使用过滤器和session,cookies写的自动登录
autoLogin.jsp页面
<%@ page language="java" contentType="text/html;charset=utf-8"%>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>自动登录</title>
</head>
<%
String username="";
String userpwd="";
Integer maxTime=0;
Cookie[] cookies=request.getCookies();
if(cookies!=null&&cookies.length>0){
for(Cookie c:cookies){
if("username".equals(c.getName())){
username=c.getValue();
}
if("userpwd".equals(c.getName())){
userpwd=c.getValue();
}
if("maxTime".equals(c.getName())){
String smaxTime=c.getValue();
if(smaxTime!=null&&!"".equals(smaxTime)){
maxTime=Integer.parseInt(smaxTime);
pageContext.setAttribute("maxTime",maxTime);
}
}
}
}
%>
<body>
<form action="${pageContext.request.contextPath }/autoLoginServlet" method="post">
用户名:<input type="text" name="username" value="<%=username %>"><br/>
密 码:<input type="password" name="userpwd" value="<%=userpwd %>"><br>
记住密码:<input type="checkbox" name="flag" checked=false> 保存时间
<input type="radio" name="maxTime" value="${60*60*24 }" ${(maxTime==60*60*24)?"checked":"" } >一天
<input type="radio" name="maxTime" value="${60*60*24*7 }" ${(maxTime==60*60*24*7)?"checked":"" } >一周
<input type="radio" name="maxTime" value="${60*60*24*30 }" ${(maxTime==60*60*24*30)?"checked":"" } >一月
<input type="radio" name="maxTime" value="${60*60*24*180 }" ${(maxTime==60*60*24*180)?"checked":"" } >半年<br>
${maxTime }
<input type="submit" name="btn" value="提交"/>
</form>
</body>
</html>
web.xml内容
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<description>不登录就可以访问的连接</description>
<param-name>noCheckUrl</param-name>
<param-value>/autoLogin.jsp,/autoLoginServlet</param-value>
</context-param>
<!-- 配置粗粒度权限过滤器 -->
<filter>
<filter-name>AtuoLoginFilter</filter-name>
<filter-class>com.yxkong.filter.AtuoLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AtuoLoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>AutoLoginServlet</servlet-name>
<servlet-class>com.yxkong.web.AutoLoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AutoLoginServlet</servlet-name>
<url-pattern>/autoLoginServlet</url-pattern>
</servlet-mapping>
</web-app>
自动登录拦截器
public class AtuoLoginFilter implements Filter {
// 不登录允许访问的连接
private List<String> list = null;
public void init(FilterConfig filterConfig) throws ServletException {
list = new ArrayList<String>();
ServletContext sc = filterConfig.getServletContext();
String noCheckUrl = sc.getInitParameter("noCheckUrl");
String[] noCheckUrlArr = noCheckUrl.split(",");
list = Arrays.asList(noCheckUrlArr);
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String path = req.getRequestURI();
path = path.substring(path.indexOf("/", 1));
// 只要是list集合中的,不管登录没有登录都可以访问
if (list != null && list.size() > 0 && list.contains(path)) {
chain.doFilter(request, response);
return;
}
// 如果session存在获取,不存在不新建session
HttpSession session = req.getSession(false);
User user = null;
if (session != null) {
user = (User) session.getAttribute("user");
}
// 已经存在用户的session
if (user != null) {
chain.doFilter(request, response);
return;
} else {
// 获取客户端cookie
user = new User();
String username = "";
String userpwd = "";
String smaxTime = "";
Cookie[] cookies = req.getCookies();
// 遍历cookies,如果存在对应的cookie则取出
if (cookies!=null&&cookies.length > 0) {
for (Cookie cookie : cookies) {
if ("username".equals(cookie.getName())) {
username = cookie.getValue();
}
if ("userpwd".equals(cookie.getName())) {
userpwd = cookie.getValue();
}
if ("maxTime".equals(cookie.getName())) {
smaxTime = cookie.getValue();
}
}
}
// 客户端存在对应的cookie
if (!"".equals(username) && !"".equals(userpwd)
&& !"".equals(smaxTime)) {
// 这里可以判断得到的用户名和密码是否和数据库中的相同,如果相同则存入session,如果不同则跳转到登录页面并提示
user.setUsername(username);
user.setUserpwd(userpwd);
// 将从cookie中获得到得值存到session中
session=req.getSession();
session.setAttribute("user", user);
chain.doFilter(request, response);
return;
} else {
resp.sendRedirect(req.getContextPath() + "/autoLogin.jsp");
}
}
}
public void destroy() {
}
}自动登录servlet
public class AutoLoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String userpwd = request.getParameter("userpwd");
String sflag = request.getParameter("flag");
String smaxTime = request.getParameter("maxTime");
// 是否保存用户名和密码的标记
Boolean flag = false;
if (sflag != null && !"".equals(sflag)) {
flag = true;
}
// 保存密码的时间
int maxTime = 0;
if (smaxTime != null && !"".equals(smaxTime)) {
maxTime = Integer.parseInt(smaxTime);
// 如果没有选上记住密码,但是选上了记住时间,则默认记住密码
flag = true;
}
User user = null;
// 输入用户名和密码则执行下面的
if (username != null && !"".equals(username) && userpwd != null
&& !"".equals(userpwd)) {
// 在此处可以添加用户名和密码的验证,如果用户名和密码正确则保存用户到bean并保存用户名和密码到session中
user = new User();
user.setUsername(username);
user.setUserpwd(userpwd);
HttpSession session = request.getSession();
session.setAttribute("user", user);
// 如果选中了记住密码,且记住时间不为空 执行记住cookie
if (flag && maxTime > 0) {
Cookie usernameCookie = new Cookie("username", username);
// 设置cookie保存路径
usernameCookie.setPath(request.getContextPath());
usernameCookie.setMaxAge(maxTime);
Cookie userpwdCookie = new Cookie("userpwd", userpwd);
userpwdCookie.setPath(request.getContextPath());
userpwdCookie.setMaxAge(maxTime);
Cookie maxTimeCookie = new Cookie("maxTime", smaxTime);
maxTimeCookie.setPath(request.getContextPath());
maxTimeCookie.setMaxAge(maxTime);
response.addCookie(maxTimeCookie);
// 将cookie添加到响应头
response.addCookie(usernameCookie);
response.addCookie(userpwdCookie);
}
request.getRequestDispatcher("main.jsp").forward(request, response);
} else {
// 提示用户输入用户名和密码
}
}
}
