即使是最简单的验证码也能有效的避免脚本攻击。
先写一个类来生成验证码,然后再写一个servlet传递生成的验证码图片,在界面上最好用onclick刷新,提升用户体验。
2.
下面直接展示生成验证码代码:
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics2D;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Random;
import javax.imageio.ImageIO;
//验证码设置
public class VerifyCode {
//验证码字符串
public static final char[] CHARS = { '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M',
'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
public static Random random = new Random();
public String getRandomString() {
StringBuffer buffer = new StringBuffer();
for (int i = 0; i < 4; i++) {//随机抽取四个字符
buffer.append(CHARS[random.nextInt(CHARS.length)]);
}
return buffer.toString();
}
public Color getRandomColor() {
return new Color(random.nextInt(255), random.nextInt(255), random
.nextInt(255));
}
public Color getReverseColor(Color c) {//颜色
return new Color(255 - c.getRed(), 255 - c.getGreen(), 255 - c
.getBlue());
}
String text = getRandomString();
public String getText() {
return text;
}
public BufferedImage getImage(int width,int height ){
Color color = getRandomColor();
Color reverse = getReverseColor(color);
BufferedImage bi = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
Graphics2D g = bi.createGraphics();//绘图
g.setFont(new Font(Font.SANS_SERIF, Font.BOLD, 20));//设置字体大小
g.setColor(color);
g.fillRect(0, 0, width, height);
g.setColor(reverse);
g.drawString(text, 10, 22);
for (int i = 0, n = random.nextInt(80); i < n; i++) {
g.drawRect(random.nextInt(width), random.nextInt(height), 1, 1);
}
return bi;
}
public static void output(BufferedImage image, OutputStream out) throws IOException{
ImageIO.write(image, "JPEG", out);//打印出生成的图片
}
}
servlet代码:
import com.czq.utils.VerifyCode;
import java.awt.image.BufferedImage;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet(name = "CodeServlet",urlPatterns = "/verify")
public class VerifyCodeServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
VerifyCode vc = new VerifyCode();
BufferedImage image = vc.getImage(90,30);//图片大小
request.getSession().setAttribute("sessionverify", vc.getText());
VerifyCode.output(image, response.getOutputStream());//输出图片
}
}
效果如下:
再写登录验证的时候把前端传的值和
标注的属性验证比对即可。
若有兴趣还可以写汉字验证,记得设置编码即可。。。。。