为防止暴力登录而采用的随机验证码在很多网站的登录上经常见到,我这里用Struts+Servlet简单实现登录验证码,贴出来与大家一起交流。
原理就是利用在Servlet中产生4个数字与字母随机组合的验证码,存放到request的Session中,当用户加载登录页面的同时,发送一个请求给Servlet产生随机的验证码,并在登录页面以图片的形式展示在用户面前,当用户填完登录信息提交时,由Struts的Action从用户的请求中获得用户在界面上输入的验证码,并与session中的验证码进行比对,如果两者不一致则返回到登录界面,并刷新验证码,如果两者一致则继续进行后续的其它验证。当用户在界面看到的验证码不清晰,可以重复单击刷新验证码,直到看到清晰的图片为止,刷新验证码图片是通过页面JavaScript脚本控制的,其实就是重新发送一次请求给Servlet,重新产生随机验证码并更换Session中的旧验证码。
登录页面login.jsp的代码如下:
<%...@ page language="Java" pageEncoding="UTF-8"%>
<%...@ taglib uri="http://jakarta.apache.org/struts/tags-html" prefix="html"%>
<html>
<head>
<title>登录页面</title>
<script type="text/Javascript">
// 刷新验证码图片
function refresh(obj){
obj.src="check";
}
</script>
</head>
<body>
<html:form action="/login">
用户名 : <html:text property="userName" />
<html:errors property="userName" />
<br />
验证码:<input />
<img src="check"
title="看不清?单击换一张图片">
<html:errors property="checkCodeErr" /><p/>
<html:submit value="登录" />
</html:form>
</body>
</html>
注意:验证码的图片标签<img>中的src属性值为产生随机验证码的Servlet对应的映射路径,这样只要一打开页面图片就会显示,刷新也是一样。
<html:errors property="checkCodeErr" />用来显示验证出错的提示信息
产生随机验证码的Servlet代码如下,是从张孝祥老师的一本书中参考略做修改得来的,具体哪本书记不起来了。
package org.mfs.utils;
import Java.awt.Color;
import Java.awt.Font;
import Java.awt.Graphics;
import Java.awt.image.BufferedImage;
import Java.io.ByteArrayOutputStream;
import Java.io.IOException;
import Javax.imageio.ImageIO;
import Javax.servlet.ServletException;
import Javax.servlet.ServletOutputStream;
import Javax.servlet.http.HttpServlet;
import Javax.servlet.http.HttpServletRequest;
import Javax.servlet.http.HttpServletResponse;
import Javax.servlet.http.HttpSession;
@SuppressWarnings("serial")
public class CheckCodeServlet extends HttpServlet {
private static int WIDTH=60;
private static int HEIGHT=20;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
response.setContentType("image/jpeg");
ServletOutputStream sos = response.getOutputStream();
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
BufferedImage image = new BufferedImage(WIDTH,HEIGHT,BufferedImage.TYPE_INT_RGB);
Graphics g=image.getGraphics();
char[] rands = generateCheckCode();
drawBackground(g);
drawRands(g,rands);
g.dispose();
ByteArrayOutputStream bos= new ByteArrayOutputStream();
ImageIO.write(image,"JPEG",bos);
byte[] buf = bos.toByteArray();
response.setContentLength(buf.length);
sos.write(buf);
bos.close();
sos.close();
session.setAttribute("check_code", new String(rands));
}
private void drawBackground(Graphics g) ...{
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, WIDTH, HEIGHT);
for(int i=0;i<120;i++)...{
int x = (int)(Math.random()*WIDTH);
int y = (int)(Math.random()*HEIGHT);
int red = (int)(Math.random()*255);
int green = (int)(Math.random()*255);
int blue = (int)(Math.random()*255);
g.setColor(new Color(red,green,blue));
g.drawOval(x, y, 1, 0);
}
}
private void drawRands(Graphics g, char[] rands) ...{
g.setColor(Color.BLACK);
g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
g.drawString(""+rands[0], 1, 17);
g.drawString(""+rands[1], 16, 15);
g.drawString(""+rands[2], 31, 18);
g.drawString(""+rands[3], 46, 16);
}
private char[] generateCheckCode() ...{
String chars = "0123456789abcdefghijklmnopqrstuvwxyz";
char[] rands = new char[4];
for(int i=0;i<4;i++)...{
int rand = (int)(Math.random()*36);
rands[i]=chars.charAt(rand);
}
return rands;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException ...{
this.doGet(request, response);
}
}
CheckCodeServlet.Java在web.Xml中的映射路径设置:
<servlet>
<servlet-name>CheckCodeServlet</servlet-name>
<servlet-class>com..CheckCodeyame.utilsServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CheckCodeServlet</servlet-name>
<url-pattern>/check</url-pattern>
</servlet-mapping>
负责处理对比用户输入的验证码与session中验证码的Action代码如下:
package org.mfs.struts.action;
import Javax.servlet.http.HttpServletRequest;
import Javax.servlet.http.HttpServletResponse;
import Javax.servlet.http.HttpSession;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
public class LoginAction extends Action ...{
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) ...{
// 验证随机验证码是否填写正确
String checkCode=request.getParameter("checkCode");
HttpSession session = request.getSession();
if(!checkCode.equals((String)session.getAttribute("check_code")))...{
// 加入错误提示信息
ActionMessages errors=new ActionMessages();
errors.add("checkCodeErr", new ActionMessage("error.checkCodeError"));
this.addErrors(request, errors);
// 出错则回到登录界面
return mapping.findForward("index");
}else
return mapping.findForward("success");
}
}
Struts配置文件:struts-config.Xml
<?Xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.2//EN" "http://struts.apache.org/dtds/struts-config_1_2.dtd">
<struts-config>
<data-sources />
<form-beans >
<form-bean type="com.yame.struts.form.LoginForm" />
</form-beans>
<global-exceptions />
<global-forwards />
<action-mappings >
<action
attribute="loginForm"
input="/login.jsp"
path="/login"
scope="request"
type="com.yame.struts.action.LoginAction" >
<forward path="/login.jsp" />
<forward path="/welcome.jsp" />
</action>
</action-mappings>
<message-resources parameter="com.yame.struts.ApplicationResources" />
</struts-config>
资源文件ApplicationResources.properties中就一句:
error.checkCodeError=<font color=red>\u9a8c\u8bc1\u7801\u6709\u8bef!</font>
因为这里主要是为了介绍验证码,没对其它字段进行任何验证,当验证码出错则回到登录界面,并显示错误信息,正确则跳转到welcome.jsp,随便打印一句话。
welcome.jsp:
<%...@ page language="Java" import="Java.util.*" pageEncoding="UTF-8"%>
<%...
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'welcome.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
验证码验证成功!!
</body>
</html>
原理就是利用在Servlet中产生4个数字与字母随机组合的验证码,存放到request的Session中,当用户加载登录页面的同时,发送一个请求给Servlet产生随机的验证码,并在登录页面以图片的形式展示在用户面前,当用户填完登录信息提交时,由Struts的Action从用户的请求中获得用户在界面上输入的验证码,并与session中的验证码进行比对,如果两者不一致则返回到登录界面,并刷新验证码,如果两者一致则继续进行后续的其它验证。当用户在界面看到的验证码不清晰,可以重复单击刷新验证码,直到看到清晰的图片为止,刷新验证码图片是通过页面JavaScript脚本控制的,其实就是重新发送一次请求给Servlet,重新产生随机验证码并更换Session中的旧验证码。
登录页面login.jsp的代码如下:
<%...@ page language="Java" pageEncoding="UTF-8"%>
<%...@ taglib uri="http://jakarta.apache.org/struts/tags-html" prefix="html"%>
<html>
<head>
<title>登录页面</title>
<script type="text/Javascript">
// 刷新验证码图片
function refresh(obj){
obj.src="check";
}
</script>
</head>
<body>
<html:form action="/login">
用户名 : <html:text property="userName" />
<html:errors property="userName" />
<br />
验证码:<input />
<img src="check"
title="看不清?单击换一张图片">
<html:errors property="checkCodeErr" /><p/>
<html:submit value="登录" />
</html:form>
</body>
</html>
注意:验证码的图片标签<img>中的src属性值为产生随机验证码的Servlet对应的映射路径,这样只要一打开页面图片就会显示,刷新也是一样。
<html:errors property="checkCodeErr" />用来显示验证出错的提示信息
产生随机验证码的Servlet代码如下,是从张孝祥老师的一本书中参考略做修改得来的,具体哪本书记不起来了。
package org.mfs.utils;
import Java.awt.Color;
import Java.awt.Font;
import Java.awt.Graphics;
import Java.awt.image.BufferedImage;
import Java.io.ByteArrayOutputStream;
import Java.io.IOException;
import Javax.imageio.ImageIO;
import Javax.servlet.ServletException;
import Javax.servlet.ServletOutputStream;
import Javax.servlet.http.HttpServlet;
import Javax.servlet.http.HttpServletRequest;
import Javax.servlet.http.HttpServletResponse;
import Javax.servlet.http.HttpSession;
@SuppressWarnings("serial")
public class CheckCodeServlet extends HttpServlet {
private static int WIDTH=60;
private static int HEIGHT=20;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession();
response.setContentType("image/jpeg");
ServletOutputStream sos = response.getOutputStream();
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
BufferedImage image = new BufferedImage(WIDTH,HEIGHT,BufferedImage.TYPE_INT_RGB);
Graphics g=image.getGraphics();
char[] rands = generateCheckCode();
drawBackground(g);
drawRands(g,rands);
g.dispose();
ByteArrayOutputStream bos= new ByteArrayOutputStream();
ImageIO.write(image,"JPEG",bos);
byte[] buf = bos.toByteArray();
response.setContentLength(buf.length);
sos.write(buf);
bos.close();
sos.close();
session.setAttribute("check_code", new String(rands));
}
private void drawBackground(Graphics g) ...{
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, WIDTH, HEIGHT);
for(int i=0;i<120;i++)...{
int x = (int)(Math.random()*WIDTH);
int y = (int)(Math.random()*HEIGHT);
int red = (int)(Math.random()*255);
int green = (int)(Math.random()*255);
int blue = (int)(Math.random()*255);
g.setColor(new Color(red,green,blue));
g.drawOval(x, y, 1, 0);
}
}
private void drawRands(Graphics g, char[] rands) ...{
g.setColor(Color.BLACK);
g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
g.drawString(""+rands[0], 1, 17);
g.drawString(""+rands[1], 16, 15);
g.drawString(""+rands[2], 31, 18);
g.drawString(""+rands[3], 46, 16);
}
private char[] generateCheckCode() ...{
String chars = "0123456789abcdefghijklmnopqrstuvwxyz";
char[] rands = new char[4];
for(int i=0;i<4;i++)...{
int rand = (int)(Math.random()*36);
rands[i]=chars.charAt(rand);
}
return rands;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException ...{
this.doGet(request, response);
}
}
CheckCodeServlet.Java在web.Xml中的映射路径设置:
<servlet>
<servlet-name>CheckCodeServlet</servlet-name>
<servlet-class>com..CheckCodeyame.utilsServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CheckCodeServlet</servlet-name>
<url-pattern>/check</url-pattern>
</servlet-mapping>
负责处理对比用户输入的验证码与session中验证码的Action代码如下:
package org.mfs.struts.action;
import Javax.servlet.http.HttpServletRequest;
import Javax.servlet.http.HttpServletResponse;
import Javax.servlet.http.HttpSession;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
public class LoginAction extends Action ...{
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response) ...{
// 验证随机验证码是否填写正确
String checkCode=request.getParameter("checkCode");
HttpSession session = request.getSession();
if(!checkCode.equals((String)session.getAttribute("check_code")))...{
// 加入错误提示信息
ActionMessages errors=new ActionMessages();
errors.add("checkCodeErr", new ActionMessage("error.checkCodeError"));
this.addErrors(request, errors);
// 出错则回到登录界面
return mapping.findForward("index");
}else
return mapping.findForward("success");
}
}
Struts配置文件:struts-config.Xml
<?Xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts-config PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 1.2//EN" "http://struts.apache.org/dtds/struts-config_1_2.dtd">
<struts-config>
<data-sources />
<form-beans >
<form-bean type="com.yame.struts.form.LoginForm" />
</form-beans>
<global-exceptions />
<global-forwards />
<action-mappings >
<action
attribute="loginForm"
input="/login.jsp"
path="/login"
scope="request"
type="com.yame.struts.action.LoginAction" >
<forward path="/login.jsp" />
<forward path="/welcome.jsp" />
</action>
</action-mappings>
<message-resources parameter="com.yame.struts.ApplicationResources" />
</struts-config>
资源文件ApplicationResources.properties中就一句:
error.checkCodeError=<font color=red>\u9a8c\u8bc1\u7801\u6709\u8bef!</font>
因为这里主要是为了介绍验证码,没对其它字段进行任何验证,当验证码出错则回到登录界面,并显示错误信息,正确则跳转到welcome.jsp,随便打印一句话。
welcome.jsp:
<%...@ page language="Java" import="Java.util.*" pageEncoding="UTF-8"%>
<%...
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'welcome.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
验证码验证成功!!
</body>
</html>
扫一扫
871
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
