From 6fe167f4c1bf3f9c6c8aade84da8ba3e3d011e10 Mon Sep 17 00:00:00 2001 From: goodhal Date: Wed, 10 Jun 2020 17:27:43 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=AA=8C=E8=AF=81=E7=A0=81?= =?UTF-8?q?=E5=9C=A8=E4=BD=BF=E7=94=A8=E5=90=8E=E4=BB=8D=E5=8F=AF=E7=94=A8?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../shiro/web/filter/captcha/CaptchaValidateFilter.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java index 743d2793..d707f8a3 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java @@ -61,10 +61,13 @@ public class CaptchaValidateFilter extends AccessControlFilter { Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY); String code = String.valueOf(obj != null ? obj : ""); + //无论验证码是否正确,凡验证过一次后都应将原值不可用,直到页面重新请求验证码,以防恶意用户持有该验证码进行针对后台发包的暴力破解 + request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, ShiroConstants.CAPTCHA_ERROR); if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code)) { return false; } + return true; }