cookie技术自动登录
user
1 public class User implements Serializable{ 2 private String username; 3 private String nick; 4 private String password; 5 public User(){} 6 7 public User(String username, String nick, String password) { 8 super(); 9 this.username = username; 10 this.nick = nick; 11 this.password = password; 12 } 13 14 public String getUsername() { 15 return username; 16 } 17 public void setUsername(String username) { 18 this.username = username; 19 } 20 public String getNick() { 21 return nick; 22 } 23 public void setNick(String nick) { 24 this.nick = nick; 25 } 26 public String getPassword() { 27 return password; 28 } 29 public void setPassword(String password) { 30 this.password = password; 31 } 32 33 }
util
md5
1 import java.security.MessageDigest; 2 3 import sun.misc.BASE64Encoder; 4 5 public class MD5Util { 6 public static String md5(String message){ 7 try{ 8 MessageDigest md = MessageDigest.getInstance("md5"); 9 byte b[] = md.digest(message.getBytes()); 10 return new BASE64Encoder().encode(b); 11 }catch(Exception e){ 12 throw new RuntimeException(e); 13 } 14 } 15 }
WebUtils
//添加Cookie
1 public static void addAutoLoginFunction(HttpServletRequest request, 2 HttpServletResponse response, String username, String password) { 3 //把帐号BASE64加密 _ 密码双次md5加密, 所以比较的时候 数据库中密码取出md5加密再和这个比较 4 String encodeUsername=new BASE64Encoder().encode(username.getBytes()); 5 String encodePassword=Md5Util.md5(password); 6 System.out.println("存入数据库 帐号:"+username); 7 System.out.println("存入数据库 密码:"+password); 8 System.out.println("存入Cookie 帐号:"+encodeUsername); 9 System.out.println("存入Cookie密码:"+encodePassword); 10 Cookie c=new Cookie("loginInfo",encodeUsername+"_"+encodePassword); 11 c.setMaxAge(10000); 12 c.setPath(request.getContextPath()); 13 response.addCookie(c); 14 } 15 //删除Cookie 16 public static void removeAutoLoginCookie(HttpServletRequest request, 17 HttpServletResponse response) { 18 Cookie cs[]=request.getCookies(); 19 if(cs!=null) 20 { 21 for(Cookie c:cs) 22 { 23 if(c.getName().equals("loginInfo")) 24 { 25 Cookie cookie=new Cookie("loginInfo",null); 26 cookie.setMaxAge(0); 27 cookie.setPath(request.getContextPath()); 28 response.addCookie(cookie); 29 // c.setMaxAge(0); 30 // c.setPath(request.getContextPath()); 31 System.out.println("删除Cookie"); 32 return; 33 } 34 } 35 } 36 } 37
servlet
1 import sun.misc.BASE64Encoder; 2 //完成用户登录 3 public class LoginServlet extends HttpServlet { 4 5 public void doGet(HttpServletRequest request, HttpServletResponse response) 6 throws ServletException, IOException { 7 // 1、取到用户名和密码 8 String username = request.getParameter("username"); 9 String password = request.getParameter("password"); 10 // 2、验证是否正确 11 User user = UserDB.findUser(username, password); 12 if(user!=null){ 13 // 3、正确,把用户放到HttpSession中 14 request.getSession().setAttribute("user", user); 15 // 4、判断用户是否需要自动登录 16 String autologin = request.getParameter("autologin"); 17 if(autologin!=null){
18 // 5、是:把用户名和密码保存到一个指定的cookie中 19 Cookie c = new Cookie("loginInfo",new BASE64Encoder().encode(username.getBytes())+"_"+MD5Util.md5(password));//存在客户端的cookie中,如果密码是名为,很危险 20 c.setMaxAge(Integer.MAX_VALUE); 21 c.setPath(request.getContextPath()); 22 response.addCookie(c); 23 } 24 } 25 // 6、重定向到主页 26 response.sendRedirect(request.getContextPath()+"/autologin/index.jsp"); 27 } 28 29 public void doPost(HttpServletRequest request, HttpServletResponse response) 30 throws ServletException, IOException { 31 32 doGet(request, response); 33 } 34 35 }
注销
1 private void logout(HttpServletRequest request, HttpServletResponse response) throws IOException { 2 WebUtils.removeAutoLoginCookie(request,response); 3 request.getSession().invalidate(); 4 response.sendRedirect(request.getContextPath()); 5 }
过滤器
1 public void doFilter(ServletRequest req, ServletResponse resp, 2 FilterChain chain) throws IOException, ServletException { 3 4 HttpServletRequest request = (HttpServletRequest)req; 5 HttpServletResponse response = (HttpServletResponse)resp; 6 7 HttpSession session = request.getSession(); 8 User u = (User)session.getAttribute("user"); 9 if(u==null){//只有没有登录时才自动登录,已经登录了就不需要了 10 // System.out.println("自动登录执行了"); 11 // 1、获取名称为loginInfo的cookie 12 Cookie loginInfoCookie = null; 13 Cookie cs[] = request.getCookies(); 14 for(int i=0;cs!=null&&i<cs.length;i++){ 15 if("loginInfo".equals(cs[i].getName())){ 16 loginInfoCookie = cs[i]; 17 break; 18 } 19 } 20 if(loginInfoCookie!=null){ 21 // 2、有:取出cookie的值:用户名_加密的密码 22 String usernamePassword = loginInfoCookie.getValue();// zql_slkdjflksjkfslkfls 23 // 3、拆出用户名和密码 24 String username = usernamePassword.split("\\_")[0];//用户名 25 username = new String(new BASE64Decoder().decodeBuffer(username)); 26 String cookiePassword = usernamePassword.split("\\_")[1];//密码 27 // 4、再次验证用户名和密码是否正确(根据用户名查出密码,加密后再与cookie中的那个密码进行比对) 28 User user = UserDB.findUser(username); 29 if(user!=null){ 30 //根据用户名查出密码,加密后再与cookie中的那个密码进行比对 31 if(cookiePassword.equals(MD5Util.md5(user.getPassword()))){ 32 // 5、正确:得到用户对象,放到HttpSession中(自动登录) 33 session.setAttribute("user", user); 34 } 35 } 36 } 37 } 38 //放行 39 chain.doFilter(request, response); 40 }
