1.所谓验证码,就是将一串随机产生的数字或符号,生成一幅图片, 图片里加上一些干扰,例如随机画数条直线,画一些点(防止OCR),由用户肉眼识别其中的验证码信息,输入表单提交网站验证,验证成功后才能使用某项功能。
2.应用验证码的目的:可以防止:恶意破解密码、刷票、论坛灌水,有效防止某个黑客对某一个特定注册用户用特定程序暴力破解方式进行不断的登陆尝试。
3.实现验证码一般步骤:
  3.1 验证码的实现一般可以分为以下步骤
  设置页面不缓存。因为你每次动态生成的验证码的文件名都是一样的,如果不设置成不缓存,下次再调用这个页面的时候浏览器会认为存在这个图片不会更新。导致验证码不对。
  3.2 创建图像,设置字体及背景色,并且随机生成验证码
  3.3 添加干扰因素(如干扰线条等),防止被其他程序识别
  3.4 将验证码存入到session中 并且输出到页面。
4.JAVA实现验证码(后台)

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.IOException;
import java.util.Random;

import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet implementation class CaptchaMaker
 */
public class CaptchaMaker extends HttpServlet {
	private static final long serialVersionUID = 1L;

	/**
	 * @see HttpServlet#HttpServlet()
	 */
	public CaptchaMaker() {
		super();
		// TODO Auto-generated constructor stub
	}

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
	 *      response)
	 */
	protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doPost(request, response);
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
	 *      response)
	 */
	protected void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {

		// 设置页面不缓存
		response.setHeader("Pragma", "No-cache");
		response.setHeader("Cache-Control", "no-cache");
		response.setDateHeader("Expires", 0);
		// 在内存中创建图象
		int width = 80, height = 40;
		BufferedImage image = new BufferedImage(width, height,
				BufferedImage.TYPE_INT_RGB);

		// 获取图形上下文
		Graphics g = image.getGraphics();

		// 生成随机类
		Random random = new Random();

		// 设定背景色
		g.setColor(getRandColor(180, 230));
		g.fillRect(0, 0, width, height);

		// 设定字体
		g.setFont(new Font("Times New Roman", Font.PLAIN, 22));

		// 画边框
		g.setColor(new Color(0, 0, 0, 0));
		g.drawRect(0, 0, width - 1, height - 1);

		// 随机产生155条干扰线,使图象中的认证码不易被其它程序探测到
		g.setColor(getRandColor(100, 170));
		for (int i = 0; i < 155; i++) {
			int x = random.nextInt(width);
			int y = random.nextInt(height);
			int xl = random.nextInt(10);
			int yl = random.nextInt(15);
			g.drawLine(x, y, x + xl, y + yl);
		}

		// 取随机产生的认证码
		String sRand = "";
		String codeList = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
		for (int i = 0; i < 4; i++) {
			int j = random.nextInt(codeList.length() - 1);
			String rand = codeList.substring(j, j + 1);
			sRand += rand;
			// 将认证码显示到图象中
			g.setColor(new Color(30 + random.nextInt(50), 20 + random
					.nextInt(50), 30 + random.nextInt(50)));
			g.drawString(rand, 15 * i + 6, 25);
		}

		// 将认证码存入SESSION
		request.getSession().setAttribute("rand", sRand);

		// 图象生效
		g.dispose();

		// 输出图象到页面
		ImageIO.write(image, "GIF", response.getOutputStream());
	}

	Color getRandColor(int fc, int bc) {// 给定范围获得随机颜色
		Random random = new Random();
		if (fc > 255)
			fc = 255;
		if (bc > 255)
			bc = 255;
		int r = fc + random.nextInt(bc - fc);
		int g = fc + random.nextInt(bc - fc);
		int b = fc + random.nextInt(bc - fc);
		return new Color(r, g, b);
	}
}