1.步驟:
(1)在用戶登陸成功後,發送一個名稱爲user的cookie給客戶端,cookie的值爲用戶名和md5加密後的密碼。
(2)編寫一個AutoLoginFilter,這個filter檢查用戶是否帶有名稱爲user的cookie來,如果有,則調用dao查詢cookie的用戶名和密碼是否和數據庫匹配,匹配則向session中存入user對象(即用戶登陸標記),以實現程序完成自動登陸。
2.User對象
public class User {
private String username;
private String password;
public User() {
super();
// TODO Auto-generated constructor stub
}
public User(String username, String password) {
super();
this.username = username;
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
3.BusinessService
public class BusinessService {
private static List<User> list = new ArrayList();
static{
list.add(new User("aaa","123"));
list.add(new User("bbb","123"));
list.add(new User("ccc","123"));
list.add(new User("ddd","123"));
}
public User loginUser(String username,String password){
for(User user : list){
if(user.getUsername().equals(username) && user.getPassword().equals(password)){
return user;
}
}
return null;
}
public String findPassword(String username) {
for(User user : list){
if(user.getUsername().equals(username)){
return user.getPassword();
}
}
return null;
}
public User findUser(String username) {
for(User user : list){
if(user.getUsername().equals(username)){
return user;
}
}
return null;
}
}
4.login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'login.jsp' starting page</title>
</head>
<body>
<form action="${pageContext.request.contextPath }/servlet/LoginServlet" method="post">
用戶名:<input type="text" name="username"><br/>
密碼:<input type="password" name="password"><br/>
有效期:<input type="radio" name="loginExpiresTime" value="60">1分鐘
<input type="radio" name="loginExpiresTime" value="${3*60}">3分鐘
<input type="radio" name="loginExpiresTime" value="${5*60 }">5分鐘
<br/>
<input type="submit" value="登陸">
</form>
</body>
</html>
5.LoginServlet
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
BusinessService service = new BusinessService();
User user = service.loginUser(username, password);
if(user==null){
request.setAttribute("message", "用戶名或密碼錯誤!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
return;
}
request.getSession().setAttribute("user", user);
//用戶登陸後,就要給用戶發送自動登陸的cookie
sendAutoLoginCookie(request,response,user);
request.setAttribute("message", "登陸成功!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
}
//給用戶發送自動登陸的cookie
private void sendAutoLoginCookie(HttpServletRequest request,
HttpServletResponse response, User user) {
int loginExpiresTime = Integer.parseInt(request.getParameter("loginExpiresTime")); //3
//構建給用戶發送的cookie:
//autologinCookie=aaa:123
//autologinCookie=aaa:md5(password)
//autologinCookie=aaa:expirestime:md5(password) //autologinCookie=aaa:20:9837hfhdsudfu
//autologinCookie=aaa:expirestime:md5(aaa:expirestime:password) //autologinCookie=aaa:20:9837hfhdsudfu
long expiresTime = System.currentTimeMillis() + loginExpiresTime*1000; //2011-09-09
String value = user.getUsername() + ":" + expiresTime + ":" + WebUtils.md5(user.getUsername(),expiresTime,user.getPassword());
Cookie cookie = new Cookie("autologinCookie",value);
cookie.setMaxAge(loginExpiresTime);
cookie.setPath(request.getContextPath()); // /day19
response.addCookie(cookie);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}