java生成验证码
1.验证码的作用
防止黑客对我们的网站进行恶意攻击,例如每个网站都有注册,登入功能,别人可以通过脚本不停的注册账号,那么我们的系统将会崩溃。
增加了验证码之后,别人再写脚本的时候就必须先识别你的验证码,然而要识别你的验证码图片却不是那么容易的,这样可以有效防止我
们的网站被脚本文件攻击
1.1 maven需要导入的包
<dependencies> <!-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>4.0.1</version> <scope>provided</scope> </dependency> <!-- https://mvnrepository.com/artifact/com.github.penggle/kaptcha --> <!--生成验证码的核心--> <dependency> <groupId>com.github.penggle</groupId> <artifactId>kaptcha</artifactId> <version>2.3.2</version> </dependency> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> <version>2.8.2</version> </dependency> </dependencies>
1.2 web.xml需要配置的文件
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0"> <servlet> <!-- 生成图片的Servlet --> <servlet-name>Kaptcha</servlet-name> <servlet-class>com.google.code.kaptcha.servlet.KaptchaServlet</servlet-class> <!-- 是否有边框--> <init-param> <param-name>kaptcha.border</param-name> <param-value>no</param-value> </init-param> <!-- 字体颜色 --> <init-param> <param-name>kaptcha.textproducer.font.color</param-name> <param-value>red</param-value> </init-param> <!-- 图片宽度 --> <init-param> <param-name>kaptcha.image.width</param-name> <param-value>135</param-value> </init-param> <!-- 图片高度 --> <init-param> <param-name>kaptcha.image.height</param-name> <param-value>50</param-value> </init-param> <!-- 使用哪些字符生成验证码 --> <!--<init-param> <param-name>kaptcha.textproducer.char.string</param-name> <param-value>ACDEFHKPRSTWX345679</param-value> </init-param>--> <!-- 字体大小 --> <init-param> <param-name>kaptcha.textproducer.font.size</param-name> <param-value>43</param-value> </init-param> <!-- 干扰线的颜色 --> <init-param> <param-name>kaptcha.noise.color</param-name> <param-value>black</param-value> </init-param> <!-- 字符个数 --> <init-param> <param-name>kaptcha.textproducer.char.length</param-name> <param-value>4</param-value> </init-param> <!-- 使用哪些字体 --> <init-param> <param-name>kaptcha.textproducer.font.names</param-name> <param-value>Arial</param-value> </init-param> </servlet> <!-- 映射的url --> <servlet-mapping> <servlet-name>Kaptcha</servlet-name> <url-pattern>/getCode</url-pattern> </servlet-mapping> </web-app>
1.3 前端的HTML
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <div id="msg" style="color: red"></div> <form id="f1"> 账号:<input type="text" name="userName"/><br/> 密码:<input type="password" name="password"/><br/> 验证码:<input type="text" name="code"/><br/> <img id="code" src="getCode"/><br/> <input type="button" value="登陆"/> </form> </body> <script src="js/jquery-3.3.1.min.js"></script> <script> $(function(){ //单击图片重新生成验证码图片 $("#code").on("click",function(){ //加上随机数,方式get请求缓存 $(this).prop("src","getCode?"+Math.floor(Math.random()*100)); }); //给登陆按钮绑定时间,登陆验证 $(":button").on("click",function(){ var params = $("#f1").serialize(); $.ajax("verifyCode",{ type : "post", data : params, success : function(data){ if(data.code != 200){ $("#msg").text(data.value); }else{ location.href = 'index.html'; } } }); }); }); </script> </html>
1.4 校验验证码的servlet
package edu.nf.servlet; import com.google.code.kaptcha.Constants; import com.google.gson.Gson; import edu.nf.vo.ResponseView; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @WebServlet("/verifyCode") public class VerifyServlet extends HttpServlet { @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("application/json;charset=utf-8"); ResponseView vo = new ResponseView(); String userName = req.getParameter("userName"); String password= req.getParameter("password"); //获取表单的验证码 String formCode = req.getParameter("code"); //从会话作用域获取验证码 String sessionCode = (String)req.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY); //校验正好密码以及验证码 if(!"ywb".equals(userName) && !"123".equals(password)){ vo.setCode(403); vo.setValue("用户名或密码错误"); }else if(!formCode.equalsIgnoreCase(sessionCode)){ vo.setCode(403); vo.setValue("验证码错误"); } String json = new Gson().toJson(vo); resp.getWriter().println(json); } }