使用session实现一次性验证码
在登录页面和各种页面,会看到有验证码输入,这样做的目的是为了防止密码猜测工具破解密码,保护了用户密码安全,验证码只能使用一次,这样就给密码猜测工具带来了很大的困难,基本上阻断了密码猜测工具的使用。
可以使用session获得一次性验证码。先看一下登录页面,即显示验证码的页面,代码为:
CheckCode.html
验证码存放在一张图片上,那图片是通过servlet产生的,在servlet中先产生验证码存放到session中,供以后验证使用,然后在画一张图片,将验证码无规则的放在图片上,在图片上画上干扰字符,然后就可以啦。代码如下:
package com.you.servlet;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class CheckCodeServlet extends HttpServlet {
private static int WIDTH = 60;
private static int HEIGHT = 20;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
response.setContentType("image/jpeg");
ServletOutputStream sos = response.getOutputStream();
//设置浏览器不要缓存此图片
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
//创建内存图像并获得其图形上下文
BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
//产生随机的验证码
char[] rands = generateCheckCode();
//产生图像
drawBackground(g);
drawRands(g, rands);
//结束图像的绘制过程,完成图像
g.dispose();
//将图像输出到客户端
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ImageIO.write(image, "JPEG", bos);
byte[] buf = bos.toByteArray();
response.setContentLength(buf.length);
sos.write(buf);
bos.close();
sos.close();
//将当前验证码存入到session中
session.setAttribute("check_code", new String(rands));
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
private char[] generateCheckCode() {
//定义验证码的字符集
String chars = "0123456789abcdefghigklmnopqrstuvwxyz";
char[] rands = new char[4];
for(int i = 0; i < 4; i++) {
int rand = (int)(Math.random() * 36);
rands[i] = chars.charAt(rand);
}
return rands;
}
private void drawRands(Graphics g, char[] rands) {
g.setColor(Color.BLACK);
g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
//在不同的高度上输出验证码的每个字符
g.drawString("" + rands[0], 1, 17);
g.drawString("" + rands[1], 16, 15);
g.drawString("" + rands[2], 31, 18);
g.drawString("" + rands[3], 46, 16);
System.out.println(rands);
}
private void drawBackground(Graphics g) {
//画背景
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, WIDTH, HEIGHT);
//随机产生120个干扰点
for(int i = 0; i < 120; i++) {
int x = (int)(Math.random() * WIDTH);
int y = (int)(Math.random() * HEIGHT);
int red = (int)(Math.random() * 255);
int green = (int)(Math.random() * 255);
int blue = (int)(Math.random() * 255);
g.setColor(new Color(red, green, blue));
g.drawOval(x, y, 1, 0);
}
}
}
然后是登录之后处理用户是否登录成功的servlet,在这个servlet中通过比较session中存放的验证码和用户输入的验证码,如果匹配则进行下一步判断,如果不匹配直接输出验证码不匹配的问题。代码为:
package com.you.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFormServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(false);
if(session == null) {
out.print("验证码处理问题");
return;
}
String saveCode = (String)session.getAttribute("check_code");
if(saveCode == null) {
out.print("验证码处理问题");
return;
}
String checkCode = request.getParameter("check_code");
if(!saveCode.equals(checkCode)) {
out.print("验证码无效!");
return;
}
session.removeAttribute("check_code");
out.print("验证码通过,服务器正在校验用户名和密码!");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}