对于一些恶意强暴破解密码的行为(即通过硬性尝试用户名密码进行破解),可以采用验证码对其进行抵御,对于一些程序可以识别验证码,则需要对验证码形式进行多样化设计。
用户登录时设置验证码代码实现:
页面
<script type="text/javascript">
function _change() {
var imgEle = document.getElementById("img");
imgEle.src = "${pageContext.request.contextPath }/user_getVerify.action?a="
+ new Date().getTime();
}
</script>
<BODY>
<FORM id=form1 name=form1 action="${pageContext.request.contextPath }/user_login.action" method="post">
<TR>
<TD style="HEIGHT: 28px">验证码:</TD>
<TD style="HEIGHT: 28px">
<input type="text" name="verifyCode" size="1"/>
<img id="img" src="${pageContext.request.contextPath }/user_getVerify.action">
<br/>
<a href="javascript:_change()">换一张</a>
</TD>
<a href="#"></a>
<TD style="HEIGHT: 28px"><SPAN id=RequiredFieldValidator4
style="FONT-WEIGHT: bold; VISIBILITY: hidden; COLOR: white">请输入验证码</SPAN></TD></TR>
<TR>
</FORM></BODY>
2.action操作
//获得验证码
public void getVerify() throws IOException{
HttpServletRequest request=ServletActionContext.getRequest();
HttpServletResponse response=ServletActionContext.getResponse();
VerifyCode vc=new VerifyCode();
BufferedImage p_w_picpath=vc.getImage();//获得图片
request.getSession().setAttribute("session_vcode",vc.getText());//将验证码内容放在域对象里面
VerifyCode.output(p_w_picpath, response.getOutputStream());
}
public String login(){
HttpServletRequest request=ServletActionContext.getRequest();
String sessionCode = (String) request.getSession().getAttribute("session_vcode");
String paramCode = request.getParameter("verifyCode");
if(!paramCode.equalsIgnoreCase(sessionCode)){
request.setAttribute("msg", "验证码错误!");
return "login";
}
User userExit=userService.login(user);
if(userExit!=null){
if(!userExit.isState())
{
request.setAttribute("msg", "您尚未激活,请到邮箱"+userExit.getEmail()+"激活!");
return "loginerror";
}
request=ServletActionContext.getRequest();
request.getSession().setAttribute("user", userExit);
return "loginsuccess";
}else{
return "login";
}
}
3.验证码代码实现
import java.awt.BasicStroke;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics2D;
import java.awt.p_w_picpath.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Random;
import javax.p_w_picpathio.ImageIO;
public class VerifyCode {
private int w = 70;
private int h = 35;
private Random r = new Random();
// {"宋体", "华文楷体", "黑体", "华文新魏", "华文隶书", "微软雅黑", "楷体_GB2312"}
private String[] fontNames = {"宋体", "华文楷体", "黑体", "微软雅黑", "楷体_GB2312"};
// 可选字符
private String codes = "23456789abcdefghjkmnopqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ";
// 背景色
private Color bgColor = new Color(255, 255, 255);
// 验证码上的文本
private String text ;
// 生成随机的颜色
private Color randomColor () {
int red = r.nextInt(150);
int green = r.nextInt(150);
int blue = r.nextInt(150);
return new Color(red, green, blue);
}
// 生成随机的字体
private Font randomFont () {
int index = r.nextInt(fontNames.length);
String fontName = fontNames[index];//生成随机的字体名称
int style = r.nextInt(4);//生成随机的样式, 0(无样式), 1(粗体), 2(斜体), 3(粗体+斜体)
int size = r.nextInt(5) + 24; //生成随机字号, 24 ~ 28
return new Font(fontName, style, size);
}
// 画干扰线
private void drawLine (BufferedImage p_w_picpath) {
int num = 3;//一共画3条
Graphics2D g2 = (Graphics2D)p_w_picpath.getGraphics();
for(int i = 0; i < num; i++) {//生成两个点的坐标,即4个值
int x1 = r.nextInt(w);
int y1 = r.nextInt(h);
int x2 = r.nextInt(w);
int y2 = r.nextInt(h);
g2.setStroke(new BasicStroke(1.5F));
g2.setColor(Color.BLUE); //干扰线是蓝色
g2.drawLine(x1, y1, x2, y2);//画线
}
}
// 随机生成一个字符
private char randomChar () {
int index = r.nextInt(codes.length());
return codes.charAt(index);
}
// 创建BufferedImage
private BufferedImage createImage () {
BufferedImage p_w_picpath = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB);
Graphics2D g2 = (Graphics2D)p_w_picpath.getGraphics();
g2.setColor(this.bgColor);
g2.fillRect(0, 0, w, h);
return p_w_picpath;
}
// 调用这个方法得到验证码
public BufferedImage getImage () {
BufferedImage p_w_picpath = createImage();//创建图片缓冲区
Graphics2D g2 = (Graphics2D)p_w_picpath.getGraphics();//得到绘制环境
StringBuilder sb = new StringBuilder();//用来装载生成的验证码文本
// 向图片中画4个字符
for(int i = 0; i < 4; i++) {//循环四次,每次生成一个字符
String s = randomChar() + "";//随机生成一个字母
sb.append(s); //把字母添加到sb中
float x = i * 1.0F * w / 4; //设置当前字符的x轴坐标
g2.setFont(randomFont()); //设置随机字体
g2.setColor(randomColor()); //设置随机颜色
g2.drawString(s, x, h-5); //画图
}
this.text = sb.toString(); //把生成的字符串赋给了this.text
drawLine(p_w_picpath); //添加干扰线
return p_w_picpath;
}
// 返回验证码图片上的文本
public String getText () {
return text;
}
// 保存图片到指定的输出流
public static void output (BufferedImage p_w_picpath, OutputStream out)
throws IOException {
ImageIO.write(p_w_picpath, "JPEG", out);
}
}
4.效果
转载于:https://blog.51cto.com/qinbin/1928345