType;
+
+/**
+ * @author zhailiang
+ *
+ */
+@Component
+public class RedisValidateCodeRepository implements ValidateCodeRepository {
+
+	@Autowired
+	private RedisTemplate<Object, Object> redisTemplate;
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * com.imooc.security.core.validate.code.ValidateCodeRepository#save(org.
+	 * springframework.web.context.request.ServletWebRequest,
+	 * com.imooc.security.core.validate.code.ValidateCode,
+	 * com.imooc.security.core.validate.code.ValidateCodeType)
+	 */
+	@Override
+	public void save(ServletWebRequest request, ValidateCode code, ValidateCodeType type) {
+		redisTemplate.opsForValue().set(buildKey(request, type), code, 30, TimeUnit.MINUTES);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * com.imooc.security.core.validate.code.ValidateCodeRepository#get(org.
+	 * springframework.web.context.request.ServletWebRequest,
+	 * com.imooc.security.core.validate.code.ValidateCodeType)
+	 */
+	@Override
+	public ValidateCode get(ServletWebRequest request, ValidateCodeType type) {
+		Object value = redisTemplate.opsForValue().get(buildKey(request, type));
+		if (value == null) {
+			return null;
+		}
+		return (ValidateCode) value;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * com.imooc.security.core.validate.code.ValidateCodeRepository#remove(org.
+	 * springframework.web.context.request.ServletWebRequest,
+	 * com.imooc.security.core.validate.code.ValidateCodeType)
+	 */
+	@Override
+	public void remove(ServletWebRequest request, ValidateCodeType type) {
+		redisTemplate.delete(buildKey(request, type));
+	}
+
+	/**
+	 * @param request
+	 * @param type
+	 * @return
+	 */
+	private String buildKey(ServletWebRequest request, ValidateCodeType type) {
+		String deviceId = request.getHeader("deviceId");
+		if (StringUtils.isBlank(deviceId)) {
+			throw new ValidateCodeException("请在请求头中携带deviceId参数");
+		}
+		return "code:" + type.toString().toLowerCase() + ":" + deviceId;
+	}
+
+}

imooc-security-app/src/main/java/com/imooc/security/app/validate/code/impl/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * 
+ */
+/**
+ * @author zhailiang
+ *
+ */
+package com.imooc.security.app.validate.code.impl;

imooc-security-browser/src/main/java/com/imooc/security/browser/validate/code/impl/SessionValidateCodeRepository.java

@@ -0,0 +1,66 @@
+/**
+ * 
+ */
+package com.imooc.security.browser.validate.code.impl;
+
+import org.springframework.social.connect.web.HttpSessionSessionStrategy;
+import org.springframework.social.connect.web.SessionStrategy;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.ServletWebRequest;
+
+import com.imooc.security.core.validate.code.ValidateCode;
+import com.imooc.security.core.validate.code.ValidateCodeRepository;
+import com.imooc.security.core.validate.code.ValidateCodeType;
+
+/**
+ * @author zhailiang
+ *
+ */
+@Component
+public class SessionValidateCodeRepository implements ValidateCodeRepository {
+
+	/**
+	 * 验证码放入session时的前缀
+	 */
+	String SESSION_KEY_PREFIX = "SESSION_KEY_FOR_CODE_";
+
+	/**
+	 * 操作session的工具类
+	 */
+	private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
+
+	/* (non-Javadoc)
+	 * @see com.imooc.security.core.validate.code.ValidateCodeRepository#save(org.springframework.web.context.request.ServletWebRequest, com.imooc.security.core.validate.code.ValidateCode, com.imooc.security.core.validate.code.ValidateCodeType)
+	 */
+	@Override
+	public void save(ServletWebRequest request, ValidateCode code, ValidateCodeType validateCodeType) {
+		sessionStrategy.setAttribute(request, getSessionKey(request, validateCodeType), code);
+	}
+
+	/**
+	 * 构建验证码放入session时的key
+	 * 
+	 * @param request
+	 * @return
+	 */
+	private String getSessionKey(ServletWebRequest request, ValidateCodeType validateCodeType) {
+		return SESSION_KEY_PREFIX + validateCodeType.toString().toUpperCase();
+	}
+
+	/* (non-Javadoc)
+	 * @see com.imooc.security.core.validate.code.ValidateCodeRepository#get(org.springframework.web.context.request.ServletWebRequest, com.imooc.security.core.validate.code.ValidateCodeType)
+	 */
+	@Override
+	public ValidateCode get(ServletWebRequest request, ValidateCodeType validateCodeType) {
+		return (ValidateCode) sessionStrategy.getAttribute(request, getSessionKey(request, validateCodeType));
+	}
+
+	/* (non-Javadoc)
+	 * @see com.imooc.security.core.validate.code.ValidateCodeRepository#remove(org.springframework.web.context.request.ServletWebRequest, com.imooc.security.core.validate.code.ValidateCodeType)
+	 */
+	@Override
+	public void remove(ServletWebRequest request, ValidateCodeType codeType) {
+		sessionStrategy.removeAttribute(request, getSessionKey(request, codeType));
+	}
+
+}

imooc-security-browser/src/main/java/com/imooc/security/browser/validate/code/impl/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * 
+ */
+/**
+ * @author zhailiang
+ *
+ */
+package com.imooc.security.browser.validate.code.impl;

imooc-security-core/src/main/java/com/imooc/security/core/validate/code/ValidateCodeProcessor.java

@@ -13,11 +13,6 @@
  */
 public interface ValidateCodeProcessor {
 
-	/**
-	 * 验证码放入session时的前缀
-	 */
-	String SESSION_KEY_PREFIX = "SESSION_KEY_FOR_CODE_";
-
 	/**
 	 * 创建校验码
 	 * 

imooc-security-core/src/main/java/com/imooc/security/core/validate/code/ValidateCodeRepository.java

@@ -0,0 +1,35 @@
+/**
+ * 
+ */
+package com.imooc.security.core.validate.code;
+
+import org.springframework.web.context.request.ServletWebRequest;
+
+/**
+ * @author zhailiang
+ *
+ */
+public interface ValidateCodeRepository {
+
+	/**
+	 * 保存验证码
+	 * @param request
+	 * @param code
+	 * @param validateCodeType
+	 */
+	void save(ServletWebRequest request, ValidateCode code, ValidateCodeType validateCodeType);
+	/**
+	 * 获取验证码
+	 * @param request
+	 * @param validateCodeType
+	 * @return
+	 */
+	ValidateCode get(ServletWebRequest request, ValidateCodeType validateCodeType);
+	/**
+	 * 移除验证码
+	 * @param request
+	 * @param codeType
+	 */
+	void remove(ServletWebRequest request, ValidateCodeType codeType);
+
+}

imooc-security-core/src/main/java/com/imooc/security/core/validate/code/impl/AbstractValidateCodeProcessor.java

@@ -7,8 +7,6 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.social.connect.web.HttpSessionSessionStrategy;
-import org.springframework.social.connect.web.SessionStrategy;
 import org.springframework.web.bind.ServletRequestBindingException;
 import org.springframework.web.bind.ServletRequestUtils;
 import org.springframework.web.context.request.ServletWebRequest;
@@ -17,6 +15,7 @@
 import com.imooc.security.core.validate.code.ValidateCodeException;
 import com.imooc.security.core.validate.code.ValidateCodeGenerator;
 import com.imooc.security.core.validate.code.ValidateCodeProcessor;
+import com.imooc.security.core.validate.code.ValidateCodeRepository;
 import com.imooc.security.core.validate.code.ValidateCodeType;
 
 /**
@@ -25,15 +24,15 @@
  */
 public abstract class AbstractValidateCodeProcessor<C extends ValidateCode> implements ValidateCodeProcessor {
 
-	/**
-	 * 操作session的工具类
-	 */
-	private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
 	/**
 	 * 收集系统中所有的 {@link ValidateCodeGenerator} 接口的实现。
 	 */
 	@Autowired
 	private Map<String, ValidateCodeGenerator> validateCodeGenerators;
+
+	@Autowired
+	private ValidateCodeRepository validateCodeRepository;
+
 
 	/*
 	 * (non-Javadoc)
@@ -74,17 +73,7 @@ private C generate(ServletWebRequest request) {
 	 */
 	private void save(ServletWebRequest request, C validateCode) {
 		ValidateCode code = new ValidateCode(validateCode.getCode(), validateCode.getExpireTime());
-		sessionStrategy.setAttribute(request, getSessionKey(request), code);
-	}
-
-	/**
-	 * 构建验证码放入session时的key
-	 * 
-	 * @param request
-	 * @return
-	 */
-	private String getSessionKey(ServletWebRequest request) {
-		return SESSION_KEY_PREFIX + getValidateCodeType(request).toString().toUpperCase();
+		validateCodeRepository.save(request, code, getValidateCodeType(request));
 	}
 
 	/**
@@ -111,37 +100,37 @@ private ValidateCodeType getValidateCodeType(ServletWebRequest request) {
 	@Override
 	public void validate(ServletWebRequest request) {
 
-		ValidateCodeType processorType = getValidateCodeType(request);
-		String sessionKey = getSessionKey(request);
+		ValidateCodeType codeType = getValidateCodeType(request);
 
-		C codeInSession = (C) sessionStrategy.getAttribute(request, sessionKey);
+		C codeInSession = (C) validateCodeRepository.get(request, codeType);
 
 		String codeInRequest;
 		try {
 			codeInRequest = ServletRequestUtils.getStringParameter(request.getRequest(),
-					processorType.getParamNameOnValidate());
+					codeType.getParamNameOnValidate());
 		} catch (ServletRequestBindingException e) {
 			throw new ValidateCodeException("获取验证码的值失败");
 		}
 
 		if (StringUtils.isBlank(codeInRequest)) {
-			throw new ValidateCodeException(processorType + "验证码的值不能为空");
+			throw new ValidateCodeException(codeType + "验证码的值不能为空");
 		}
 
 		if (codeInSession == null) {
-			throw new ValidateCodeException(processorType + "验证码不存在");
+			throw new ValidateCodeException(codeType + "验证码不存在");
 		}
 
 		if (codeInSession.isExpried()) {
-			sessionStrategy.removeAttribute(request, sessionKey);
-			throw new ValidateCodeException(processorType + "验证码已过期");
+			validateCodeRepository.remove(request, codeType);
+			throw new ValidateCodeException(codeType + "验证码已过期");
 		}
 
 		if (!StringUtils.equals(codeInSession.getCode(), codeInRequest)) {
-			throw new ValidateCodeException(processorType + "验证码不匹配");
+			throw new ValidateCodeException(codeType + "验证码不匹配");
 		}
-
-		sessionStrategy.removeAttribute(request, sessionKey);
+
+		validateCodeRepository.remove(request, codeType);
+
 	}
 
 }

imooc-security-demo/pom.xml

@@ -10,12 +10,11 @@
 	</parent>
 
 	<dependencies>
-		<!-- <dependency> <groupId>com.imooc.security</groupId> <artifactId>imooc-security-browser</artifactId> 
-			<version>${imooc.security.version}</version> </dependency> -->
-		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpclient</artifactId>
-		</dependency>
+		<!-- <dependency>
+			<groupId>com.imooc.security</groupId>
+			<artifactId>imooc-security-browser</artifactId>
+			<version>${imooc.security.version}</version>
+		</dependency> -->
 		<dependency>
 			<groupId>com.imooc.security</groupId>
 			<artifactId>imooc-security-app</artifactId>