struts2中使用的验证码
2012-09-24 15:29
162 查看
对于验证码,必须采用一张临时图片来显示随机验证码,万不可采用直接在HTML页面中输入验证码,也不可使用固定的图片来显示随机验证码!!!
因为Cracker很容易根据页面源代码来取得随机验证码的字符串,从而失去验证码的用途。不仅如此,甚至图形验证码的数字也不能太清楚,一旦图形验证码的图片太清楚,Crack程序也可分析出该图片中的随机字符串!!
生成验证码的Servlet:
Java代码
package com.nongzi.util;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.awt.*;
import java.awt.image.*;
import java.util.*;
import javax.imageio.*;
public class AuthImg extends HttpServlet
{
//定义图形验证码中绘制字符的字体
private final Font mFont =
new Font("Arial Black", Font.PLAIN, 16);
//定义图形验证码的大小
private final int IMG_WIDTH = 100;
private final int IMG_HEIGTH = 18;
//定义一个获取随机颜色的方法
private Color getRandColor(int fc,int bc)
{
Random random = new Random();
if(fc > 255) fc = 255;
if(bc > 255) bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
//得到随机颜色
return new Color(r , g , b);
}
//重写service方法,生成对客户端的响应
public void service(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
//设置禁止缓存
response.setHeader("Pragma","No-cache");
response.setHeader("Cache-Control","no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("image/jpeg");
BufferedImage image = new BufferedImage
(IMG_WIDTH , IMG_HEIGTH , BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
Random random = new Random();
g.setColor(getRandColor(200 , 250));
//填充背景色
g.fillRect(1, 1, IMG_WIDTH - 1, IMG_HEIGTH - 1);
//为图形验证码绘制边框
g.setColor(new Color(102 , 102 , 102));
g.drawRect(0, 0, IMG_WIDTH - 1, IMG_HEIGTH - 1);
g.setColor(getRandColor(160,200));
//生成随机干扰线
for (int i = 0 ; i < 80 ; i++)
{
int x = random.nextInt(IMG_WIDTH - 1);
int y = random.nextInt(IMG_HEIGTH - 1);
int xl = random.nextInt(6) + 1;
int yl = random.nextInt(12) + 1;
g.drawLine(x , y , x + xl , y + yl);
}
g.setColor(getRandColor(160,200));
//生成随机干扰线
for (int i = 0 ; i < 80 ; i++)
{
int x = random.nextInt(IMG_WIDTH - 1);
int y = random.nextInt(IMG_HEIGTH - 1);
int xl = random.nextInt(12) + 1;
int yl = random.nextInt(6) + 1;
g.drawLine(x , y , x - xl , y - yl);
}
//设置绘制字符的字体
g.setFont(mFont);
//用于保存系统生成的随机字符串
String sRand = "";
for (int i = 0 ; i < 6 ; i++)
{
String tmp = getRandomChar();
sRand += tmp;
//获取随机颜色
g.setColor(new Color(20 + random.nextInt(110)
,20 + random.nextInt(110)
,20 + random.nextInt(110)));
//在图片上绘制系统生成的随机字符
g.drawString(tmp , 15 * i + 10,15);
}
//获取HttpSesssion对象
HttpSession session = request.getSession(true);
//将随机字符串放入HttpSesssion对象中 -----------------------------------
session.setAttribute("rand" , sRand);
g.dispose();
//向输出流中输出图片
ImageIO.write(image, "JPEG", response.getOutputStream());
}
//定义获取随机字符串方法
private String getRandomChar()
{
//生成一个0、1、2的随机数字
int rand = (int)Math.round(Math.random() * 2);
long itmp = 0;
char ctmp = '\u0000';
switch (rand)
{
//生成大写字母
case 1:
itmp = Math.round(Math.random() * 25 + 65);
ctmp = (char)itmp;
return String.valueOf(ctmp);
//生成小写字母
case 2:
itmp = Math.round(Math.random() * 25 + 97);
ctmp = (char)itmp;
return String.valueOf(ctmp);
//生成数字
default :
itmp = Math.round(Math.random() * 9);
return itmp + "";
}
}
}
web.xml中的配置:
Java代码
<!-- 配置图形验证码Servlet -->
<servlet>
<servlet-name>img</servlet-name>
<servlet-class>com.nongzi.util.AuthImg</servlet-class>
</servlet>
<!-- 为图形验证码Servlet指定URL -->
<servlet-mapping>
<servlet-name>img</servlet-name>
<url-pattern>/admin/authImg.jpg</url-pattern>
</servlet-mapping>
登陆页面代码:
Java代码
<center>
后台登陆
<br>
<font color="red"> <s:fielderror /> <s:actionmessage /> <s:property
value="tip" /> </font>
<s:form action="login" method="post" namespace="/admin">
用户名:<s:textfield name="adminuser.name" />
<br>
密 码:<s:password name="adminuser.password" />
<br>
验证码:<s:textfield name="vercode" /><br>
<input type="submit" value="登陆" />
<input type="reset" value="重置" />
</s:form>
验证码:
<img name="d" src="authImg.jpg"> <font color="red">区分大小写!</font>
</center>
Action的代码:
Java代码
private Adminuser adminuser;
private String vercode;
@Resource AdminuserService adminuserService;
//省略setter和getter方法
@Override
public String execute() throws Exception {
Map session = ActionContext.getContext().getSession();
String ver2 = (String )session.get("rand");
//清空用户Session的随机验证码字符串。
session.put("rand" , null);
if (!vercode.equals(ver2)){
this.addFieldError("vercode", "验证码不对,请重新输入!");
return INPUT;
}
boolean isAdmin = adminuserService.isAdmin(adminuser);
if (isAdmin) {
HttpSession session1 = org.apache.struts2.ServletActionContext.getRequest().getSession();
session1.setAttribute("admin", adminuser);
session1.setMaxInactiveInterval(6000);
return SUCCESS;
}else {
this.addActionMessage("用户名和密码不匹配,请重新输入!");
return INPUT;
}
}
因为Cracker很容易根据页面源代码来取得随机验证码的字符串,从而失去验证码的用途。不仅如此,甚至图形验证码的数字也不能太清楚,一旦图形验证码的图片太清楚,Crack程序也可分析出该图片中的随机字符串!!
生成验证码的Servlet:
Java代码
package com.nongzi.util;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.awt.*;
import java.awt.image.*;
import java.util.*;
import javax.imageio.*;
public class AuthImg extends HttpServlet
{
//定义图形验证码中绘制字符的字体
private final Font mFont =
new Font("Arial Black", Font.PLAIN, 16);
//定义图形验证码的大小
private final int IMG_WIDTH = 100;
private final int IMG_HEIGTH = 18;
//定义一个获取随机颜色的方法
private Color getRandColor(int fc,int bc)
{
Random random = new Random();
if(fc > 255) fc = 255;
if(bc > 255) bc = 255;
int r = fc + random.nextInt(bc - fc);
int g = fc + random.nextInt(bc - fc);
int b = fc + random.nextInt(bc - fc);
//得到随机颜色
return new Color(r , g , b);
}
//重写service方法,生成对客户端的响应
public void service(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
//设置禁止缓存
response.setHeader("Pragma","No-cache");
response.setHeader("Cache-Control","no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("image/jpeg");
BufferedImage image = new BufferedImage
(IMG_WIDTH , IMG_HEIGTH , BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
Random random = new Random();
g.setColor(getRandColor(200 , 250));
//填充背景色
g.fillRect(1, 1, IMG_WIDTH - 1, IMG_HEIGTH - 1);
//为图形验证码绘制边框
g.setColor(new Color(102 , 102 , 102));
g.drawRect(0, 0, IMG_WIDTH - 1, IMG_HEIGTH - 1);
g.setColor(getRandColor(160,200));
//生成随机干扰线
for (int i = 0 ; i < 80 ; i++)
{
int x = random.nextInt(IMG_WIDTH - 1);
int y = random.nextInt(IMG_HEIGTH - 1);
int xl = random.nextInt(6) + 1;
int yl = random.nextInt(12) + 1;
g.drawLine(x , y , x + xl , y + yl);
}
g.setColor(getRandColor(160,200));
//生成随机干扰线
for (int i = 0 ; i < 80 ; i++)
{
int x = random.nextInt(IMG_WIDTH - 1);
int y = random.nextInt(IMG_HEIGTH - 1);
int xl = random.nextInt(12) + 1;
int yl = random.nextInt(6) + 1;
g.drawLine(x , y , x - xl , y - yl);
}
//设置绘制字符的字体
g.setFont(mFont);
//用于保存系统生成的随机字符串
String sRand = "";
for (int i = 0 ; i < 6 ; i++)
{
String tmp = getRandomChar();
sRand += tmp;
//获取随机颜色
g.setColor(new Color(20 + random.nextInt(110)
,20 + random.nextInt(110)
,20 + random.nextInt(110)));
//在图片上绘制系统生成的随机字符
g.drawString(tmp , 15 * i + 10,15);
}
//获取HttpSesssion对象
HttpSession session = request.getSession(true);
//将随机字符串放入HttpSesssion对象中 -----------------------------------
session.setAttribute("rand" , sRand);
g.dispose();
//向输出流中输出图片
ImageIO.write(image, "JPEG", response.getOutputStream());
}
//定义获取随机字符串方法
private String getRandomChar()
{
//生成一个0、1、2的随机数字
int rand = (int)Math.round(Math.random() * 2);
long itmp = 0;
char ctmp = '\u0000';
switch (rand)
{
//生成大写字母
case 1:
itmp = Math.round(Math.random() * 25 + 65);
ctmp = (char)itmp;
return String.valueOf(ctmp);
//生成小写字母
case 2:
itmp = Math.round(Math.random() * 25 + 97);
ctmp = (char)itmp;
return String.valueOf(ctmp);
//生成数字
default :
itmp = Math.round(Math.random() * 9);
return itmp + "";
}
}
}
package com.nongzi.util; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.awt.*; import java.awt.image.*; import java.util.*; import javax.imageio.*; public class AuthImg extends HttpServlet { //定义图形验证码中绘制字符的字体 private final Font mFont = new Font("Arial Black", Font.PLAIN, 16); //定义图形验证码的大小 private final int IMG_WIDTH = 100; private final int IMG_HEIGTH = 18; //定义一个获取随机颜色的方法 private Color getRandColor(int fc,int bc) { Random random = new Random(); if(fc > 255) fc = 255; if(bc > 255) bc = 255; int r = fc + random.nextInt(bc - fc); int g = fc + random.nextInt(bc - fc); int b = fc + random.nextInt(bc - fc); //得到随机颜色 return new Color(r , g , b); } //重写service方法,生成对客户端的响应 public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //设置禁止缓存 response.setHeader("Pragma","No-cache"); response.setHeader("Cache-Control","no-cache"); response.setDateHeader("Expires", 0); response.setContentType("image/jpeg"); BufferedImage image = new BufferedImage (IMG_WIDTH , IMG_HEIGTH , BufferedImage.TYPE_INT_RGB); Graphics g = image.getGraphics(); Random random = new Random(); g.setColor(getRandColor(200 , 250)); //填充背景色 g.fillRect(1, 1, IMG_WIDTH - 1, IMG_HEIGTH - 1); //为图形验证码绘制边框 g.setColor(new Color(102 , 102 , 102)); g.drawRect(0, 0, IMG_WIDTH - 1, IMG_HEIGTH - 1); g.setColor(getRandColor(160,200)); //生成随机干扰线 for (int i = 0 ; i < 80 ; i++) { int x = random.nextInt(IMG_WIDTH - 1); int y = random.nextInt(IMG_HEIGTH - 1); int xl = random.nextInt(6) + 1; int yl = random.nextInt(12) + 1; g.drawLine(x , y , x + xl , y + yl); } g.setColor(getRandColor(160,200)); //生成随机干扰线 for (int i = 0 ; i < 80 ; i++) { int x = random.nextInt(IMG_WIDTH - 1); int y = random.nextInt(IMG_HEIGTH - 1); int xl = random.nextInt(12) + 1; int yl = random.nextInt(6) + 1; g.drawLine(x , y , x - xl , y - yl); } //设置绘制字符的字体 g.setFont(mFont); //用于保存系统生成的随机字符串 String sRand = ""; for (int i = 0 ; i < 6 ; i++) { String tmp = getRandomChar(); sRand += tmp; //获取随机颜色 g.setColor(new Color(20 + random.nextInt(110) ,20 + random.nextInt(110) ,20 + random.nextInt(110))); //在图片上绘制系统生成的随机字符 g.drawString(tmp , 15 * i + 10,15); } //获取HttpSesssion对象 HttpSession session = request.getSession(true); //将随机字符串放入HttpSesssion对象中 ----------------------------------- session.setAttribute("rand" , sRand); g.dispose(); //向输出流中输出图片 ImageIO.write(image, "JPEG", response.getOutputStream()); } //定义获取随机字符串方法 private String getRandomChar() { //生成一个0、1、2的随机数字 int rand = (int)Math.round(Math.random() * 2); long itmp = 0; char ctmp = '\u0000'; switch (rand) { //生成大写字母 case 1: itmp = Math.round(Math.random() * 25 + 65); ctmp = (char)itmp; return String.valueOf(ctmp); //生成小写字母 case 2: itmp = Math.round(Math.random() * 25 + 97); ctmp = (char)itmp; return String.valueOf(ctmp); //生成数字 default : itmp = Math.round(Math.random() * 9); return itmp + ""; } } }
web.xml中的配置:
Java代码
<!-- 配置图形验证码Servlet -->
<servlet>
<servlet-name>img</servlet-name>
<servlet-class>com.nongzi.util.AuthImg</servlet-class>
</servlet>
<!-- 为图形验证码Servlet指定URL -->
<servlet-mapping>
<servlet-name>img</servlet-name>
<url-pattern>/admin/authImg.jpg</url-pattern>
</servlet-mapping>
<!-- 配置图形验证码Servlet --> <servlet> <servlet-name>img</servlet-name> <servlet-class>com.nongzi.util.AuthImg</servlet-class> </servlet> <!-- 为图形验证码Servlet指定URL --> <servlet-mapping> <servlet-name>img</servlet-name> <url-pattern>/admin/authImg.jpg</url-pattern> </servlet-mapping>
登陆页面代码:
Java代码
<center>
后台登陆
<br>
<font color="red"> <s:fielderror /> <s:actionmessage /> <s:property
value="tip" /> </font>
<s:form action="login" method="post" namespace="/admin">
用户名:<s:textfield name="adminuser.name" />
<br>
密 码:<s:password name="adminuser.password" />
<br>
验证码:<s:textfield name="vercode" /><br>
<input type="submit" value="登陆" />
<input type="reset" value="重置" />
</s:form>
验证码:
<img name="d" src="authImg.jpg"> <font color="red">区分大小写!</font>
</center>
<center> 后台登陆 <br> <font color="red"> <s:fielderror /> <s:actionmessage /> <s:property value="tip" /> </font> <s:form action="login" method="post" namespace="/admin"> 用户名:<s:textfield name="adminuser.name" /> <br> 密 码:<s:password name="adminuser.password" /> <br> 验证码:<s:textfield name="vercode" /><br> <input type="submit" value="登陆" /> <input type="reset" value="重置" /> </s:form> 验证码: <img name="d" src="authImg.jpg"> <font color="red">区分大小写!</font> </center>
Action的代码:
Java代码
private Adminuser adminuser;
private String vercode;
@Resource AdminuserService adminuserService;
//省略setter和getter方法
@Override
public String execute() throws Exception {
Map session = ActionContext.getContext().getSession();
String ver2 = (String )session.get("rand");
//清空用户Session的随机验证码字符串。
session.put("rand" , null);
if (!vercode.equals(ver2)){
this.addFieldError("vercode", "验证码不对,请重新输入!");
return INPUT;
}
boolean isAdmin = adminuserService.isAdmin(adminuser);
if (isAdmin) {
HttpSession session1 = org.apache.struts2.ServletActionContext.getRequest().getSession();
session1.setAttribute("admin", adminuser);
session1.setMaxInactiveInterval(6000);
return SUCCESS;
}else {
this.addActionMessage("用户名和密码不匹配,请重新输入!");
return INPUT;
}
}
相关文章推荐
- struts2验证码使用
- 使用Struts2验证码
- struts2中验证码的生成和使用
- struts2使用验证码
- 使用jcaptcha4struts2插件生成的验证码问题
- struts2使用kaptcha实现验证码功能
- struts2验证码使用
- struts2验证码使用
- struts2验证码使用
- 在Struts2中使用ValueStack、ActionContext、ServletContext、request、session等 .
- 使用开源项目patchca生成验证码
- Struts2教程4:使用validate方法验证数据
- Struts2中iterator标签使用radio/input迭代传值
- Struts2-json-plugin 的使用(翻译自官方文档)
- Struts2之form标签的action及namespace属性的组合使用
- Struts2拦截器的使用(详解)
- 学习struts2建bbs总结五:使用jquery+ajax验证用户名是否存在以及struts效验信息不断重复的问题
- Struts2 Action中使用注解注入调用service
- struts2常用标签的使用
- 使用Struts2实现分页显示(转)