I would like to add captcha to spring security form, how ca开发者_如何学Cn I implement this?
I have declared my custom form login like: <form-login login-page="/login" />
now I need to override authentication filter to verify captcha, how to do it?
@misha, take a look at this article: Spring Security 3: Integrating reCAPTCHA Service.
This uses two filters to make reCAPTCHA integration as seamless and unobstrusive as possible. That means your existing Spring Security implementation will not break. No need to touch existing classes.
There's no need to override your existing implementation. You can add CAPTCHA to your existing implementation.
I guess you can override attemptAuthentication
method as following (pseudo code):
1. get captcha response
2. verify captcha response
3. if invalid response, throw some kind of AuthenticationException (may be named as CaptchaFailedException) that you can check in your custom AuthenticationFailureHandler
4. if valid response, call super.attemptAuthentication(request,response)
精彩评论