验证码的主要作用是防止非人为的注册和登录,近两年使用的手机短信验证登录也是手段之一。验证码是系统随机生成的一张图片,保存在cookie里面,每点击一次再重新生成一张新图片。验证码一般为4-6位的数字和字母的组合,验证码中尽量避免o和0这种易混淆的字母和数字组合,颜色宜用灰黑色,不要太花哨,否则对红绿色盲用户有困难,可以加一些线条和点增加识别难度。
验证码的实现是基于cookie的,所以首先浏览器要不禁cookie。其次,验证码是一张图片,你输入的验证码要和图片中的验证码对应起来,每点击一次图片都会变,所以肯定要有一个map,map的key值是图片上显示的code,value值就是显示的图片,这样就能够对应起来实现验证功能。下面看代码
//定义生成验证码图片的类
public final class AuthImgUtil {
//首先得定义一个数组字符窜序列,是验证码的来源,需要去除0,O,i,1等容易混淆的字符
private static final String[] chars = { "2", "3", "4", "5", "6","7", "8", "9", "A", "B","C","D", "E", "F","G","H","J","K","L","M","N","P","Q","R","S","T","U","V", "W","X", "Y", "Z","a","b","d","e","f","g","h","m","n","q","t","y"};
//定义验证码的个数,这里定义显示4个
private static final int SIZE = 4;
//定义验证码当中的干扰线条数
private static final int LINES =6;
//定义验证码图片的宽度
private static final int WIDTH = 140;
//定义验证码图片的高度
private static final int HEIGHT = 60;
//定义验证码中字符的字体大小
private static final int FONT_SIZE = 40;
//定义验证码的实现方法,map里面value值就是生成的图片,key值是对应图片的字符串值,
public static Map<String,BufferedImage> getImage() {
StringBuffer sb = new StringBuffer();
//画图方法,设置宽度、高度和背景色
BufferedImage image = new BufferedImage(WIDTH, HEIGHT,
BufferedImage.TYPE_INT_RGB);
Graphics graphic = image.getGraphics();
graphic.setColor(Color.WHITE);
graphic.fillRect(0, 0, WIDTH, HEIGHT);
//在图片中依次生成四个验证码
Random ran = new Random();
for(int i=1;i<=SIZE;i++){
int r = ran.nextInt(chars.length);
//这里字体设置为灰色,
graphic.setColor(Color.DARK_GRAY);
graphic.setFont(new Font(null,Font.ITALIC,FONT_SIZE));
//设置字符尽可能的均匀分布
graphic.drawString(chars[r],(i-1)*WIDTH/SIZE , HEIGHT/2);
sb.append(chars[r]);
}
//画干扰线
for(int i=1;i<=LINES;i++){
graphic.setColor(getRandomColor());
graphic.drawLine(ran.nextInt(WIDTH), ran.nextInt(HEIGHT), ran.nextInt(WIDTH),ran.nextInt(HEIGHT));
}
Map<String,BufferedImage> map = new HashMap<String,BufferedImage>();
map.put(sb.toString(), image);
return map;
}
//获取随机色
public static Color getRandomColor(){
Random ran = new Random();
Color color = new Color(ran.nextInt(256),ran.nextInt(256),ran.nextInt(256));
return color;
}
}
接下来把生成的验证码保存在cookie里面,验证码图片返回到登录页面上
public void authImgRender(){
//调用上面AuthImgUtil类的getImage方法,获取code和image值
Map<String,BufferedImage> map =getImage();
String code = map.keySet().iterator().next();
BufferedImage image = map.get(code);
//定义cookie,放入验证码图片中显示的code
Cookie ck = new Cookie("code",code.toLowerCase());
ck.setHttpOnly(true);
//注意这里的几个设置,Cache-Control要为no-cacheresponse.addCookie(ck);
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("image/jpeg");
ServletOutputStream sos = null;
try {
sos = response.getOutputStream();
ImageIO.write(image, "jpeg", sos);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
if (sos != null) {
try {
sos.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
这样其实验证码功能就基本实现了。用户登陆验证的时候只需要判断界面输入的验证码和cookie里面的code是否一致就行了。
部分代码参考开源作者JfinalUIB:http://www.oschina.net/p/jfinaluib