验证码及它的作用
验证码为全自动区分计算机和人类的图灵测试的缩写,是一种区分用户是计算机的公共全自动程序,这个问题可以由计算机生成并评判,但是必须只有人类才能解答.可以防止恶意破解密码、刷票、论坛灌水、有效防止某个黑客对某一个特定注册用户用特定程序暴力破解方式进行不断的登录。
图文验证码的原理
在servlet中随机生成一个指定位置的验证码,一般为四位,然后把该验证码保存到session中.在通过Java的绘图类以图片的形式输出该验证码。为了增加验证码的安全级别,可以输出图片的同时输出干扰线,最后在用户提交数据的时候,在服务器端将用户提交的验证码和Session保存的验证码进行比较。
实现方式总结
1 验证码生成类RandomCode
RandomCode是一个生成验证码的工具类,支持英文和数字验证码,验证码包括英文大小写和数组,其中英文i、o和数字0、1因为容易产生混淆,不包括在生成验证码中。RandomCode支持输出jpg/bmp/png/gif图片格式的验证码。
public class RandomCode {
private static String base = "abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789";
private int length = 4;
private String code;
public RandomCode(){
this.code = RandomCode.randomString(this.length);
}
public RandomCode(int length){
if(length > 0){
this.length = length;
}
this.code = RandomCode.randomString(this.length);
}
public BufferedImage toImage(int width, int height){
return RandomCode.toImage(this.code, width, height);
}
public void write(int width, int height, OutputStream os) throws IOException{
RandomCode.write(code, width, height, os, "jpeg");
}
public void write(int width, int height, OutputStream os, String format) throws IOException{
RandomCode.write(code, width, height, os, format);
}
public int getLength() {
return length;
}
public String getCode() {
return code;
}
public static String randomString(int length){
Random random = new Random();
StringBuffer sb = new StringBuffer();
for(int i = 0; i < length; i++){
sb.append(base.charAt(random.nextInt(base.length())));
}
return sb.toString();
}
public static void write(String code, int width, int height, OutputStream os, String format) throws IOException{
BufferedImage image = toImage(code, width, height);
ImageIO.write(image, format, os);
}
public static void write(String code, int width, int height, OutputStream os) throws IOException{
write(code, width, height, os, "jpeg");
}
public static BufferedImage toImage(String code, int width, int height){
//字体大小
int fontSize = (int)Math.ceil(height * 0.9);
if(fontSize < 20){
fontSize = 20;
}
//字体在Y坐标上的位置
int positionY = (int)Math.ceil(height * 0.8);
int lenCode = code.length();
//计算字体宽度
int fontWidth = width / (lenCode + 2);
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR);
Graphics g = image.getGraphics();
//图片背景随机颜色
g.setColor(randomColor(new Random(), 200, 250));
g.fillRect(0, 0, width, height);
//设置字体
g.setFont(new Font("Times New Roman", Font.BOLD, fontSize));
//在图片上画纵横交错的线,达到混淆效果
drawLines(g, width, height);
//在图片上画验证码
drawString(g, code, fontWidth, positionY);
g.dispose();
return image;
}
private static void drawString(Graphics g, String code, int fontWidth, int positionY){
int len = code.length();
Random random = new Random();
for(int i = 0; i < len; i++){
g.setColor(randomColor(random));
g.drawString(String.valueOf(code.charAt(i)), (i + 1) * fontWidth, positionY);
}
}
private static Color randomColor(Random random){
int r = random.nextInt(255);
int g = random.nextInt(255);
int b = random.nextInt(255);
return new Color(r, g, b);
}
private static Color randomColor(Random random, int fc, int bc){
if(fc > 255){
fc = 255;
}
if(bc > 255){
bc = 255;
}
int diff = bc-fc;
int r = fc + random.nextInt(diff);
int g = fc + random.nextInt(diff);
int b = fc + random.nextInt(diff);
return new Color(r,g,b);
}
private static void drawLines(Graphics g, int width, int height){
Random random = new Random();
//线的数量
int count = ((int)(Math.ceil(random.nextDouble() * 100))) + 100;
for(int i = 0; i < count; i++){
int fc = 160 + (int)Math.ceil(random.nextDouble() * 40);
int bc = 200 + (int)Math.ceil(random.nextDouble() * 55);
g.setColor(randomColor(random, fc, bc));
int x = random.nextInt(width);
int y = random.nextInt(height);
int xl = random.nextInt(width / 5);
int yl = random.nextInt(height / 5);
g.drawLine(x, y, x + xl, y + yl);
}
}
}
2 Servlet返回验证码
请求路径http://<网站路径>/random/code/servlet
@WebServlet("/random/code/servlet")
public class RandomCodeServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 验证码图片宽度,单位像素
int width = 120;
// 验证码图片高度,单位像素
int height = 30;
// 验证码图片格式
String format = "png";
// 验证码字符长度
int len = 4;
// 设置图片格式
response.setContentType("image/" + format);
// 禁止浏览器缓存图片
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
String code = RandomCode.randomString(len);
// 把图片输出到response输出流
RandomCode.write(code, width, height, response.getOutputStream(), format);
}
}
3 Strust2返回验证码
public class RandomCodeAction extends ActionSupport {
private static final long serialVersionUID = -7515645222798283236L;
public void generateCode() {
HttpServletResponse response = ServletActionContext.getResponse();
// 验证码图片宽度,单位像素
int width = 120;
// 验证码图片高度,单位像素
int height = 30;
// 验证码图片格式
String format = "png";
// 验证码字符长度
int len = 4;
// 设置图片格式
response.setContentType("image/" + format);
// 禁止浏览器缓存图片
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
String code = RandomCode.randomString(len);
// 把图片输出到response输出流
try {
RandomCode.write(code, width, height, response.getOutputStream(), format);
} catch (IOException e) {
e.printStackTrace();
}
}
}
Struts2的验证码配置
<package name="pkg-random-code" namespace="/" extends="struts-default">
<action name="randomCode_*" method="{1}" class="com.rhui.web.action.RandomCodeAction"></action>
</package>
请求路径http://<网站路径>/randomCode_generateCode.do
4 SpringMVC返回验证码
请求路径http://<网站路径>/random/code/generate.do
package com.rhui.web.controller;
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import com.rhui.util.RandomCode;
@Controller
@RequestMapping("/random/code")
public class RandomCodeController {
@RequestMapping("/generate.do")
public void generateCode(HttpServletResponse response) {
// 验证码图片宽度,单位像素
int width = 120;
// 验证码图片高度,单位像素
int height = 30;
// 验证码图片格式
String format = "png";
// 验证码字符长度
int len = 4;
// 设置图片格式
response.setContentType("image/" + format);
// 禁止浏览器缓存图片
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
String code = RandomCode.randomString(len);
// 把图片输出到response输出流
try {
RandomCode.write(code, width, height, response.getOutputStream(), format);
} catch (IOException e) {
e.printStackTrace();
}
}
}