声明:本文转自《深入体验Java Web开发内幕》之核心基础一书,本书由张孝祥老师编著。
check_code_logon.html 是引用验证码图片的FORM表单页面。
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>验证登录页面</title>
</head>
<body>
<h3>带有验证码的登录页面 </h3>
<form action="LogonFormServlet" method="post">
用户名:<input type="text" name="name"><br>
密 码:<input type="password" name="pass"><br>
验证码:<input type="text" name="check_code">
<img src="CheckCodeServlet"><br>
<input type="submit" value="登录">
</form>
</body>
</html>
CheckCodeServlet.java 示例代码是用于产生带有随机验证码图片的Servlet程序。
package org.huxin;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.tomcat.util.http.fileupload.ByteArrayOutputStream;
/**
* Servlet implementation class CheckCodeServlet
*/
@WebServlet("/CheckCodeServlet")
public class CheckCodeServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public CheckCodeServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
private static int WIDTH = 60;
private static int HEIGHT = 20;
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
HttpSession session = request.getSession();
response.setContentType("image/jpeg");
ServletOutputStream sos = response.getOutputStream();
//设置浏览器不要缓存此图片
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
//创建内存图像并获得其图形上下文
BufferedImage image = new BufferedImage(WIDTH,HEIGHT,BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
//产生随机验证码
char [] rands = generateCheckCode();
//产生图像
drawBackground(g);
drawRands(g,rands);
//结束图像的绘制过程,完成图像
g.dispose();
//将图像输出到客户端
ByteArrayOutputStream bos =new ByteArrayOutputStream();
ImageIO.write(image, "JPEG", bos);
byte[] buf = bos.toByteArray();
response.setContentLength(buf.length);
//下面的语句也可写成:bos.writeTo(sos);
sos.write(buf);
bos.close();
sos.close();
//将当前验证码存入到Session中
session.setAttribute("check_code", new String(rands));
//直接使用下面的代码将有问题,Session对象必须在提交响应前获得
//request.getSession().setAttribute("check_code",new String(rands));
}
private char[] generateCheckCode(){
//定义验证码的字符表
String chars = "0123456789abcdefghijklmnopqrstuvwxyz";
char [] rands = new char[4];
for(int i=0;i<4;i++){
int rand=(int)(Math.random()*36);
rands[i] = chars.charAt(rand);
}
return rands;
}
private void drawRands(Graphics g,char[] rands){
g.setColor(Color.BLACK);
g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
//在不同的高度上输出验证码的每个字符
g.drawString(""+rands[0], 1, 17);
g.drawString(""+rands[1], 16, 15);
g.drawString(""+rands[2], 31, 18);
g.drawString(""+rands[3], 46, 16);
System.out.println(rands);
}
private void drawBackground(Graphics g){
//画背景
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, WIDTH, HEIGHT);
//随机产生120个干扰点
for(int i = 0;i < 120;i++){
int x = (int)(Math.random()*WIDTH);
int y = (int)(Math.random()*HEIGHT);
int red = (int)(Math.random()*255);
int green = (int)(Math.random()*255);
int blue = (int)(Math.random()*255);
g.setColor(new Color(red,green,blue));
g.drawOval(x, y, 1, 0);
}
}
}
LogonFormServlet.java示例代码是负责处理FORM表单请求的Servlet程序。
package org.huxin;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class LogonFormServlet
*/
@WebServlet("/LogonFormServlet")
public class LogonFormServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LogonFormServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#service(HttpServletRequest request, HttpServletResponse response)
*/
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(false);
if(session == null){
out.println("验证码处理问题!");
return ;
}
String savedCode = (String)session.getAttribute("check_code");
if(savedCode == null){
out.println("验证码处理问题!");
return;
}
String checkCode = request.getParameter("check_code");
if(!savedCode.equals(checkCode)){
/**
* 验证码未通过,不从Session中清除原来的验证码,
* 以便用户可以后退回登录页面继续使用原来的验证码进行登录
**/
out.println("验证码无效!");
return;
}
/**
* 验证码检查通过后,从Session中清除原来的验证码,
* 以防用户后退回登录页面继续使用原来的验证码进行登录
**/
session.removeAttribute("check_code");
out.println("验证码通过,服务器正在检验用户名和密码!");
}
}