Cookie和Session-2

最新推荐文章于 2024-07-18 10:54:29 发布

原创最新推荐文章于 2024-07-18 10:54:29 发布 · 130 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#session #servlet

本文介绍了一次性验证码的生成方法，包括使用特定字符集生成验证码字符串，以及生成带有扭曲效果和随机噪点的验证码图片。同时，文章详细阐述了如何在Web应用中使用session来防止表单重复提交，确保用户操作的安全性和有效性。

实现一次性验证码

借助的工具类：

package com.hpe.util;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.Graphics2D;
import java.awt.RenderingHints;
import java.awt.geom.AffineTransform;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Random;

import javax.imageio.ImageIO;
/**
 * (验证码生成)
 */
public class CodeUtils{
     
    //使用到Algerian字体，系统里没有的话需要安装字体，字体只显示大写，去掉了1,0,i,o几个容易混淆的字符
    public static final String VERIFY_CODES = "23456789ABCDEFGHJKLMNPQRSTUVWXYZ";
    private static Random random = new Random(); 
    /**
     * 使用系统默认字符源生成验证码
     * @param verifySize    验证码长度
     * @return
     */
    public static String generateVerifyCode(int verifySize){
        return generateVerifyCode(verifySize, VERIFY_CODES);
    }
    /**
     * 使用指定源生成验证码
     * @param verifySize    验证码长度
     * @param sources   验证码字符源
     * @return
     */
    public static String generateVerifyCode(int verifySize, String sources){
        if(sources == null || sources.length() == 0){
            sources = VERIFY_CODES;
        }
        int codesLen = sources.length();
        Random rand = new Random(System.currentTimeMillis());
        StringBuilder verifyCode = new StringBuilder(verifySize);
        for(int i = 0; i < verifySize; i++){
            verifyCode.append(sources.charAt(rand.nextInt(codesLen-1)));
        }
        return verifyCode.toString();
    }
     
    /**
     * 生成随机验证码文件,并返回验证码值
     * @param w
     * @param h
     * @param outputFile
     * @param verifySize
     * @return
     * @throws IOException
     */
    public static String outputVerifyImage(int w, int h, File outputFile, int verifySize) throws IOException{
        String verifyCode = generateVerifyCode(verifySize);
        outputImage(w, h, outputFile, verifyCode);
        return verifyCode;
    }
     
    /**
     * 输出随机验证码图片流,并返回验证码值
     * @param w
     * @param h
     * @param os
     * @param verifySize
     * @return
     * @throws IOException
     */
    public static String outputVerifyImage(int w, int h, OutputStream os, int verifySize) throws IOException{
        String verifyCode = generateVerifyCode(verifySize);
        outputImage(w, h, os, verifyCode);
        return verifyCode;
    }
     
    /**
     * 生成指定验证码图像文件
     * @param w
     * @param h
     * @param outputFile
     * @param code
     * @throws IOException
     */
    public static void outputImage(int w, int h, File outputFile, String code) throws IOException{
        if(outputFile == null){
            return;
        }
        File dir = outputFile.getParentFile();
        if(!dir.exists()){
            dir.mkdirs();
        }
        try{
            outputFile.createNewFile();
            FileOutputStream fos = new FileOutputStream(outputFile);
            outputImage(w, h, fos, code);
            fos.close();
        } catch(IOException e){
            throw e;
        }
    }
     
    /**
     * 输出指定验证码图片流
     * @param w
     * @param h
     * @param os
     * @param code
     * @throws IOException
     */
    public static void outputImage(int w, int h, OutputStream os, String code) throws IOException{
        int verifySize = code.length();
        BufferedImage image = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB);
        Random rand = new Random();
        Graphics2D g2 = image.createGraphics();
        g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING,RenderingHints.VALUE_ANTIALIAS_ON);
        Color[] colors = new Color[5];
        Color[] colorSpaces = new Color[] { Color.WHITE, Color.CYAN,
                Color.GRAY, Color.LIGHT_GRAY, Color.MAGENTA, Color.ORANGE,
                Color.PINK, Color.YELLOW };
        float[] fractions = new float[colors.length];
        for(int i = 0; i < colors.length; i++){
            colors[i] = colorSpaces[rand.nextInt(colorSpaces.length)];
            fractions[i] = rand.nextFloat();
        }
        Arrays.sort(fractions);
         
        g2.setColor(Color.GRAY);// 设置边框色
        g2.fillRect(0, 0, w, h);
         
        Color c = getRandColor(200, 250);
        g2.setColor(c);// 设置背景色
        g2.fillRect(0, 2, w, h-4);
         
        //绘制干扰线
        Random random = new Random();
        g2.setColor(getRandColor(160, 200));// 设置线条的颜色
        for (int i = 0; i < 20; i++) {
            int x = random.nextInt(w - 1);
            int y = random.nextInt(h - 1);
            int xl = random.nextInt(6) + 1;
            int yl = random.nextInt(12) + 1;
            g2.drawLine(x, y, x + xl + 40, y + yl + 20);
        }
         
        // 添加噪点
        float yawpRate = 0.05f;// 噪声率
        int area = (int) (yawpRate * w * h);
        for (int i = 0; i < area; i++) {
            int x = random.nextInt(w);
            int y = random.nextInt(h);
            int rgb = getRandomIntColor();
            image.setRGB(x, y, rgb);
        }
         
        shear(g2, w, h, c);// 使图片扭曲
 
        g2.setColor(getRandColor(100, 160));
        int fontSize = h-4;
        Font font = new Font("Algerian", Font.ITALIC, fontSize);
        g2.setFont(font);
        char[] chars = code.toCharArray();
        for(int i = 0; i < verifySize; i++){
            AffineTransform affine = new AffineTransform();
            affine.setToRotation(Math.PI / 4 * rand.nextDouble() * (rand.nextBoolean() ? 1 : -1), (w / verifySize) * i + fontSize/2, h/2);
            g2.setTransform(affine);
            g2.drawChars(chars, i, 1, ((w-10) / verifySize) * i + 5, h/2 + fontSize/2 - 10);
        }
         
        g2.dispose();
        ImageIO.write(image, "jpg", os);
    }
     
    private static Color getRandColor(int fc, int bc) {
        if (fc > 255)
            fc = 255;
        if (bc > 255)
            bc = 255;
        int r = fc + random.nextInt(bc - fc);
        int g = fc + random.nextInt(bc - fc);
        int b = fc + random.nextInt(bc - fc);
        return new Color(r, g, b);
    }
     
    private static int getRandomIntColor() {
        int[] rgb = getRandomRgb();
        int color = 0;
        for (int c : rgb) {
            color = color << 8;
            color = color | c;
        }
        return color;
    }
     
    private static int[] getRandomRgb() {
        int[] rgb = new int[3];
        for (int i = 0; i < 3; i++) {
            rgb[i] = random.nextInt(255);
        }
        return rgb;
    }
 
    private static void shear(Graphics g, int w1, int h1, Color color) {
        shearX(g, w1, h1, color);
        shearY(g, w1, h1, color);
    }
     
    private static void shearX(Graphics g, int w1, int h1, Color color) {
 
        int period = random.nextInt(2);
 
        boolean borderGap = true;
        int frames = 1;
        int phase = random.nextInt(2);
 
        for (int i = 0; i < h1; i++) {
            double d = (double) (period >> 1)
                    * Math.sin((double) i / (double) period
                            + (6.2831853071795862D * (double) phase)
                            / (double) frames);
            g.copyArea(0, i, w1, 1, (int) d, 0);
            if (borderGap) {
                g.setColor(color);
                g.drawLine((int) d, i, 0, i);
                g.drawLine((int) d + w1, i, w1, i);
            }
        }
 
    }
 
    private static void shearY(Graphics g, int w1, int h1, Color color) {
 
        int period = random.nextInt(40) + 10; // 50;
 
        boolean borderGap = true;
        int frames = 20;
        int phase = 7;
        for (int i = 0; i < w1; i++) {
            double d = (double) (period >> 1)
                    * Math.sin((double) i / (double) period
                            + (6.2831853071795862D * (double) phase)
                            / (double) frames);
            g.copyArea(i, 0, 1, h1, 0, (int) d);
            if (borderGap) {
                g.setColor(color);
                g.drawLine(i, (int) d, i, 0);
                g.drawLine(i, (int) d + h1, i, h1);
            }
 
        }
 
    }
    public static void main(String[] args) throws IOException{
        File dir = new File("F:/verifies");
        int w = 200, h = 80;
        for(int i = 0; i < 50; i++){
            String verifyCode = generateVerifyCode(4);
            File file = new File(dir, verifyCode + ".jpg");
            outputImage(w, h, file, verifyCode);
        }
    }
}

产生验证码的Servlet

package com.hpe.login;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.hpe.util.CodeUtils;

@WebServlet("/image")
public class ImageServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// 设置响应类型
		response.setContentType("image/jpeg");
		// 生成验证码
		String code = CodeUtils.generateVerifyCode(4);
		// 创建session
		HttpSession session = request.getSession();
		session.removeAttribute("code");
		// 将验证码保存到session
		session.setAttribute("code", code);
		// 生成图片（通过字节流的方式响应给客户端）
		CodeUtils.outputImage(100, 30, response.getOutputStream(), code);
	}

}

前端登录表单

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
<script type="text/javascript"  scr="jquery-1.8.3.min.js"></script>
<script type="text/javascript">
	function changeImg(){
		// 请求servlet src=image
		var img = document.getElementById("img");
		img.src = "image?date="+new Date(); 
		//$("img").prop("src","image?date="+new Date());
	}
</script>
</head>
<body>
	<hr>
	<form action="login" method="post">
		用户名:<input type="text" name="name" /><br>
		密&nbsp;&nbsp;码:<input type="password" name="pwd" /><br>
		验证码:<input type="text" name="vCode" /><br>
		<img id="img" alt="" src="image" />
		<a href="#" onclick="changeImg()"><label style="color:red">看不清?</label></a><br>
		<input type="submit" value="登录" />
	</form>
</body>
</html>

防止表单重复提交

创建一个产生随机标识

@WebServlet("/token")
public class TokenServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// 创建令牌
		String token = UUID.randomUUID().toString();
		System.out.println("创建的令牌："+token);
		// 在服务器端使用session保存token
		HttpSession session = request.getSession();
		session.setAttribute("token", token);
		// 跳转到表单页面
		request.getRequestDispatcher("/reg.jsp").forward(request, response);;
	}
}

Reg.jsp核心代码

<body>
	<!-- 生成token -->
	<%
		String token = UUID.randomUUID().toString().replace("-", "");
		session.setAttribute("token", token);
	%>
	<hr>
	<form action="reg" method="post">
		<%-- <input type="hidden" name="token" value="${token}"/> --%>
		<input type="hidden" name="token" value="<%=token%>"/>
		用户名:<input type="text" name="name" /><br>
		密&nbsp;&nbsp;码:<input type="password" name="pwd" /><br>
		<input type="submit" value="注册" />
	</form>
</body>

逻辑判断Servlet

package com.hpe.login;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.websocket.Session;
/* 表单重复提交的场景
* 1.表单提交后，点击刷新按钮
* 2.网络延迟，多次submit
* 3.用户提交表单后，点击回退表单页面再次提交
* 解决方案:利用session防止表单提交
*	1.在服务器端生成一 一个随机标识号token(令牌) ,同时在当前用户的sess ion中保存token
	2.将token发送给客户端的表单,在表单的隐藏域中存储token
	3.表单提交的时候把隐藏域中的token-起提交给服务器,将来就可以判断客户端的token和服务器端的token
	是否一致。如果不一致代表重复提交,如果先不沟通
	
	Token：在服务器端产生的。如果前端页面向服务端请求认证，服务端认证成功，会返回一个token给前端
		前端页面将来请求服务器的时候会带上token
*/

@WebServlet("/reg")
public class RegistServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// 让当前的线程睡眠3s，模拟延迟导致的表单重复提交
		/*try {
			Thread.sleep(3000);
		} catch (InterruptedException e) {
			e.printStackTrace();
		}*/
		// 获取表单隐藏域的token，session中的token
		String ctoken = request.getParameter("token");
		String stoken = (String)request.getSession().getAttribute("token");
		// 比较token是否一致
		/**
		 * 1.存储session域中的token与表单提交的token不一致
		 * 2.当前用户的session中不存在token
		 * 3.用户提交的表单中无token
		 */
		if(ctoken!=null && stoken!=null && ctoken.equals(stoken)){
			System.out.println("注册成功");
			// 移除session中的token：为了下次判断token是否一致
			request.getSession().removeAttribute("token");
			request.getRequestDispatcher("/index.jsp").forward(request, response);
		}else{
			System.out.println("不能重复提交");
		}
	}

}