使用session实现一次性验证码
在登录页面和各种页面,会看到有验证码输入,这样做的目的是为了防止密码猜测工具破解密码,保护了用户密码安全,验证码只能使用一次,这样就给密码猜测工具带来了很大的困难,基本上阻断了密码猜测工具的使用。
可以使用session获得一次性验证码。先看一下登录页面,即显示验证码的页面,代码为:
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
- <html>
- <head>
- <title>CheckCode.html</title>
- <meta http-equiv="content-type" content="text/html; charset=UTF-8">
- </head>
- <body>
- <form action="/learnJS/servlet/LoginFormServlet" method="post">
- 用户名:<input type="text" name="name"/><br/>
- 密 码:<input type="password" name="pass"><br/>
- 验证码:<input type="text" name="check_code"/>
- <img src="/learnJS/servlet/CheckCodeServlet"/><br/>
- <input type="submit" name="登录"/>
- </form>
- </body>
- </html>
验证码存放在一张图片上,那图片是通过servlet产生的,在servlet中先产生验证码存放到session中,供以后验证使用,然后在画一张图片,将验证码无规则的放在图片上,在图片上画上干扰字符,然后就可以啦。代码如下:
- package com.you.servlet;
- import java.awt.Color;
- import java.awt.Font;
- import java.awt.Graphics;
- import java.awt.image.BufferedImage;
- import java.io.ByteArrayOutputStream;
- import java.io.IOException;
- import javax.imageio.ImageIO;
- import javax.servlet.ServletException;
- import javax.servlet.ServletOutputStream;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class CheckCodeServlet extends HttpServlet {
- private static int WIDTH = 60;
- private static int HEIGHT = 20;
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- HttpSession session = request.getSession();
- response.setContentType("image/jpeg");
- ServletOutputStream sos = response.getOutputStream();
- //设置浏览器不要缓存此图片
- response.setHeader("Pragma", "No-cache");
- response.setHeader("Cache-Control", "no-cache");
- response.setDateHeader("Expires", 0);
- //创建内存图像并获得其图形上下文
- BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);
- Graphics g = image.getGraphics();
- //产生随机的验证码
- char[] rands = generateCheckCode();
- //产生图像
- drawBackground(g);
- drawRands(g, rands);
- //结束图像的绘制过程,完成图像
- g.dispose();
- //将图像输出到客户端
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ImageIO.write(image, "JPEG", bos);
- byte[] buf = bos.toByteArray();
- response.setContentLength(buf.length);
- sos.write(buf);
- bos.close();
- sos.close();
- //将当前验证码存入到session中
- session.setAttribute("check_code", new String(rands));
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
- private char[] generateCheckCode() {
- //定义验证码的字符集
- String chars = "0123456789abcdefghigklmnopqrstuvwxyz";
- char[] rands = new char[4];
- for(int i = 0; i < 4; i++) {
- int rand = (int)(Math.random() * 36);
- rands[i] = chars.charAt(rand);
- }
- return rands;
- }
- private void drawRands(Graphics g, char[] rands) {
- g.setColor(Color.BLACK);
- g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
- //在不同的高度上输出验证码的每个字符
- g.drawString("" + rands[0], 1, 17);
- g.drawString("" + rands[1], 16, 15);
- g.drawString("" + rands[2], 31, 18);
- g.drawString("" + rands[3], 46, 16);
- System.out.println(rands);
- }
- private void drawBackground(Graphics g) {
- //画背景
- g.setColor(new Color(0xDCDCDC));
- g.fillRect(0, 0, WIDTH, HEIGHT);
- //随机产生120个干扰点
- for(int i = 0; i < 120; i++) {
- int x = (int)(Math.random() * WIDTH);
- int y = (int)(Math.random() * HEIGHT);
- int red = (int)(Math.random() * 255);
- int green = (int)(Math.random() * 255);
- int blue = (int)(Math.random() * 255);
- g.setColor(new Color(red, green, blue));
- g.drawOval(x, y, 1, 0);
- }
- }
- }
然后是登录之后处理用户是否登录成功的servlet,在这个servlet中通过比较session中存放的验证码和用户输入的验证码,如果匹配则进行下一步判断,如果不匹配直接输出验证码不匹配的问题。代码为:
- package com.you.servlet;
- import java.io.IOException;
- import java.io.PrintWriter;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class LoginFormServlet extends HttpServlet {
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- response.setContentType("text/html;charset=utf-8");
- PrintWriter out = response.getWriter();
- HttpSession session = request.getSession(false);
- if(session == null) {
- out.print("验证码处理问题");
- return;
- }
- String saveCode = (String)session.getAttribute("check_code");
- if(saveCode == null) {
- out.print("验证码处理问题");
- return;
- }
- String checkCode = request.getParameter("check_code");
- if(!saveCode.equals(checkCode)) {
- out.print("验证码无效!");
- return;
- }
- session.removeAttribute("check_code");
- out.print("验证码通过,服务器正在校验用户名和密码!");
- }
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
- }