jeecms 验证码-jcaptcha

本文主要介绍jeecms中使用的验证码 jcapthcha.

 

这是个开源的软件,下载地址:

 

http://jcaptcha.sourceforge.net/

 

在jeecms中使用的版本是jcaptcha-1.0.jar.

 

  • web.xml里的配置
	<servlet>
		<servlet-name>Jcaptcha</servlet-name>
		<servlet-class>com.jeecms.common.captcha.JcaptchaServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>Jcaptcha</servlet-name>
		<url-pattern>/captcha.svl</url-pattern>
	</servlet-mapping>

 注意,这里的url使用的是/captcha.svl.

 

servlet JcaptchaServlet 重新写了生成图片的代码。

 

  • login.html中的配置
<form


 id


="jvForm


" action


="/login.jspx


" method


="post


">



...


 
<td colspan="2"><img src="/captcha.svl" onclick="this.src='/captcha.svl?d='+new Date()*1" 
width="100" height="35"/></td>
...
</form>

    onclick 方法后面是如果点击此图片,则生成新的验证码图片。

 

  • 验证码的处理类CasLoginAct.java

包路径:package com.jeecms.cms.action.member;

 

验证的代码如下:

@RequestMapping(value = "/login.jspx", method = RequestMethod.POST)
	public String submit(String username, String password, String captcha,
			String processUrl, String returnUrl, String message,
			HttpServletRequest request, HttpServletResponse response,
			ModelMap model) {
		Integer errorRemaining = unifiedUserMng.errorRemaining(username);
		CmsSite site = CmsUtils.getSite(request);
		String sol = site.getSolutionPath();
		WebErrors errors = validateSubmit(username, password, captcha,
				errorRemaining, request, response);


。。。。。

private WebErrors validateSubmit(String username, String password,
			String captcha, Integer errorRemaining, HttpServletRequest request,
			HttpServletResponse response) {
		WebErrors errors = WebErrors.create(request);
		if (errors.ifOutOfLength(username, "username", 1, 100)) {
			return errors;
		}
		if (errors.ifOutOfLength(password, "password", 1, 32)) {
			return errors;
		}
		// 如果输入了验证码,那么必须验证;如果没有输入验证码,则根据当前用户判断是否需要验证码。
		if (!StringUtils.isBlank(captcha)
				|| (errorRemaining != null && errorRemaining < 0)) {
			if (errors.ifBlank(captcha, "captcha", 100)) {
				return errors;
			}
			try {
				if (!imageCaptchaService.validateResponseForID(session
						.getSessionId(request, response), captcha)) {
					errors.addErrorCode("error.invalidCaptcha");
					return errors;
				}
			} catch (CaptchaServiceException e) {
				errors.addErrorCode("error.exceptionCaptcha");
				log.warn("", e);
				return errors;
			}
		}
		return errors;
	}
。。。。
 

 

 

注意,image的生和验证,是根据sessionid为标识的。

比如生成时的代码:

String captchaId = session.getSessionId(request, response);
			BufferedImage challenge = captchaService.getImageChallengeForID(
					captchaId, request.getLocale());
			// Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
			ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
 

验证时的代码:

if (!imageCaptchaService.validateResponseForID(session
						.getSessionId(request, response), captcha)) {
					errors.addErrorCode("error.invalidCaptcha");
					return errors;

 

 

 

你可能感兴趣的:(JCAPTCHA)