学了java后想设计一个在线提交活动中心使用申请的web网站,但问题是学生身份的验证。开始时是设想每年爬取一次全校学生信息,但速度太慢了,而且学号的规律也不清楚。然后想到借用教务管理系统自带的验证功能,这样不用更新数据库,但是每到抢课或查成绩的时候教务管理系统总会比较卡,但其他大部分时间都没问题,所以就采用模拟登陆教务管理系统的方式来验证登录用户的身份。
登录教务管理系统需要输入学号、密码、验证码以及用户身份,因为是验证学生身份的,所以身份这一项固定死为学生。经过实验发现验证码是由另外的js生成验证的,而且默认0为正确,所以验证码可以不用输入。在firefox上用adblock屏蔽了验证码的js,然后直接输学号和密码就能登录了。
通过调试功能查看发送的数据。第一个数据的值在网页中是固定的,但不知道是否会换,所以用java的正则获取这个值,第二个是学号,第三个是密码,第四个是验证码,第五个是登录身份,后两个不知道是什么。
登录页面是default2.aspx,登录成功后的页面是xs_main.aspx,只要检测返回地址是否匹配就能验证登录是否成功了。
实际测试可以验证成功。
相关代码:
package ;import java.io.BufferedReader;import java.io.DataOutputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import .HttpURLConnection;import .URL;import .URLConnection;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import java.sql.Connection; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement;import java.util.regex.Matcher;import java.util.regex.Pattern;import net.sf.json.JSONArray;import net.sf.json.JSONObject; /*** Servlet implementation class ckecklogin*/@WebServlet("/acms/ckecklogin")public class ckecklogin extends HttpServlet {private static final long serialVersionUID = 1L;private String VIEWSTATE;String targeturl="http://jwgl.";/*** @see HttpServlet#HttpServlet()*/public ckecklogin() {super();// TODO Auto-generated constructor stubPrintWriter out = null;BufferedReader in = null;try {URL realUrl = new URL(targeturl);// 打开和URL之间的连接URLConnection conn = realUrl.openConnection();// 设置通用的请求属性conn.setRequestProperty("accept", "*/*");conn.setRequestProperty("connection", "Keep-Alive");conn.setRequestProperty("user-agent","Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/0101 Firefox/43.0");// 发送POST请求必须设置如下两行conn.setDoOutput(true);conn.setDoInput(true);// 获取URLConnection对象对应的输出流out = new PrintWriter(conn.getOutputStream());// 发送请求参数//out.print(param);// flush输出流的缓冲out.flush();// 定义BufferedReader输入流来读取URL的响应in = new BufferedReader(new InputStreamReader(conn.getInputStream()));Pattern pattern = pile("name=\"__VIEWSTATE\" value=\"([a-zA-Z0-9]*)\"");//Matcher matcher;String line;for(;(line = in.readLine()) != null;) {//System.out.printf("%3d-->",i);//System.out.println(line);Matcher matcher = pattern.matcher(line);//System.out.println(matcher.matches());//匹配结果if(matcher.find()){//输出匹配成功的字符串//System.out.println(" - "+matcher.group(0));//System.out.println("VIEWSTATE - "+matcher.group(1));VIEWSTATE=matcher.group(1);break;}}System.out.println("VIEWSTATE :" + VIEWSTATE);} catch (Exception e) {e.printStackTrace();}finally{try{if(out!=null){out.close();}if(in!=null){in.close();}}catch(IOException ex){ex.printStackTrace();}}}protected int checkXhAnsPwd(String xh,String pwd){String location;try {URL realUrl1 = new URL(targeturl);HttpURLConnection connurl = (HttpURLConnection)realUrl1.openConnection();connurl.setRequestMethod("GET");// 必须设置false,否则会自动redirect到Location的地址connurl.setInstanceFollowRedirects(false);connurl.addRequestProperty("Accept-Charset", "UTF-8;");connurl.addRequestProperty("User-Agent","Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/0101 Firefox/43.0");//connurl.addRequestProperty("Referer", "/");connurl.connect();location = targeturl+connurl.getHeaderField("Location");System.out.println(location);//建立连接URL url=new URL(location);HttpURLConnection httpConn=(HttpURLConnection)url.openConnection();//设置参数httpConn.setDoOutput(true); //需要输出httpConn.setDoInput(true); //需要输入httpConn.setUseCaches(false);//不允许缓存httpConn.setRequestMethod("POST"); //设置POST方式连接//设置请求属性httpConn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");httpConn.setRequestProperty("Connection", "Keep-Alive");// 维持长连接httpConn.setRequestProperty("Charset", "UTF-8");//连接,也可以不用明文connect,使用下面的httpConn.getOutputStream()会自动connecthttpConn.connect();//建立输入流,向指向的URL传入参数DataOutputStream dos=new DataOutputStream(httpConn.getOutputStream());dos.writeBytes("__VIEWSTATE="+VIEWSTATE+"&TextBox1="+xh+"&TextBox2="+pwd+"&RadioButtonList1=%D1%A7%C9%FA&Button1=a");dos.flush();dos.close();//获得响应状态//int resultCode=httpConn.getResponseCode();//System.out.println(resultCode);if(HttpURLConnection.HTTP_OK==httpConn.getResponseCode()){BufferedReader responseReader=new BufferedReader(new InputStreamReader(httpConn.getInputStream()));responseReader.close();//登录成功返回包含xs_main.aspx字符串location=httpConn.getURL().toString();System.out.println(location);if(location.indexOf("xs_main.aspx")!=-1){//未找到则登录失败return 0;}} return 1;} catch (Exception e) {e.printStackTrace();}return -1;}protected int checkuserinfo(String name,String pwd){Connection conn = null; Statement stmt = null; ResultSet rs = null;//System.out.println("check");try { if(checkXhAnsPwd(name,pwd)==0){//学生return 0;}else{//管理员conn = C3P0cnn.getConnection();stmt = conn.createStatement(); //查询管理员表ResultSet rs2 = stmt.executeQuery("select pwd,authority from t_admin where name='"+name+"'");//System.out.println("is admin");while (rs2.next()) {if(pwd.equals(rs2.getString("pwd"))==true){//System.out.println("is admin authority="+rs2.getString("authority"));return Integer.parseInt(rs2.getString("authority"));}}//System.out.println("not admin");}} catch (SQLException e) { e.printStackTrace(); } finally { try { if (rs != null) rs.close(); if (stmt != null) stmt.close(); if (conn != null) conn.close();} catch (Exception e) { e.printStackTrace(); } }return -1; }/*** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)*/protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubresponse.setCharacterEncoding("UTF-8");String name=request.getParameter("name");String pwd=request.getParameter("pwd");System.out.println("name="+name+"-pwd="+"*");HttpSession session = request.getSession();session.setAttribute("name",name);//在服务器端存储"键-值对"PrintWriter out = response.getWriter();JSONObject json = new JSONObject();int tmp=checkuserinfo(name,pwd);switch(tmp){case -1:json.put("code","0");json.put("msg","用户名或密码错误");//session.setAttribute("msg","用户名或密码错误");break;default:json.put("code","1");json.put("msg","登陆成功");session.setAttribute("authority",tmp);}out.write(json.toString());}/*** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)*/protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {// TODO Auto-generated method stubdoGet(request, response);}}
