本文主要介绍jeecms中使用的验证码 jcapthcha.
这是个开源的软件,下载地址:
http://jcaptcha.sourceforge.net/
在jeecms中使用的版本是jcaptcha-1.0.jar.
- web.xml里的配置
<servlet> <servlet-name>Jcaptcha</servlet-name> <servlet-class>com.jeecms.common.captcha.JcaptchaServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>Jcaptcha</servlet-name> <url-pattern>/captcha.svl</url-pattern> </servlet-mapping>
注意,这里的url使用的是/captcha.svl.
servlet JcaptchaServlet 重新写了生成图片的代码。
- login.html中的配置
<span><<span class="start-tag">form</span>
<span class="attribute-name">id</span>
="<a class="attribute-value">jvForm</a>
" <span class="attribute-name">action</span>
="<a class="attribute-value">/login.jspx</a>
" <span class="attribute-name">method</span>
="<a class="attribute-value">post</a>
"></span>
<span>
...</span>
<td colspan="2"><img src="/captcha.svl" οnclick="this.src='/captcha.svl?d='+new Date()*1"
width="100" height="35"/></td>
...
</form>
onclick 方法后面是如果点击此图片,则生成新的验证码图片。
- 验证码的处理类CasLoginAct.java
包路径:package com.jeecms.cms.action.member;
验证的代码如下:
@RequestMapping(value = "/login.jspx", method = RequestMethod.POST)
public String submit(String username, String password, String captcha,
String processUrl, String returnUrl, String message,
HttpServletRequest request, HttpServletResponse response,
ModelMap model) {
Integer errorRemaining = unifiedUserMng.errorRemaining(username);
CmsSite site = CmsUtils.getSite(request);
String sol = site.getSolutionPath();
WebErrors errors = validateSubmit(username, password, captcha,
errorRemaining, request, response);
。。。。。
private WebErrors validateSubmit(String username, String password,
String captcha, Integer errorRemaining, HttpServletRequest request,
HttpServletResponse response) {
WebErrors errors = WebErrors.create(request);
if (errors.ifOutOfLength(username, "username", 1, 100)) {
return errors;
}
if (errors.ifOutOfLength(password, "password", 1, 32)) {
return errors;
}
// 如果输入了验证码,那么必须验证;如果没有输入验证码,则根据当前用户判断是否需要验证码。
if (!StringUtils.isBlank(captcha)
|| (errorRemaining != null && errorRemaining < 0)) {
if (errors.ifBlank(captcha, "captcha", 100)) {
return errors;
}
try {
if (!imageCaptchaService.validateResponseForID(session
.getSessionId(request, response), captcha)) {
errors.addErrorCode("error.invalidCaptcha");
return errors;
}
} catch (CaptchaServiceException e) {
errors.addErrorCode("error.exceptionCaptcha");
log.warn("", e);
return errors;
}
}
return errors;
}
。。。。
注意,image的生成和验证,是根据sessionid为标识的。
比如生成时的代码:
String captchaId = session.getSessionId(request, response);
BufferedImage challenge = captchaService.getImageChallengeForID(
captchaId, request.getLocale());
// Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
验证时的代码:
if (!imageCaptchaService.validateResponseForID(session
.getSessionId(request, response), captcha)) {
errors.addErrorCode("error.invalidCaptcha");
return errors;