服務(wù)器程序接收到表單數(shù)據(jù)后�����,首先判斷用戶是否填寫了正確的驗(yàn)證碼,只有該驗(yàn)證碼與服務(wù)器端保存的驗(yàn)證碼匹配時��,服務(wù)器程序才開始正常的表單處理流程�����。驗(yàn)證碼使用一次即失效�����,
用戶只能重新向服務(wù)器發(fā)出訪問表單填寫頁面的請求來獲得新的驗(yàn)證碼�����,并填寫新的驗(yàn)證碼后才能再次提交有效的表單請求��,
這樣將大大
增加了用戶重復(fù)操作的難度。密碼猜測工具要逐一嘗試每個密碼的前題條件是先輸入正確的驗(yàn)證碼,而驗(yàn)證碼是一次性有效的�����,這樣基本上就阻斷了密碼猜測工具的自動地處理過程
����。
下面編寫一個利用
Session
實(shí)現(xiàn)一次性驗(yàn)證碼的例子程序,整個程序包含
三個組件:
check_code.html
、
CheckCodeServlet.java
和
LogonFormServlet.java
。
check_code.html
是引用驗(yàn)證碼圖片的
FORM
表單頁面����,
CheckCodeServlet.java
是用于產(chǎn)生帶有隨機(jī)驗(yàn)證碼圖片的
Servlet
程序��,
LogonFormServlet.java
則是負(fù)責(zé)處理
FORM
表單請求的
Servlet
程序�����。
:
動手體驗(yàn):
利用
Session
實(shí)現(xiàn)一次性驗(yàn)證碼
(
1
)
按上面描述的功能編寫如
例程7-11�����、例程7-12和例程7-13所示的
程序��。
例程7-11
?
check_code.html
?
<h3>
帶有驗(yàn)證碼的登錄頁面</h3>
<form action="servlet/LogonFormServlet" method="post">
用戶名:<input type="text" name="name"><br>
密 碼:<input type="password" name="pass"><br>
驗(yàn)證碼:<input type="text" name="check_code">
<img src="servlet/CheckCodeServlet"><br>
<input type="submit" value="
登錄">
</form>
?
例程7-12
?
CheckCodeServlet
.java
?
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.awt.*;
import java.awt.image.*;
import javax.imageio.ImageIO;
?
public class CheckCodeServlet extends HttpServlet
{
?????? private static int WIDTH = 60;
?????? private static int HEIGHT = 20;
?????? public void doGet(HttpServletRequest request,HttpServletResponse response)
???????????????????? throws ServletException,IOException
?????? {???????????
????????????? HttpSession session = request.getSession();
????????????? response.setContentType("image/jpeg");
????????????? ServletOutputStream sos = response.getOutputStream();
?
????????????? //
設(shè)置瀏覽器不要緩存此圖片
????????????? response.setHeader("Pragma","No-cache");
????????????? response.setHeader("Cache-Control","no-cache");
????????????? response.setDateHeader("Expires", 0);
?????????????
????????????? //
創(chuàng)建內(nèi)存圖象并獲得其圖形上下文
????????????? BufferedImage image =
???????????????????? new BufferedImage(WIDTH, HEIGHT, BufferedImage.TYPE_INT_RGB);
????????????? Graphics g = image.getGraphics();
?????????????
????????????? //
產(chǎn)生隨機(jī)的認(rèn)證碼
????????????? char [] rands = generateCheckCode();
?????????????
????????????? //
產(chǎn)生圖像
????????????? drawBackground(g);
????????????? drawRands(g,rands);
?????????????
????????????? //
結(jié)束圖像
的繪制
過程,
完成圖像
????????????? g.dispose();
?????????????
????????????
?
????????????????? //
將圖像輸出到客戶端
????????????? ByteArrayOutputStream bos = new ByteArrayOutputStream();
????????????? ImageIO.write(image, "JPEG", bos);
????????????? byte [] buf = bos.toByteArray();
????????????? response.setContentLength(buf.length);
????????????? //
下面的語句也可寫成:
bos.writeTo(sos);
????????????? sos.write(buf);
????????????? bos.close();
????????????? sos.close();
?
????????????? //
將當(dāng)前驗(yàn)證碼存入到
Session
中
????????????? session.setAttribute("check_code",new String(rands));
????????????? //
直接使用下面的代碼將有問題,
Session
對象必須在提交響應(yīng)前獲得
????????????? //request.getSession().setAttribute("check_code",new String(rands));
?????? }
??????
?????? private char [] generateCheckCode()
?????? {
????????????? //
定義驗(yàn)證碼的字符表
????????????? String chars = "0123456789abcdefghijklmnopqrstuvwxyz";
????????????? char [] rands = new char[4];
????????????? for(int i=0; i<4; i++)
????????????? {
???????????????????? int rand = (int)(Math.random() * 36);
???????????????????? rands[i] = chars.charAt(rand);
????????????? }
????????????? return rands;
?????? }
??????
?????? private void drawRands(Graphics g , char [] rands)
?????? {
????????????? g.setColor(Color.BLACK);
????????????? g.setFont(new Font(null,Font.ITALIC|Font.BOLD,18));
????????????? //
在不同的高度上輸出驗(yàn)證碼的每個字符
????????
????????????? g.drawString("" + rands[0],1,17);
????????????? g.drawString("" + rands[1],16,15);
????????????? g.drawString("" + rands[2],31,18);
????????????? g.drawString("" + rands[3],46,16);
????????????? System.out.println(rands);
?????? }
??????
?????? private void drawBackground(Graphics g)
?????? {
???????????? //
畫背景
????????????? g.setColor(new Color(0xDCDCDC));
????????????? g.fillRect(0, 0, WIDTH, HEIGHT);
????????????? //
隨機(jī)產(chǎn)生
120
個干擾點(diǎn)
????????????? for(int i=0; i<120; i++)
????????????? {
???????????????????? int x = (int)(Math.random() * WIDTH);
???????????????????? int y = (int)(Math.random() * HEIGHT);
???????????????????? int red = (int)(Math.random() * 255);
???????????????????? int green = (int)(Math.random() * 255);
???????????????????? int blue = (int)(Math.random() * 255);
???????????????????? g.setColor(new Color(red,green,blue));???????
???????????????????? g.drawOval(x,y,1,0);
????????????? }
?????? }
}
?
例程
7-13
?
LogonFormServlet
.java
?
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
?
public class LogonFormServlet extends HttpServlet
{
?????? public void service(HttpServletRequest request,
????????????? HttpServletResponse response) throws ServletException, IOException
?????? {
????????????? response.setContentType("text/html;charset=GB2312");?????????????????????????
????????????? PrintWriter out = response.getWriter();
?????????????
????????????? HttpSession session = request.getSession(false);
????????????? if(session == null)
????????????? {
???????????????????? out.println("
驗(yàn)證碼處理問題
!");
???????????????????? return;
????????????? }
?????????????
????????????? String savedCode = (String)session.getAttribute("check_code");
????????????? if(savedCode == null)
????????????? {
???????????????????? out.println("
驗(yàn)證碼處理問題
!");
???????????????????? return;
????????????? }
???????????????????????????
????????????? String checkCode = request.getParameter("check_code");
????????????? if(!savedCode.equals(checkCode))
????????????? {
???????????????????? /*
驗(yàn)證碼未通過,不從
Session
中清除原來的驗(yàn)證碼�����,
????????????????????
以便用戶可以后退回登錄頁面繼續(xù)使用原來的驗(yàn)證碼進(jìn)行登錄
*/
???????????????????? out.println("
驗(yàn)證碼無效
!");
???????????????????? return;
????????????? }
????????????? /*
驗(yàn)證碼檢查通過后�����,從
Session
中清除原來的驗(yàn)證碼,
?????????????
以防用戶后退回登錄頁面繼續(xù)使用原來的驗(yàn)證碼進(jìn)行登錄
*/
????????????? session.removeAttribute("check_code");
????????????? out.println("
驗(yàn)證碼通過,服務(wù)器正在校驗(yàn)用戶名和密碼
!");
?????? }
}
?
編譯上面的兩個
Java
源
文件�����,確保編譯后生成的class文件存放在了
<
tomcat
安裝目錄
>\webapps\it315\WEB-INF\classes
目錄中���。將
check_code.html
文件保存在
<
tomcat
安裝目錄
>
\webapps\it315
目錄中���。
(
2
)在
<
tomcat
安裝目錄
>
\webapps\it315\WEB-INF\web.xml
文件中注冊有關(guān)的Servlet��,并設(shè)置其映射URL��。在web.xml文件中的相應(yīng)位置處增加如下兩段內(nèi)容:
?????? <servlet>
????????????? <servlet-name>CheckCodeServlet</servlet-name>
????????????? <servlet-class>CheckCodeServlet</servlet-class>
?????? </servlet>???
?????? <servlet>
????????????? <servlet-name>LogonFormServlet</servlet-name>
????????????? <servlet-class>LogonFormServlet</servlet-class>
?????? </servlet>?
?????? ……
?????? <servlet-mapping>
????????????? <servlet-name>CheckCodeServlet</servlet-name>
????????????? <url-pattern>/servlet/CheckCodeServlet</url-pattern>
?????? </servlet-mapping>
?????? <servlet-mapping>
????????????? <servlet-name>LogonFormServlet</servlet-name>
????????????? <url-pattern>/servlet/LogonFormServlet</url-pattern>
?????? </servlet-mapping>?????????????????
保存
web.xml
文件后,重新啟動
Tomcat
��。
(
3
)在瀏覽器地址欄中輸入如下地址:
?????? http://localhost:8080/it315/check_code.html
瀏覽器中顯示出如圖
7.25
所示的效果
���,然后就可以對驗(yàn)證碼的功能進(jìn)行測試了�����。