驗證碼技術的出現是為了防止對服務和數據庫進行暴力攻擊而設置的一道墻，客戶端與服務端交互步驟如下圖：

剩下的細節問題還有：

1，? 驗證碼如何加噪成圖片

2，? 服務端如何維護驗證碼

?

案例代碼在：https://github.com/yejingtao/forblog/tree/master/demo-securityCode

核心代碼詳解：

前端：

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"><head><title>Create user </title></head><body><form th:action="@{/login}" method="post"><div><label> User Name : <input type="text" name="name"/> </label></div><div><label> User Password : <input type="password" name="password"/> </label></div><img src="/security" οnclick="refreshSecurityCode(this);" /><input name="securityCode" size="8" /><div><input type="submit" value="Login"/></div></form></body><script> function refreshSecurityCode(obj) {obj.src = "/security?_t=" + Math.random();} </script></html>

驗證碼code生成：原理很簡單，就是隨機字符串

public class SecurityCodeUtil {/*** 驗證碼難度級別，Simple只包含數字，Medium包含數字和小寫英文，MediumPlus包含大小英文，Hard包含數字和大小寫英文*/public enum SecurityCodeLevel {Simple, Medium, MediumPlus, Hard};/*** 產生默認驗證碼，4位中等難度* * @return String 驗證碼*/public static String getSecurityCode() {return getSecurityCode(4, SecurityCodeLevel.MediumPlus, false);}/*** 產生長度和難度任意的驗證碼* * @param length* 長度* @param level* 難度級別* @param isCanRepeat* 是否能夠出現重復的字符，如果為true，則可能出現 5578這樣包含兩個5,如果為false，則不可能出現這種情況* @return String 驗證碼*/public static String getSecurityCode(int length, SecurityCodeLevel level, boolean isCanRepeat) {// 隨機抽取len個字符int len = length;// 字符集合(除去易混淆的數字0、數字1、字母l、字母o、字母O)char[] codes = { '1', '2', '3', '4', '5', '6', '7', '8', '9', //'a', 'b', 'c', 'd', 'e', 'f', 'g', //'h', 'i', 'j', 'k', 'm', 'n', //'p', 'q', 'r', 's', 't', //'u', 'v', 'w', 'x', 'y', 'z', //'A', 'B', 'C', 'D', 'E', 'F', 'G', //'H', 'I', 'J', 'K', 'L', 'M', 'N', //'P', 'Q', 'R', 'S', 'T', //'U', 'V', 'W', 'X', 'Y', 'Z' };// 根據不同的難度截取字符數組if (level == SecurityCodeLevel.Simple) {codes = ArrayUtils.copyOfRange(codes, 0, 9);} else if (level == SecurityCodeLevel.Medium) {codes = ArrayUtils.copyOfRange(codes, 0, 33);} else if (level == SecurityCodeLevel.MediumPlus) {codes = ArrayUtils.copyOfRange(codes, 34, codes.length);}// 字符集合長度int n = codes.length;// 拋出運行時異常if (len > n && isCanRepeat == false) {throw new RuntimeException(String.format("調用SecurityCode.getSecurityCode(%1$s,%2$s,%3$s)出現異常，" //+ "當isCanRepeat為%3$s時，傳入參數%1$s不能大于%4$s", len, level, isCanRepeat, n));}// 存放抽取出來的字符char[] result = new char[len];// 判斷能否出現重復的字符if (isCanRepeat) {for (int i = 0; i < result.length; i++) {// 索引 0 and n-1int r = (int) (Math.random() * n);// 將result中的第i個元素設置為codes[r]存放的數值result[i] = codes[r];}} else {for (int i = 0; i < result.length; i++) {// 索引 0 and n-1int r = (int) (Math.random() * n);// 將result中的第i個元素設置為codes[r]存放的數值result[i] = codes[r];// 必須確保不會再次抽取到那個字符，因為所有抽取的字符必須不相同。// 因此，這里用數組中的最后一個字符改寫codes[r]，并將n減1codes[r] = codes[n - 1];n--;}}return String.valueOf(result);} }

前端技術很容易獲取文本版的驗證碼，所以要以二進制流的形式返回加噪后的驗證碼，主要靠java.awt里的包：

public class SecurityImageSupport {/*** 返回驗證碼圖片的流格式* * @param securityCode* 驗證碼* @return ByteArrayInputStream 圖片流*/public static ByteArrayInputStream getImageAsInputStream(String securityCode) {BufferedImage image = createImage(securityCode);return convertImageToStream(image);}public static byte[] getImageAsByte(String securityCode) {BufferedImage image = createImage(securityCode);return convertImageToByte(image);}/*** 生成驗證碼圖片* * @param securityCode* 驗證碼字符* @return BufferedImage 圖片*/private static BufferedImage createImage(String securityCode) {// 驗證碼長度int codeLength = securityCode.length();// 字體大小int fSize = 13;int fWidth = fSize + 1;// 圖片寬度int width = codeLength * fWidth + 15;// 圖片高度int height = (int) (fSize * 1.5) + 1;// 圖片BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);Graphics2D g = image.createGraphics();Color bgColor = new Color(239, 241, 249);// 設置背景色g.setColor(bgColor);// 填充背景g.fillRect(0, 0, width, height);// 設置邊框顏色g.setColor(bgColor);// 邊框字體樣式g.setFont(new Font("Arial", Font.BOLD, height - 2));// 繪制邊框g.drawRect(10, 10, width - 1, height - 1);// 繪制噪點Random rand = new Random();// 設置噪點顏色g.setColor(Color.LIGHT_GRAY);for (int i = 0; i < codeLength * 6; i++) {int x = rand.nextInt(width);int y = rand.nextInt(height);// 繪制1*1大小的矩形g.drawRect(x, y, 1, 1);}// 繪制驗證碼int codeY = height - 5;// 設置字體顏色和樣式g.setColor(new Color(80, 25, 28));g.setFont(new Font("Georgia", Font.BOLD | Font.ITALIC, fSize));for (int i = 0; i < codeLength; i++) {g.drawString(String.valueOf(securityCode.charAt(i)), i * 16 + 5, codeY);}g.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);Random r = new Random();CubicCurve2D cubic = new CubicCurve2D.Float(2, height / 2 + r.nextInt(8) - 4, //2 + width * 1 / 3, height / 2 + r.nextInt(8) - 4, //2 + width * 2 / 3, height / 2 + r.nextInt(8) - 4, //width - 2, height / 2 + r.nextInt(8) - 4);g.draw(cubic);// 關閉資源g.dispose();return image;}/*** 將BufferedImage轉換成ByteArrayInputStream* * @param image* 圖片* @return ByteArrayInputStream 流*/private static ByteArrayInputStream convertImageToStream(BufferedImage image) {byte[] bts = convertImageToByte(image);if(bts!=null) {return new ByteArrayInputStream(bts);}else {return null;}}private static byte[] convertImageToByte(BufferedImage image) {ByteArrayOutputStream bos = new ByteArrayOutputStream();try {ImageIO.write(image, "jpeg", bos);image.flush();byte[] bts = bos.toByteArray();return bts;} catch (IOException e) {e.printStackTrace();return null;}}}

與Redis交互：

@Service public class SecurityCacheServiceImpl implements SecurityCacheService{public static final String REDIS_KEY = "sessionMap";@Autowiredprivate RedisTemplate<String,String> redisTemplate;@Overridepublic void setCodeCache(String sessionID, String securityCode) {HashOperations<String, String, String> hashOp = redisTemplate.opsForHash();hashOp.put(REDIS_KEY,sessionID,securityCode);}@Overridepublic String getCodeCache(String sessionID) {HashOperations<String, String, String> hashOp = redisTemplate.opsForHash();return hashOp.get(REDIS_KEY, sessionID);}}

Controller在生成驗證碼之前需要維護下Redis緩存：

@RequestMapping("/security")public ResponseEntity<byte[]> securityCode(HttpServletRequest httpRequest) {//獲取驗證碼文本String securityCode = SecurityCodeUtil.getSecurityCode();//Redis緩存驗證碼信息securityCacheService.setCodeCache(getSessionId(httpRequest), securityCode);byte[] bytes = SecurityImageSupport.getImageAsByte(securityCode);HttpHeaders headers = new HttpHeaders();headers.setContentType(MediaType.IMAGE_JPEG);return new ResponseEntity<byte[]>(bytes, headers,HttpStatus.OK);}

驗證碼效果圖：

總結

以上是生活随笔為你收集整理的验证码原理详解与案例的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。