版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/cao2219600/article/details/81429022
为了保证用户信息的安全,都会在网站登录的界面里添加一次性验证码,从而限制有人会用软件脚本暴力猜测密码。一次性验证码的功能可以使用Session来实现。
为了避免用户输入的验证码太长,本节要实现的验证码是4个随机字符。同时,将验证码以图片的形式展示给用户,从而增加工具程序识别验证码的难度,登录界面验证码效果如图所示:
Login.html代码如下:
<form name="reg" action="/chapter06/LoginServlet"method="post">
用户名:<input name="username" type="text" /><br/>
密码 :<input name="password" type="password" /><br/>
验证码:<input type="text" name="check_code">
<img src="/chapter06/CheckServlet"><br>
<input type="submit" value="提交" id="bt"/>
</form>CheckServlet类用于产生验证码图片,代码如下:
package cn.itcast.chapter06.session.example02;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@WebServlet("/CheckServlet")
public class CheckServlet extends HttpServlet {
private static int WIDTH = 60; //验证码图片宽度
private static int HEIGHT = 20; //验证码图片高度
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
response.setContentType("image/jpeg");
ServletOutputStream sos = response.getOutputStream();
//设置浏览器不要缓存此图片
response.setHeader("Pragam", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
//创建内存图像并获得其图像上下文
BufferedImage image =
new BufferedImage(WIDTH,HEIGHT,BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
//产生随机的认证码
char[] rands = generateCheckCode();
//产生图像
drawBackground(g);
drawRands(g,rands);
//结束验证码图像的绘制过程,完成图像
g.dispose();
//将图像输出到客户端
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ImageIO.write(image, "JPEG", bos);
byte[] buf = bos.toByteArray();
response.setContentLength(buf.length);
sos.write(buf);
bos.close();
sos.close();
//将当前验证码存入到Session中
session.setAttribute("check_code", new String(rands));
//直接使用下面的代码将有问题,Session对象必须在提交相应前获得
request.getSession().setAttribute("check_code",new String(rands));
}
//生成一个4字符的验证码
private char[] generateCheckCode() {
//定义验证码的字符表
String chars = "0123456789abcdefghjklmnopqrstuvwxyz";
char[] rands = new char[4];
for(int i=0; i<4; i++)
{
int rand = (int)(Math.random() * 36);
rands[i] = chars.charAt(rand);
}
return rands;
}
private void drawRands(Graphics g,char[] rands) {
g.setColor(Color.BLACK);
g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
//在不同的高度上输出验证码的每个字符
g.drawString("" + rands[0], 1, 17);
g.drawString("" + rands[1], 16, 15);
g.drawString("" + rands[2], 31, 18);
g.drawString("" + rands[3], 46, 16);
System.out.println(rands);
}
private void drawBackground(Graphics g) {
//画背景
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, WIDTH, HEIGHT);
//随机产生120个干扰点
for(int i=0; i<120; i++)
{
int x = (int)(Math.random() * WIDTH);
int y = (int)(Math.random() * HEIGHT);
int red = (int)(Math.random() * 225);
int green = (int)(Math.random() * 225);
int blue = (int)(Math.random() * 225);
g.setColor(new Color(red,green,blue));
g.drawOval(x, y, 1, 0);
}
}
}