Of Stack

JSP dynamically generates captchAs that are stored within the scope of session

  • 2020-11-30 08:29:52
  • OfStack

(1) In the login application, in order to prevent malicious login, the server is often required to dynamically generate verification code and store it in the scope of session, and finally return it to the client in the form of image for display

(2) The following code realizes the function: write 1 JSP page, dynamically generate 1 captcha, store it within the scope of session, and return it to the client for display in the form of image.

Write another JSP page, referring to the captcha generated by this JSP page;

authen. jsp code is as follows: 


<%@ page import="java.awt.*,java.awt.image.*,java.util.*,com.sun.image.codec.jpeg.*" %> 
<%! 
// According to ab Produces a random range of colors  
Color getColor(int a,int b){ 
int n=b-a; 
Random rd=new Random(); 
int cr=a+rd.nextInt(n); 
int cg=a+rd.nextInt(n); 
int cb=a+rd.nextInt(n); 

return new Color(cr,cg,cb); 
} 
%> 
<% // below 3 Line to cancel the client browser's ability to cache captchas  
response.setHeader("Pragma","No-cache"); 
response.setHeader("Cache-Control","no-cache"); 
response.setDateHeader("Expires", 0); 

int width=60, height=20; 
// Generated in memory 1 An image  
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); 

Graphics g = image.getGraphics(); 

Random random = new Random(); 

g.setColor(getColor(200,250)); 
g.fillRect(0, 0, width, height); 

g.setFont(new Font("Times New Roman",Font.BOLD,18)); 

g.setColor(getColor(160,200)); 
for (int i=0;i<160;i++) 
{ 
int x = random.nextInt(width); 
int y = random.nextInt(height); 
int xl = random.nextInt(12); 
int yl = random.nextInt(12); 
g.drawLine(x,y,x+xl,y+yl); 
} 

String number=String.valueOf(1000+random.nextInt(8999)); 
String name=request.getParameter("name"); 
session.setAttribute(name,number); 

g.setColor(getColor(20,130)); 
int x=(int)(width*0.2); 
int y=(int)(height*0.8); 
g.drawString(number,x,y); 
g.dispose(); 

JPEGImageEncoder encoder=JPEGCodec.createJPEGEncoder(response.getOutputStream()); 
encoder.encode(image); 
out.close(); 
%>

Create another ES17en. jsp page to call the captcha: 


<%@ page contentType="text/html; charset=gb2312" language="java" import="java.sql.*" errorPage="" %> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> 
<title> Untitled document </title> 
</head> 

<body> 
<% // Also implemented to cancel the client cache  
response.setHeader("Pragma","No-cache"); 
response.setHeader("Cache-Control","no-cache"); 
response.setDateHeader("Expires", 0); 
String name="loginCode"; 
%> 
 Verification code :<img src="authen.jsp?name=<%=name%>" /> 
</body> 
</html>

(3) In both of the above pages, the function of client cache is cancelled. This is because the other browsers, such as the IE browser,

It will put the image in the cache first, and when it is requested again, it will now look in memory to see if it is already there. If it is, it will not be requested, which makes the refresh check

The authentication fails, so to make the viewer does not read the cached images, you need to cancel the cache;

(4) OK! That's it!

Related articles: