Discussion on the production of Java verification code (Part I)

I believe you will not be unfamiliar with the verification code. You will be required to enter the verification code when applying for an account or logging in under some circumstances. According to statistics, the probability that the verification code will pass successfully in one verification is 90%, which is not high. Then many people will doubt the necessity of this design to reduce the user experience, but Hegel said: everything reasonable is realistic; Everything realistic is rational. Next, let's look at the verification code.

Verification code is a public automatic program to distinguish whether a user is a computer or a person. It is used to prevent malicious password cracking, ticket swiping, Forum irrigation, prevent hackers from logging in continuously through violent cracking, and is applied to banks, communities, forums, voting systems, etc.

Without much nonsense, let's take a look at the four ways I know to implement verification code in Java.

Method 1:

The first method is the first one I thought of and the simplest to realize logic, but its efficiency and security are extremely low.

The specific operations are as follows: 1. Make a verification code picture with Photoshop, and the rectangular picture can have necessary English letters, numbers or Chinese (as above)

2. Display the picture in the swing control or JSP page

3. Match the corresponding verification code string for each picture in the code

4. When submitting, get the string in the component or text box and compare it with the string of each picture with the equals () method

The pity is that the process of making verification code pictures is too time-consuming. The implementation method is very low and is not recommended. The following methods will be more and more efficient, beautiful and relatively safe.

Method 2:

Here we talk about the implementation of verification code under Java Web and servlet, and the logic is still very clear.

Instead of simple implementation code, let's start with the key code at the front desk:

When we click "can't see", the verification code image will be refreshed, and a JS function will be called to reset the image path to replace the image. Please see the following code, in which <% = request Getcontextpath()% > is to solve the problem of relative path. It can return to the root path of the site, and / servlet / imageservlet is a whole, pointing to the servlet imageservlet. Why add a / servlet before it, because we are on the web Configuration mapping is made in XML, which can be understood as changing a longer name. Then look at the JS function below. Some people may wonder why they get a current time and add it to the end of the path. In fact, this is to solve the problem of browser cache, that is, after the imageservlet is triggered, although the verification code image is changed, the cache has not changed, and the displayed verification code image remains unchanged, The browser cache can be invalidated by varying the time of each moment.

Here is the web Key configuration information in XML:

Then let's look at how the key imageservlet generates images:

@H_ 301_ 72@

If you want to more vividly describe how this verification code is implemented, the word "draw" sounds similar to the first method, but the efficiency of using code to automatically "draw" the verification code has definitely increased countless times. Let's look at the above code, first instantiate a bufferedimage object Bi, which is used to draw the verification code picture, then use Bi to get a brush g, use G to draw the rectangular background of the entity, and then use simple logic to call the drawstring() method commonly used in Java through brush g to draw the verification code characters on the rectangle, At the same time, the strings are successively added to the StringBuffer variable string object, and finally stored in the JSP built-in object session for comparison after submitting the verification code. In order to display the verification code, we also need to write the generated verification code picture into the imageio stream in a picture format.

As can be seen from the loginservlet below, the string just stored in the session by the imageservlet can be compared with the string in the verification code submission box. You can change the string to lowercase or uppercase to ignore the case.

The following is the implementation legend:

The above is the relevant knowledge of Java verification code production introduced by Xiaobian. I hope it will be helpful to you! In the follow-up, I will introduce the production of Java verification code (Part 2). Interested friends, please pay attention to the programming tips website!