1、为什么要使用验证码??
相信很多网站,淘宝,网易博客,以及我们现在的csdn都设置了在注册或登陆的时候,需要我们输入验证码,为什么要设置填写验证码这以项呢?是这样的,如果不设置验证码的话,我们在注册一个网站的时候,写一个外挂程序,每一分钟注册一个用户,不断注册,或者不断登录,这样去攻击网站。而验证码就解决了这个问题,验证码是混合的数字或者符号的图片,机器无法准确的识别,连人眼看起来也费劲,这样发你大规模的注册或者大规模匿名回帖的发生。所以验证码有很大用途了。
2、把验证码功能封装到servlet中
代码如下所示,我们在使用的时候只要在界面调用这个验证码servlet的链接就可以了。
- package com.bjpowernode.drp.util.servlet;
- import java.awt.Color;
- import java.awt.Font;
- import java.awt.Graphics;
- import java.awt.image.BufferedImage;
- import java.io.IOException;
- import java.util.Random;
- import javax.imageio.ImageIO;
- import javax.servlet.ServletException;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- public class AuthImageServlet extends HttpServlet
- {
- private static final String CONTENT_TYPE = "text/html; charset=gb2312";
- //设置字母的大小,大小
- private Font mFont = new Font("Times New Roman", Font.PLAIN, 17);
- public void init() throws ServletException
- {
- super.init();
- }
- Color getRandColor(int fc,int bc)
- {
- Random random = new Random();
- if(fc>255) fc=255;
- if(bc>255) bc=255;
- int r=fc+random.nextInt(bc-fc);
- int g=fc+random.nextInt(bc-fc);
- int b=fc+random.nextInt(bc-fc);
- return new Color(r,g,b);
- }
- public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
- {
- response.setHeader("Pragma","No-cache");
- response.setHeader("Cache-Control","no-cache");
- response.setDateHeader("Expires", 0);
- //表明生成的响应是图片
- response.setContentType("image/jpeg");
- int width=100, height=18;
- BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
- Graphics g = image.getGraphics();
- Random random = new Random();
- g.setColor(getRandColor(200,250));
- g.fillRect(1, 1, width-1, height-1);
- g.setColor(new Color(102,102,102));
- g.drawRect(0, 0, width-1, height-1);
- g.setFont(mFont);
- g.setColor(getRandColor(160,200));
- //画随机线
- for (int i=0;i<155;i++)
- {
- int x = random.nextInt(width - 1);
- int y = random.nextInt(height - 1);
- int xl = random.nextInt(6) + 1;
- int yl = random.nextInt(12) + 1;
- g.drawLine(x,y,x + xl,y + yl);
- }
- //从另一方向画随机线
- for (int i = 0;i < 70;i++)
- {
- int x = random.nextInt(width - 1);
- int y = random.nextInt(height - 1);
- int xl = random.nextInt(12) + 1;
- int yl = random.nextInt(6) + 1;
- g.drawLine(x,y,x - xl,y - yl);
- }
- //生成随机数,并将随机数字转换为字母
- String sRand="";
- for (int i=0;i<6;i++)
- {
- int itmp = random.nextInt(26) + 65;
- char ctmp = (char)itmp;
- sRand += String.valueOf(ctmp);
- g.setColor(new Color(20+random.nextInt(110),20+random.nextInt(110),20+random.nextInt(110)));
- g.drawString(String.valueOf(ctmp),15*i+10,16);
- }
- HttpSession session = request.getSession(true);
- session.setAttribute("rand",sRand);
- g.dispose();
- ImageIO.write(image, "JPEG", response.getOutputStream());
- }
- public void destroy()
- {
- }
- }
代码也很容易理解,设置了图片的颜色,随机的字母,在图片上随机画模糊线条,完成之后,通过request.getSession(true) 来设置session可用性,再通过session.setAttribute("rand",sRand); 设置到session中,以便我们在使用的时候取得session中的rand。
3、配置servlet
servlet是需要配置的,启动服务器后,会自动的编译servlet,我们在web.xml中配置servlet名称和路径,编译我们验证码的servlet。xml中配置AuthImageServlet的代码:
- <span style="font-size:14px;"><servlet>
- <servlet-name>AuthImageServlet</servlet-name>
- <servlet-class>com.bjpowernode.drp.util.servlet.AuthImageServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>AuthImageServlet</servlet-name>
- <url-pattern>/servlet/AuthImageServlet</url-pattern>
- </servlet-mapping>
- </span>
在JSP页面中链接我们AuthImageServlet,运行时加载验证码
- <span style="font-size:14px;"> <TR>
- <TD align=left><FONT
- face="verdana, arial, helvetica, sans-serif" size=-1>验证码:</FONT>
- </TD>
- <TD align=left><INPUT name="authCode" type="text"
- size="6" maxlength="6"> <img
- src="${pageContext.request.contextPath}/servlet/AuthImageServlet">
- </TD>
- </TR></span>
通过链接 ${pageContext.request.contextPath } /servlet/AuthImageServlet 链接到验证码的servlet,JSP页面进行判断:
- <%
- String command = request.getParameter("command");
- if ("login".equals(command)) {
- String userId = request.getParameter("userId");
- String password = request.getParameter("password");
- //验证码.
- String authCode = request.getParameter("authCode");
- if (!authCode.trim().equalsIgnoreCase(
- (String) session.getAttribute("rand"))) {
- out.println("验证码不正确!");
- } else {
- try {
- User user = UserManager.getInstance().login(userId,
- password);
- //将用户信息设置到session中
- session.setAttribute("user_info", user);
- //设置session超时
- //session.setMaxInactiveInterval(60*60);
- //重定向到主控页面
- response.sendRedirect(request.getContextPath()
- + "/main.jsp");
- } catch (UserNotFoundException e) {
- out.println(e.getMessage());
- } catch (PasswordNotCorrentException e) {
- out.println(e.getMessage());
- }
- }
- }
- %>
很容易想起使用servlet创建报表,道理上都是一样的,总结在这里,以便以后随时翻阅。
小白兔说:走在路上,大片大片的落叶飘落发出窸窸窣窣的声音,我想她们一定在说着悄悄话,我们能像树叶那样随遇而安吗.......