驗(yàn)證碼技術(shù)的出現(xiàn)是為了防止對(duì)服務(wù)和數(shù)據(jù)庫(kù)進(jìn)行暴力攻擊而設(shè)置的一道墻，客戶(hù)端與服務(wù)端交互步驟如下圖：

剩下的細(xì)節(jié)問(wèn)題還有：

1，? 驗(yàn)證碼如何加噪成圖片

2，? 服務(wù)端如何維護(hù)驗(yàn)證碼

?

案例代碼在：https://github.com/yejingtao/forblog/tree/master/demo-securityCode

核心代碼詳解：

前端：

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"><head><title>Create user </title></head><body><form th:action="@{/login}" method="post"><div><label> User Name : <input type="text" name="name"/> </label></div><div><label> User Password : <input type="password" name="password"/> </label></div><img src="/security" οnclick="refreshSecurityCode(this);" /><input name="securityCode" size="8" /><div><input type="submit" value="Login"/></div></form></body><script> function refreshSecurityCode(obj) {obj.src = "/security?_t=" + Math.random();} </script></html>

驗(yàn)證碼code生成：原理很簡(jiǎn)單，就是隨機(jī)字符串

public class SecurityCodeUtil {/*** 驗(yàn)證碼難度級(jí)別，Simple只包含數(shù)字，Medium包含數(shù)字和小寫(xiě)英文，MediumPlus包含大小英文，Hard包含數(shù)字和大小寫(xiě)英文*/public enum SecurityCodeLevel {Simple, Medium, MediumPlus, Hard};/*** 產(chǎn)生默認(rèn)驗(yàn)證碼，4位中等難度* * @return String 驗(yàn)證碼*/public static String getSecurityCode() {return getSecurityCode(4, SecurityCodeLevel.MediumPlus, false);}/*** 產(chǎn)生長(zhǎng)度和難度任意的驗(yàn)證碼* * @param length* 長(zhǎng)度* @param level* 難度級(jí)別* @param isCanRepeat* 是否能夠出現(xiàn)重復(fù)的字符，如果為true，則可能出現(xiàn) 5578這樣包含兩個(gè)5,如果為false，則不可能出現(xiàn)這種情況* @return String 驗(yàn)證碼*/public static String getSecurityCode(int length, SecurityCodeLevel level, boolean isCanRepeat) {// 隨機(jī)抽取len個(gè)字符int len = length;// 字符集合(除去易混淆的數(shù)字0、數(shù)字1、字母l、字母o、字母O)char[] codes = { '1', '2', '3', '4', '5', '6', '7', '8', '9', //'a', 'b', 'c', 'd', 'e', 'f', 'g', //'h', 'i', 'j', 'k', 'm', 'n', //'p', 'q', 'r', 's', 't', //'u', 'v', 'w', 'x', 'y', 'z', //'A', 'B', 'C', 'D', 'E', 'F', 'G', //'H', 'I', 'J', 'K', 'L', 'M', 'N', //'P', 'Q', 'R', 'S', 'T', //'U', 'V', 'W', 'X', 'Y', 'Z' };// 根據(jù)不同的難度截取字符數(shù)組if (level == SecurityCodeLevel.Simple) {codes = ArrayUtils.copyOfRange(codes, 0, 9);} else if (level == SecurityCodeLevel.Medium) {codes = ArrayUtils.copyOfRange(codes, 0, 33);} else if (level == SecurityCodeLevel.MediumPlus) {codes = ArrayUtils.copyOfRange(codes, 34, codes.length);}// 字符集合長(zhǎng)度int n = codes.length;// 拋出運(yùn)行時(shí)異常if (len > n && isCanRepeat == false) {throw new RuntimeException(String.format("調(diào)用SecurityCode.getSecurityCode(%1$s,%2$s,%3$s)出現(xiàn)異常，" //+ "當(dāng)isCanRepeat為%3$s時(shí)，傳入?yún)?shù)%1$s不能大于%4$s", len, level, isCanRepeat, n));}// 存放抽取出來(lái)的字符char[] result = new char[len];// 判斷能否出現(xiàn)重復(fù)的字符if (isCanRepeat) {for (int i = 0; i < result.length; i++) {// 索引 0 and n-1int r = (int) (Math.random() * n);// 將result中的第i個(gè)元素設(shè)置為codes[r]存放的數(shù)值result[i] = codes[r];}} else {for (int i = 0; i < result.length; i++) {// 索引 0 and n-1int r = (int) (Math.random() * n);// 將result中的第i個(gè)元素設(shè)置為codes[r]存放的數(shù)值result[i] = codes[r];// 必須確保不會(huì)再次抽取到那個(gè)字符，因?yàn)樗谐槿〉淖址仨毑幌嗤?/ 因此，這里用數(shù)組中的最后一個(gè)字符改寫(xiě)codes[r]，并將n減1codes[r] = codes[n - 1];n--;}}return String.valueOf(result);} }

前端技術(shù)很容易獲取文本版的驗(yàn)證碼，所以要以二進(jìn)制流的形式返回加噪后的驗(yàn)證碼，主要靠java.awt里的包：

public class SecurityImageSupport {/*** 返回驗(yàn)證碼圖片的流格式* * @param securityCode* 驗(yàn)證碼* @return ByteArrayInputStream 圖片流*/public static ByteArrayInputStream getImageAsInputStream(String securityCode) {BufferedImage image = createImage(securityCode);return convertImageToStream(image);}public static byte[] getImageAsByte(String securityCode) {BufferedImage image = createImage(securityCode);return convertImageToByte(image);}/*** 生成驗(yàn)證碼圖片* * @param securityCode* 驗(yàn)證碼字符* @return BufferedImage 圖片*/private static BufferedImage createImage(String securityCode) {// 驗(yàn)證碼長(zhǎng)度int codeLength = securityCode.length();// 字體大小int fSize = 13;int fWidth = fSize + 1;// 圖片寬度int width = codeLength * fWidth + 15;// 圖片高度int height = (int) (fSize * 1.5) + 1;// 圖片BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);Graphics2D g = image.createGraphics();Color bgColor = new Color(239, 241, 249);// 設(shè)置背景色g.setColor(bgColor);// 填充背景g.fillRect(0, 0, width, height);// 設(shè)置邊框顏色g.setColor(bgColor);// 邊框字體樣式g.setFont(new Font("Arial", Font.BOLD, height - 2));// 繪制邊框g.drawRect(10, 10, width - 1, height - 1);// 繪制噪點(diǎn)Random rand = new Random();// 設(shè)置噪點(diǎn)顏色g.setColor(Color.LIGHT_GRAY);for (int i = 0; i < codeLength * 6; i++) {int x = rand.nextInt(width);int y = rand.nextInt(height);// 繪制1*1大小的矩形g.drawRect(x, y, 1, 1);}// 繪制驗(yàn)證碼int codeY = height - 5;// 設(shè)置字體顏色和樣式g.setColor(new Color(80, 25, 28));g.setFont(new Font("Georgia", Font.BOLD | Font.ITALIC, fSize));for (int i = 0; i < codeLength; i++) {g.drawString(String.valueOf(securityCode.charAt(i)), i * 16 + 5, codeY);}g.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);Random r = new Random();CubicCurve2D cubic = new CubicCurve2D.Float(2, height / 2 + r.nextInt(8) - 4, //2 + width * 1 / 3, height / 2 + r.nextInt(8) - 4, //2 + width * 2 / 3, height / 2 + r.nextInt(8) - 4, //width - 2, height / 2 + r.nextInt(8) - 4);g.draw(cubic);// 關(guān)閉資源g.dispose();return image;}/*** 將BufferedImage轉(zhuǎn)換成ByteArrayInputStream* * @param image* 圖片* @return ByteArrayInputStream 流*/private static ByteArrayInputStream convertImageToStream(BufferedImage image) {byte[] bts = convertImageToByte(image);if(bts!=null) {return new ByteArrayInputStream(bts);}else {return null;}}private static byte[] convertImageToByte(BufferedImage image) {ByteArrayOutputStream bos = new ByteArrayOutputStream();try {ImageIO.write(image, "jpeg", bos);image.flush();byte[] bts = bos.toByteArray();return bts;} catch (IOException e) {e.printStackTrace();return null;}}}

與Redis交互：

@Service public class SecurityCacheServiceImpl implements SecurityCacheService{public static final String REDIS_KEY = "sessionMap";@Autowiredprivate RedisTemplate<String,String> redisTemplate;@Overridepublic void setCodeCache(String sessionID, String securityCode) {HashOperations<String, String, String> hashOp = redisTemplate.opsForHash();hashOp.put(REDIS_KEY,sessionID,securityCode);}@Overridepublic String getCodeCache(String sessionID) {HashOperations<String, String, String> hashOp = redisTemplate.opsForHash();return hashOp.get(REDIS_KEY, sessionID);}}

Controller在生成驗(yàn)證碼之前需要維護(hù)下Redis緩存：

@RequestMapping("/security")public ResponseEntity<byte[]> securityCode(HttpServletRequest httpRequest) {//獲取驗(yàn)證碼文本String securityCode = SecurityCodeUtil.getSecurityCode();//Redis緩存驗(yàn)證碼信息securityCacheService.setCodeCache(getSessionId(httpRequest), securityCode);byte[] bytes = SecurityImageSupport.getImageAsByte(securityCode);HttpHeaders headers = new HttpHeaders();headers.setContentType(MediaType.IMAGE_JPEG);return new ResponseEntity<byte[]>(bytes, headers,HttpStatus.OK);}

驗(yàn)證碼效果圖：

總結(jié)

以上是生活随笔為你收集整理的验证码原理详解与案例的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。