Jeecms验证码-jcaptcha

本文主要介绍jeecms中使用的验证码 jcapthcha.

 

这是个开源的软件，下载地址：

 

http://jcaptcha.sourceforge.net/

 

在jeecms中使用的版本是jcaptcha-1.0.jar.

 

• web.xml里的配置

<servlet>
    <servlet-name>Jcaptchaservlet-name>
    <servlet-class>com.jeecms.common.captcha.JcaptchaServletservlet-class>
servlet>
<servlet-mapping>
    <servlet-name>Jcaptchaservlet-name>
    <url-pattern>/captcha.svlurl-pattern>
servlet-mapping>

 注意，这里的url使用的是/captcha.svl.

 

servlet JcaptchaServlet 重新写了生成图片的代码。

 

• login.html中的配置

<span><<span class="start-tag">formspan>


 <span class="attribute-name">idspan>


="<a class="attribute-value">jvForma>


" <span class="attribute-name">actionspan>


="<a class="attribute-value">/login.jspxa>


" <span class="attribute-name">methodspan>


="<a class="attribute-value">posta>


">span>


<span>
...span>



<td colspan="2"><img src="/captcha.svl" onclick="this.src='/captcha.svl?d='+new Date()*1"
width="100" height="35"/>td>
...
form>

    onclick 方法后面是如果点击此图片，则生成新的验证码图片。

 

• 验证码的处理类CasLoginAct.java

包路径：package com.jeecms.cms.action.member;

 

验证的代码如下：

@RequestMapping(value = "/login.jspx", method = RequestMethod.POST)
    public String submit(String username, String password, String captcha,
            String processUrl, String returnUrl, String message,
            HttpServletRequest request, HttpServletResponse response,
            ModelMap model) {
        Integer errorRemaining = unifiedUserMng.errorRemaining(username);
        CmsSite site = CmsUtils.getSite(request);
        String sol = site.getSolutionPath();
        WebErrors errors = validateSubmit(username, password, captcha,
                errorRemaining, request, response);


。。。。。

private WebErrors validateSubmit(String username, String password,
            String captcha, Integer errorRemaining, HttpServletRequest request,
            HttpServletResponse response) {
        WebErrors errors = WebErrors.create(request);
        if (errors.ifOutOfLength(username, "username", 1, 100)) {
            return errors;
        }
        if (errors.ifOutOfLength(password, "password", 1, 32)) {
            return errors;
        }
        // 如果输入了验证码，那么必须验证；如果没有输入验证码，则根据当前用户判断是否需要验证码。
        if (!StringUtils.isBlank(captcha)
                || (errorRemaining != null && errorRemaining < 0)) {
            if (errors.ifBlank(captcha, "captcha", 100)) {
                return errors;
            }
            try {
                if (!imageCaptchaService.validateResponseForID(session
                        .getSessionId(request, response), captcha)) {
                    errors.addErrorCode("error.invalidCaptcha");
                    return errors;
                }
            } catch (CaptchaServiceException e) {
                errors.addErrorCode("error.exceptionCaptcha");
                log.warn("", e);
                return errors;
            }
        }
        return errors;
    }
。。。。

 

 

 

注意，image的生成和验证，是根据sessionid为标识的。

比如生成时的代码：

String captchaId = session.getSessionId(request, response);
            BufferedImage challenge = captchaService.getImageChallengeForID(
                    captchaId, request.getLocale());
            // Jimi.putImage("image/jpeg", challenge, jpegOutputStream);
            ImageIO.write(challenge, CAPTCHA_IMAGE_FORMAT, jpegOutputStream);

 

验证时的代码：

if (!imageCaptchaService.validateResponseForID(session
                        .getSessionId(request, response), captcha)) {
                    errors.addErrorCode("error.invalidCaptcha");
                    return errors;