文章目錄

• • 背景
  • Kaptcha 框架介紹
  • 添加Kaptcha依賴
  • Kaptcha配置
  • CommonUtil?具類
  • 接?開發
  • JsonData響應?具類封裝
  • 校驗邏輯

背景

注冊-登錄-修改密碼?般需要發送驗證碼，但是容易被攻擊惡意調?

什么是短信-郵箱轟炸機

?機短信轟炸機是批、循環給?機?限發送各種?站的注冊驗證碼短信的?法。

公司帶來的損失

短信?條5分錢，如果被?盜刷?家??計算郵箱通知不?錢，但被?盜刷，帶寬、接等都被占?，導致?法正常使?

如何避免??的?站成為”?雞“或者被刷呢？

增加圖形驗證碼(開發?員)
單IP請求次數限制(開發?員)
限制號碼發送(?般短信提供商會做)

攻防永遠是有的，只過加?了攻擊者的成本，ROI劃不過來?然就放棄了

Kaptcha 框架介紹

?歌開源的?個可?度配置的實?驗證碼?成?具
驗證碼的字體/??/顏?
驗證碼內容的范圍(數字，字?，中?漢字!)
驗證碼圖?的??，邊框，邊框粗細，邊框顏?
驗證碼的?擾線 驗證碼的樣式(?眼樣式、3D、普通模糊)

添加Kaptcha依賴

<!--kaptcha依賴包--><dependency><groupId>com.baomidou</groupId><artifactId>kaptcha-spring-boot-starter</artifactId><version>1.0.0</version></dependency>

Kaptcha配置

import com.google.code.kaptcha.Constants; import com.google.code.kaptcha.impl.DefaultKaptcha; import com.google.code.kaptcha.util.Config; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;import java.util.Properties;@Configuration public class KaptchaConfig {/*** 驗證碼配置* Kaptcha配置類名** @return*/@Bean@Qualifier("kaptchaProducer")public DefaultKaptcha kaptcha() {DefaultKaptcha kaptcha = new DefaultKaptcha();Properties properties = new Properties();//驗證碼個數properties.setProperty(Constants.KAPTCHA_TEXTPRODUCER_CHAR_LENGTH, "4");//字體間隔properties.setProperty(Constants.KAPTCHA_TEXTPRODUCER_CHAR_SPACE,"8");//干擾線顏色//干擾實現類properties.setProperty(Constants.KAPTCHA_NOISE_IMPL, "com.google.code.kaptcha.impl.NoNoise");//圖片樣式properties.setProperty(Constants.KAPTCHA_OBSCURIFICATOR_IMPL, "com.google.code.kaptcha.impl.WaterRipple");//文字來源properties.setProperty(Constants.KAPTCHA_TEXTPRODUCER_CHAR_STRING, "0123456789");Config config = new Config(properties);kaptcha.setConfig(config);return kaptcha;} }

CommonUtil?具類

import javax.servlet.http.HttpServletRequest; import java.net.InetAddress; import java.net.UnknownHostException; import java.security.MessageDigest;public class CommonUtil {/*** 獲取ip* @param request* @return*/public static String getIpAddr(HttpServletRequest request) {String ipAddress = null;try {ipAddress = request.getHeader("x-forwarded-for");if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {ipAddress = request.getHeader("Proxy-Client-IP");}if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {ipAddress = request.getHeader("WL-Proxy-Client-IP");}if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {ipAddress = request.getRemoteAddr();if (ipAddress.equals("127.0.0.1")) {// 根據網卡取本機配置的IPInetAddress inet = null;try {inet = InetAddress.getLocalHost();} catch (UnknownHostException e) {e.printStackTrace();}ipAddress = inet.getHostAddress();}}// 對于通過多個代理的情況，第一個IP為客戶端真實IP,多個IP按照','分割if (ipAddress != null && ipAddress.length() > 15) {// "***.***.***.***".length()// = 15if (ipAddress.indexOf(",") > 0) {ipAddress = ipAddress.substring(0, ipAddress.indexOf(","));}}} catch (Exception e) {ipAddress="";}return ipAddress;}public static String MD5(String data) {try {java.security.MessageDigest md = MessageDigest.getInstance("MD5");byte[] array = md.digest(data.getBytes("UTF-8"));StringBuilder sb = new StringBuilder();for (byte item : array) {sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));}return sb.toString().toUpperCase();} catch (Exception exception) {}return null;} }

接?開發

import com.google.code.kaptcha.Producer; import net.xdclass.xdclassredis.util.CommonUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController;import javax.imageio.ImageIO; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.awt.image.BufferedImage; import java.util.concurrent.TimeUnit;@RestController @RequestMapping("/api/v1/kaptcha") public class KaptchaController {@Autowiredprivate RedisTemplate<String,Object> redisTemplate;@Autowiredprivate Producer kaptchaProducer;@GetMapping("get_kaptcha")public void getKaptcha(HttpServletRequest request, HttpServletResponse response){String KaptchaText = KaptchaProducer.createText();String key = getKaptchaKey(request);//10分鐘過期redisTemplate.opsForValue().set(key,kaptchaText,10,TimeUnit.MINUTES);BufferedImage bufferedImage = kaptchaProducer.createImage(kaptchaText);ServletOutputStream outputStream = null;try {outputStream = response.getOutputStream();ImageIO.write(bufferedImage,"jpg",outputStream);outputStream.flush();outputStream.close();}catch (Exception e){e.printStackTrace();}}private String getKaptchaKey(HttpServletRequest request){String ip = CommonUtil.getIpAddr(request);String userAgent = request.getHeader("User-Agent");String key = "user-service:kaptcha:"+CommonUtil.MD5(ip+userAgent);return key;}}

JsonData響應?具類封裝

public class JsonData {/*** 狀態碼 0 表示成功*/private Integer code;/*** 數據*/private Object data;/*** 描述*/private String msg;public JsonData(int code,Object data,String msg){this.code = code;this.msg = msg;this.data = data;}/*** 成功，不傳入數據* @return*/public static JsonData buildSuccess() {return new JsonData(0, null, null);}/*** 成功，傳入數據* @param data* @return*/public static JsonData buildSuccess(Object data) {return new JsonData(0, data, null);}/*** 失敗，傳入描述信息* @param msg* @return*/public static JsonData buildError(String msg) {return new JsonData(-1, null, msg);}public Integer getCode() {return code;}public void setCode(Integer code) {this.code = code;}public Object getData() {return data;}public void setData(Object data) {this.data = data;}public String getMsg() {return msg;}public void setMsg(String msg) {this.msg = msg;} }

校驗邏輯

import com.google.code.kaptcha.Producer; import net.xdclass.xdclassredis.util.CommonUtil; import net.xdclass.xdclassredis.util.JsonData; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController;import javax.imageio.ImageIO; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.awt.image.BufferedImage; import java.util.concurrent.TimeUnit;@RestController @RequestMapping("/api/v1/kaptcha") public class KaptchaController {@Autowiredprivate RedisTemplate<String,Object> redisTemplate;@Autowiredprivate Producer kaptchaProducer;@GetMapping("get_kaptcha")public void getKaptcha(HttpServletRequest request, HttpServletResponse response){String kaptchaText = kaptchaProducer.createText();String key = getKaptchaKey(request);//10分鐘過期redisTemplate.opsForValue().set(key,kaptchaText,10,TimeUnit.MINUTES);BufferedImage bufferedImage = kaptchaProducer.createImage(kaptchaText);ServletOutputStream outputStream = null;try {outputStream = response.getOutputStream();ImageIO.write(bufferedImage,"jpg",outputStream);outputStream.flush();outputStream.close();}catch (Exception e){e.printStackTrace();}}/*** 發送驗證碼* to: 驗證碼發送的手機號* @return*/@GetMapping("send_code")public JsonData sendCode(@RequestParam(value = "to",required = true)String to,@RequestParam(value = "kaptcha",required = true) String kaptcha,HttpServletRequest request){String key = getKaptchaKey(request);String cacheKaptcha = redisTemplate.opsForValue().get(key);if(kaptcha!=null && cacheKaptcha!=null && cacheKaptcha.equalsIgnoreCase(kaptcha)){redisTemplate.delete(key);//TODO 發送驗證碼return JsonData.buildSuccess();}else {return JsonData.buildError("驗證碼錯誤");}}private String getKaptchaKey(HttpServletRequest request){String ip = CommonUtil.getIpAddr(request);String userAgent = request.getHeader("User-Agent");String key = "user-service:captcha:"+CommonUtil.MD5(ip+userAgent);return key;}}

總結

以上是生活随笔為你收集整理的Redis(案例一：注册登录-图形验证码+谷歌开源Kaptcha)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。