resolve

maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java

@@ -18,8 +18,6 @@
 package org.maxkey.web.contorller;
 
 import com.google.code.kaptcha.Producer;
-import com.nimbusds.jwt.JWTClaimsSet;
-
 import java.awt.image.BufferedImage;
 import java.io.ByteArrayOutputStream;
 import java.util.Base64;
@@ -30,7 +28,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.maxkey.authn.jwt.AuthJwtService;
 import org.maxkey.entity.Message;
 import org.maxkey.persistence.MomentaryService;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -87,11 +84,11 @@ public class ImageCaptchaEndpoint {
             if(StringUtils.isNotBlank(state) 
             		&& !state.equalsIgnoreCase("state")
             		&& authJwtService.validateJwtToken(state)) {
-            	JWTClaimsSet claim = authJwtService.resolve(state);
-            	kaptchaKey = claim.getJWTID();
+            	//do nothing
             }else {
-            	kaptchaKey = WebContext.genId();
+            	state = authJwtService.genJwt();
             }
+            kaptchaKey = authJwtService.resolveTicket(state);
             _logger.trace("kaptchaKey {} , Captcha Text is {}" ,kaptchaKey, kaptchaValue);
            
             momentaryService.put("", kaptchaKey, kaptchaValue);
@@ -108,7 +105,7 @@ public class ImageCaptchaEndpoint {
             
             stream.close();
             return new Message<ImageCaptcha>(
-            			new ImageCaptcha(kaptchaKey,b64Image)
+            			new ImageCaptcha(state,b64Image)
             		).buildResponse();
         } catch (Exception e) {
             _logger.error("captcha Producer Error " + e.getMessage());

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java

@@ -37,8 +37,6 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import com.nimbusds.jwt.JWTClaimsSet;
-
 
 /**
  * database Authentication provider.
@@ -136,16 +134,17 @@ public class NormalAuthenticationProvider extends AbstractAuthenticationProvider
      */
     protected void captchaValid(String state ,String captcha) throws ParseException {
         // for basic
-    	JWTClaimsSet claim = authJwtService.resolve(state);
-    	if(claim == null) {
+    	String ticket = authJwtService.resolveTicket(state);
+    	if(ticket == null) {
     		throw new BadCredentialsException(WebContext.getI18nValue("login.error.captcha"));
     	}
-    	Object momentaryCaptcha = momentaryService.get("", claim.getJWTID());
+    	Object momentaryCaptcha = momentaryService.get("", ticket);
         _logger.info("captcha : {} , momentary Captcha : {} " ,captcha, momentaryCaptcha);
         if (StringUtils.isBlank(captcha) || !captcha.equals(momentaryCaptcha.toString())) {
             _logger.debug("login captcha valid error.");
             throw new BadCredentialsException(WebContext.getI18nValue("login.error.captcha"));
         }
+        momentaryService.remove("", ticket);
     }