From e0e305c42398e9672e765e82260fe53bb1ac1602 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Sun, 28 Jun 2020 16:34:23 +0800 Subject: [PATCH] =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=A0=81=E6=B8=85=E9=99=A4?= =?UTF-8?q?=EF=BC=8C=E9=98=B2=E6=AD=A2=E5=A4=9A=E6=AC=A1=E4=BD=BF=E7=94=A8?= =?UTF-8?q?=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../shiro/web/filter/captcha/CaptchaValidateFilter.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java index d707f8a32..e8f137c29 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/captcha/CaptchaValidateFilter.java @@ -61,13 +61,12 @@ public class CaptchaValidateFilter extends AccessControlFilter { Object obj = ShiroUtils.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY); String code = String.valueOf(obj != null ? obj : ""); - //无论验证码是否正确,凡验证过一次后都应将原值不可用,直到页面重新请求验证码,以防恶意用户持有该验证码进行针对后台发包的暴力破解 - request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY, ShiroConstants.CAPTCHA_ERROR); + // 验证码清除,防止多次使用。 + request.getSession().removeAttribute(Constants.KAPTCHA_SESSION_KEY); if (StringUtils.isEmpty(validateCode) || !validateCode.equalsIgnoreCase(code)) { return false; } - return true; }