为了防止JSP网站被恶意代码攻击,考虑给网站登录时添加验证码来增加网站的安全性。首先需要用到的包有:
commons-lang-2.5.jar,可以将jar包放到WEB-INF/lib文件夹下。
第一个jsp文件: test.jsp
<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %> <html> <head> <title>验证码测试</title> <meta http-equiv="content-type" content="text/html; charset=gb2312"> </head> <body> <img src="random.jsp"> </body> </html> |
第二个jsp文件,用于随即产生验证码: ramdom.jsp 这个文件要用到commons-lang-2.5.jar的包,另外com.sun.image.codec.jpeg.*是从JDK1,5开始由sun提供的。
且在这第二个文件中一开始会报错,就是写到代码
“JPEGImageEncoder encoder=JPEGCodec.createJPEGEncoder(outstream);
encoder.encode(image);” 的时候,会报出
“Access restriction: The type JPEGImageEncoder is not accessible due to restr。。。。” 的错误。
原因是eclipse将这个访问受限的API默认为ERRO了,
解决的办法就是将 JRE SYSTEM LIBRARYS先从build the path里删除掉,再重新添加一次就可以了。
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ page autoFlush="false" import="java.awt.*,java.awt.image.*,com.sun.image.codec.jpeg.*,java.util.*"%> <%@ page import="org.apache.commons.lang.RandomStringUtils"%> <% RandomStringUtils rs=new RandomStringUtils(); String random=rs.randomAlphanumeric(4); session.setAttribute("random",random); %> <% out.clear(); response.setContentType("image/jpeg"); response.addHeader("pragma","no-cache"); response.addHeader("cache-control","no-cache"); response.addDateHeader("expries",0); int width=100, height=40; BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR); Graphics g = image.getGraphics(); //填充背景颜色 g.setColor(Color.gray); Font defont=new Font("sansserif", Font.PLAIN, 32); g.setFont(defont); g.fillRect(0, 0, width, height); //设置字体颜色 g.setColor(Color.red); g.drawString(random,3,30); g.dispose(); ServletOutputStream outstream = response.getOutputStream(); JPEGImageEncoder encoder=JPEGCodec.createJPEGEncoder(outstream); encoder.encode(image); outstream.close(); %> |
第三个文件时用于产生随机数的java文件:RandomStringUtils.java文件
package com.core; import java.util.Random; public class RandomStringUtils { private static final Random random = new Random(); public RandomStringUtils() { } public static String random(int count) { return random(count, false, false); } public static String randomascii(int count) { return random(count, 32, 127, false, false); } public static String randomalphabetic(int count) { return random(count, true, false); } public static String randomalphanumeric(int count) { return random(count, true, true); } public static String randomnumeric(int count) { return random(count, false, true); } public static String random(int count, boolean letters, boolean numbers) { return random(count, 0, 0, letters, numbers); } public static String random(int count, int start, int end, boolean letters, boolean numbers) { return random(count, start, end, letters, numbers, null); } public static String random(int count, int start, int end, boolean letters, boolean numbers, char set[]) { if(start == 0 && end == 0) { end = 122; start = 32; if(!letters && !numbers) { start = 0; end = 0x7fffffff; } } StringBuffer buffer = new StringBuffer(); int gap = end - start; while(count-- != 0) { char ch; if(set == null) ch = (char)(random.nextInt(gap) + start); else ch = set[random.nextInt(gap) + start]; if(letters && numbers && Character.isLetterOrDigit(ch) || letters && Character.isLetter(ch) || numbers && Character.isDigit(ch) || !letters && !numbers) buffer.append(ch); else count++; } return buffer.toString(); } public static String random(int count, String set) { return random(count, set.toCharArray()); } public static String random(int count, char set[]) { return random(count, 0, set.length - 1, false, false, set); } } |
将工程发布后,输入:http://localhost:8080/SchHosp/test.jsp
本文参考了几篇前辈的文章,综合百度、谷歌的内容一起完成的,望大家指导。