关于校验码的文章网上非常多,很多人采用开源JCaptcha作为验证码框架,JCaptcha有很多优点,但配置还是复杂,而且生成的图片对于企业级应用来说辨识度低了点,而这有可能会导致客户投诉,本篇采用简单的方式生成辨识度高的验证码,基本满足内部网企业级应用(有些企业的老头老太太基本不能正确输入辨识度低的验证码,大量投诉会搞死开发人员的):
1、建立校验码服务类,其中图片宽高以及校验码长度可以配置,请仔细测试生成的图片来满足应用需求,提供了两种类型的校验码,一种是数字校验码,一种是字母数字混合校验码,根据企业需要任选一种:
@Service
public class CheckCodeService {
// 校验码图片宽
private int width = 85;
// 校验码图片高
private int height = 20;
// 校验码长度
private int codeLength = 6;
// 混合字母数字数组
private String[] charArray = new String[]{"0","1","2","3","4","5","6","7","8","9",
"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R",
"S","T","U","V","W","X","W","Z"};
public void setCodeLength(int codeLength) {
this.codeLength = codeLength;
}
public void setWidth(int width) {
this.width = width;
}
public void setHeight(int height) {
this.height = height;
}
/*
* 产生随机数字验证码
*/
public String generateRandomNumberCode() {
String sRand = "";
Random random = new Random();
for (int i = 0; i < codeLength; i++) {
sRand += random.nextInt(10);
}
return sRand;
}
/*
* 产生随机字母数字混合验证码
*/
public String generateRandomMixedCode() {
String sRand = "";
Random random = new Random();
for (int i = 0; i < codeLength; i++) {
sRand += charArray[random.nextInt(charArray.length)];
}
return sRand;
}
/*
* 取得验证码图片
*/
public BufferedImage getImage(String checkCode) {
// 在内存中创建图象
BufferedImage image = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
// 获取图形上下文
Graphics g = image.getGraphics();
// 设定背景色
g.setColor(getRandColor(200, 250));
g.fillRect(0, 0, width, height);
// 设定字体
g.setFont(new Font("Times New Roman", Font.PLAIN, 18));
// 生成随机类
Random random = new Random();
// 随机产生155条干扰线,使图象中的认证码不易被其它程序探测到
g.setColor(getRandColor(160, 200));
for (int i = 0; i < 155; i++) {
int x = random.nextInt(width);
int y = random.nextInt(height);
int xl = random.nextInt(12);
int yl = random.nextInt(12);
g.drawLine(x, y, x + xl, y + yl);
}
for (int i = 0; i < checkCode.length(); i++) {
// 将认证码显示到图象中
g.setColor(new Color(20 + random.nextInt(110), 20 + random
.nextInt(110), 20 + random.nextInt(110)));
// 调用函数出来的颜色相同,可能是因为种子太接近,所以只能直接生成
g.drawString(String.valueOf(checkCode.charAt(i)), 13 * i + 6, 16);
}
// 图象生效
g.dispose();
return image;
}
/*
* 给定范围获得随机颜色
*/
private Color getRandColor(int fc, int bc) {
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}
}
2、生成校验码控制器类,其中一个方法产生或刷新校验码图片,另外一个方法校验验证码是否正确,不过校验码是否正确,都会清理掉session中保存的验证码,使得生成的验证码只能使用一次,这是从安全出发采取的一种手段:
@Controller
@RequestMapping("/checkCode")
public class CheckCodeController {
@Autowired
private CheckCodeService checkCodeService;
/**
* 生成校验码图片
* @param request
* @param response
* @throws IOException
*/
@RequestMapping("/getImage.do")
public void getImage(HttpServletRequest request, HttpServletResponse response) throws IOException {
// 禁止缓存
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "No-cache");
response.setDateHeader("Expires", 0);
// 指定生成的响应是图片
response.setContentType("image/jpeg");
//String code = checkCodeService.generateRandomNumberCode();
String code = checkCodeService.generateRandomMixedCode();
// 将生成的验证码保存到Session中
HttpSession session = request.getSession(true);
session.setAttribute("checkCode", code);
ImageIO.write(checkCodeService.getImage(code),"JPEG",response.getOutputStream());
}
/**
* 验证校验码
* @param checkcode
* @return 校验码正确返回true
*/
@ResponseBody
@RequestMapping("/validate.do")
public boolean validate(String checkcode, HttpServletRequest request){
HttpSession session = request.getSession(false);
if(session == null){
return false;
}
String code = (String)session.getAttribute("checkCode");
session.removeAttribute("checkCode");
if(checkcode!=null && checkcode.length()>0 && checkcode.toUpperCase().equals(code)){
return true;
}else{
return false;
}
}
}
3、前端测试代码,校验成功就转向成功的地址,校验失败,重新获取校验码图片,注意修改测试中图片已经ajax的链接地址:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>test</title>
<link rel="stylesheet" href="/lib/jquery-easyui/themes/default/easyui.css" type="text/css" charset="utf-8"/>
<link rel="stylesheet" href="/lib/jquery-easyui/themes/icon.css" type="text/css" charset="utf-8"/>
<script type="text/javascript" src="/lib/jquery-easyui/jquery-1.8.0.min.js" charset="utf-8"></script>
<script type="text/javascript" src="/lib/jquery-easyui/jquery.easyui.min.js" charset="utf-8"></script>
<script type="text/javascript" src="/lib/jquery-easyui/locale/easyui-lang-zh_CN.js" charset="utf-8"></script>
<script type="text/javascript" charset="utf-8">
$(function() {
$('#imageCode').click(function() {
refreshCheckCode();
});
$('#submit').click(
function() {
$.post("/checkCode/validate.do?checkcode="
+ $('#checkCode').val(), function(data) {
if (data) {
window.top.location.href='需要重定向的页面地址';
} else {
refreshCheckCode();
$.messager.show({
title:'警告',
msg:'校验码输入不正确。',
timeout:5000,
showType:'slide'
});
}
});
});
function refreshCheckCode() {
var append = '?clearCache=' + new Date().getTime() + 'a'
+ Math.random();
$('#imageCode').attr('src', $('#imageCode').attr('src') + append);
}
});
</script>
</head>
<body>
请输入校验码:
<input id="checkCode" type="text" name="checkcode" />
<img id="imageCode" src="/checkCode/getImage.do"
title="看不清,点击换一张" style="cursor: pointer;" />
<br />
<input id="submit" type="button" value="提交" />
</body>
</html>