session学习总结-用户登录及一次性校验码案例
一次性验证码的主要目的就是为了限制人们利用工具软件来暴力猜测密码。
服务器程序接收到表单数据后,首先判断用户是否填写了正确的验证码,只有该验证码与服务器端保存的验证码匹配时,服务器程序才开始正常的表单处理流程。
密码猜测工具要逐一尝试每个密码的前题条件是先输入正确的验证码,而验证码是一次性有效的,这样基本上就阻断了密码猜测工具的自动地处理过程。
相似案例参考我的另一篇博客:
使用Response输出随机图片(随机生成验证码)
1.使用到的工具类ImageUtil
package blank.util;
import java.awt.Color;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
public class ImageUtil {
//宽度
private static int width = 80;
//高度
private static int height = 30;
//随机对象
private static Random rd = new Random();
public static BufferedImage createImage(HttpServletRequest request) {
// 创建图片对象
BufferedImage image = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
// 绘制
Graphics g = image.getGraphics();
// 设置背景颜色
setBackgroud(g);
// 绘制内容
String content = drawContent(g);
//存储到session域中
request.getSession().setAttribute("content", content);
// 绘制干扰线
drawLines(g);
return image;
}
/**
* 绘制干扰线
* @param g
*/
private static void drawLines(Graphics g) {
g.setColor(Color.orange);
// 随机产生4条直线
for (int i = 0; i < 4; i++) {
int x1 = rd.nextInt(80);
int y1 = rd.nextInt(30);
int x2 = rd.nextInt(80);
int y2 = rd.nextInt(30);
// 绘制直线
g.drawLine(x1, y1, x2, y2);
}
}
/**
* 绘制内容
* @param g
*/
private static String drawContent(Graphics g) {
g.setColor(Color.black);
//字符内容(不含有重复的内容)
String temp = "u7684u4e00u4e86u662fu6211u4e0du5728u4ebau4eecu6709u6765u4ed6u8fd9u4e0au7740u4e2au5730u5230u5927u91ccu8bf4u5c31u53bbu5b50u5f97u4e5fu548cu90a3u8981u4e0bu770bu5929u65f6u8fc7u51fau5c0fu4e48u8d77u4f60u90fdu628au597du8fd8u591au6ca1u4e3au53c8u53efu5bb6u5b66u53eau4ee5u4e3bu4f1au6837u5e74u60f3u751fu540cu8001u4e2du5341u4eceu81eau9762u524du5934u9053u5b83u540eu7136u8d70u5f88u50cfu89c1u4e24u7528u5979u56fdu52a8u8fdbu6210u56deu4ec0u8fb9u4f5cu5bf9u5f00u800cu5df1u4e9bu73b0u5c71u6c11u5019u7ecfu53d1u5de5u5411u4e8bu547du7ed9u957fu6c34u51e0u4e49u4e09u58f0u4e8eu9ad8u624bu77e5u7406u773cu5fd7u70b9u5fc3u6218u4e8cu95eeu4f46u8eabu65b9u5b9eu5403u505au53ebu5f53u4f4fu542cu9769u6253u5462u771fu5168u624du56dbu5df2u6240u654cu4e4bu6700u5149u4ea7u60c5u8defu5206u603bu6761u767du8bddu4e1cu5e2du6b21u4eb2u5982u88abu82b1u53e3u653eu513fu5e38u6c14u4e94u7b2cu4f7fu5199u519bu5427u6587u8fd0u518du679cu600eu5b9au8bb8u5febu660eu884cu56e0u522bu98deu5916u6811u7269u6d3bu90e8u95e8u65e0u5f80u8239u671bu65b0u5e26u961fu5148u529bu5b8cu5374u7ad9u4ee3u5458u673au66f4u4e5du60a8u6bcfu98ceu7ea7u8ddfu7b11u554au5b69u4e07u5c11u76f4u610fu591cu6bd4u9636u8fdeu8f66u91cdu4fbfu6597u9a6cu54eau5316u592au6307u53d8u793eu4f3cu58ebu8005u5e72u77f3u6ee1u65e5u51b3u767eu539fu62ffu7fa4u7a76u5404u516du672cu601du89e3u7acbu6cb3u6751u516bu96beu65e9u8bbau5417u6839u5171u8ba9u76f8u7814u4ecau5176u4e66u5750u63a5u5e94u5173u4fe1u89c9u6b65u53cdu5904u8bb0u5c06u5343u627eu4e89u9886u6216u5e08u7ed3u5757u8dd1u8c01u8349u8d8au5b57u52a0u811au7d27u7231u7b49u4e60u9635u6015u6708u9752u534au706bu6cd5u9898u5efau8d76u4f4du5531u6d77u4e03u5973u4efbu4ef6u611fu51c6u5f20u56e2u5c4bu79bbu8272u8138u7247u79d1u5012u775bu5229u4e16u521au4e14u7531u9001u5207u661fu5bfcu665au8868u591fu6574u8ba4u54cdu96eau6d41u672au573au8be5u5e76u5e95u6df1u523bu5e73u4f1fu5fd9u63d0u786eu8fd1u4eaeu8f7bu8bb2u519cu53e4u9ed1u544au754cu62c9u540du5440u571fu6e05u9633u7167u529eu53f2u6539u5386u8f6cu753bu9020u5634u6b64u6cbbu5317u5fc5u670du96e8u7a7fu5185u8bc6u9a8cu4f20u4e1au83dcu722cu7761u5174u5f62u91cfu54b1u89c2u82e6u4f53u4f17u901au51b2u5408u7834u53cbu5ea6u672fu996du516cu65c1u623fu6781u5357u67aau8bfbu6c99u5c81u7ebfu91ceu575au7a7au6536u7b97u81f3u653fu57ceu52b3u843du94b1u7279u56f4u5f1fu80dcu6559u70edu5c55u5305u6b4cu7c7bu6e10u5f3au6570u4e61u547cu6027u97f3u7b54u54e5u9645u65e7u795eu5ea7u7ae0u5e2eu5566u53d7u7cfbu4ee4u8df3u975eu4f55u725bu53d6u5165u5cb8u6562u6389u5ffdu79cdu88c5u9876u6025u6797u505cu606fu53e5u533au8863u822cu62a5u53f6u538bu6162u53d4u80ccu7ec6";
int len = temp.length();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < 4; i++) {
int index = rd.nextInt(len);
// 添加到
sb.append(temp.charAt(index));
}
//保存起来
g.drawString(sb.toString(), 15, 18);
return sb.toString();
}
/**
* 设置背景颜色
* @param g
*/
private static void setBackgroud(Graphics g) {
g.setColor(Color.gray);
g.fillRect(0, 0, width, height);
}
}
2.LoginServlet.java
package blank.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import blank.dao.UserDao;
import blank.dao.impl.UserDaoImpl;
import blank.domain.User;
public class LoginServlet extends HttpServlet {
// 创建数据库操作对象
private UserDao userDao = new UserDaoImpl();
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");
// 获取请求的操作参数值
String oper = request.getParameter("oper");
// 转发到首页中
HttpSession session = request.getSession();
if ("pre".equals(oper)) {
session.setAttribute("flag", true);
// 转发到登陆界面
request.getRequestDispatcher("./login.jsp").forward(request,
response);
} else if ("login".equals(oper)) {
// 获取session中存储的code值
String content = (String) session.getAttribute("content");
System.out.println(content+"session获取的内容");
if (content == null) {
// 直接到首页
request.getRequestDispatcher("./init.do").forward(request,
response);
}
// 获取验证
String code = request.getParameter("checkCode");
System.out.println("网页中获取的"+code);
boolean flag = false;
if (code != null) {
// 判断输入的验证码 与保存的验证码是否一致
if (code.equals(content)) {
flag = true;
}
}
if (flag) {
String name = request.getParameter("name");
String pass = request.getParameter("pass");
// 验证用户名和密码
User user = userDao.checkLogin(name, pass);
if (user != null) {
// 存储对象
session.setAttribute("user", user);
// 转发到init.do的请求
request.getRequestDispatcher("./init.do").forward(request,
response);
} else {
request.setAttribute("error", "用户名或密码错误");
// 存储到session域中
session.setAttribute("name", name);
session.setAttribute("pass", pass);
// 登陆失败
request.getRequestDispatcher("./login.jsp").forward(
request, response);
}
} else {
request.setAttribute("code", "验证错误");
request.getRequestDispatcher("./login.do?oper=pre").forward(
request, response);
}
// 登陆处理
} else if ("delete".equals(oper)) {
// session.invalidate();//删除session中所有的内存对象
session.removeAttribute("user");// 删除指定的内存对象即可
// 转发到init.do的请求
request.getRequestDispatcher("./init.do")
.forward(request, response);
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}
}
3.CheckCodeServlet.java
package blank.servlet;
import java.awt.Color;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import blank.util.ImageUtil;
public class CheckCodeServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
/*
* conf/web.xml文件中 tomcat <extension>jpeg</extension>
* <mime-type>image/jpeg</mime-type>
*/
// 设置相应类型
response.setContentType("image/jpeg");
// 打给浏览器
ImageIO.write(ImageUtil.createImage(request), "jpeg", response.getOutputStream());
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}
}
4.InitServlet.java
package blank.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class InitServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//转发
request.getRequestDispatcher("./index.jsp").forward(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}
}
5.index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP "index.jsp" starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<div>
<div>
<c:if test="${user==null }">
<a href="./login.do?oper=pre">登陆</a>
</c:if>
<c:if test="${user!=null }">
${user.name}
<a href="./login.do?oper=delete">注销</a>
</c:if>
</div>
<h3>显示所有商品信息</h3>
<div>
</div>
</div>
</body>
</html>
6.Login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP "login.jsp" starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<c:if test="${flag}">
<div style="text-align: center;">
<div>
${error}
</div>
<form action="./login.do?oper=login" method="post">
用户名:<input type="text" name="name" value="${name }"/> <br /> 密码:<input
type="password" name="pass" value="${pass }"/> <br />
验证码:<input type="text" name="checkCode"><img src="./code.do" onclick="javascript:alert("刷新")" alt="验证码">
${code }<br/><input type="submit"
value="登陆" /> <input type="reset" value="重置" />
</form>
</div>
</c:if>
</body>
</html>
声明:该文观点仅代表作者本人,牛骨文系教育信息发布平台,牛骨文仅提供信息存储空间服务。
