【是什么】
验证码(CAPTCHA)是“CompletelyAutomated Public Turing test to tell Computers and HumansApart”(全自动区分计算机和人类的图灵测试)的缩写,是一种区分用户是计算机还是人的公共全自动程序。
【作用】
可以防止恶意破解密码、刷票、论坛灌水,有效防止某个黑客对某一个特定注册用户用特定程序暴力破解方式进行不断的登陆尝试,实际上用验证码是现在很多网站通行的方式,我们利用比较简易的方式实现了这个功能。这个问题可以由计算机生成并评判,但是必须只有人类才能解答。由于计算机无法解答CAPTCHA的问题,所以回答出问题的用户就可以被认为是人类。
【实践】
用servlet实现验证码:
servlet代码:
package com.bjpowernode.drp.util.servlet;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 验证码实例
*
* @author happy
*
*/
public class AuthImageServlet extends HttpServlet {
private static final String CONTENT_TYPE = "text/html; charset=gb2312";
// 设置字母的大小,大小
private Font mFont = new Font("Times New Roman", Font.PLAIN, 17);
public void init() throws ServletException {
super.init();
}
Color getRandColor(int fc, int bc) {
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}
public void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
// 表明生成的响应是图片
response.setContentType("image/jpeg");
int width = 100, height = 18;
BufferedImage image = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
Random random = new Random();
g.setColor(getRandColor(200, 250));
g.fillRect(1, 1, width - 1, height - 1);
g.setColor(new Color(102, 102, 102));
g.drawRect(0, 0, width - 1, height - 1);
g.setFont(mFont);
g.setColor(getRandColor(160, 200));
// 画随机线
for (int i = 0; i < 155; i++) {
int x = random.nextInt(width - 1);
int y = random.nextInt(height - 1);
int xl = random.nextInt(6) + 1;
int yl = random.nextInt(12) + 1;
g.drawLine(x, y, x + xl, y + yl);
}
// 从另一方向画随机线
for (int i = 0; i < 70; i++) {
int x = random.nextInt(width - 1);
int y = random.nextInt(height - 1);
int xl = random.nextInt(12) + 1;
int yl = random.nextInt(6) + 1;
g.drawLine(x, y, x - xl, y - yl);
}
// 生成随机数,并将随机数字转换为字母
String sRand = "";
for (int i = 0; i < 6; i++) {
int itmp = random.nextInt(26) + 65;
char ctmp = (char) itmp;
sRand += String.valueOf(ctmp);
g.setColor(new Color(20 + random.nextInt(110), 20 + random
.nextInt(110), 20 + random.nextInt(110)));
g.drawString(String.valueOf(ctmp), 15 * i + 10, 16);
}
HttpSession session = request.getSession(true);
session.setAttribute("rand", sRand);
g.dispose();
ImageIO.write(image, "JPEG", response.getOutputStream());
}
public void destroy() {
}
}
在web.xml中配置:
<servlet>
<servlet-name>AuthImageServlet</servlet-name>
<servlet-class>com.bjpowernode.drp.util.servlet.AuthImageServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthImageServlet</servlet-name>
<url-pattern>/servlet/AuthImageServlet</url-pattern>
</servlet-mapping>
JSP页面显示:
<imgsrc="${pageContext.request.contextPath}/servlet/AuthImageServlet">
效果: