在資訊學中,密碼也叫密碼,要實作登入驗證,每次網絡傳輸的密碼都不一緻,故稱為一次性密碼機制。
這裡實作簡單的一次性密碼機制:(SpringMVC實作)
思路:用驗證碼代替時間戳,将密碼(密碼)通過md5算法加密,再将驗證碼加在後面,然後再用md5算法加密,在網絡傳輸過程中以密文的形式傳輸到背景管理。背景資料庫儲存的是用md5算法加密的密碼,将該密文加上儲存在session範圍内的驗證碼用md5算法加密,得到的密文與請求中的密碼對比,如配對,則驗證成功,否則,驗證失敗。
MD5加密:
EncryptionByMD5.java
package com.dw.controller;
public class EncryptionByMD5 {
public static String getMD5(byte[] source) {
String s = null;
char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f' };// 用來将位元組轉換成16進制表示的字元
try {
java.security.MessageDigest md = java.security.MessageDigest
.getInstance("MD5");
md.update(source);
byte tmp[] = md.digest();// MD5 的計算結果是一個 128 位的長整數,
// 用位元組表示就是 16 個位元組
char str[] = new char[16 * 2];// 每個位元組用 16 進制表示的話,使用兩個字元, 是以表示成 16
// 進制需要 32 個字元
int k = 0;// 表示轉換結果中對應的字元位置
for (int i = 0; i < 16; i++) {// 從第一個位元組開始,對 MD5 的每一個位元組// 轉換成 16
// 進制字元的轉換
byte byte0 = tmp[i];// 取第 i 個位元組
str[k++] = hexDigits[byte0 >>> 4 & 0xf];// 取位元組中高 4 位的數字轉換,// >>>
// 為邏輯右移,将符号位一起右移
str[k++] = hexDigits[byte0 & 0xf];// 取位元組中低 4 位的數字轉換
}
s = new String(str);// 換後的結果轉換為字元串
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return s;
}
public static void main(String[] args){
String test=EncryptionByMD5.getMD5("abc123".getBytes());
//test = e99a18c428cb38d5f260853678922e03
System.out.println(test);
}
}
驗證碼實作:RandomValidateCode.java:
package com.dw.controller;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.util.Random;
import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 驗證碼生成類
*/
public class RandomValidateCode {
public static final String RANDOMCODEKEY= "RANDOMVALIDATECODEKEY";//放到session中的key
//private String randString = "0123456789";//随機産生隻有數字的字元串 private String
//private String randString = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";//随機産生隻有字母的字元串
private String randString = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";//随機産生數字與字母組合的字元串
private int width = 95;// 圖檔寬
private int height = 25;// 圖檔高
private int lineSize = 40;// 幹擾線數量
private int stringNum = 4;// 随機産生字元數量
private Random random = new Random();
/*
* 獲得字型
*/
private Font getFont() {
return new Font("Fixedsys", Font.CENTER_BASELINE, 18);
}
/*
* 獲得顔色
*/
private Color getRandColor(int fc, int bc) {
if (fc > 255)
fc = 255;
if (bc > 255)
bc = 255;
int r = fc + random.nextInt(bc - fc - 16);
int g = fc + random.nextInt(bc - fc - 14);
int b = fc + random.nextInt(bc - fc - 18);
return new Color(r, g, b);
}
/**
* 生成随機圖檔
*/
public void getRandcode(HttpServletRequest request,
HttpServletResponse response) {
HttpSession session = request.getSession();
// BufferedImage類是具有緩沖區的Image類,Image類是用于描述圖像資訊的類
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_BGR);
Graphics g = image.getGraphics();// 産生Image對象的Graphics對象,該對象可以在圖像上進行各種繪制操作
g.fillRect(0, 0, width, height);
g.setFont(new Font("Times New Roman", Font.ROMAN_BASELINE, 18));
g.setColor(getRandColor(110, 133));
// 繪制幹擾線
for (int i = 0; i <= lineSize; i++) {
drowLine(g);
}
// 繪制随機字元
String randomString = "";
for (int i = 1; i <= stringNum; i++) {
randomString = drowString(g, randomString, i);
}
//将生成的随機字元串儲存到session中,而jsp界面通過session.getAttribute("RANDOMCODEKEY"),
//獲得生成的驗證碼,然後跟使用者輸入的進行比較
session.removeAttribute(RANDOMCODEKEY);
session.setAttribute(RANDOMCODEKEY, randomString);
g.dispose();
try {
// 将記憶體中的圖檔通過流動形式輸出到用戶端
ImageIO.write(image, "JPEG", response.getOutputStream());
} catch (Exception e) {
e.printStackTrace();
}
}
/*
* 繪制字元串
*/
private String drowString(Graphics g, String randomString, int i) {
g.setFont(getFont());
g.setColor(new Color(random.nextInt(101), random.nextInt(111), random
.nextInt(121)));
String rand = String.valueOf(getRandomString(random.nextInt(randString
.length())));
randomString += rand;
g.translate(random.nextInt(3), random.nextInt(3));
g.drawString(rand, 13 * i, 16);
return randomString;
}
/*
* 繪制幹擾線
*/
private void drowLine(Graphics g) {
int x = random.nextInt(width);
int y = random.nextInt(height);
int xl = random.nextInt(13);
int yl = random.nextInt(15);
g.drawLine(x, y, x + xl, y + yl);
}
/*
* 擷取随機的字元
*/
public String getRandomString(int num) {
return String.valueOf(randString.charAt(num));
}
}
Controller.java:
package com.dw.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.http.HttpRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("/validateCode")
public class YanZhengMaController {
@RequestMapping("/getVerify")
public void getVerify(HttpServletRequest request, HttpServletResponse response){
response.setContentType("image/jpeg");//設定相應類型,告訴浏覽器輸出的内容為圖檔
response.setHeader("Pragma", "No-cache");//設定響應頭資訊,告訴浏覽器不要緩存此内容
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expire", 0);
RandomValidateCode randomValidateCode = new RandomValidateCode();
try {
randomValidateCode.getRandcode(request, response);//輸出驗證碼圖檔方法
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 登入頁面校驗驗證碼
*/
@RequestMapping("/checkVerify")
@ResponseBody
public String checkVerify(String inputStr, HttpSession session){
//從session中擷取随機數
String random = (String) session.getAttribute("RANDOMVALIDATECODEKEY");
if(random.equals(inputStr)){
return "T";//驗證碼正确
}else{
return "F";//驗證碼錯誤
}
}
/*
* 密碼、密碼+驗證碼加密
*/
@RequestMapping("/jiami")
@ResponseBody
public String jiaMi(String inputStr, HttpSession session){
EncryptionByMD5 md5 = new EncryptionByMD5();
String jiami = md5.getMD5(inputStr.getBytes());
return jiami;
}
/*
* 驗證成功輸出界面
*/
@SuppressWarnings("static-access")
@RequestMapping("/checkOk")
public String checkOk(HttpServletRequest request,HttpSession session) {
String password = request.getParameter("password");
String username = request.getParameter("username");
String user = "admin";
//pwd = abc123 + 驗證碼
String pwd = "e99a18c428cb38d5f260853678922e03" + (String) session.getAttribute("RANDOMVALIDATECODEKEY");
EncryptionByMD5 encryptionByMD5 = new EncryptionByMD5();
pwd = encryptionByMD5.getMD5(pwd.getBytes());
// System.out.println("pwd:"+pwd);
// System.out.println("password:"+password);
if(!user.equals(username) || !pwd.equals(password)){
return "redirect:error.jsp";
}
return "redirect:ok.jsp";
}
}
jsp頁面:
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>登陸頁面</title>
<meta name="viewport"
content="width=device-width,initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script language="javascript" src="js/jquery-3.1.1.min.js"></script>
<script type="text/javascript">
$(document.body).ready(function () {
//首次擷取驗證碼
$("#imgVerify").attr("src","/SpringMVC01/validateCode/getVerify.do?"+Math.random());
});
//擷取驗證碼
function getVerify(obj,str){
obj.src = str+"/validateCode/getVerify.do?"+Math.random();
}
//驗證碼出錯- 重新整理驗證碼
function getVerify2(str){
$("#imgVerify").attr("src",str+"/validateCode/getVerify.do?"+Math.random());
}
//校驗驗證碼
function checkSum(str){
var inputStr = $(".check_input").val();
if(inputStr!=null && inputStr!=""){
inputStr = inputStr.toUpperCase();//将輸入的字母全部轉換成大寫
$.ajax({
url : str+"/validateCode/checkVerify.do",
data: {inputStr:inputStr},
success : function(datas) {
if(datas == "T"){
//$("#form1").submit();//送出表單
jiami(str);
}else{
getVerify2(str); //出錯時更換驗證碼
$(".check_input").val("");
$(".warn_text").text("驗證碼輸入錯誤!");
$(".login_form_warn").css("display","block");
}
}
});
}else{
getVerify2(str); //出錯時更換驗證碼
$(".warn_text").text("請輸入驗證碼");
$(".login_form_warn").css("display","block");
}
}
function jiami(str){
var pwd = document.getElementById("password").value;
var inputStr = $(".check_input").val().toUpperCase();
$.ajax({
url:str+"/validateCode/jiami.do",
data: {inputStr:pwd},
success:function(datas){
//$("#form1").submit();//送出表單
var klAndYzm = datas + inputStr;
$.ajax({
url:str+"/validateCode/jiami.do",
data: {inputStr:klAndYzm},
success:function(datas){
document.getElementById("password").value = datas;
$("#form1").submit();//送出表單
}
});
}
});
}
</script>
</head>
<body>
<div class="login_form">
<form action="${pageContext.request.contextPath }/validateCode/checkOk.do" method='post' id="form1">
<input type="text" name="username" id="username" placeholder="請輸入使用者名">
<input type="password" name="password" id="password" placeholder="請輸入密碼">
</form>
<input class="check_input" type="text" placeholder="請輸入驗證碼" >
<img id="imgVerify" src="" alt="點選更換驗證碼" width="112" height="36" οnclick="getVerify(this,'${pageContext.request.contextPath}');"><!--首次擷取驗證碼圖檔,也可在此将src設為通路路徑/getVerify-->
<div class="login_form_warn_lable"></div>
<div class="login_form_warn">
<div style="font-size: 10px;color: red;"> <span class="warn_text"></span> </div>
</div>
<div class="login_form_submit">
<input class="btn_submit" οnclick="checkSum('${pageContext.request.contextPath}');" type="submit" value="登入"/>
</div>
</div>
</body>
</html>
效果: