Java 简单的登录验证码

　　1 验证码的作用

　　验证码是为了区分人与机器，如果没有验证码机制，web网站或者应用会遇到很多问题，具体如下：

　　① 网站容易被暴力登录攻破密码，可以制作一个自动程序不断的尝试登录，密码很容易被破解，系统容易瘫痪；

　　② 黑客可以创建自动程序不断的注册账户，不断的发帖，不断的刷票，消耗服务器资源，产生大量垃圾信息；

　　验证码分为两部分：图片与输入框

<html><br/>
<image src='images/logo1.jpg' /><hr/>
<head><br/><title>登录</title> <br/><h1> 欢迎登录</h1></head> <br/>
<body> <br/>
<form action='/LoginValid/LoginVerify' method='post' >
用户id：<input type='text' name='userid' value=''> <br/>
用户密码：<input type='password' name='password' value=''> <br/>
<br/>
验证码：<input type='text' name='inputCode' value='' />  <img src='/LoginValid/CreateCode2' /><br/>
<input type='submit' value='登录' /><br/>
</form>
</body> <br/>
</html>

CreateCode实时生成图片

    private static final int IMG_W=82;
    private static final int IMG_H=25;
    private static final int NUM_CHS=5;
    private static char[] chs = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890".toCharArray();
    private static Random rand = new Random();
    
    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        //禁止浏览器缓存随机图片
        response.setDateHeader("Expires",-1);
        response.setHeader("Cache-Control", "no-cache");
        response.setHeader("Pragma", "no-cache");
        
        //通知客户端以图片的方式打开发送过去的数据
        response.setHeader("Content-Type", "image/jpeg");
        
        //创建image对象
        BufferedImage image = new BufferedImage(IMG_W, IMG_H, BufferedImage.TYPE_INT_RGB);
        Graphics g = image.getGraphics();
        
        //验证码图片背景颜色
        Color co = new Color(200,200,255);
        g.setColor(co);
        
        g.fillRect(0, 0, IMG_W, IMG_H);
        //保存验证码字符
        StringBuilder sb = new StringBuilder();
        int index=0;
        for(int i=0; i<NUM_CHS; i++)
        {
            //获取随机一个下标
            index = rand.nextInt(chs.length);
            //给画笔随机一个颜色
            g.setColor(new Color(rand.nextInt(88),rand.nextInt(210),rand.nextInt(150)));
            //画出字符
            g.drawString(chs[index]+"", 15*i+3, 18);
            sb.append(chs[index]);
        }
        
        //将验证码保存至session
        request.getSession().setAttribute("checkCode", sb.toString());
        ImageIO.write(image, "jpg", response.getOutputStream());
    }

　　验证用户输入的验证码与session里保存的是否一致：

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        response.setContentType("text/html;charset=utf-8");
        request.setCharacterEncoding("utf-8");
        PrintWriter out = response.getWriter();
        
        HttpSession session = request.getSession();
        String seCode = (String)session.getAttribute("checkCode");
        String inputCode = (String)request.getParameter("inputCode");
        if(seCode.equals(inputCode))
        {
            request.getRequestDispatcher("/Main").forward(request, response);
        }
        else
        {
            request.getRequestDispatcher("/Err").forward(request, response);
        }

    }