工具类:

package com.lhy.web.servlet;
import java.awt.BasicStroke;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics2D;
import java.awt.image.BufferedImage;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Random;

import javax.imageio.ImageIO;

public class VerifyCode {
    
    private int w = 70;//图片长
    
    private int h = 35;//图片宽
    
     private Random r = new Random();//Random类 生成随机数
     
     // 列举验证图片中验证码的字体类型
     //{"宋体", "华文楷体", "黑体", "华文新魏", "华文隶书", "微软雅黑", "楷体_GB2312"}
    private String[] fontNames  = {"宋体", "华文楷体", "黑体", "微软雅黑", "楷体_GB2312"};
    // 验证码可选字符
    private String codes="23456789abcdefghjkmnopqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ";
    // 背景色
    private Color bgColor  = new Color(255, 255, 255);
    // 验证码上的文本
    private String text ;
    
    
    // 生成随机的颜色
    private Color randomColor () {
            int red = r.nextInt(150);
            int green = r.nextInt(150);
            int blue = r.nextInt(150);
            return new Color(red, green, blue);
    }
    // 生成随机的字体
    private Font randomFont () {
                int index = r.nextInt(fontNames.length);
                String fontName = fontNames[index];//生成随机的字体名称
                int style = r.nextInt(4);//生成随机的样式, 0(无样式), 1(粗体), 2(斜体), 3(粗体+斜体)
                int size = r.nextInt(5) + 24; //生成随机字号, 24 ~ 28
                return new Font(fontName, style, size);
    }
    // 画干扰线
    private void drawLine (BufferedImage image) {
            int num  = 3;//一共画3条
            Graphics2D g2 = (Graphics2D)image.getGraphics();
            for(int i = 0; i < num; i++) {//生成两个点的坐标,即4个值
                int x1 = r.nextInt(w);
                int y1 = r.nextInt(h);
                int x2 = r.nextInt(w);
                int y2 = r.nextInt(h); 
                g2.setStroke(new BasicStroke(1.5F)); 
                g2.setColor(Color.BLUE); //干扰线是蓝色
                g2.drawLine(x1, y1, x2, y2);//画线
            }
    }
    
    // 随机生成一个字符
    private char randomChar () {
            int index = r.nextInt(codes.length());
            return codes.charAt(index);
    }
    
    // 创建BufferedImage
    private BufferedImage createImage () {
            //宽,高,图片的类型
            BufferedImage image = new BufferedImage(w, h, BufferedImage.TYPE_INT_RGB); 
            Graphics2D g2 = (Graphics2D)image.getGraphics(); 
            g2.setColor(this.bgColor);
            g2.fillRect(0, 0, w, h);
             return image;
    }
    
    // 返回验证码图片上的文本
    public String getText () {
            return text;
    }
    
    // 保存图片到指定的输出流
    public static void output (BufferedImage image, OutputStream out) 
                    throws IOException {
            ImageIO.write(image, "JPEG", out);
    }
    
    // 调用这个方法得到验证码
        public BufferedImage getImage () {
                BufferedImage image = createImage();//创建图片缓冲区 
                Graphics2D g2 = (Graphics2D)image.getGraphics();//得到绘制环境
                StringBuilder sb = new StringBuilder();//用来装载生成的验证码文本
                // 向图片中画4个字符
                for(int i = 0; i < 4; i++)  {//循环四次,每次生成一个字符
                    String s = randomChar() + "";//随机生成一个字母 
                    sb.append(s); //把字母添加到sb中
                    float x = i * 1.0F * w / 4; //设置当前字符的x轴坐标
                    g2.setFont(randomFont()); //设置随机字体
                    g2.setColor(randomColor()); //设置随机颜色
                    g2.drawString(s, x, h-5); //画图
                }
                this.text = sb.toString(); //把生成的字符串赋给了this.text
                drawLine(image); //添加干扰线
                return image;        
        }


        public static void main(String[] args) throws FileNotFoundException, IOException {
            VerifyCode vc = new VerifyCode();//创建VerifyCode类的对象
            BufferedImage bi = vc.getImage();//调用getImge()方法获得一个BufferedImage对象
            VerifyCode.output(bi, new FileOutputStream("C:/验证码3.jpg"));//调用静态方法output()方法将图片保存在文件输出流中
            System.out.println(vc.getText());//在控制台上打印验证码的文本值
        }

}

VerifyCodeServlet:

package com.lhy.web.servlet;

import java.awt.image.BufferedImage;
import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


public class VerifyCodeServlet extends HttpServlet {

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        /*
         * 1. 生成图片
         * 2. 保存图片上的文本到session域中
         * 3. 把图片响应给客户端
         */
        VerifyCode vc = new VerifyCode();
        BufferedImage image = vc.getImage();
        request.getSession().setAttribute("session_vcode", vc.getText());//保存图片上的文本到session域
        
        VerifyCode.output(image, response.getOutputStream());
    }

}

LoginServlet:

package com.lhy.web.servlet;

import java.io.IOException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {

    public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        /*
         * 校验验证码
         * 1. 从session中获取正确的验证码
         * 2. 从表单中获取用户填写的验证码
         * 3. 进行比较!
         * 4. 如果相同,向下运行,否则保存错误信息到request域,转发到login.jsp
         */
        String sessionCode = (String) request.getSession().getAttribute("session_vcode");
        String paramCode = request.getParameter("verifyCode");
        
        if(!paramCode.equalsIgnoreCase(sessionCode)) {
            request.setAttribute("msg", "验证码错误!");
            request.getRequestDispatcher("/login.jsp").forward(request, response);
            return;
        }
        /*
         * 1. 获取表单数据
         */
        // 处理中文问题
        request.setCharacterEncoding("utf-8");
        // 获取
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        /*
         * 2. 校验用户名和密码是否正确
         */
        if("itcast".equalsIgnoreCase(username)) {//登录成功
            /*
             * 附加项:把用户名保存到cookie中,发送给客户端浏览器
             * 当再次打开login.jsp时,login.jsp中会读取request中的cookie,把它显示到用户名文本框中
             */
            Cookie cookie = new Cookie("uname", username);//创建Cookie
            cookie.setMaxAge(60*60*24);//设置cookie命长为1天
            response.addCookie(cookie);//保存cookie
            
            /*
             * 3. 如果成功
             *   >  保存用户信息到session中
             *   >  重定向到succ1.jsp
             */
            HttpSession session = request.getSession();//获取session
            session.setAttribute("username", username);//向session域中保存用户名
            response.sendRedirect("/Test/succ1.jsp");
        } else {//登录失败
            /*
             * 4. 如果失败
             *   > 保存错误信息到request域中
             *   > 转发到login.jsp
             */
            request.setAttribute("msg", "用户名或密码错误!");
            RequestDispatcher qr = request.getRequestDispatcher("/login.jsp");//得到转发器
            qr.forward(request, response);//转发
        }
    }
    }

login.jsp:

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'login.jsp' starting page</title>
    
    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">    
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
    <!--
    <link rel="stylesheet" type="text/css" href="styles.css">
    -->
<script type="text/javascript">
function _change() {
    /*
    1. 得到img元素
    2. 修改其src
    */
    var imgEle = document.getElementById("img");
    imgEle.src = "<%=basePath%>servlet/VerifyCodeServlet?a=" + new Date().getTime();
}
</script>
  </head>
  
  <body>
<%-- 本页面提供登录表单,还要显示错误信息 --%>

<h1>登录</h1>
 
<%
/*
读取名为uname的Cookie!
如果为空显示:""
如果不为空显示:Cookie的值
*/
String uname = "";
Cookie[] cs = request.getCookies();//获取请求中所有的cookie
if(cs != null) {// 如果存在cookie
    for(Cookie c : cs) {//循环遍历所有的cookie
        if("uname".equals(c.getName())) {//查找名为uname的cookie
            uname = c.getValue();//获取这个cookie的值,给uname这个变量
        }
    }
}
%>
<%
    String message = "";
    String msg = (String)request.getAttribute("msg");//获取request域中的名为msg的属性
    if(msg != null) {
        message = msg;
    }
%>
<font color="red"><b><%=message %> </b></font>
<form action="servlet/LoginServlet" method="post">
            <%-- 把cookie中的用户名显示到用户名文本框中 --%>
    用户名:<input type="text" name="username" value="<%=uname%>"/><br/>
    密 码:<input type="password" name="password"/><br/>
    验证码:<input type="text" name="verifyCode" size="3"/>
            <img id="img" src="<%=basePath%>servlet/VerifyCodeServlet"/>
            <a href="javascript:_change()">换一张</a>
            <br/>
    <input type="submit" value="登录"/>
</form>

  </body>
</html>

loginsuccess:

<body>
<h1>succ1</h1>
<%
String username = (String)session.getAttribute("username");
if(username == null) {
    /*
    1. 向request域中保存错误信息,转发到login.jsp
    */
    request.setAttribute("msg", "您还没有登录!请先登录!");
    request.getRequestDispatcher("/login.jsp").forward(request, response);
    return;
}
%>

欢迎欢迎,热烈欢迎,欢迎<%=username %>领导指导工作!
  </body>
</html>

配置文件:

 <servlet>
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.lhy.web.servlet.LoginServlet</servlet-class>
  </servlet>
   <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/servlet/LoginServlet</url-pattern>
  </servlet-mapping>
  
  <servlet>
    <servlet-name>VerifyCodeServlet</servlet-name>
    <servlet-class>com.lhy.web.servlet.VerifyCodeServlet</servlet-class>
  </servlet>
   <servlet-mapping>
    <servlet-name>VerifyCodeServlet</servlet-name>
    <url-pattern>/servlet/VerifyCodeServlet</url-pattern>
  </servlet-mapping>
  

建议:生成验证码的Servlet最好设置成不缓存,这样就不用再页面请求验证码图片的时候加上时间戳了,加上时间戳就是欺骗浏览器防止浏览器读取缓存里的验证码图片,而点击换一张后没反应。 这样的不是很好的一点就是,每次点击换一张,浏览器都会把新获取的图片缓存到本地,而在Servlet里设置不缓存,就不会缓存到本地了。