使用session实现一次性验证码

Posted 2020-10-24 星朝

       在登录页面和各种页面，会看到有验证码输入，这样做的目的是为了防止密码猜测工具破解密码，保护了用户密码安全，验证码只能使用一次，这样就给密码猜测工具带来了很大的困难，基本上阻断了密码猜测工具的使用。

       可以使用session获得一次性验证码。先看一下登录页面，即显示验证码的页面，代码为：

[html] view plain copy

print?

1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">  
2. <html>  
3.   <head>  
4.     <title>CheckCode.html</title>  
5.     <meta http-equiv="content-type" content="text/html; charset=UTF-8">  
6.   </head>  
7.     
8.   <body>  
9.     <form action="/learnJS/servlet/LoginFormServlet" method="post">  
10.     用户名：<input type="text" name="name"/><br/>  
11.     密     码:<input type="password" name="pass"><br/>  
12.     验证码：<input type="text" name="check_code"/>  
13.     <img src="/learnJS/servlet/CheckCodeServlet"/><br/>  
14.    <input type="submit" name="登录"/>   
15.     </form>  
16.   </body>  
17. </html>  

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <title>CheckCode.html</title>    <meta http-equiv="content-type" content="text/html; charset=UTF-8">  </head>    <body>    <form action="/learnJS/servlet/LoginFormServlet" method="post">    用户名：<input type="text" name="name"/><br/>    密     码:<input type="password" name="pass"><br/>    验证码：<input type="text" name="check_code"/>    <img src="/learnJS/servlet/CheckCodeServlet"/><br/>   <input type="submit" name="登录"/>     </form>  </body></html>

验证码存放在一张图片上，那图片是通过servlet产生的，在servlet中先产生验证码存放到session中，供以后验证使用，然后在画一张图片，将验证码无规则的放在图片上，在图片上画上干扰字符，然后就可以啦。代码如下：

[java] view plain copy

print?

1. package com.you.servlet;  
2.   
3. import java.awt.Color;  
4. import java.awt.Font;  
5. import java.awt.Graphics;  
6. import java.awt.image.BufferedImage;  
7. import java.io.ByteArrayOutputStream;  
8. import java.io.IOException;  
9.   
10. import javax.imageio.ImageIO;  
11. import javax.servlet.ServletException;  
12. import javax.servlet.ServletOutputStream;  
13. import javax.servlet.http.HttpServlet;  
14. import javax.servlet.http.HttpServletRequest;  
15. import javax.servlet.http.HttpServletResponse;  
16. import javax.servlet.http.HttpSession;  
17.   
18. public class CheckCodeServlet extends HttpServlet {  
19.     private static int WIDTH = 60;  
20.     private static int HEIGHT = 20;  
21.   
22.     public void doGet(HttpServletRequest request, HttpServletResponse response)  
23.             throws ServletException, IOException {  
24.         HttpSession session = request.getSession();  
25.         response.setContentType("image/jpeg");  
26.         ServletOutputStream sos = response.getOutputStream();  
27.           
28.         //设置浏览器不要缓存此图片  
29.         response.setHeader("Pragma", "No-cache");  
30.         response.setHeader("Cache-Control", "no-cache");  
31.         response.setDateHeader("Expires", 0);  
32.           
33.         //创建内存图像并获得其图形上下文  
34.         BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);  
35.         Graphics g = image.getGraphics();  
36.           
37.         //产生随机的验证码  
38.         char[] rands = generateCheckCode();  
39.           
40.         //产生图像  
41.         drawBackground(g);  
42.         drawRands(g, rands);  
43.           
44.         //结束图像的绘制过程，完成图像  
45.         g.dispose();  
46.           
47.         //将图像输出到客户端  
48.         ByteArrayOutputStream bos = new ByteArrayOutputStream();  
49.         ImageIO.write(image, "JPEG", bos);  
50.         byte[] buf = bos.toByteArray();  
51.         response.setContentLength(buf.length);  
52.         sos.write(buf);  
53.         bos.close();  
54.         sos.close();  
55.           
56.         //将当前验证码存入到session中  
57.         session.setAttribute("check_code", new String(rands));  
58.   
59.     }  
60.   
61.     public void doPost(HttpServletRequest request, HttpServletResponse response)  
62.             throws ServletException, IOException {  
63.   
64.         doGet(request, response);  
65.     }  
66.       
67.     private char[] generateCheckCode() {  
68.         //定义验证码的字符集  
69.         String chars = "0123456789abcdefghigklmnopqrstuvwxyz";  
70.         char[] rands = new char[4];  
71.         for(int i = 0; i < 4; i++) {  
72.             int rand = (int)(Math.random() * 36);  
73.             rands[i] = chars.charAt(rand);  
74.         }  
75.         return rands;  
76.     }  
77.       
78.     private void drawRands(Graphics g, char[] rands) {  
79.         g.setColor(Color.BLACK);  
80.         g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));  
81.         //在不同的高度上输出验证码的每个字符  
82.         g.drawString("" + rands[0], 1, 17);  
83.         g.drawString("" + rands[1], 16, 15);  
84.         g.drawString("" + rands[2], 31, 18);  
85.         g.drawString("" + rands[3], 46, 16);  
86.         System.out.println(rands);  
87.     }  
88.       
89.     private void drawBackground(Graphics g) {  
90.         //画背景  
91.         g.setColor(new Color(0xDCDCDC));  
92.         g.fillRect(0, 0, WIDTH, HEIGHT);  
93.         //随机产生120个干扰点   
94.         for(int i = 0; i < 120; i++) {  
95.             int x = (int)(Math.random() * WIDTH);  
96.             int y = (int)(Math.random() * HEIGHT);  
97.             int red = (int)(Math.random() * 255);  
98.             int green = (int)(Math.random() * 255);  
99.             int blue = (int)(Math.random() * 255);  
100.             g.setColor(new Color(red, green, blue));  
101.             g.drawOval(x, y, 1, 0);  
102.         }  
103.     }  
104.   
105. }  

package com.you.servlet;import java.awt.Color;import java.awt.Font;import java.awt.Graphics;import java.awt.image.BufferedImage;import java.io.ByteArrayOutputStream;import java.io.IOException;import javax.imageio.ImageIO;import javax.servlet.ServletException;import javax.servlet.ServletOutputStream;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class CheckCodeServlet extends HttpServlet {    private static int WIDTH = 60;    private static int HEIGHT = 20;    public void doGet(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        HttpSession session = request.getSession();        response.setContentType("image/jpeg");        ServletOutputStream sos = response.getOutputStream();                //设置浏览器不要缓存此图片        response.setHeader("Pragma", "No-cache");        response.setHeader("Cache-Control", "no-cache");        response.setDateHeader("Expires", 0);                //创建内存图像并获得其图形上下文        BufferedImage image = new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);        Graphics g = image.getGraphics();                //产生随机的验证码        char[] rands = generateCheckCode();                //产生图像        drawBackground(g);        drawRands(g, rands);                //结束图像的绘制过程，完成图像        g.dispose();                //将图像输出到客户端        ByteArrayOutputStream bos = new ByteArrayOutputStream();        ImageIO.write(image, "JPEG", bos);        byte[] buf = bos.toByteArray();        response.setContentLength(buf.length);        sos.write(buf);        bos.close();        sos.close();                //将当前验证码存入到session中        session.setAttribute("check_code", new String(rands));    }    public void doPost(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        doGet(request, response);    }        private char[] generateCheckCode() {        //定义验证码的字符集        String chars = "0123456789abcdefghigklmnopqrstuvwxyz";        char[] rands = new char[4];        for(int i = 0; i < 4; i++) {            int rand = (int)(Math.random() * 36);            rands[i] = chars.charAt(rand);        }        return rands;    }        private void drawRands(Graphics g, char[] rands) {        g.setColor(Color.BLACK);        g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));        //在不同的高度上输出验证码的每个字符        g.drawString("" + rands[0], 1, 17);        g.drawString("" + rands[1], 16, 15);        g.drawString("" + rands[2], 31, 18);        g.drawString("" + rands[3], 46, 16);        System.out.println(rands);    }        private void drawBackground(Graphics g) {        //画背景        g.setColor(new Color(0xDCDCDC));        g.fillRect(0, 0, WIDTH, HEIGHT);        //随机产生120个干扰点         for(int i = 0; i < 120; i++) {            int x = (int)(Math.random() * WIDTH);            int y = (int)(Math.random() * HEIGHT);            int red = (int)(Math.random() * 255);            int green = (int)(Math.random() * 255);            int blue = (int)(Math.random() * 255);            g.setColor(new Color(red, green, blue));            g.drawOval(x, y, 1, 0);        }    }}

然后是登录之后处理用户是否登录成功的servlet，在这个servlet中通过比较session中存放的验证码和用户输入的验证码，如果匹配则进行下一步判断，如果不匹配直接输出验证码不匹配的问题。代码为：

[java] view plain copy

print?

1. package com.you.servlet;  
2.   
3. import java.io.IOException;  
4. import java.io.PrintWriter;  
5.   
6. import javax.servlet.ServletException;  
7. import javax.servlet.http.HttpServlet;  
8. import javax.servlet.http.HttpServletRequest;  
9. import javax.servlet.http.HttpServletResponse;  
10. import javax.servlet.http.HttpSession;  
11.   
12. public class LoginFormServlet extends HttpServlet {  
13.   
14.     public void doGet(HttpServletRequest request, HttpServletResponse response)  
15.             throws ServletException, IOException {  
16.         response.setContentType("text/html;charset=utf-8");  
17.         PrintWriter out = response.getWriter();  
18.           
19.         HttpSession session = request.getSession(false);  
20.         if(session == null) {  
21.             out.print("验证码处理问题");  
22.             return;  
23.         }  
24.           
25.         String saveCode = (String)session.getAttribute("check_code");  
26.         if(saveCode == null) {  
27.             out.print("验证码处理问题");  
28.             return;  
29.         }  
30.           
31.         String checkCode = request.getParameter("check_code");  
32.         if(!saveCode.equals(checkCode)) {  
33.             out.print("验证码无效!");  
34.             return;  
35.         }  
36.           
37.         session.removeAttribute("check_code");  
38.         out.print("验证码通过，服务器正在校验用户名和密码！");  
39.   
40.     }  
41.   
42.     public void doPost(HttpServletRequest request, HttpServletResponse response)  
43.             throws ServletException, IOException {  
44.   
45.         doGet(request, response);  
46.     }  
47.   
48. }  

package com.you.servlet;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class LoginFormServlet extends HttpServlet {    public void doGet(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        response.setContentType("text/html;charset=utf-8");        PrintWriter out = response.getWriter();                HttpSession session = request.getSession(false);        if(session == null) {            out.print("验证码处理问题");            return;        }                String saveCode = (String)session.getAttribute("check_code");        if(saveCode == null) {            out.print("验证码处理问题");            return;        }                String checkCode = request.getParameter("check_code");        if(!saveCode.equals(checkCode)) {            out.print("验证码无效!");            return;        }                session.removeAttribute("check_code");        out.print("验证码通过，服务器正在校验用户名和密码！");    }    public void doPost(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        doGet(request, response);    }}