防止恶意破解密码、刷票、论坛灌水、刷页。
有效防止某个黑客对某一个特定注册用户用特定程序暴力破解方式进行不断的登录尝试,实际上使用验证码是现在很多网站通行的方式(比如招商银行的网上个人银行,百度社区),我们利用比较简易的方式实现了这个功能。虽然登录麻烦一点,但是对网友的密码安全来说这个功能还是很有必要,也很重要。但我们还是 提醒大家要保护好自己的密码 ,尽量使用混杂了数字、字母、符号在内的 6 位以上密码,不要使用诸如 1234 之类的简单密码或者与用户名相同、类似的密码 ,免得你的账号被人盗用给自己带来不必要的麻烦。
验证码通常使用一些线条和一些不规则的字符组成,主要作用是为了防止一些黑客把密码数据化盗取。
Kaptcha 是一个可高度配置的实用验证码生成工具,可自由配置的选项如:
1.登录验证码
使用kaptcha来实现
pom.xml
- <dependency>
- <groupId>com.github.axet</groupId>
- <artifactId>kaptcha</artifactId>
- <version>0.0.9</version>
- </dependency>
config添加配置
- import com.google.code.kaptcha.impl.DefaultKaptcha;
- import com.google.code.kaptcha.util.Config;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
-
- import java.util.Properties;
-
- /*
- * 验证码配置
- * */
- @Configuration
- public class KaptchaConfig {
-
- @Bean
- public DefaultKaptcha producer(){
- Properties properties = new Properties();
- properties.put("kaptcha.border","no");
- properties.put("kaptcha.textproducer.font.color","black");
- properties.put("kaptcha.textproducer.char.space","5");
- Config config = new Config(properties);
- DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
- defaultKaptcha.setConfig(config);
- return defaultKaptcha;
- }
- }
controller生成
- import com.google.code.kaptcha.Constants;
- import com.google.code.kaptcha.Producer;
- import org.apache.commons.math3.stat.descriptive.summary.Product;
- import org.apache.poi.util.IOUtils;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.web.bind.annotation.GetMapping;
- import org.springframework.web.bind.annotation.RestController;
-
- import javax.imageio.ImageIO;
- import javax.servlet.ServletException;
- import javax.servlet.ServletOutputStream;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import java.awt.image.BufferedImage;
- import java.io.IOException;
-
- @RestController
- public class SysLoginController {
- @Autowired
- private Producer producter;
- @GetMapping("/captcha.jpg")
- public void captcha(HttpServletResponse response, HttpServletRequest request)throws ServletException, IOException{
- response.setHeader("Cache-Control","no-store,no-cache");
- response.setContentType("image/jpeg");
- //生成文字验证码
- String text = producter.createText();
- //生成图片验证码
- BufferedImage image = producter.createImage(text);
- //保存验证码到session
- request.getSession().setAttribute(Constants.KAPTCHA_SESSION_KEY,text);
- ServletOutputStream out = response.getOutputStream();
- ImageIO.write(image,"jpg",out);
- IOUtils.closeQuietly(out);
- }
- }
或者使用penggle包下的kaptcha
pom文件中导入kaptcha依赖
新建springboot项目,并在其pom.xml中导入kaptcha依赖:
- <dependency>
- <groupId>com.github.penggle</groupId>
- <artifactId>kaptcha</artifactId>
- <version>2.3.2</version>
- </dependency>
创建前端页面与跳转页面
前端页面index.html
- <h2>kaptcha验证码验证</h2>
- <form action="/loginh" method="post">
- <input type="text" name="verifyCode" placeholder="请输入验证码" required="true">
- <img alt="单击图片刷新!" class="pointer" src="/common/kaptcha"
- onclick="this.src='/common/kaptcha?d='+new Date()*1">
- </br>
- <button type="submit" value="submit">登陆</button>
- </form>
跳转页面success.html
- <!DOCTYPE html>
- <html lang="en" xmlns:th="http://www.thymeleaf.org">
- <head>
- <meta charset="UTF-8">
- <title>Title</title>
- </head>
- <body>
- <h2>success</h2>
- </body>
- </html>
注入keptcha配置类
创建配置类KaptchaConfig.java
- import com.google.code.kaptcha.impl.DefaultKaptcha;
- import com.google.code.kaptcha.util.Config;
- import org.springframework.context.annotation.Bean;
- import org.springframework.stereotype.Component;
-
- import java.util.Properties;
-
- @Component
- public class KaptchaConfig {
-
- @Bean
- public DefaultKaptcha getDefaultKaptcha(){
- DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
- //Properties类
- Properties properties = new Properties();
- // 图片边框
- properties.put("kaptcha.border", "no");
- / 边框颜色
- properties.put("kaptcha.border.color", "105,179,90");
- // 字体颜色
- properties.put("kaptcha.textproducer.font.color", "black");
- // 图片宽
- properties.put("kaptcha.image.width", "150");
- // 图片高
- properties.put("kaptcha.image.height", "40");
- // 字体大小
- properties.put("kaptcha.textproducer.font.size", "30");
- // session key
- properties.put("kaptcha.session.key", "verifyCode");
- // 验证码长度
- properties.put("kaptcha.textproducer.char.space", "5");
- // 字体
- properties.put("kaptcha.textproducer.font.names", "宋体,楷体,微软雅黑");
- //图片干扰
- properties.put("kaptcha.noise.impl","com.google.code.kaptcha.impl.DefaultNoise");
- //Kaptcha 使用上述配置
- Config config = new Config(properties);
- defaultKaptcha.setConfig(config);
- return defaultKaptcha;
- }
- }
1.3.2 创建后端控制类生成验证码
创建控制类CommonController类,一方面通过流的方式将随机生成的验证码图片信息发送到前端浏览器;另一方面将验证码中的验证信息写入session中,以方便后续的验证
- import com.google.code.kaptcha.impl.DefaultKaptcha;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.stereotype.Controller;
- import org.springframework.web.bind.annotation.GetMapping;
-
- import javax.imageio.ImageIO;
- import javax.servlet.ServletOutputStream;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import java.awt.image.BufferedImage;
- import java.io.ByteArrayOutputStream;
-
- @Controller
- public class CommonController {
-
- @Autowired
- private DefaultKaptcha captchaProducer;
-
- @GetMapping("/common/kaptcha")
- public void defaultKaptcha(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
- byte[] captchaOutputStream = null;
- ByteArrayOutputStream imgOutputStream = new ByteArrayOutputStream();
- try {
- //生产验证码字符串并保存到session中
- String verifyCode = captchaProducer.createText();
- HttpSession session = httpServletRequest.getSession();
- session.setAttribute("verifyCode", verifyCode);
- session.setMaxInactiveInterval(20);
- //单独实现验证码60s过期功能
- stringRedisTemplate.opsForValue().set(“mar:captcha:”+session.getId(),capText,60, TimeUnit.SECONDS);
-
- BufferedImage challenge = captchaProducer.createImage(verifyCode);
- ImageIO.write(challenge, "jpg", imgOutputStream);
- } catch (IllegalArgumentException e) {
- httpServletResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
- return;
- }
- captchaOutputStream = imgOutputStream.toByteArray();
- httpServletResponse.setHeader("Cache-Control", "no-store");
- httpServletResponse.setHeader("Pragma", "no-cache");
- httpServletResponse.setDateHeader("Expires", 0);
- httpServletResponse.setContentType("image/jpeg");
- ServletOutputStream responseOutputStream = httpServletResponse.getOutputStream();
- responseOutputStream.write(captchaOutputStream);
- responseOutputStream.flush();
- responseOutputStream.close();
- }
- }
实现验证码的验证与页面跳转
对前端输入的数据并发送到服务器的验证信息进行校验,当输入信息与验证码信息一致则跳转至success.html页面,否则跳转至false.html页面
- @Controller
- public class AdminController {
-
- @PostMapping("/loginh")
- public String loginByKaptcha(@RequestParam("verifyCode") String verifyCode,
- HttpSession session){
- String kaptchaCode = session.getAttribute("verifyCode") + "";
- String sessionYzm = stringRedisTemplate.opsForValue().get(mar:captcha:" + request.getSession().getId());
- if (sessionYzm==null){
- //返回给前端
- return "验证码已过期,请重新输入!";
- }
- if(verifyCode.equals(kaptchaCode)){
- return "success";
- }
- return "false";
- }
- }