给JSP网站添加登录时的验证码

 为了防止JSP网站被恶意代码攻击，考虑给网站登录时添加验证码来增加网站的安全性。首先需要用到的包有：

  commons-lang-2.5.jar，可以将jar包放到WEB-INF/lib文件夹下。

第一个jsp文件：  test.jsp

<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
<html>
<head>
<title>验证码测试</title>
<meta http-equiv="content-type" content="text/html; charset=gb2312">
</head>


<body>
<img src="random.jsp"> 
</body>
</html>

第二个jsp文件，用于随即产生验证码：  ramdom.jsp   这个文件要用到commons-lang-2.5.jar的包，另外com.sun.image.codec.jpeg.*是从JDK1,5开始由sun提供的。

且在这第二个文件中一开始会报错，就是写到代码

“JPEGImageEncoder encoder=JPEGCodec.createJPEGEncoder(outstream);  

encoder.encode(image);”  的时候，会报出

“Access restriction: The type JPEGImageEncoder is not accessible due to restr。。。。” 的错误。

原因是eclipse将这个访问受限的API默认为ERRO了，

解决的办法就是将 JRE SYSTEM LIBRARYS先从build the path里删除掉，再重新添加一次就可以了。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ page autoFlush="false" import="java.awt.*,java.awt.image.*,com.sun.image.codec.jpeg.*,java.util.*"%>
<%@ page import="org.apache.commons.lang.RandomStringUtils"%>
<% 
RandomStringUtils rs=new RandomStringUtils();
String random=rs.randomAlphanumeric(4);
session.setAttribute("random",random);
%>
<%


out.clear();
response.setContentType("image/jpeg");
response.addHeader("pragma","no-cache");
response.addHeader("cache-control","no-cache");
response.addDateHeader("expries",0);
int width=100, height=40;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR);
Graphics g = image.getGraphics();
//填充背景颜色
g.setColor(Color.gray);
Font defont=new Font("sansserif", Font.PLAIN, 32); 
g.setFont(defont);
g.fillRect(0, 0, width, height);
//设置字体颜色
g.setColor(Color.red);
g.drawString(random,3,30);
g.dispose();
ServletOutputStream outstream = response.getOutputStream();
JPEGImageEncoder encoder=JPEGCodec.createJPEGEncoder(outstream);
encoder.encode(image);
outstream.close();
%>

第三个文件时用于产生随机数的java文件：RandomStringUtils.java文件

package com.core;


import java.util.Random;


public class RandomStringUtils
{


private static final Random random = new Random();


public RandomStringUtils()
{
}


public static String random(int count)
{
return random(count, false, false);
}


public static String randomascii(int count)
{
return random(count, 32, 127, false, false);
}


public static String randomalphabetic(int count)
{
return random(count, true, false);
}


public static String randomalphanumeric(int count)
{
return random(count, true, true);
}


public static String randomnumeric(int count)
{
return random(count, false, true);
}


public static String random(int count, boolean letters, boolean numbers)
{
return random(count, 0, 0, letters, numbers);
}


public static String random(int count, int start, int end, boolean letters, boolean numbers)
{
return random(count, start, end, letters, numbers, null);
}


public static String random(int count, int start, int end, boolean letters, boolean numbers, char set[])
{
if(start == 0 && end == 0)
{
end = 122;
start = 32;
if(!letters && !numbers)
{
start = 0;
end = 0x7fffffff;
}
}
StringBuffer buffer = new StringBuffer();
int gap = end - start;
while(count-- != 0) 
{
char ch;
if(set == null)
ch = (char)(random.nextInt(gap) + start);
else
ch = set[random.nextInt(gap) + start];
if(letters && numbers && Character.isLetterOrDigit(ch) || letters && Character.isLetter(ch) || numbers && Character.isDigit(ch) || !letters && !numbers)
buffer.append(ch);
else
count++;
}
return buffer.toString();
}


public static String random(int count, String set)
{
return random(count, set.toCharArray());
}


public static String random(int count, char set[])
{
return random(count, 0, set.length - 1, false, false, set);
}


}

将工程发布后，输入：http://localhost:8080/SchHosp/test.jsp

本文参考了几篇前辈的文章，综合百度、谷歌的内容一起完成的，望大家指导。