带图片验证码的用户登录是一个系统中很常见的模块,在Java
EE中有很多不同的实现,而开源世界中又给我们提供了很多优秀的框架,从而减少了我们的编码量,下面给大家简单介绍一下用
Spring+Hibernate+JSF+Ajax4jsf+Acegi+jCaptcha 如何构建一个登录模块:
我使用这些框架的版本如下:
Spring 2.0.1
Hibernate 3.2
JSF 1.2
Acegi 1.0.5
jCaptcha 1.0-RC6
首先建表USERTEST,和ROLETEST,作为用户表和角色表
CREATE TABLE USERTEST
(
USERID NUMBER NOT NULL,
USERNAME VARCHAR2(20 CHAR) NOT NULL,
PASSWORD VARCHAR2(100 CHAR) NOT NULL,
STATUS NUMBER DEFAULT 1 NOT NULL,
ROLEID NUMBER NOT NULL
)
CREATE TABLE ROLETEST
(
ROLEID NUMBER NOT NULL,
ROLENAME VARCHAR2(50 CHAR) NOT NULL,
ROLEDESC VARCHAR2(50 CHAR)
)
同时给ROLETEST表添加一条记录:1 ROLE_USER 普通用户
再给USERTEST表添加一条记录:1 admin 123 1 1
对应的hbm.xml文件就相信大家都会写,如果用eclipse开发的话,可以使用HibernateSynchronizer插件,我使用的版本是3.1.9
接下来就要给web.xml的配置一下了:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Demo</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/applicationContext.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.acegisecurity.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
<listener>
<listener-class>
com.sun.faces.config.ConfigureListener
</listener-class>
</listener>
<filter>
<filter-name>OpenSessionInView</filter-name>
<filter-class>
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
</filter-class>
<init-param>
<param-name>singleSession</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OpenSessionInView</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<display-name>Ajax4jsf Filter</display-name>
<filter-name>ajax4jsf</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>ajax4jsf</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
</web-app>
然后Spring的applicationContext.xml,在这里面你需要配置数据库连接、hibernate的各种策略、Acegi安全设置、jCaptcha设置等等:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.1.xsd">
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>oracle.jdbc.driver.OracleDriver</value>
</property>
<property name="url">
<value>jdbc:oracle:thin:@10.10.10.10:1521:demo</value>
</property>
<property name="username">
<value>demo</value>
</property>
<property name="password">
<value>demo</value>
</property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">
org.hibernate.dialect.OracleDialect
</prop>
<prop key="hibernate.connection.pool_size">5</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="cache.provider_class">
org.hibernate.cache.OSCacheProvider
</prop>
<prop key="cache.use_query_cache">true</prop>
<prop key="cglib.use_reflection_optimizer">false</prop>
</props>
</property>
<property name="mappingDirectoryLocations">
<list><!-- 这里指定了hibernate的映射目录 -->
<value>classpath:/com/fifthlab/demo/pojo</value>
</list>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<!-- Transaction template for Managers -->
<bean id="txProxyTemplate" abstract="true"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="transactionManager" />
<property name="transactionAttributes">
<props>
<prop key="save*">PROPAGATION_REQUIRED</prop>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="delete*">PROPAGATION_REQUIRED</prop>
<prop key="update*">PROPAGATION_REQUIRED</prop>
<prop key="relation*">PROPAGATION_REQUIRED</prop>
<prop key="disconnect*">PROPAGATION_REQUIRED</prop>
<prop key="assign*">PROPAGATION_REQUIRED</prop>
<prop key="unassign*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
</bean>
<!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX acegi part begin XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.jsf=httpSessionContextIntegrationFilter,captchaValidationProcessingFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context">
<value><!-- 此处修复了Acegi和jCaptcha不能兼容的一个bug,在后面的版本中应该修复了 -->
com.fifthlab.demo.dao.authentication.FixedCaptchaSecurityContextImpl
</value>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref local="hibernate3Authentication" />
</property>
</bean>
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/login.jsf</value>
</property>
<property name="defaultTargetUrl">
<value>/login.jsf</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsf</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="observeOncePerRequest">
<value>true</value>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.jsp=ROLE_ANONYMOUS
/success.jsp=ROLE_USER
</value>
</property>
</bean>
<!-- 用来验证用户名密码是否相符,并赋予相应的角色 -->
<bean id="hibernate3Authentication"
class="com.fifthlab.demo.dao.authentication.Hibernate3Authentication">
<property name="sessionFactory">
<ref local="sessionFactory" />
</property>
</bean>
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key">
<value>foobar</value>
</property>
<property name="userAttribute">
<value>anonymousUser,ROLE_ANONYMOUS</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<!-- 下面开始添加 jcaptcha -->
<bean id="captchaValidationProcessingFilter"
class="org.acegisecurity.captcha.CaptchaValidationProcessingFilter">
<property name="captchaService">
<ref bean="captchaService" />
</property>
<property name="captchaValidationParameter">
<value>j_captcha_response</value>
</property>
</bean>
<!-- 用来验证图片验证码是否输入正确 --><bean id="captchaService"
class="com.fifthlab.demo.dao.authentication.JCaptchaServiceProxyImpl">
<property name="jcaptchaService" ref="jcaptchaService" />
</bean>
<bean id="jcaptchaService"
class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService" />
<!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX acegi part end XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
</beans>
先解释一下上面applicationContext.xml中红色的部分是jCaptcha的一个filter,必须放在第二个位置,后面的是 acegi的filter,也就是说,要先验证图片验证码是否正确,再让acegi来验证用户名和密码。蓝色的部分是需要写的几个代码,其中有一个修复 bug的地方,如果不添加那个bean,在运行的时候就会报Cast转型的错误。下面列一下蓝色部分的代码:
FixedCaptchaSecurityContextImpl:
import org.acegisecurity.captcha.CaptchaSecurityContextImpl;
public class FixedCaptchaSecurityContextImpl extends CaptchaSecurityContextImpl {
public int hashCode() {
if (getAuthentication() == null) {
return (int) System.currentTimeMillis();
} else {
return this.getAuthentication().hashCode();
}
}
}
Hibernate3Authentication:
import java.util.ArrayList;
import java.util.List;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.hibernate.Criteria;
import org.hibernate.criterion.Expression;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
import com.fifthlab.demo.pojo.Roletest;
import com.fifthlab.demo.pojo.Usertest;
public class Hibernate3Authentication extends HibernateDaoSupport implements UserDetailsService {
public UserDetails loadUserByUsername(final String username)
{
Criteria criteria = getHibernateTemplate().getSessionFactory().getCurrentSession().createCriteria(Usertest.class);
criteria.add(Expression.eq(Usertest.PROP_USERNAME, username));
List users = criteria.list();
if (users.size() == 0)
{
throw new UsernameNotFoundException("User not found");
}
Usertest user = (Usertest) users.get(0);
// get User roles of this user
List<Roletest> userRoles = new ArrayList<Roletest>();
userRoles.add(user.getRoletest());
GrantedAuthority[] dbAuths = new GrantedAuthority[userRoles.size()];
if (userRoles.size() == 0)
{
throw new UsernameNotFoundException("User has no GrantedAuthority");
}
// grant authority to user
String roleName = null;
Roletest role = null;
for (int i = 0; i < userRoles.size(); i++)
{
role = (Roletest) userRoles.get(i);
if (null != role)
{
roleName = role.getRolename();
dbAuths[i] = new GrantedAuthorityImpl(roleName);
}
}
user.setAuthorities(dbAuths);
return user;
}
}
JCaptchaServiceProxyImpl:
import org.acegisecurity.captcha.CaptchaServiceProxy;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.octo.captcha.service.CaptchaServiceException;
public class JCaptchaServiceProxyImpl implements CaptchaServiceProxy {
private ImageCaptchaService jcaptchaService;
public boolean validateReponseForId(String id, Object response) {
try {
boolean result = jcaptchaService.validateResponseForID(id, response);
//System.out.println("id:"+id+"\nresponse:"+response+"\nresult:"+result);
return result;
} catch (CaptchaServiceException cse) {
//fixes known bug in JCaptcha
cse.printStackTrace();
return false;
}
}
public void setJcaptchaService(ImageCaptchaService jcaptchaService) {
this.jcaptchaService = jcaptchaService;
}
}
接下来是简单的登录页面login.jsp和登录成功后的跳转页面success.jsp:
login.jsp:
<%@ page language="Java" contentType="text/html;charset=utf-8"%>
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="https://ajax4jsf.dev.java.net/ajax" prefix="a4j"%>
<f:view>
<html>
<head>
<title>hello</title>
</head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="Expires">
<body>
<h:form id="form1">
<h:panelGrid columns="1">
<h:panelGroup>
<h:outputLabel value="username:" for="username" />
<h:inputText id="username" value="#{loginBean.userName}" />
</h:panelGroup>
<h:panelGroup>
<h:outputLabel value="password:" for="password" />
<h:inputSecret id="password" value="#{loginBean.password}" />
</h:panelGroup>
<h:panelGroup>
<h:outputLabel value="verifying code:" for="verifyingCode" />
<h:inputText id="verifyingCode" value="#{loginBean.verifyingCode}" />
<a4j:mediaOutput element="img" cacheable="false" session="false"
createContent="#{captchaImageBean.paint}" id="showPic"
mimeType="image/jpeg" />
<a4j:commandLink reRender="showPic" requestDelay="40" >
<h:outputText value="refresh" />
</a4j:commandLink> </h:panelGroup>
<h:panelGroup>
<h:commandButton id="commandButton1" value="Submit"
action="#{loginBean.authenticate}" />
</h:panelGroup>
</h:panelGrid>
</h:form>
</body>
</html>
</f:view>
其中红色部分是应用了Ajax4jsf这个框架的两个标签,<a4j:mediaOutput> 是表示输出一个媒体,这里我选择的是输出图片,它会异步的产生图片,而不必和页面载入时同步取图片。而<a4j:commandLink reRender="showPic"> 则是在看不清图片的情况下通过异步的方式刷新上面那个<a4j:mediaOutput>的图片。
success.jsp的页面很简单,就是显示一个“Welcome here”的字样,因此不列出来了。
然后我们看一下页面中用到的backing bean的代码:
LoginBean:
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpSession;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
import com.fifthlab.demo.dao.authentication.JCaptchaServiceProxyImpl;
public class LoginBean extends HibernateDaoSupport {
private static final long serialVersionUID = 1L;
private String userName;
private String password;
private String verifyingCode;
private AuthenticationManager authenticationManager;
private JCaptchaServiceProxyImpl captchaService;
/**
* @return 返回用户输入的验证码
*/
public String getVerifyingCode()
{
return this.verifyingCode;
}
/**
* @param verifyingCode 设置图片验证码
*/
public void setVerifyingCode(String verifyingCode)
{
this.verifyingCode = verifyingCode;
}
/**
* @return 返回captchaService来验证图片验证码
*/
public JCaptchaServiceProxyImpl getCaptchaService()
{
return this.captchaService;
}
/**
* @param captchaService 设置图片验证码服务
*/
public void setCaptchaService(JCaptchaServiceProxyImpl captchaService)
{
this.captchaService = captchaService;
}
/**
* @return 返回密码
*/
public String getPassword()
{
return password;
}
/**
* @param password 设置密码
*
*/
public void setPassword(String password)
{
this.password = password;
}
/**
* @return 返回用户名
*/
public String getUserName()
{
return userName;
}
/**
* @param userName 设置用户名
*
*/
public void setUserName(String userName)
{
this.userName = userName;
}
/**
* @return 返回验证管理器
*/
public AuthenticationManager getAuthenticationManager()
{
return authenticationManager;
}
/**
* @param authenticationManager 设置验证管理器
*
*/
public void setAuthenticationManager(AuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
public String authenticate()
{
try
{
String sessionid = ((HttpSession)FacesContext.getCurrentInstance()
.getExternalContext()
.getSession(false)).getId();
boolean captchaResult = getCaptchaService().validateReponseForId(sessionid, getVerifyingCode());//验证图片验证码
UsernamePasswordAuthenticationToken authReq = new UsernamePasswordAuthenticationToken(
getUserName(), getPassword());
//验证用户名和密码
Authentication auth = getAuthenticationManager().authenticate(authReq);
String result = "failure";
if(auth.isAuthenticated() == true && captchaResult)
{//如果图片验证码和帐户全部验证通过
result = "succeed";
//把验证信息保存的上下文中
SecurityContext secCtx = SecurityContextHolder.getContext();
secCtx.setAuthentication(auth);
}
return result;
}
catch(AuthenticationException e)
{
e.printStackTrace();
return "failure";
}
}
}
CaptchaImageBean:
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.sun.image.codec.jpeg.JPEGCodec;
import com.sun.image.codec.jpeg.JPEGImageEncoder;
public class CaptchaImageBean {
static final long serialVersionUID = 1L;
private ImageCaptchaService jcaptchaService;
public void setJcaptchaService(ImageCaptchaService jcaptchaService) {
this.jcaptchaService = jcaptchaService;
}
public void paint(OutputStream out, Object data) throws IOException
{
byte[] captchaChallengeAsJpeg = null;
ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance()
.getExternalContext().getRequest();
String captchaId = ((HttpSession)FacesContext.getCurrentInstance()
.getExternalContext()
.getSession(false)).getId();
BufferedImage challenge = jcaptchaService.getImageChallengeForID(
captchaId, request.getLocale());
JPEGImageEncoder jpegEncoder = JPEGCodec.createJPEGEncoder(jpegOutputStream);
jpegEncoder.encode(challenge);
captchaChallengeAsJpeg = jpegOutputStream.toByteArray();
jpegOutputStream.close();
out.write(captchaChallengeAsJpeg);
out.flush();
out.close();
}
}
最后当然是配置faces-config.xml了,里面配置了和Spring的整合、导航、managed bean等等:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE faces-config PUBLIC "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN" "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
<faces-config>
<application>
<variable-resolver>
org.springframework.web.jsf.DelegatingVariableResolver
</variable-resolver>
</application>
<managed-bean>
<managed-bean-name>loginBean</managed-bean-name>
<managed-bean-class>com.fifthlab.demo.backingbean.LoginBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>authenticationManager</property-name>
<value>#{authenticationManager}</value>
</managed-property>
<managed-property>
<property-name>captchaService</property-name>
<value>#{captchaService}</value>
</managed-property>
</managed-bean>
<managed-bean>
<managed-bean-name>captchaImageBean</managed-bean-name>
<managed-bean-class>com.fifthlab.demo.backingbean.CaptchaImageBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>jcaptchaService</property-name>
<value>#{jcaptchaService}</value>
</managed-property>
</managed-bean>
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>succeed</from-outcome>
<to-view-id>/success.jsp</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>failure</from-outcome>
<to-view-id>/login.jsp</to-view-id>
</navigation-case>
</navigation-rule>
</faces-config>
大功告成!让我们来看一下演示吧
填好帐户和验证码后,点击Submit,如果失败则还是该页不变,如果成功则跳转到:
需要的各种lib列表如下图:
原文:http://farmerinchina.blog.sohu.com/70466803.html
我使用这些框架的版本如下:
Spring 2.0.1
Hibernate 3.2
JSF 1.2
Acegi 1.0.5
jCaptcha 1.0-RC6
首先建表USERTEST,和ROLETEST,作为用户表和角色表
CREATE TABLE USERTEST
(
USERID NUMBER NOT NULL,
USERNAME VARCHAR2(20 CHAR) NOT NULL,
PASSWORD VARCHAR2(100 CHAR) NOT NULL,
STATUS NUMBER DEFAULT 1 NOT NULL,
ROLEID NUMBER NOT NULL
)
CREATE TABLE ROLETEST
(
ROLEID NUMBER NOT NULL,
ROLENAME VARCHAR2(50 CHAR) NOT NULL,
ROLEDESC VARCHAR2(50 CHAR)
)
同时给ROLETEST表添加一条记录:1 ROLE_USER 普通用户
再给USERTEST表添加一条记录:1 admin 123 1 1
对应的hbm.xml文件就相信大家都会写,如果用eclipse开发的话,可以使用HibernateSynchronizer插件,我使用的版本是3.1.9
接下来就要给web.xml的配置一下了:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Demo</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/applicationContext.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-config.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.acegisecurity.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
<listener>
<listener-class>
com.sun.faces.config.ConfigureListener
</listener-class>
</listener>
<filter>
<filter-name>OpenSessionInView</filter-name>
<filter-class>
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
</filter-class>
<init-param>
<param-name>singleSession</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OpenSessionInView</filter-name>
<url-pattern>*.jsf</url-pattern>
</filter-mapping>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>
org.acegisecurity.util.FilterToBeanProxy
</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>
org.acegisecurity.util.FilterChainProxy
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<display-name>Ajax4jsf Filter</display-name>
<filter-name>ajax4jsf</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>ajax4jsf</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
</web-app>
然后Spring的applicationContext.xml,在这里面你需要配置数据库连接、hibernate的各种策略、Acegi安全设置、jCaptcha设置等等:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.1.xsd">
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>oracle.jdbc.driver.OracleDriver</value>
</property>
<property name="url">
<value>jdbc:oracle:thin:@10.10.10.10:1521:demo</value>
</property>
<property name="username">
<value>demo</value>
</property>
<property name="password">
<value>demo</value>
</property>
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">
org.hibernate.dialect.OracleDialect
</prop>
<prop key="hibernate.connection.pool_size">5</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="cache.provider_class">
org.hibernate.cache.OSCacheProvider
</prop>
<prop key="cache.use_query_cache">true</prop>
<prop key="cglib.use_reflection_optimizer">false</prop>
</props>
</property>
<property name="mappingDirectoryLocations">
<list><!-- 这里指定了hibernate的映射目录 -->
<value>classpath:/com/fifthlab/demo/pojo</value>
</list>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<!-- Transaction template for Managers -->
<bean id="txProxyTemplate" abstract="true"
class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="transactionManager" ref="transactionManager" />
<property name="transactionAttributes">
<props>
<prop key="save*">PROPAGATION_REQUIRED</prop>
<prop key="add*">PROPAGATION_REQUIRED</prop>
<prop key="delete*">PROPAGATION_REQUIRED</prop>
<prop key="update*">PROPAGATION_REQUIRED</prop>
<prop key="relation*">PROPAGATION_REQUIRED</prop>
<prop key="disconnect*">PROPAGATION_REQUIRED</prop>
<prop key="assign*">PROPAGATION_REQUIRED</prop>
<prop key="unassign*">PROPAGATION_REQUIRED</prop>
<prop key="*">PROPAGATION_SUPPORTS</prop>
</props>
</property>
</bean>
<!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX acegi part begin XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**/*.jsf=httpSessionContextIntegrationFilter,captchaValidationProcessingFilter,authenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context">
<value><!-- 此处修复了Acegi和jCaptcha不能兼容的一个bug,在后面的版本中应该修复了 -->
com.fifthlab.demo.dao.authentication.FixedCaptchaSecurityContextImpl
</value>
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService">
<ref local="hibernate3Authentication" />
</property>
</bean>
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/login.jsf</value>
</property>
<property name="defaultTargetUrl">
<value>/login.jsf</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_security_check</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="authenticationProcessingFilterEntryPoint" />
</property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl">
<value>/login.jsf</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="observeOncePerRequest">
<value>true</value>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.jsp=ROLE_ANONYMOUS
/success.jsp=ROLE_USER
</value>
</property>
</bean>
<!-- 用来验证用户名密码是否相符,并赋予相应的角色 -->
<bean id="hibernate3Authentication"
class="com.fifthlab.demo.dao.authentication.Hibernate3Authentication">
<property name="sessionFactory">
<ref local="sessionFactory" />
</property>
</bean>
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key">
<value>foobar</value>
</property>
<property name="userAttribute">
<value>anonymousUser,ROLE_ANONYMOUS</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
<!-- 下面开始添加 jcaptcha -->
<bean id="captchaValidationProcessingFilter"
class="org.acegisecurity.captcha.CaptchaValidationProcessingFilter">
<property name="captchaService">
<ref bean="captchaService" />
</property>
<property name="captchaValidationParameter">
<value>j_captcha_response</value>
</property>
</bean>
<!-- 用来验证图片验证码是否输入正确 --><bean id="captchaService"
class="com.fifthlab.demo.dao.authentication.JCaptchaServiceProxyImpl">
<property name="jcaptchaService" ref="jcaptchaService" />
</bean>
<bean id="jcaptchaService"
class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService" />
<!-- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX acegi part end XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -->
</beans>
先解释一下上面applicationContext.xml中红色的部分是jCaptcha的一个filter,必须放在第二个位置,后面的是 acegi的filter,也就是说,要先验证图片验证码是否正确,再让acegi来验证用户名和密码。蓝色的部分是需要写的几个代码,其中有一个修复 bug的地方,如果不添加那个bean,在运行的时候就会报Cast转型的错误。下面列一下蓝色部分的代码:
FixedCaptchaSecurityContextImpl:
import org.acegisecurity.captcha.CaptchaSecurityContextImpl;
public class FixedCaptchaSecurityContextImpl extends CaptchaSecurityContextImpl {
public int hashCode() {
if (getAuthentication() == null) {
return (int) System.currentTimeMillis();
} else {
return this.getAuthentication().hashCode();
}
}
}
Hibernate3Authentication:
import java.util.ArrayList;
import java.util.List;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.hibernate.Criteria;
import org.hibernate.criterion.Expression;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
import com.fifthlab.demo.pojo.Roletest;
import com.fifthlab.demo.pojo.Usertest;
public class Hibernate3Authentication extends HibernateDaoSupport implements UserDetailsService {
public UserDetails loadUserByUsername(final String username)
{
Criteria criteria = getHibernateTemplate().getSessionFactory().getCurrentSession().createCriteria(Usertest.class);
criteria.add(Expression.eq(Usertest.PROP_USERNAME, username));
List users = criteria.list();
if (users.size() == 0)
{
throw new UsernameNotFoundException("User not found");
}
Usertest user = (Usertest) users.get(0);
// get User roles of this user
List<Roletest> userRoles = new ArrayList<Roletest>();
userRoles.add(user.getRoletest());
GrantedAuthority[] dbAuths = new GrantedAuthority[userRoles.size()];
if (userRoles.size() == 0)
{
throw new UsernameNotFoundException("User has no GrantedAuthority");
}
// grant authority to user
String roleName = null;
Roletest role = null;
for (int i = 0; i < userRoles.size(); i++)
{
role = (Roletest) userRoles.get(i);
if (null != role)
{
roleName = role.getRolename();
dbAuths[i] = new GrantedAuthorityImpl(roleName);
}
}
user.setAuthorities(dbAuths);
return user;
}
}
JCaptchaServiceProxyImpl:
import org.acegisecurity.captcha.CaptchaServiceProxy;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.octo.captcha.service.CaptchaServiceException;
public class JCaptchaServiceProxyImpl implements CaptchaServiceProxy {
private ImageCaptchaService jcaptchaService;
public boolean validateReponseForId(String id, Object response) {
try {
boolean result = jcaptchaService.validateResponseForID(id, response);
//System.out.println("id:"+id+"\nresponse:"+response+"\nresult:"+result);
return result;
} catch (CaptchaServiceException cse) {
//fixes known bug in JCaptcha
cse.printStackTrace();
return false;
}
}
public void setJcaptchaService(ImageCaptchaService jcaptchaService) {
this.jcaptchaService = jcaptchaService;
}
}
接下来是简单的登录页面login.jsp和登录成功后的跳转页面success.jsp:
login.jsp:
<%@ page language="Java" contentType="text/html;charset=utf-8"%>
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<%@ taglib uri="https://ajax4jsf.dev.java.net/ajax" prefix="a4j"%>
<f:view>
<html>
<head>
<title>hello</title>
</head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="Expires">
<body>
<h:form id="form1">
<h:panelGrid columns="1">
<h:panelGroup>
<h:outputLabel value="username:" for="username" />
<h:inputText id="username" value="#{loginBean.userName}" />
</h:panelGroup>
<h:panelGroup>
<h:outputLabel value="password:" for="password" />
<h:inputSecret id="password" value="#{loginBean.password}" />
</h:panelGroup>
<h:panelGroup>
<h:outputLabel value="verifying code:" for="verifyingCode" />
<h:inputText id="verifyingCode" value="#{loginBean.verifyingCode}" />
<a4j:mediaOutput element="img" cacheable="false" session="false"
createContent="#{captchaImageBean.paint}" id="showPic"
mimeType="image/jpeg" />
<a4j:commandLink reRender="showPic" requestDelay="40" >
<h:outputText value="refresh" />
</a4j:commandLink> </h:panelGroup>
<h:panelGroup>
<h:commandButton id="commandButton1" value="Submit"
action="#{loginBean.authenticate}" />
</h:panelGroup>
</h:panelGrid>
</h:form>
</body>
</html>
</f:view>
其中红色部分是应用了Ajax4jsf这个框架的两个标签,<a4j:mediaOutput> 是表示输出一个媒体,这里我选择的是输出图片,它会异步的产生图片,而不必和页面载入时同步取图片。而<a4j:commandLink reRender="showPic"> 则是在看不清图片的情况下通过异步的方式刷新上面那个<a4j:mediaOutput>的图片。
success.jsp的页面很简单,就是显示一个“Welcome here”的字样,因此不列出来了。
然后我们看一下页面中用到的backing bean的代码:
LoginBean:
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpSession;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
import com.fifthlab.demo.dao.authentication.JCaptchaServiceProxyImpl;
public class LoginBean extends HibernateDaoSupport {
private static final long serialVersionUID = 1L;
private String userName;
private String password;
private String verifyingCode;
private AuthenticationManager authenticationManager;
private JCaptchaServiceProxyImpl captchaService;
/**
* @return 返回用户输入的验证码
*/
public String getVerifyingCode()
{
return this.verifyingCode;
}
/**
* @param verifyingCode 设置图片验证码
*/
public void setVerifyingCode(String verifyingCode)
{
this.verifyingCode = verifyingCode;
}
/**
* @return 返回captchaService来验证图片验证码
*/
public JCaptchaServiceProxyImpl getCaptchaService()
{
return this.captchaService;
}
/**
* @param captchaService 设置图片验证码服务
*/
public void setCaptchaService(JCaptchaServiceProxyImpl captchaService)
{
this.captchaService = captchaService;
}
/**
* @return 返回密码
*/
public String getPassword()
{
return password;
}
/**
* @param password 设置密码
*
*/
public void setPassword(String password)
{
this.password = password;
}
/**
* @return 返回用户名
*/
public String getUserName()
{
return userName;
}
/**
* @param userName 设置用户名
*
*/
public void setUserName(String userName)
{
this.userName = userName;
}
/**
* @return 返回验证管理器
*/
public AuthenticationManager getAuthenticationManager()
{
return authenticationManager;
}
/**
* @param authenticationManager 设置验证管理器
*
*/
public void setAuthenticationManager(AuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
public String authenticate()
{
try
{
String sessionid = ((HttpSession)FacesContext.getCurrentInstance()
.getExternalContext()
.getSession(false)).getId();
boolean captchaResult = getCaptchaService().validateReponseForId(sessionid, getVerifyingCode());//验证图片验证码
UsernamePasswordAuthenticationToken authReq = new UsernamePasswordAuthenticationToken(
getUserName(), getPassword());
//验证用户名和密码
Authentication auth = getAuthenticationManager().authenticate(authReq);
String result = "failure";
if(auth.isAuthenticated() == true && captchaResult)
{//如果图片验证码和帐户全部验证通过
result = "succeed";
//把验证信息保存的上下文中
SecurityContext secCtx = SecurityContextHolder.getContext();
secCtx.setAuthentication(auth);
}
return result;
}
catch(AuthenticationException e)
{
e.printStackTrace();
return "failure";
}
}
}
CaptchaImageBean:
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.octo.captcha.service.image.ImageCaptchaService;
import com.sun.image.codec.jpeg.JPEGCodec;
import com.sun.image.codec.jpeg.JPEGImageEncoder;
public class CaptchaImageBean {
static final long serialVersionUID = 1L;
private ImageCaptchaService jcaptchaService;
public void setJcaptchaService(ImageCaptchaService jcaptchaService) {
this.jcaptchaService = jcaptchaService;
}
public void paint(OutputStream out, Object data) throws IOException
{
byte[] captchaChallengeAsJpeg = null;
ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance()
.getExternalContext().getRequest();
String captchaId = ((HttpSession)FacesContext.getCurrentInstance()
.getExternalContext()
.getSession(false)).getId();
BufferedImage challenge = jcaptchaService.getImageChallengeForID(
captchaId, request.getLocale());
JPEGImageEncoder jpegEncoder = JPEGCodec.createJPEGEncoder(jpegOutputStream);
jpegEncoder.encode(challenge);
captchaChallengeAsJpeg = jpegOutputStream.toByteArray();
jpegOutputStream.close();
out.write(captchaChallengeAsJpeg);
out.flush();
out.close();
}
}
最后当然是配置faces-config.xml了,里面配置了和Spring的整合、导航、managed bean等等:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE faces-config PUBLIC "-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN" "http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
<faces-config>
<application>
<variable-resolver>
org.springframework.web.jsf.DelegatingVariableResolver
</variable-resolver>
</application>
<managed-bean>
<managed-bean-name>loginBean</managed-bean-name>
<managed-bean-class>com.fifthlab.demo.backingbean.LoginBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>authenticationManager</property-name>
<value>#{authenticationManager}</value>
</managed-property>
<managed-property>
<property-name>captchaService</property-name>
<value>#{captchaService}</value>
</managed-property>
</managed-bean>
<managed-bean>
<managed-bean-name>captchaImageBean</managed-bean-name>
<managed-bean-class>com.fifthlab.demo.backingbean.CaptchaImageBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
<managed-property>
<property-name>jcaptchaService</property-name>
<value>#{jcaptchaService}</value>
</managed-property>
</managed-bean>
<navigation-rule>
<from-view-id>/login.jsp</from-view-id>
<navigation-case>
<from-outcome>succeed</from-outcome>
<to-view-id>/success.jsp</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>failure</from-outcome>
<to-view-id>/login.jsp</to-view-id>
</navigation-case>
</navigation-rule>
</faces-config>
大功告成!让我们来看一下演示吧
填好帐户和验证码后,点击Submit,如果失败则还是该页不变,如果成功则跳转到:
需要的各种lib列表如下图:
原文:http://farmerinchina.blog.sohu.com/70466803.html
No comments:
Post a Comment