struts2中使用的验证码

来源：互联网发布：vip域名后缀可以备案编辑：程序博客网时间：2024/05/20 19:47

对于验证码，必须采用一张临时图片来显示随机验证码，万不可采用直接在HTML页面中输入验证码，也不可使用固定的图片来显示随机验证码！！！

因为Cracker很容易根据页面源代码来取得随机验证码的字符串，从而失去验证码的用途。不仅如此，甚至图形验证码的数字也不能太清楚，一旦图形验证码的图片太清楚，Crack程序也可分析出该图片中的随机字符串！！

生成验证码的Servlet：

Java代码

package com.nongzi.util;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.awt.*;
import java.awt.image.*;
import java.util.*;
import javax.imageio.*;
public class AuthImg extends HttpServlet
{
//定义图形验证码中绘制字符的字体
private final Font mFont =
new Font("Arial Black", Font.PLAIN, 16);
//定义图形验证码的大小
private final int IMG_WIDTH = 100;
private final int IMG_HEIGTH = 18;
//定义一个获取随机颜色的方法
private Color getRandColor(int fc,int bc)
{
Random random = new Random();
if(fc > 255) fc = 255;
if(bc > 255) bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
//得到随机颜色
return new Color(r , g , b);
}
//重写service方法，生成对客户端的响应
public void service(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
//设置禁止缓存
response.setHeader("Pragma","No-cache");
response.setHeader("Cache-Control","no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("image/jpeg");
BufferedImage image = new BufferedImage
(IMG_WIDTH , IMG_HEIGTH , BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
Random random = new Random();
g.setColor(getRandColor(200 , 250));
//填充背景色
g.fillRect(1, 1, IMG_WIDTH - 1, IMG_HEIGTH - 1);
//为图形验证码绘制边框
g.setColor(new Color(102 , 102 , 102));
g.drawRect(0, 0, IMG_WIDTH - 1, IMG_HEIGTH - 1);
g.setColor(getRandColor(160,200));
//生成随机干扰线
for (int i = 0 ; i < 80 ; i++)
{
int x = random.nextInt(IMG_WIDTH - 1);
int y = random.nextInt(IMG_HEIGTH - 1);
int xl = random.nextInt(6) + 1;
int yl = random.nextInt(12) + 1;
g.drawLine(x , y , x + xl , y + yl);
}
g.setColor(getRandColor(160,200));
//生成随机干扰线
for (int i = 0 ; i < 80 ; i++)
{
int x = random.nextInt(IMG_WIDTH - 1);
int y = random.nextInt(IMG_HEIGTH - 1);
int xl = random.nextInt(12) + 1;
int yl = random.nextInt(6) + 1;
g.drawLine(x , y , x - xl , y - yl);
}
//设置绘制字符的字体
g.setFont(mFont);
//用于保存系统生成的随机字符串
String sRand = "";
for (int i = 0 ; i < 6 ; i++)
{
String tmp = getRandomChar();
sRand += tmp;
//获取随机颜色
g.setColor(new Color(20 + random.nextInt(110)
,20 + random.nextInt(110)
,20 + random.nextInt(110)));
//在图片上绘制系统生成的随机字符
g.drawString(tmp , 15 * i + 10,15);
}
//获取HttpSesssion对象
HttpSession session = request.getSession(true);
//将随机字符串放入HttpSesssion对象中 -----------------------------------
session.setAttribute("rand" , sRand);
g.dispose();
//向输出流中输出图片
ImageIO.write(image, "JPEG", response.getOutputStream());
}
//定义获取随机字符串方法
private String getRandomChar()
{
//生成一个0、1、2的随机数字
int rand = (int)Math.round(Math.random() * 2);
long itmp = 0;
char ctmp = '\u0000';
switch (rand)
{
//生成大写字母
case 1:
itmp = Math.round(Math.random() * 25 + 65);
ctmp = (char)itmp;
return String.valueOf(ctmp);
//生成小写字母
case 2:
itmp = Math.round(Math.random() * 25 + 97);
ctmp = (char)itmp;
return String.valueOf(ctmp);
//生成数字
default :
itmp = Math.round(Math.random() * 9);
return itmp + "";
}
}
}

package com.nongzi.util;import javax.servlet.*;import javax.servlet.http.*;import java.io.*;import java.awt.*;import java.awt.image.*;import java.util.*;import javax.imageio.*; public class AuthImg extends HttpServlet{//定义图形验证码中绘制字符的字体private final Font mFont =new Font("Arial Black", Font.PLAIN, 16);//定义图形验证码的大小private final int IMG_WIDTH = 100;private final int IMG_HEIGTH = 18;//定义一个获取随机颜色的方法private Color getRandColor(int fc,int bc){Random random = new Random();if(fc > 255) fc = 255;if(bc > 255) bc = 255;int r = fc + random.nextInt(bc - fc);int g = fc + random.nextInt(bc - fc);int b = fc + random.nextInt(bc - fc);//得到随机颜色return new Color(r , g , b);}//重写service方法，生成对客户端的响应public void service(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException{//设置禁止缓存response.setHeader("Pragma","No-cache");response.setHeader("Cache-Control","no-cache");response.setDateHeader("Expires", 0);response.setContentType("image/jpeg");BufferedImage image = new BufferedImage(IMG_WIDTH , IMG_HEIGTH , BufferedImage.TYPE_INT_RGB);Graphics g = image.getGraphics();Random random = new Random();g.setColor(getRandColor(200 , 250));//填充背景色g.fillRect(1, 1, IMG_WIDTH - 1, IMG_HEIGTH - 1);//为图形验证码绘制边框g.setColor(new Color(102 , 102 , 102));g.drawRect(0, 0, IMG_WIDTH - 1, IMG_HEIGTH - 1);g.setColor(getRandColor(160,200));//生成随机干扰线for (int i = 0 ; i < 80 ; i++){int x = random.nextInt(IMG_WIDTH - 1);int y = random.nextInt(IMG_HEIGTH - 1);int xl = random.nextInt(6) + 1;int yl = random.nextInt(12) + 1;g.drawLine(x , y , x + xl , y + yl);}g.setColor(getRandColor(160,200));//生成随机干扰线for (int i = 0 ; i < 80 ; i++){int x = random.nextInt(IMG_WIDTH - 1);int y = random.nextInt(IMG_HEIGTH - 1);int xl = random.nextInt(12) + 1;int yl = random.nextInt(6) + 1;g.drawLine(x , y , x - xl , y - yl);}//设置绘制字符的字体g.setFont(mFont);//用于保存系统生成的随机字符串String sRand = "";for (int i = 0 ; i < 6 ; i++){String tmp = getRandomChar();sRand += tmp;//获取随机颜色g.setColor(new Color(20 + random.nextInt(110),20 + random.nextInt(110),20 + random.nextInt(110)));//在图片上绘制系统生成的随机字符g.drawString(tmp , 15 * i + 10,15);}//获取HttpSesssion对象HttpSession session = request.getSession(true);//将随机字符串放入HttpSesssion对象中 -----------------------------------session.setAttribute("rand" , sRand);g.dispose();//向输出流中输出图片ImageIO.write(image, "JPEG", response.getOutputStream());}//定义获取随机字符串方法private String getRandomChar(){//生成一个0、1、2的随机数字int rand = (int)Math.round(Math.random() * 2);long itmp = 0;char ctmp = '\u0000';switch (rand){//生成大写字母case 1:itmp = Math.round(Math.random() * 25 + 65);ctmp = (char)itmp;return String.valueOf(ctmp);//生成小写字母case 2:itmp = Math.round(Math.random() * 25 + 97);ctmp = (char)itmp;return String.valueOf(ctmp);//生成数字default :itmp = Math.round(Math.random() * 9);return  itmp + "";}}}

web.xml中的配置：

Java代码

<servlet>
<servlet-name>img</servlet-name>
<servlet-class>com.nongzi.util.AuthImg</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>img</servlet-name>
<url-pattern>/admin/authImg.jpg</url-pattern>
</servlet-mapping>

<!-- 配置图形验证码Servlet --><servlet><servlet-name>img</servlet-name><servlet-class>com.nongzi.util.AuthImg</servlet-class></servlet><!-- 为图形验证码Servlet指定URL --><servlet-mapping><servlet-name>img</servlet-name><url-pattern>/admin/authImg.jpg</url-pattern></servlet-mapping>

登陆页面代码：

Java代码

<center>
后台登陆
<br>
<font color="red"> <s:fielderror /> <s:actionmessage /> <s:property
value="tip" /> </font>
<s:form action="login" method="post" namespace="/admin">
用户名：<s:textfield name="adminuser.name" />
<br>
密码：<s:password name="adminuser.password" />
<br>
验证码:<s:textfield name="vercode" /><br>
<input type="submit" value="登陆" />
<input type="reset" value="重置" />
</s:form>
验证码：
<img name="d" src="authImg.jpg"> <font color="red">区分大小写！</font>
</center>

<center>后台登陆<br><font color="red"> <s:fielderror /> <s:actionmessage /> <s:propertyvalue="tip" /> </font><s:form action="login" method="post" namespace="/admin">用户名：<s:textfield name="adminuser.name" /><br>密  码：<s:password name="adminuser.password" /><br>验证码:<s:textfield name="vercode" /><br><input type="submit" value="登陆" /><input type="reset" value="重置" /></s:form>验证码：<img name="d" src="authImg.jpg"> <font color="red">区分大小写！</font> </center>

Action的代码：

Java代码

private Adminuser adminuser;
private String vercode;
@Resource AdminuserService adminuserService;
//省略setter和getter方法
@Override
public String execute() throws Exception {
Map session = ActionContext.getContext().getSession();
String ver2 = (String )session.get("rand");
//清空用户Session的随机验证码字符串。
session.put("rand" , null);
if (!vercode.equals(ver2)){
this.addFieldError("vercode", "验证码不对，请重新输入！");
return INPUT;
}
boolean isAdmin = adminuserService.isAdmin(adminuser);
if (isAdmin) {
HttpSession session1 = org.apache.struts2.ServletActionContext.getRequest().getSession();
session1.setAttribute("admin", adminuser);
session1.setMaxInactiveInterval(6000);
return SUCCESS;
}else {
this.addActionMessage("用户名和密码不匹配，请重新输入！");
return INPUT;
}
}