1. Preface
The advantage of using verification codes in form pages is that it effectively prevents users from maliciously submitting forms, or using plug-ins to illegally attack the system.
2. Preparation conditions
1. A normal web project webProject;
2. A web server Tomcat.
3. Implementation ideas:
1. Customize a servlet VerifyCodeServlet to draw a verification code picture containing verification characters. The pictures here need to be manually drawn using Graphics2D;
2. Use the src of the img tag to reference this servlet on the specific page to display the servlet;
3. Because the verification code information is put into the session when drawing the picture, after submitting the form, you can compare the value saved in the session with the code entered by the user to verify whether the input is correct.
Most of the verification codes implemented through servlets are used on the Internet, and the logic below is entered:
step:
1. Randomly generate verification code strings when requesting login to the page;
2. Store the generated verification code string in the session;
3. Generate verification code pictures based on the verification code string, and then output the verification code pictures to the customer to display;
4. Compare the verification code string entered by the user when submitting the login request with the string in the session.
4. The specific code is as follows:
package com.servlet; import java.awt.Color; import java.awt.Font; import java.awt.Graphics2D; import java.awt.image.BufferedImage; import java.util.Random; import javax.imageio.ImageIO; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * servlet that generates verification code image * @author Administrator * */ public class VerifyCodeServlet extends HttpServlet { private static final long serialVersionUID = -5051097528828603895L; /** * Width of verification code image. */ private int width = 100; /** * The height of the verification code picture. */ private int height = 30; /** * Number of verification code characters*/ private int codeCount = 4; /** * Font height*/ private int fontHeight; /** * The x-axis value of the first character, because the coordinates of the following characters are incremented in sequence, their x-axis value is a multiple of codeX*/ private int codeX; /** * codeY , the y-axis value of the verification character, because the values are the same because of parallelism*/ private int codeY; /** * codeSequence represents the sequence value that the characters are allowed to appear*/ char[] codeSequence = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' }; /** * Initialize the verification image attribute*/ public void init() throws ServletException { // Get initial information from web.xml// Width String strWidth = this.getInitParameter("width"); // Height String strHeight = this.getInitParameter("height"); // Number of characters String strCodeCount = this.getInitParameter("codeCount"); // Convert the configured information into a numerical try { if (strWidth != null && strWidth.length() != 0) { width = Integer.parseInt(strWidth); } if (strHeight != null && strHeight.length() != 0) { height = Integer.parseInt(strHeight); } if (strCodeCount != null && strCodeCount.length() != 0) { codeCount = Integer.parseInt(strCodeCount); } } catch (NumberFormatException e) { e.printStackTrace(); } //width-4 Remove the redundant left and right positions to make the verification code more concentrated, and the more you reduce it, the more concentrated it is. //codeCount+1 //Equi-variant allocation of the displayed width, including spaces on the left and right sides codeX = (width-4) / (codeCount+1); //height - 10 centrally display verification code fontHeight = height - 10; codeY = height - 7; } /** * @param request * @param response * @throws ServletException * @throws java.io.IOException */ protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException { // Define image buffer BufferedImage buffImg = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics2D gd = buffImg.createGraphics(); // Create a random number generator class Random random = new Random(); // Fill the image as white gd.setColor(Color.LIGHT_GRAY); gd.fillRect(0, 0, width, height); // Create a font, the size of the font should be determined according to the height of the image. Font font = new Font("Fixedsys", Font.PLAIN, fontHeight); // Set the font. gd.setFont(font); // Draw borders. gd.setColor(Color.BLACK); gd.drawRect(0, 0, width - 1, height - 1); // Randomly generate 160 interference lines, making the authentication code in the image less likely to be detected by other programs. gd.setColor(Color.gray); for (int i = 0; i < 16; i++) { int x = random.nextInt(width); int y = random.nextInt(height); int xl = random.nextInt(12); int yl = random.nextInt(12); gd.drawLine(x, y, x + xl, y + yl); } // randomCode is used to save randomly generated verification codes so that the user can verify after logging in. StringBuffer randomCode = new StringBuffer(); int red = 0, green = 0, blue = 0; // Randomly generates a verification code for the codeCount number. for (int i = 0; i < codeCount; i++) { // Get the randomly generated verification code number. String strRand = String.valueOf(codeSequence[random.nextInt(36)]); // Generate random color components to construct the color value, so that the color value of each digit output will be different. red = random.nextInt(255); green = random.nextInt(255); blue = random.nextInt(255); // Draw the verification code into the image with the randomly generated color. gd.setColor(new Color(red,green,blue)); gd.drawString(strRand, (i + 1) * codeX, codeY); // Combine the generated four random numbers together. randomCode.append(strRand); } // Save the four-digit verification code to the Session. HttpSession session = request.getSession(); session.setAttribute("validateCode", randomCode.toString()); // Image cache is prohibited. response.setHeader("Pragma", "no-cache"); response.setHeader("Cache-Control", "no-cache"); response.setDateHeader("Expires", 0); response.setContentType("image/jpeg"); // Output the image to the Servlet output stream. ServletOutputStream sos = response.getOutputStream(); ImageIO.write(buffImg, "jpeg", sos); sos.close(); } }Then configure this servlet that generates verification code in web.xml, as follows:
<servlet> <servlet-name>VerifyCodeServlet</servlet-name> <servlet-class>com.servlet.VerifyCodeServlet</servlet-class> <init-param> <param-name>width</param-name> <param-value>120</param-value> </init-param> <init-param> <param-name>height</param-name> <param-value>32</param-value> </init-param> <init-param> <param-name>codeCount</param-name> <param-value>4</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>VerifyCodeServlet</servlet-name> <url-pattern>/VerifyCodeServlet</url-pattern> </servlet-mapping>
Start the server and enter in the browser address bar: http://localhost:8080/webProject/VerifyCodeServlet
Check the display effect, as follows:
1. The verification code changes every time you refresh the verification code, because the servlet has set to disable the browser cache.
2. A problem was found here: if you use Firefox browser, the rewritten service method in VerifyCodeServlet has been executed twice, and the same is true if you rewrite the doGet method or doPost method. And other browsers do not see this situation. Later, it was found that if the servlet was referenced through the page, it would be normal to call it.
Then you can reference the verification code on the page, the specific code is as follows:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Insert title here</title> </head> <body> <div> <% String inputCode = request.getParameter("inputCode"); String verifyCode = (String)session.getAttribute("validateCode"); if(inputCode!=null && verifyCode!=null){ out.print("Real verification code:" + verifyCode + "<br/>" + "User input verification code:" + inputCode + "<br/>"); inputCode = inputCode.toUpperCase();//Case insensitive out.print("Compare verification code to prove user input" + (inputCode.equals(verifyCode)?"Correct":"Error") + "!"); } %> <form action="index.jsp"> Verification code: <input name="inputCode" value=""/> <img src="VerifyCodeServlet" align="middle" onclick="javascript:refresh(this);" onmouseover="mouseover(this)"/><br/> <input name="submit" type="submit" value="submit"/> </form> </div> <script> function refresh(obj){ obj.src = "VerifyCodeServlet?" + Math.random(); } function mouseover(obj){ obj.style.cursor = "pointer"; } </script> </body> </html> The above code submits the verification code to the current jsp through the form to verify whether the verification code entered by the user is correct. The specific effect of the operation is as follows:
1. Enter the correct verification code
2. Enter the wrong verification code