在web应用程序的登录中,主要通过对用户密码进行验证来识别用户。为了增加密码破解的难度,提出了图形验证码,图形验证码是在服务器端生成的随机信息。对于破解程序,增加了破解难度。同样,在注册模块和登陆模块下引入图形验证码,可以有效的防止通过程序恶意注册和登录的用户。
图形验证码通常有服务器端生成并保存的,登录或注册时将用户输入的验证码和服务器端保存的验证码进行比对。
目录
一、图形验证码的生成
1.验证码生成,可以通过servlet、javabean或jsp完成
2.在页面中显示,通过img标签来显示servlet产生的图形验证码
3.验证,获取用户输入的验证码,从session中获取验证码,两者进行比对。
二、图形验证码实例--带有图形验证码的登录模块
分为四个部分,两个jsp文件,两个servlet类,jsp负责信息的获取与登录成功的显示,servlet负责图形验证码的生成与验证。
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>带有图形验证码的登陆界面</title>
</head>
<script>
function refresh(){
document.getElementById("img1").src="../checkcode?a="+Math.random();
}
</script>
<body>
<p>带有图形验证码的登陆界面</p>
<hr>
<%request.setCharacterEncoding("UTF-8");%>
<form method="post" name="form1">
<table>
<tr><td>用户名</td><td><input name="userid" onclick="mes.innerHTML=''" value="${param.useid}"/></td></tr>
<tr><td>密码</td><td><input type="password" name="userpwd" value="${param.userpwd}"/></td></tr>
<tr><td>验证码</td><td><input name="checkcode"/></td>
<td><img border="0" src="../checkcode" id="img1"/></td><td><input type="submit" value="换一张" onclick="refresh()"/></td></tr>
<tr><td><input type="submit" value="登陆" onclick="form1.action='../logcheck'"/></td><td><input type="reset" value="取消"/></td></tr>
</table>
<div id="mes">${info}</div>
</form>
</body>
</html>
package a01a;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class a01a_checkcode
*/
@WebServlet("/checkcode")
public class a01a_checkcode extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public a01a_checkcode() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.setContentType("image/jpeg");
HttpSession session=request.getSession();
int width=60;
int height=20;
//设置浏览器不缓存此图片
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
//创建内存图像并获得其图形上下文
BufferedImage image=new BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);
Graphics g=image.getGraphics();
//生成随机验证码,字符从chars中选取,chars可随意定义
String chars="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
char[] rands=new char[4];
for(int i=0;i<4;i++)
{
int rand=(int)(Math.random()*36);
rands[i]=chars.charAt(rand);
}
//生成图画,背景
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, width, height);
for(int i=0;i<120;i++)
{
int x=(int)(Math.random()*width);
int y=(int)(Math.random()*height);
int red=(int)(Math.random()*255);
int green=(int)(Math.random()*255);
int blue=(int)(Math.random()*255);
g.setColor(new Color(red,green,blue));
g.drawOval(x, y, 1, 0);
}
g.setColor(Color.BLACK);
g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
//在不同位置输出验证码的字符
g.drawString(""+rands[0], 1, 17);
g.drawString(""+rands[1], 16, 15);
g.drawString(""+rands[2], 31, 18);
g.drawString(""+rands[3], 46, 16);
//将图像输出到客户端
ServletOutputStream sos=response.getOutputStream();
ByteArrayOutputStream baos=new ByteArrayOutputStream();
ImageIO.write(image, "JPEG", baos);
byte[] buffer=baos.toByteArray();
response.setContentLength(buffer.length);
sos.write(buffer);
baos.close();
sos.close();
session.setAttribute("checkCode", new String(rands));
}
}
package a01a;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class a01a_logcheck
*/
@WebServlet("/logcheck")
public class a01a_logcheck extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public a01a_logcheck() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
request.setCharacterEncoding("UTF-8");
String userid=request.getParameter("userid");
String userpwd=request.getParameter("userpwd");
String usercheckcode=request.getParameter("checkcode");
String info="";
HttpSession session=request.getSession();
String servercheckcode=(String)session.getAttribute("checkCode");
if(!servercheckcode.equalsIgnoreCase(usercheckcode))
{
info="验证码不正确";
request.setAttribute("info", info);
request.getRequestDispatcher("/a01a/a01a_login.jsp").forward(request,response);
}
else if(userid.equals("张三")&&userpwd.equals("123"))
{
info="登录成功";
request.setAttribute("info", info);
request.getRequestDispatcher("/a01a/a01a_show.jsp").forward(request, response);
}
else
{
info="用户名或密码错误";
request.setAttribute("info", info);
request.getRequestDispatcher("/a01a/a01a_login.jsp").forward(request, response);
}
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录成功</title>
</head>
<body>
<p>登录成功</p>
<hr>
</body>
</html>