Java实现的验证码（Verification Code）

目前，不少网站为了防止用户利用机器人自动注册、登录、灌水，都采用了验证码技术。Java中可由以下代码生成验证码：

编写一个Servlet，用于生成验证码图片：

package flybug.hq.vcode;
import java.awt.Color;

import java.awt.Font;

import java.awt.Graphics;

import java.awt.image.BufferedImage;

import java.io.IOException;

import java.util.Random;
import javax.imageio.ImageIO;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;
public class GenImageServlet extends HttpServlet {
private static final long serialVersionUID = 1L;


public void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {

    this.doPost(request, response);
}


public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {

    request.setCharacterEncoding("UTF-8");
    response.setContentType("image/jpeg");

    //创建图像
    int width = 80;
    int height = 40;

    BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);

    //创建图层，获得画笔
    Graphics g = image.getGraphics();
    //设置颜色
    g.setColor(Color.BLACK);
    //画出矩形
    g.fillRect(0, 0, width, height);
    //画出边框
    g.setColor(Color.WHITE);
    g.fillRect(1, 1, width-2, height-2);

    //填充字符
    String data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
    //设置字体
    g.setFont(new Font("宋体", Font.BOLD, 30));
    Random random = new Random();
    StringBuffer buff = new StringBuffer();
    //随机生成4个字符
    for (int i = 0; i < 4; i++) {
        int index = random.nextInt(62);
        String str = data.substring(index, index + 1);
        g.setColor(new Color(random.nextInt(255), random.nextInt(255), random.nextInt(255)));
        g.drawString(str, 20 * i, 30);
        buff.append(str);
    }

    //将得到的字符串保存到session中
    HttpSession session = request.getSession();
    session.setAttribute("vCode", buff.toString());

    //画出10条干扰线
    for (int i = 0; i < 10; i++) {
        g.setColor(new Color(random.nextInt(255), random.nextInt(255), random.nextInt(255)));
        g.drawLine(random.nextInt(width), random.nextInt(height), random.nextInt(width), random.nextInt(height));
    }

    g.dispose();

    ImageIO.write(image, "jpg", response.getOutputStream());




}

}

 

编写一个jsp页面，用于显示该验证码：

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>



  
    

    My JSP 'index.jsp' starting page

     

  

  
    

  

  
        
 
   
 
   
 
   
 
   
        
 
   
 
   看不清
 
   
 
   

        
 
   
 
   
    

  

  

显示结果样例：

 

如上图，点击看不清，更换验证码。在上述jsp代码中的js脚本，图片请求的URL没有变，浏览器默认缓存的情况下，点击看不清，验证码刷新不了；为此可以添加一个过滤器，用于设置浏览器不缓存该图片，代码如下：

package flybug.hq.vcode;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

public class CacheCtrlFilter implements Filter {

    public void destroy() {

    }

    public void doFilter(ServletRequest req, ServletResponse resp,
            FilterChain chain) throws IOException, ServletException {
        //强转
        HttpServletResponse response = (HttpServletResponse)resp;
        //设置不缓存的响应头
        response.setHeader("expires", "-1");
        response.setHeader("pragma", "no-cache");
        response.setHeader("cache-control", "no-cache, no-store,must-revalidate");

        //放行
        chain.doFilter(req, resp);

    }

    public void init(FilterConfig config) throws ServletException {

    }

}

在web.xml文件中配置：

  


  

  
  
 
   
 
   

  
 
   
 
    
    
      CacheCtrlFilter 
     
    
      flybug.hq.vcode.CacheCtrlFilter 
     
   

  
 
   
 
    
    
      CacheCtrlFilter 
     
    
      /GenImageServlet 
     
   
  
 
   
 
    
     
     
     
     
    
      GenImageServlet 
     
    
      flybug.hq.vcode.GenImageServlet 
     
   
  
 
   
 
    
     
     
     
     
    
      ValidateServlet 
     
    
      flybug.hq.vcode.ValidateServlet 
     
   


  
 
   
 
    
    
      GenImageServlet 
     
    
      /GenImageServlet 
     
   
  
 
   
 
    
    
      ValidateServlet 
     
    
      /ValidateServlet 
     
   

  
 
   
 
    
    
      index.jsp 
     
   


  

  

• web.xml中还配置了用来验证输入的验证码是否正确的ValidateServlet，且每个验证码只能用一次，返回就应该失效：

package flybug.hq.vcode;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class ValidateServlet extends HttpServlet {


    private static final long serialVersionUID = 1L;

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        this.doPost(request, response);

    }

    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        request.setCharacterEncoding("UTF-8");
        response.setContentType("text/html; charset=utf-8");
        PrintWriter out = response.getWriter();
        //获得用户填写的验证码
        String userVCode = request.getParameter("vCode");
        //获得session中验证码
        HttpSession session = request.getSession();
        String genVCode = (String)session.getAttribute("vCode");
        //判断是否相同
        if(genVCode != null) {
            if(genVCode.equalsIgnoreCase(userVCode)) {
                out.println("验证通过！");
            } else {
                out.println("验证码错误！");
            }
            //验证码只允许用一次
            session.removeAttribute("vCode");

        } else {
            out.println("验证码失效！");
        }

    }

}

 

 

注：该过滤器中设置的头信息在Firefox中有些问题，在网上查了很久也没有找到有效设置Firefox不缓存的头信息。若要达到更换验证码的效果，可以将js脚本改为：

但这样做的话，可能会使浏览器缓存膨胀。菜鸟一枚，bug众多，努力，学习中……若有好的解决方法，欢迎指点！