Java Web登录页面验证码验证

一、验证码

验证码本质上是一张图片，图片内容会随着程序的运行而随机生成

验证码的作用：防止应用恶意发送数据，一定程度上避免了恶意程序对网站的攻击。
验证码本质上是一张图片，图片内容的准确解析不容易用程序来实现。
验证码的绘制：绘制验证码图片不仅仅需要随机生成要绘制的内容，同时要配合Java中与绘图有关的一套API来完成。

二、效果演示

验证码Demo

三、给出完整代码

(1)服务器端代码ActionServlet.java

package session;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
 * 服务器端合并Servlet
 * 
 * @author QianliangGuo
 */
public class ActionServlet extends HttpServlet {

	@Override
	protected void service(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {
		// 设置编码
		request.setCharacterEncoding("utf-8");
		// 获得session
		HttpSession session = request.getSession();
		//设置session超时时间为10秒
//		session.setMaxInactiveInterval(10);
		// 获得请求路径
		String uri = request.getRequestURI();
		// 拆分路径,只保留login.do中的login
		String action = uri.substring(uri.lastIndexOf("/") + 1,uri.lastIndexOf("."));
		// 判断请求路径是否为登录
		if (action.equals("login")) {
			String uname = request.getParameter("uname");
			String pwd = request.getParameter("pwd");
			//获得用户提交的验证码字符
			String vcode = request.getParameter("vcode");
			//获得session中存储的最新验证码字符
			String code = session.getAttribute("code").toString();
			if (code.equals(vcode) &&uname.equals("123") && pwd.equals("123") ) {
				// 将登录的用户绑定到session
				session.setAttribute("uname", uname);
				// 重定向到index.jsp
//				response.sendRedirect("index.jsp");
				//如果禁用了Cookie,使用URL重写
				response.sendRedirect(response.encodeRedirectURL("index.jsp"));
			} else {
				// 登录失败,就转发到login.jsp
				request.setAttribute("msg", "输入有误,请重新登录!");
				request.getRequestDispatcher("login.jsp").forward(request,response);
			}
		}else if(action.equals("logout")){
			//使session失效
			session.invalidate();
			response.sendRedirect("login.jsp");
		}
	}
}

(2)绘制验证码CodeServlet.java

package session;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Random;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
 * 绘制验证码
 * 
 * @author QianliangGuo
 */
public class CodeServlet extends HttpServlet {

	@Override
	protected void service(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
		//验证码的servlet
		//0.创建空白图片
		BufferedImage image = new BufferedImage(100,30,BufferedImage.TYPE_INT_RGB);
		//1.获取图片画笔
		Graphics g = image.getGraphics();
		Random r = new Random();
		//2.设置画笔颜色
		g.setColor(new Color(r.nextInt(255),r.nextInt(255),r.nextInt(255)));
		//3.绘制矩形的背景
		g.fillRect(0, 0, 100, 30);
		//4.调用自定义的方法,获取长度为5的字母数字组合的字符串
		String number = getNumber(5);
		//获得session
		HttpSession session = request.getSession();
		//设置sesssion失效时间为30秒
//		session.setMaxInactiveInterval(30);
		//将这5个随机字符绑定到session中
		session.setAttribute("code", number);
		g.setColor(new Color(0,0,0));
		g.setFont(new Font(null,Font.BOLD,24));
		//5.设置颜色字体后,绘制字符串
		g.drawString(number, 5, 25);
		//6.绘制8条干扰线
		for(int i=0;i<8;i++){
			g.setColor(new Color(r.nextInt(255),r.nextInt(255),r.nextInt(255),r.nextInt(255)));
			g.drawLine(r.nextInt(100), r.nextInt(30), r.nextInt(100), r.nextInt(30));
		}
		response.setContentType("img/jpeg");
		OutputStream ops = response.getOutputStream();
		ImageIO.write(image,"jpeg",ops);
		ops.close();
		
	}

	private String getNumber(int size) {
		String str = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
		String number = "";
		Random r = new Random();
		for(int i=0;i<size;i++){
			number+=str.charAt(r.nextInt(str.length()));
		}
		return number;
	}
}

(2)登录页面login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!-- 登录显示的页面 -->
<%
	Object msg = request.getAttribute("msg");
	if(msg!=null){
 %>
 <%=msg.toString() %>
 <%} %>
<html>
  <head>
  
  </head>
  
  <body>
   	<form action="login.do" method="post">
   		用户名:<input name="uname"/></br>
   		密码:<input name = "pwd" type="password"/> </br>
   		验证码:<input name="vcode"/>
   		<img src="code" onclick="this.src='code?'+Math.random();"
   			class="s1" title="点击更换"/><br/>
   		<input type="submit" value="登录"/>  	
   	</form>
   </body>
</html>

(3)展示验证码的页面validateCode.jsp

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!-- 展示验证码的页面 -->
<html>
  <head>
  	<title>验证码</title>
  	<!-- 鼠标移入图片,变成手状 -->
  	<style type="text/css">
  		.s1{
  			cursor:pointer;
  		}
  	</style>
  </head>
  <body>
  <!-- 单击时,重新向code发送请求,并添加随机数,欺骗浏览器为不同的地址 -->
  	<img src="code" onclick="this.src='code?'+Math.random();"
  	class="s1" title="点击更换"/>
  </body>
</html>

(5)index.jsp

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!-- 登录成功后的页面 -->
<%
	//小脚本:session验证
	Object uname = session.getAttribute("uname");
	if(uname == null){
		//重定向到login.jsp
		response.sendRedirect("login.jsp");
		return;
	}
 %>
 
<html>
  <head>
 
  </head>
  
  <body>
    <h1>欢迎登录:<%=uname.toString() %></h1>
    <a href="logout.do">退出</a>
  </body>
</html>