???? 在web系统中,验证码的应用基本上随处可见.验证码可以防止他人恶意攻击和垃圾注册,可以说已成了web开发中必不可少的环节.遗憾的是,验证码在jsp,jsf的组件库, 至少是一些标准的组件库中并没有出现.本文分别介绍如何在jsp和jsf中使用验证码和我的一些小经验,呵呵.
???? 在jsp中,我们使用apache的taglibs-image(http://jakarta.apache.org/taglibs/sandbox/doc/image-doc/intro.html),可以简便的配置自己的验证码.而由于在jsf中,无法和其他jsp标签库混用(至少不能和上述标签库混用),我们则用Java2D自己绘制验证码图.
?
1. 在jsp中使用taglibs-image部署验证码
??? taglibs-image可以通过标签自动将一段文字和背景图片生成新的图片,文字的布局,颜色,字体等等都可以自我定制,因此拿来做验证码是非常的简单
???
<%
@?page?contentType
=
"
text/html;?charset=iso-8859-1
"
?language
=
"
java
"
?
import
=
"
java.sql.*
"
?errorPage
=
""
?
%>
<%
@?taglib?uri
=
"
http://jakarta.apache.org/taglibs/image-1.0
"
?prefix
=
"
img
"
?
%>
<
html
>
<
head
>
<
title
>
Image?Tag?examples
</
title
>
<
meta?http
-
equiv
=
"
Content-Type
"
?content
=
"
text/html;?charset=iso-8859-1
"
>
</
head
>
<
body
>
td
?
<%
??
int
?num?
=
?(
int
)?java.lang.Math.round(java.lang.Math.random()?
*
?
8999
);
??String?sRand?
=
?
""
?
+
?(
1000
?
+
num);
??session.setAttribute(
"
userInfo.authcode
"
,sRand);
?
%>
<
img:image?src
=
"
/images/code.gif
"
?refresh
=
"
true
"
>
??
<
img:text?text
=
"
<%=sRand.substring(0,1)%>
"
?x
=
"
18%
"
?
????????y
=
"
25%
"
?
????????font
=
"
Arial
"
?
????????bold
=
"
true
"
?
????????size
=
"
16
"
?
????????
/>
??
<
img:text?text
=
"
<%=sRand.substring(1,2)%>
"
?x
=
"
36%
"
?
????????y
=
"
15%
"
?
????????font
=
"
Times?New?Roman
"
?
????????bold
=
"
true
"
?
????????size
=
"
20
"
?
????????
/>
??
<
img:text?text
=
"
<%=sRand.substring(2,3)%>
"
?x
=
"
60%
"
?
????????y
=
"
20%
"
?
????????font
=
"
Arial
"
?
????????bold
=
"
true
"
?
????????size
=
"
18
"
?
????????
/>
??
<
img:text?text
=
"
<%=sRand.substring(3,4)%>
"
?x
=
"
77%
"
?
????????y
=
"
30%
"
?
????????font
=
"
Times?New?Roman
"
?
????????bold
=
"
true
"
?
????????size
=
"
14
"
?
????????
/>
</
img:image
>
</
body
>
</
html
>
?? 其中最开始百分号内的java代码是为了生成验证码,然后保存在session中.同时验证码和背景图片生成新的验证图.用户根据此图输入验证码.在服务器方,只用把用户提交表单中的验证码内容取出和session中保存的验证码对比,就可以判断正确性咯
?????????????
2.JSF
?? jsf中无法使用上述标签(会无法渲染出来), 因此,我们自己实现一个生成验证图的类,再通过jsf的<h:graphicImage>标签得以显示.
? 生成验证码的java类如下:
package?org.myibm.beans;
import?java.awt.Color;
import?java.awt.Font;
import?java.awt.Graphics;
import?java.awt.image.BufferedImage;
import?java.io.File;
import?java.io.IOException;
import?java.util.Random;
import?javax.imageio.ImageIO;
/**?*//**
?*?用来自动生成验证图和验证码,验证图是背景图加上干扰点加上验证码
?*?
?*?@author?td
?*?
?*/
public?final?class?CodeImageGenerator?
{
????private?final?static?int?DEF_WIDTH?=?60;
????private?final?static?int?DEF_HEIGHT?=?20;
????private?final?static?String?BASE_PATH?=?"validate-images";
????/**?*//**
?????*?验证码
?????*/
????private?String?code?=?"";
????/**?*//**
?????*?验证图的地址
?????*/
????private?String?path;
????private?int?width;
????private?int?height;
????private?BufferedImage?image;
????/**?*//**
?????*?验证图对应的File对象
?????*/
????private?File?target;
????public?CodeImageGenerator()?{
????????this(DEF_WIDTH,?DEF_HEIGHT);
????}
????public?CodeImageGenerator(int?width,?int?height)?{
????????this.width?=?width;
????????this.height?=?height;
????????generateCodeImage();
????}
????/**?*//**
?????*?生成验证码和验证图
?????*
?????*/
????private?void?generateCodeImage()?{
????????//?create?the?image
????????image?=?new?BufferedImage(width,?height,?BufferedImage.TYPE_INT_RGB);
????????Graphics?g?=?image.getGraphics();
????????//?set?the?background?color
????????g.setColor(new?Color(0xDCDCDC));
????????g.fillRect(0,?0,?width,?height);
????????//?draw?the?border
????????g.setColor(Color.black);
????????g.drawRect(0,?0,?width?-?1,?height?-?1);
????????//?set?the?font
????????g.setFont(new?Font("Times?New?Roman",?Font.PLAIN,?18));
????????//?create?a?random?instance?to?generate?the?codes
????????Random?random?=?new?Random();
????????//?make?some?confusion
????????for?(int?i?=?0;?i?<?50;?i++)?{
????????????int?x?=?random.nextInt(width);
????????????int?y?=?random.nextInt(height);
????????????g.drawOval(x,?y,?0,?0);
????????}?//?generate?a?random?code
????????for?(int?i?=?0;?i?<?4;?i++)?{
????????????String?rand?=?String.valueOf(random.nextInt(10));
????????????code?+=?rand;
????????????g.drawString(rand,?13?*?i?+?6,?16);
????????}
????????g.dispose();
????????try?{
????????????File?dir?=?new?File("K:/Tomcat?5.5/webapps/nirvana/validate-images");
????????????String?s?=?new?Double(Math.random()?*?995596390219L).toString();
????????????File?imgFile?=?new?File(dir,?s?+?".jpeg");
????????????if?(!imgFile.exists())
????????????????imgFile.createNewFile();
????????????target?=?imgFile;
????????????ImageIO.write(image,?"JPEG",?imgFile);
????????????path?=?"/"?+?BASE_PATH?+?"/"?+?s?+?".jpeg";
????????????System.err.println(path);
????????}?catch?(IOException?e)?{
????????????//?TODO?Auto-generated?catch?block
????????????e.printStackTrace();
????????}
????}
????public?BufferedImage?getImage()?{
????????return?image;
????}
????public?String?getCode()?{
????????if?(code?==?null)
????????????code?=?"";
????????return?code;
????}
????public?static?void?main(String[]?args)?throws?Exception?{
????????//?File?imgFile?=?new?File("codeImage.jpeg");
????????//?CodeImageGenerator?cig?=?new?CodeImageGenerator();
????????//?ImageIO.write(cig.getImage(),?"JPEG",?imgFile);
????}
????public?String?getPath()?{
????????return?path;
????}
????public?void?setPath(String?path)?{
????????this.path?=?path;
????}
????/**?*//**
?????*?当这个对象被回收时,同时销毁其对应的验证图
?????*/
????@Override
????protected?void?finalize()?throws?Throwable?{
????????//?TODO?Auto-generated?method?stub
????????//?System.err.println("finalize");
????????if?(target.exists())
????????????target.delete();
????????super.finalize();
????}
????public?File?getTarget()?{
????????return?target;
????}
????public?void?setTarget(File?target)?{
????????this.target?=?target;
????}
}
要说明几点的事,这个类会把生成的验证图放在制定文件夹下,未免得文件越来越多,应该当验证图不再使用时将之删除.所以此类重写了Object的finalize()方法,当此类被垃圾回收器回收时,同时也删除其对应的验证图.
这样,就可以利用java的垃圾回收器轻松为我们删除不用的文件.
另外,在页面对应的managed-bean中,我们还要添加如何得到验证码和验证图的方法
private?CodeImageGenerator?validator;
????
????private?String?validate_code;
????
????public?CodeImageGenerator?getValidator()?{
????????if(validator!=null){
????????????validator.getTarget().delete();
????????????validator=null;
????????}
????????validator=new?CodeImageGenerator();
????????System.out.println(validator.getCode());
????????return?validator;
????}
????public?void?setValidator(CodeImageGenerator?validator)?{
????????this.validator?=?validator;
????} 其中validate-code对应用户输入的验证码信息
因为每次刷新页面都需要得到不同的验证码,所以在getValidator()方法时,每次需要返回一个新的CodeImageGenerator.同时,你可能等不及垃圾回收器帮你删除文件,因此,可以在这里同时删除老的验证图.
另外,在注册时我们还需要做一下判断:
public?String?register()?{
????????//?System.out.println("haha");
????????if(!validator.getCode().equals(validate_code)){
????????????FacesMessage?message?=?new?FacesMessage(
????????????????????FacesMessage.SEVERITY_ERROR,?"验证码错误",
????????????????????"验证码错误");
????????????FacesContext.getCurrentInstance().addMessage(null,?message);
????????????FacesContext?fcg?=?FacesContext.getCurrentInstance();
????????????((LoginBean)?fcg.getApplication().getVariableResolver()
????????????????????.resolveVariable(fcg,?"loginBean")).setReg(true);
????????????System.out.println(validator.getCode());
????????????System.out.println(validate_code);
????????????return?null;
????????}
..
} 最后,我们需要在页面中添加对应的标签
????????????????????????<h:outputText?value="验证码(*):"?styleClass="label"></h:outputText>
????????????????????????<h:message?for="vcode"?styleClass="error"></h:message>
????????????????????????<h:inputText?id="vcode"?required="true"?value="#{myPageBean.validate_code}"></h:inputText>
????????????????????????<h:graphicImage?value="#{myPageBean.validator.path}"></h:graphicImage>
这样, 我们就在jsf中实现了自己的验证码部署^_^
