驗(yàn)證碼增加了應(yīng)用的安全性寺庄,驗(yàn)證碼也有各種各樣拓颓,如數(shù)字字母組合膳算、漢字捺宗、點(diǎn)擊數(shù)字等八毯,其本質(zhì)就是后臺(tái)生成的驗(yàn)證碼與前端輸入的進(jìn)行校驗(yàn)昌阿,下面通過代碼來看一下:
1.編寫生成代碼的action類
import org.apache.commons.lang.RandomStringUtils;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import javax.imageio.ImageIO;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.awt.*;
import java.awt.image.BufferedImage;
import java.util.Random;
public class ValidateCodeAction extends BaseAction {
public ActionForward getCode(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) {
if (logger.isDebugEnabled()) {
logger.debug("進(jìn)入到ValidateCodeAction.getCode()方法");
}
try {
//設(shè)置圖片的長(zhǎng)度和寬度
int width =55;
int height = 20;
//生成一個(gè)4位的數(shù)字字母隨機(jī)組合
String codeStr = RandomStringUtils.random(4, true, true);
//設(shè)置response
response.setContentType("images/jpeg");
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
//獲取session
HttpSession session = request.getSession();
//生成驗(yàn)證
ServletOutputStream out = response.getOutputStream();
BufferedImage image = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
Graphics graphics=image.getGraphics();
//設(shè)置背景顏色
graphics.setColor(getRandColor(200,250));
graphics.fillRect(0,0,width,height);
//設(shè)置字體
Font font=new Font("Times New Roman", Font.BOLD, 22);
graphics.setFont(font);
//設(shè)置邊框
graphics.setColor(Color.BLACK);
graphics.drawRect(0,0,width-1,height-1);
//設(shè)置干擾線
graphics.setColor(getRandColor(160,200));
Random random=new Random();
for (int i = 0; i < 155; i++) {
int x2 = random.nextInt(width);
int y2 = random.nextInt(height);
int x3 = random.nextInt(12);
int y3 = random.nextInt(12);
graphics.drawLine(x2, y2, x2 + x3, y2 + y3);
}
//將驗(yàn)證碼顯示到圖片中
graphics.setColor(new Color(20 + random.nextInt(110), 20 + random
.nextInt(110), 20 + random.nextInt(110)));
graphics.drawString(codeStr,4,16);
logger.debug("生成的驗(yàn)證碼:"+codeStr);
//將驗(yàn)證碼設(shè)置到session中
session.setAttribute("validateCode",codeStr);
//使圖片生效
graphics.dispose();
ImageIO.write((BufferedImage) image, "JPEG", out);
out.flush();
out.close();
} catch (Exception e) {
logger.debug("生成驗(yàn)證碼錯(cuò)誤:" + e.getMessage());
}
return null;
}
private Color getRandColor(int fc, int bc) { // 給定范圍獲得隨機(jī)顏色
Random random = new Random();
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
return new Color(r, g, b);
}
}
2.在struts的配置文件配置action
path="/validateCodeAction"
type="path/ValidateCodeAction"
scope="request"
parameter="mt"
unknown="false"
validate="false"
>
3.在jsp配置
用于傳入驗(yàn)證碼:
這樣就可以在登錄邏輯中判斷驗(yàn)證碼是否正確山害。當(dāng)訪問量過大時(shí)村生,驗(yàn)證碼放在session對(duì)服務(wù)器的壓力增加嘉涌,影響服務(wù)器的性能妻熊;若放在cookie中,則不安全洛心。綜合考慮使用的緩存固耘,將生成的驗(yàn)證碼存放到緩存中,設(shè)置失效時(shí)間词身,這樣既可以實(shí)現(xiàn)安全性也能減輕服務(wù)器的壓力厅目。
