分为三个文件，用JSP写

第一个  login.jsp

<%@ page contentType="text/html;charset=gbk" %> 
<%@ page language="java" import="java.sql.*" errorPage="" %> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=gb2312"> 
<title>用户登录</title> 
<script language="javascript"> 
function loadimage(){ 
document.getElementById("randImage").src = "image.jsp?"+Math.random(); 
} 
</script> 
</head> 
<body> 
<table width="256" border="1" cellpadding="0" cellspacing="0"> 
<!--DWLayoutTable--> 
<form action="validate.jsp" method="post" name="loginForm"> 
<tr> 
<td width="118" height="22" valign="middle" align="center">
<input type="text" name="rand" size="15">
</td> 
<td width="138" valign="middle" align="center">
<img alt="code..." name="randImage" id="randImage" src="image.jsp" width="60" height="20" border="1" align="absmiddle">
</td> 
</tr> 
<tr> 
<td height="36" colspan="2" align="center" valign="middle">
<a href="javascript:loadimage();"><font class=pt95>看不清点我</font></a>
</td> 
</tr> 
<tr> 
<td height="36" colspan="2" align="center" valign="middle">
<input type="submit" name="login" value="提交">
</td> 
</tr> 
</form> 
</table> 
</body> 
</html>

第二个    validate.jsp

<%@ page contentType="text/html; charset=gb2312" language="java" import="java.sql.*" errorPage="" %> 
<% 
String rand = (String)session.getAttribute("rand"); 
String input = request.getParameter("rand"); 
if(rand.equals(input)){ 
out.print("<script>alert('验证通过！');</script>"); 
} else{ 
out.print("<script>alert('请输入正确的验证码！');location.href='login.jsp';</script>"); 
} 
%> 

第三个  image.jsp

<%@ page contentType="image/jpeg" import="java.awt.*, 
java.awt.image.*,java.util.*,javax.imageio.*" %> 
<%! 
Color getRandColor(int fc,int bc) 
{ 
Random random = new Random(); 
if(fc>255) fc=255; 
if(bc>255) bc=255; 
int r=fc+random.nextInt(bc-fc); 
int g=fc+random.nextInt(bc-fc); 
int b=fc+random.nextInt(bc-fc); 
return new Color(r,g,b); 
} 
%> 
<% 
out.clear();//这句针对resin服务器，如果是tomacat可以不要这句 
response.setHeader("Pragma","No-cache"); 
response.setHeader("Cache-Control","no-cache"); 
response.setDateHeader("Expires", 0); 
int width=60, height=20; 
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); 
Graphics g = image.getGraphics(); 
Random random = new Random(); 
g.setColor(getRandColor(200,250)); 
g.fillRect(0, 0, width, height); 
g.setFont(new Font("Times New Roman",Font.PLAIN,18)); 
g.setColor(getRandColor(160,200)); 
for (int i=0;i<155;i++) 
{ 
int x = random.nextInt(width); 
int y = random.nextInt(height); 
int xl = random.nextInt(12); 
int yl = random.nextInt(12); 
g.drawLine(x,y,x+xl,y+yl); 
} 
String sRand=""; 
for (int i=0;i<4;i++){ 
String rand=String.valueOf(random.nextInt(10)); 
sRand+=rand; 
g.setColor(new Color(20+random.nextInt(110),20+random.nextInt(110),20+random.nextInt(110))); 
g.drawString(rand,13*i+6,16); 
} 
// 将认证码存入SESSION 
session.setAttribute("rand",sRand); 
g.dispose(); 
ImageIO.write(image, "JPEG", response.getOutputStream()); 
%>