使用session实现一次性验证码

       在登录页面和各种页面,会看到有验证码输入,这样做的目的是为了防止密码猜测工具破解密码,保护了用户密码安全,验证码只能使用一次,这样就给密码猜测工具带来了很大的困难,基本上阻断了密码猜测工具的使用。

       可以使用session获得一次性验证码。先看一下登录页面,即显示验证码的页面,代码为:

  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">  
  2. <html>  
  3.   <head>  
  4.     <title>CheckCode.html</title>  
  5.     <meta http-equiv="content-type" content="text/html; charset=UTF-8">  
  6.   </head>  
  7.     
  8.   <body>  
  9.     <form action="/learnJS/servlet/LoginFormServlet" method="post">  
  10.     用户名:<input type="text" name="name"/><br/>  
  11.     密     码:<input type="password" name="pass"><br/>  
  12.     验证码:<input type="text" name="check_code"/>  
  13.     <img src="/learnJS/servlet/CheckCodeServlet"/><br/>  
  14.    <input type="submit" name="登录"/>   
  15.     </form>  
  16.   </body>  
  17. </html>  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>CheckCode.html</title>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  
  <body>
    <form action="/learnJS/servlet/LoginFormServlet" method="post">
    用户名:<input type="text" name="name"/><br/>
    密     码:<input type="password" name="pass"><br/>
    验证码:<input type="text" name="check_code"/>
    <img src="/learnJS/servlet/CheckCodeServlet"/><br/>
   <input type="submit" name="登录"/> 
    </form>
  </body>
</html>

验证码存放在一张图片上,那图片是通过servlet产生的,在servlet中先产生验证码存放到session中,供以后验证使用,然后在画一张图片,将验证码无规则的放在图片上,在图片上画上干扰字符,然后就可以啦。代码如下:

  1. package com.you.servlet;  
  2.   
  3. import java.awt.Color;  
  4. import java.awt.Font;  
  5. import java.awt.Graphics;  
  6. import java.awt.image.BufferedImage;  
  7. import java.io.ByteArrayOutputStream;  
  8. import java.io.IOException;  
  9.   
  10. import javax.imageio.ImageIO;  
  11. import javax.servlet.ServletException;  
  12. import javax.servlet.ServletOutputStream;  
  13. import javax.servlet.http.HttpServlet;  
  14. import javax.servlet.http.HttpServletRequest;  
  15. import javax.servlet.http.HttpServletResponse;  
  16. import javax.servlet.http.HttpSession;  
  17.   
  18. public class CheckCodeServlet extends HttpServlet {  
  19.     private static int WIDTH = 60;  
  20.     private static int HEIGHT = 20;  
  21.   
  22.     public void doGet(HttpServletRequest request, HttpServletResponse response)  
  23.             throws ServletException, IOException {  
  24.         HttpSession session = request.getSession();  
  25.         response.setContentType("image/jpeg");  
  26.         ServletOutputStream sos = response.getOutputStream();  
  27.           
  28.         //设置浏览器不要缓存此图片  
  29.         response.setHeader("Pragma""No-cache");  
  30.         response.setHeader("Cache-Control""no-cache");  
  31.         response.setDateHeader("Expires"0);  
  32.           
  33.         //创建内存图像并获得其图形上下文  
  34.         BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);  
  35.         Graphics g = image.getGraphics();  
  36.           
  37.         //产生随机的验证码  
  38.         char[] rands = generateCheckCode();  
  39.           
  40.         //产生图像  
  41.         drawBackground(g);  
  42.         drawRands(g, rands);  
  43.           
  44.         //结束图像的绘制过程,完成图像  
  45.         g.dispose();  
  46.           
  47.         //将图像输出到客户端  
  48.         ByteArrayOutputStream bos = new ByteArrayOutputStream();  
  49.         ImageIO.write(image, "JPEG", bos);  
  50.         byte[] buf = bos.toByteArray();  
  51.         response.setContentLength(buf.length);  
  52.         sos.write(buf);  
  53.         bos.close();  
  54.         sos.close();  
  55.           
  56.         //将当前验证码存入到session中  
  57.         session.setAttribute("check_code"new String(rands));  
  58.   
  59.     }  
  60.   
  61.     public void doPost(HttpServletRequest request, HttpServletResponse response)  
  62.             throws ServletException, IOException {  
  63.   
  64.         doGet(request, response);  
  65.     }  
  66.       
  67.     private char[] generateCheckCode() {  
  68.         //定义验证码的字符集  
  69.         String chars = "0123456789abcdefghigklmnopqrstuvwxyz";  
  70.         char[] rands = new char[4];  
  71.         for(int i = 0; i < 4; i++) {  
  72.             int rand = (int)(Math.random() * 36);  
  73.             rands[i] = chars.charAt(rand);  
  74.         }  
  75.         return rands;  
  76.     }  
  77.       
  78.     private void drawRands(Graphics g, char[] rands) {  
  79.         g.setColor(Color.BLACK);  
  80.         g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));  
  81.         //在不同的高度上输出验证码的每个字符  
  82.         g.drawString("" + rands[0], 117);  
  83.         g.drawString("" + rands[1], 1615);  
  84.         g.drawString("" + rands[2], 3118);  
  85.         g.drawString("" + rands[3], 4616);  
  86.         System.out.println(rands);  
  87.     }  
  88.       
  89.     private void drawBackground(Graphics g) {  
  90.         //画背景  
  91.         g.setColor(new Color(0xDCDCDC));  
  92.         g.fillRect(00, WIDTH, HEIGHT);  
  93.         //随机产生120个干扰点   
  94.         for(int i = 0; i < 120; i++) {  
  95.             int x = (int)(Math.random() * WIDTH);  
  96.             int y = (int)(Math.random() * HEIGHT);  
  97.             int red = (int)(Math.random() * 255);  
  98.             int green = (int)(Math.random() * 255);  
  99.             int blue = (int)(Math.random() * 255);  
  100.             g.setColor(new Color(red, green, blue));  
  101.             g.drawOval(x, y, 10);  
  102.         }  
  103.     }  
  104.   
  105. }  
package com.you.servlet;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class CheckCodeServlet extends HttpServlet {
    private static int WIDTH = 60;
    private static int HEIGHT = 20;

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        HttpSession session = request.getSession();
        response.setContentType("image/jpeg");
        ServletOutputStream sos = response.getOutputStream();
        
        //设置浏览器不要缓存此图片
        response.setHeader("Pragma", "No-cache");
        response.setHeader("Cache-Control", "no-cache");
        response.setDateHeader("Expires", 0);
        
        //创建内存图像并获得其图形上下文
        BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);
        Graphics g = image.getGraphics();
        
        //产生随机的验证码
        char[] rands = generateCheckCode();
        
        //产生图像
        drawBackground(g);
        drawRands(g, rands);
        
        //结束图像的绘制过程,完成图像
        g.dispose();
        
        //将图像输出到客户端
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ImageIO.write(image, "JPEG", bos);
        byte[] buf = bos.toByteArray();
        response.setContentLength(buf.length);
        sos.write(buf);
        bos.close();
        sos.close();
        
        //将当前验证码存入到session中
        session.setAttribute("check_code", new String(rands));

    }

    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        doGet(request, response);
    }
    
    private char[] generateCheckCode() {
        //定义验证码的字符集
        String chars = "0123456789abcdefghigklmnopqrstuvwxyz";
        char[] rands = new char[4];
        for(int i = 0; i < 4; i++) {
            int rand = (int)(Math.random() * 36);
            rands[i] = chars.charAt(rand);
        }
        return rands;
    }
    
    private void drawRands(Graphics g, char[] rands) {
        g.setColor(Color.BLACK);
        g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
        //在不同的高度上输出验证码的每个字符
        g.drawString("" + rands[0], 1, 17);
        g.drawString("" + rands[1], 16, 15);
        g.drawString("" + rands[2], 31, 18);
        g.drawString("" + rands[3], 46, 16);
        System.out.println(rands);
    }
    
    private void drawBackground(Graphics g) {
        //画背景
        g.setColor(new Color(0xDCDCDC));
        g.fillRect(0, 0, WIDTH, HEIGHT);
        //随机产生120个干扰点 
        for(int i = 0; i < 120; i++) {
            int x = (int)(Math.random() * WIDTH);
            int y = (int)(Math.random() * HEIGHT);
            int red = (int)(Math.random() * 255);
            int green = (int)(Math.random() * 255);
            int blue = (int)(Math.random() * 255);
            g.setColor(new Color(red, green, blue));
            g.drawOval(x, y, 1, 0);
        }
    }

}

然后是登录之后处理用户是否登录成功的servlet,在这个servlet中通过比较session中存放的验证码和用户输入的验证码,如果匹配则进行下一步判断,如果不匹配直接输出验证码不匹配的问题。代码为:

  1. package com.you.servlet;  
  2.   
  3. import java.io.IOException;  
  4. import java.io.PrintWriter;  
  5.   
  6. import javax.servlet.ServletException;  
  7. import javax.servlet.http.HttpServlet;  
  8. import javax.servlet.http.HttpServletRequest;  
  9. import javax.servlet.http.HttpServletResponse;  
  10. import javax.servlet.http.HttpSession;  
  11.   
  12. public class LoginFormServlet extends HttpServlet {  
  13.   
  14.     public void doGet(HttpServletRequest request, HttpServletResponse response)  
  15.             throws ServletException, IOException {  
  16.         response.setContentType("text/html;charset=utf-8");  
  17.         PrintWriter out = response.getWriter();  
  18.           
  19.         HttpSession session = request.getSession(false);  
  20.         if(session == null) {  
  21.             out.print("验证码处理问题");  
  22.             return;  
  23.         }  
  24.           
  25.         String saveCode = (String)session.getAttribute("check_code");  
  26.         if(saveCode == null) {  
  27.             out.print("验证码处理问题");  
  28.             return;  
  29.         }  
  30.           
  31.         String checkCode = request.getParameter("check_code");  
  32.         if(!saveCode.equals(checkCode)) {  
  33.             out.print("验证码无效!");  
  34.             return;  
  35.         }  
  36.           
  37.         session.removeAttribute("check_code");  
  38.         out.print("验证码通过,服务器正在校验用户名和密码!");  
  39.   
  40.     }  
  41.   
  42.     public void doPost(HttpServletRequest request, HttpServletResponse response)  
  43.             throws ServletException, IOException {  
  44.   
  45.         doGet(request, response);  
  46.     }  
  47.   
  48. }  
package com.you.servlet;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class LoginFormServlet extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=utf-8");
        PrintWriter out = response.getWriter();
        
        HttpSession session = request.getSession(false);
        if(session == null) {
            out.print("验证码处理问题");
            return;
        }
        
        String saveCode = (String)session.getAttribute("check_code");
        if(saveCode == null) {
            out.print("验证码处理问题");
            return;
        }
        
        String checkCode = request.getParameter("check_code");
        if(!saveCode.equals(checkCode)) {
            out.print("验证码无效!");
            return;
        }
        
        session.removeAttribute("check_code");
        out.print("验证码通过,服务器正在校验用户名和密码!");

    }

    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        doGet(request, response);
    }

}


转载于:https://www.cnblogs.com/jpfss/p/8444513.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值