login_image.jsp
<%@ page contentType="image/jpeg" import="java.awt.*,java.awt.image.*,java.util.*,javax.imageio.*" pageEncoding="utf-8"%>
<%!
//随机获取图片颜色
Color getRandColor(int fc,int bc){
Random random = new Random();
if(fc>255) fc=255;
if(bc>255) bc=255;
int r=fc+random.nextInt(bc-fc);
int g=fc+random.nextInt(bc-fc);
int b=fc+random.nextInt(bc-fc);
return new Color(r,g,b);
}
%>
<%
//response设置
response.setHeader("Pragma","No-cache");
response.setHeader("Cache-Control","no-cache");
response.setDateHeader("Expires", 0);
//设置图片大小
int width=60, height=20;
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
//Graphics图片对象
Graphics g = image.getGraphics();
Random random = new Random();
g.setColor(getRandColor(200,250));
g.fillRect(0, 0, width, height);
g.setFont(new Font("Times New Roman",Font.PLAIN,18));
// 设置图片中的随机数
g.setColor(getRandColor(160,200));
for (int i=0;i<155;i++)
{
int x = random.nextInt(width);
int y = random.nextInt(height);
int xl = random.nextInt(12);
int yl = random.nextInt(12);
g.drawLine(x,y,x+xl,y+yl);
}
String sRand="";
for (int i=0;i<4;i++){
String rand=String.valueOf(random.nextInt(10));
sRand+=rand;
g.setColor(new Color(20+random.nextInt(110),20+random.nextInt(110),20+random.nextInt(110)));//µ÷Óú¯Êý³öÀ´µÄÑÕÉ«Ïàͬ£¬¿ÉÄÜÊÇÒòΪÖÖ×ÓÌ«½Ó½ü£¬ËùÒÔÖ»ÄÜÖ±½ÓÉú³É
g.drawString(rand,13*i+6,16);
}
// 把随值数放入SESSION
session.setAttribute("VALIDATION_CODE",sRand);
g.dispose();
ImageIO.write(image, "JPEG", response.getOutputStream());
out.clear();
out = pageContext.pushBody();
%>
loginform.jsp
验证码:
<input type="text" name="j_validation_code" id="j_validation_code"
style="font-size: 9pt; background-color: #EDEDED;
border: 1 inset #BEBEBE"
size="17" onfocus="this.style.backgroundColor='#FFF7DA'"
tabindex="3"
onblur="this.style.backgroundColor='#EDEDED'">
<img src="<c:url value="/common/loginimage.jsp"/>"
onclick="refurbish()" alt="点击图片显示新的验证码"
style="margin-top: 10px">
ValidationCodeFilter.java
import javax.servlet.http.HttpServletRequest;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
import com.uiiang.iknow.common.exception.ValidationCodeException;
public class ValidationCodeFilter
extends AuthenticationProcessingFilter {
public Authentication attemptAuthentication(
HttpServletRequest httpServletRequest)
throws AuthenticationException {
String inputValidationCode = httpServletRequest
.getParameter("j_validation_code");
// 从Session中取出验证码
String ssnValidationCode = (String)
httpServletRequest.getSession()
.getAttribute("VALIDATION_CODE");
// 取出后就失效,
httpServletRequest.getSession()
.setAttribute("VALIDATION_CODE",
"Game Over");
if (ssnValidationCode == null
|| ssnValidationCode.equalsIgnoreCase("Game Over")
|| !ssnValidationCode.equals(inputValidationCode)) {
// 用户输入的值与看到的不一致,抛出异常
httpServletRequest
.setAttribute("errorMsg", "验证码输入错误!");
throw new ValidationCodeException("验证码输入错误!");
}
return super.attemptAuthentication(httpServletRequest);
}
}
ValidationCodeException.java
import org.acegisecurity.AuthenticationException;
public class ValidationCodeException extends AuthenticationException {
private static final long serialVersionUID = 1L;
public ValidationCodeException(String s) {
super(s);
}
}
<bean id="authenticationProcessingFilter"
class="com.uiiang.iknow.common.webapp.filter.ValidationCodeFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.jsp?error=true" />
<property name="defaultTargetUrl" value="/login.do" />
<property name="filterProcessesUrl" value="/j_security_check" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
分享到:
评论