利用Session实现一次性验证码

最新推荐文章于 2022-05-18 15:20:22 发布

xh078910

最新推荐文章于 2022-05-18 15:20:22 发布

阅读量616

点赞数 1

分类专栏： java javascript 学习文章标签： java web java session

java javascript 学习专栏收录该内容

4 篇文章 0 订阅

订阅专栏

声明：本文转自《深入体验Java Web开发内幕》之核心基础一书，本书由张孝祥老师编著。

check_code_logon.html 是引用验证码图片的FORM表单页面。

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>验证登录页面</title>
</head>
<body>
<h3>带有验证码的登录页面 </h3>
<form action="LogonFormServlet" method="post">
用户名：<input type="text" name="name"><br>
密    码：<input type="password" name="pass"><br>
验证码：<input type="text" name="check_code">
<img src="CheckCodeServlet"><br>
<input type="submit" value="登录">
</form>
</body>
</html>

CheckCodeServlet.java 示例代码是用于产生带有随机验证码图片的Servlet程序。

package org.huxin;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.tomcat.util.http.fileupload.ByteArrayOutputStream;

/**
 * Servlet implementation class CheckCodeServlet
 */
@WebServlet("/CheckCodeServlet")
public class CheckCodeServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public CheckCodeServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
    
    private static int WIDTH = 60;
    private static int HEIGHT = 20;
    
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		HttpSession session = request.getSession();
		response.setContentType("image/jpeg");
		ServletOutputStream sos = response.getOutputStream();
		
		//设置浏览器不要缓存此图片
		response.setHeader("Pragma", "No-cache");
		response.setHeader("Cache-Control", "no-cache");
		response.setDateHeader("Expires", 0);
		
		//创建内存图像并获得其图形上下文
		BufferedImage image = new BufferedImage(WIDTH,HEIGHT,BufferedImage.TYPE_INT_RGB);
		Graphics g = image.getGraphics();
		
		//产生随机验证码
		char [] rands = generateCheckCode();
		
		//产生图像
		drawBackground(g);
		drawRands(g,rands);
		
		//结束图像的绘制过程，完成图像
		g.dispose();
		
		//将图像输出到客户端
		ByteArrayOutputStream bos =new ByteArrayOutputStream();
		ImageIO.write(image, "JPEG", bos);
		byte[] buf = bos.toByteArray();
		response.setContentLength(buf.length);
		//下面的语句也可写成：bos.writeTo(sos);
		sos.write(buf);
		bos.close();
		sos.close();
		
		//将当前验证码存入到Session中
		session.setAttribute("check_code", new String(rands));
		//直接使用下面的代码将有问题，Session对象必须在提交响应前获得
		//request.getSession().setAttribute("check_code",new String(rands));
		
	}
	
	private char[] generateCheckCode(){
		//定义验证码的字符表
		String chars = "0123456789abcdefghijklmnopqrstuvwxyz";
		char [] rands = new char[4];
		for(int i=0;i<4;i++){
			int rand=(int)(Math.random()*36);
			rands[i] = chars.charAt(rand);
		}
		return rands;
	}
	
	private void drawRands(Graphics g,char[] rands){
		g.setColor(Color.BLACK);
		g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
		//在不同的高度上输出验证码的每个字符
		g.drawString(""+rands[0], 1, 17);
		g.drawString(""+rands[1], 16, 15);
		g.drawString(""+rands[2], 31, 18);
		g.drawString(""+rands[3], 46, 16);
		System.out.println(rands);
	}
	
	private void drawBackground(Graphics g){
		//画背景
		g.setColor(new Color(0xDCDCDC));
		g.fillRect(0, 0, WIDTH, HEIGHT);
		//随机产生120个干扰点
		for(int i = 0;i < 120;i++){
			int x = (int)(Math.random()*WIDTH);
			int y = (int)(Math.random()*HEIGHT);
			int red = (int)(Math.random()*255);
			int green = (int)(Math.random()*255);
			int blue = (int)(Math.random()*255);
			g.setColor(new Color(red,green,blue));
			g.drawOval(x, y, 1, 0);
			
		}
	}

}

LogonFormServlet.java示例代码是负责处理FORM表单请求的Servlet程序。

package org.huxin;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * Servlet implementation class LogonFormServlet
 */
@WebServlet("/LogonFormServlet")
public class LogonFormServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    /**
     * @see HttpServlet#HttpServlet()
     */
    public LogonFormServlet() {
        super();
        // TODO Auto-generated constructor stub
    }

	/**
	 * @see HttpServlet#service(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		response.setContentType("text/html;charset=utf-8");
		PrintWriter out = response.getWriter();
		
		HttpSession session = request.getSession(false);
		if(session == null){
			out.println("验证码处理问题！");
			return ;
		}
		
		String savedCode = (String)session.getAttribute("check_code");
		if(savedCode == null){
			out.println("验证码处理问题！");
			return;
		}
		
		String checkCode = request.getParameter("check_code");
		if(!savedCode.equals(checkCode)){
			/**
			 * 验证码未通过，不从Session中清除原来的验证码，
			 * 以便用户可以后退回登录页面继续使用原来的验证码进行登录
			 **/
			out.println("验证码无效！");
			return;
		}
		
		/**
		 * 验证码检查通过后，从Session中清除原来的验证码，
		 * 以防用户后退回登录页面继续使用原来的验证码进行登录
		 **/
		session.removeAttribute("check_code");
		out.println("验证码通过，服务器正在检验用户名和密码！");
	}

}