本文主要介绍jeecms中使用的验证码 jcapthcha.
这是个开源的软件,下载地址:
http://jcaptcha.sourceforge.net/
在jeecms中使用的版本是jcaptcha-1.0.jar.
- web.xml里的配置
- <servlet>
- <servlet-name>Jcaptcha</servlet-name>
- <servlet-class>com.jeecms.common.captcha.JcaptchaServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>Jcaptcha</servlet-name>
- <url-pattern>/captcha.svl</url-pattern>
- </servlet-mapping>
注意,这里的url使用的是/captcha.svl.
servlet JcaptchaServlet 重新写了生成图片的代码。
- login.html中的配置
- <span><<span class="start-tag">form</span>
- <span class="attribute-name">id</span>
- ="<a class="attribute-value">jvForm</a>
- " <span class="attribute-name">action</span>
- ="<a class="attribute-value">/login.jspx</a>
- " <span class="attribute-name">method</span>
- ="<a class="attribute-value">post</a>
- "></span>
- <span>
- ...</span>
- <td colspan="2"><img src="/captcha.svl" onclick="this.src='/captcha.svl?d='+new Date()*1"
- width="100" height="35"/></td>
- ...
- </form>
onclick 方法后面是如果点击此图片,则生成新的验证码图片。
- 验证码的处理类CasLoginAct.java
包路径:package com.jeecms.cms.action.member;
验证的代码如下:
- @RequestMapping(value = "/login.jspx", method = RequestMethod.POST)
- public String submit(String username, String password, String captcha,
- String processUrl, String returnUrl, String message,
- HttpServletRequest request, HttpServletResponse response,
- ModelMap model) {
- Integer errorRemaining = unifiedUserMng.errorRemaining(username);
- CmsSite site = CmsUtils.getSite(request);
- String sol = site.getSolutionPath();
- WebErrors errors = validateSubmit(username, password, captcha,
- errorRemaining, request, response);
- 。。。。。
- private WebErrors validateSubmit(String username, String password,
- String captcha, Integer errorRemaining, HttpServletRequest request,
- HttpServletResponse response) {
- WebErrors errors = WebErrors.create(request);
- if (errors.ifOutOfLength(username, "username", 1, 100)) {
- return errors;
- }
- if (errors.ifOutOfLength(password, "password", 1, 32)) {
- return errors;
- }
- // 如果输入了验证码,那么必须验证;如果没有输入验证码,则根据当前用户判断是否需要验证码。
- if (!StringUtils.isBlank(captcha)
- || (errorRemaining != null && errorRemaining < 0)) {
- if (errors.ifBlank(captcha, "captcha", 100)) {
- return errors;
- }
- try {
- if (!imageCaptchaService.validateResponseForID(session
- .getSessionId(request, response), captcha)) {
- errors.addErrorCode("error.invalidCaptcha");
- return errors;
- }
- } catch (CaptchaServiceException e) {
- errors.addErrorCode("error.exceptionCaptcha");
- log.warn("", e);
- return errors;
- }
- }
- return errors;
- }
- 。。。。
注意,image的生成和验证,是根据sessionid为标识的。
比如生成时的代码:
- String captchaId = session.getSessionId(request, response);
- BufferedImage challenge = captchaService.getImageChallengeForID(
- captchaId, request.getLocale());
- // Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
- ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);
验证时的代码:
- if (!imageCaptchaService.validateResponseForID(session
- .getSessionId(request, response), captcha)) {
- errors.addErrorCode("error.invalidCaptcha");
- return errors;