WEB网站登录系统
写了这么多年的网站了,登录系统用了好几种了,有自己实现的,有spring security的,有apache shiro的,但其实原理都是一样,session加cookie实现的。
登录页面login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta charset="ISO-8859-1"> <title>Insert title here</title> </head> <body> <form name="loginForm" method="post" action="login"> <table border="0px"> <tr> <td>姓名:</td> <td><input name="username" value=""></input></td> </tr> <tr> <td>密码:</td> <td><input name="passwd"></input></td> </tr> <tr> <td><input type="checkbox" name="remeberme" value="remeberme">记住我</input> </td> </tr> <tr> <td></td> <td><input type="submit" class="loginform" name="submit" value="确定"> <input type="button" class="loginform" name="submit" value="取消"></td> </tr> </table> </form> </body> </html>
login servlet:
package my.authentication.normal; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet implementation class login */ @WebServlet("/login") public class login extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public login() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub response.getWriter().append("Served at: ").append(request.getContextPath()); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub //doGet(request, response); HttpSession session= request.getSession(); String username= request.getParameter("username"); String remeberme=request.getParameter("remeberme"); if(remeberme!=null) { System.out.println(remeberme); } else { System.out.println("没有选中remeberme"); } if(username.equals("yl")) { session.setAttribute("user", username); if(remeberme!=null) { Cookie ck=new Cookie("remeberme","remeberme"); ck.setDomain("authentication.normal"); /*设置cookie的有效时间,如果不设置,那么关闭浏览器后cookie就消失了,达不到remerber me的效果了*/ ck.setMaxAge(600); response.addCookie(ck); } response.getWriter().write("passwd correct!"); } else { response.getWriter().write("passwd error!"); } } }
认证过滤器:
package my.authentication.normal; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * Servlet Filter implementation class authentication */ //@WebFilter("/my.authentication.normal/*") @WebFilter("/admin/*") public class AuthenticationFilter implements Filter { // FilterConfig fConfig; /** * Default constructor. */ public AuthenticationFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } @Override /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpSR = (HttpServletRequest) request; HttpServletResponse httpRP = (HttpServletResponse) response; String url = httpSR.getRequestURL().toString(); System.out.println("My URL:" + url); HttpSession session = httpSR.getSession(); Cookie[] cks = httpSR.getCookies(); /** 判断客户端是否有remeberme的cookie,如果有,说明已经登录成功了*/ if (cks != null) { Cookie ck = null; for(Cookie ckc:cks) { String ckName=ckc.getName(); System.out.println(ckName); if(ckName.equals("remeberme")) { System.out.println("过滤器获取到remeberme的cookie"); ck=ckc; break; } } if (ck != null) { System.out.println("过滤器获取到remeberme的cookie"); session.setAttribute("user", session.getAttribute("user")); chain.doFilter(request, response); return; } } if (session.getAttribute("user") != null) { chain.doFilter(request, response); } else { httpRP.sendRedirect("/login.jsp"); } } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException { // System.out.println("fConfig器"); // this.fConfig=fConfig; } }
如果想要实现同一个域名,不同的主机实现SSO功能,可以用cookie实现,设置cookie的域名为主域名,例如"domain.com",然后设置一个单独的认证系统,例如authentication.domain.com/authentication。