6Filter應用5實現用戶自動登陸的過濾器

1.步驟:

(1)在用戶登陸成功後,發送一個名稱爲user的cookie給客戶端,cookie的值爲用戶名和md5加密後的密碼。
(2)編寫一個AutoLoginFilter,這個filter檢查用戶是否帶有名稱爲user的cookie來,如果有,則調用dao查詢cookie的用戶名和密碼是否和數據庫匹配,匹配則向session中存入user對象(即用戶登陸標記),以實現程序完成自動登陸。

2.User對象

public class User {
	
	private String username;
	private String password;
	
	public User() {
		super();
		// TODO Auto-generated constructor stub
	}
	public User(String username, String password) {
		super();
		this.username = username;
		this.password = password;
	}
	public String getUsername() {
		return username;
	}
	public void setUsername(String username) {
		this.username = username;
	}
	public String getPassword() {
		return password;
	}
	public void setPassword(String password) {
		this.password = password;
	}
	
}

3.BusinessService

public class BusinessService {
	
	private static List<User> list = new ArrayList();
	static{
		list.add(new User("aaa","123"));
		list.add(new User("bbb","123"));
		list.add(new User("ccc","123"));
		list.add(new User("ddd","123"));
	}
	
	public User loginUser(String username,String password){
		for(User user : list){
			if(user.getUsername().equals(username) && user.getPassword().equals(password)){
				return user;
			}
		}
		return null;
	}

	public String findPassword(String username) {
		for(User user : list){
			if(user.getUsername().equals(username)){
				return user.getPassword();
			}
		}
		return null;
	}

	public User findUser(String username) {
		for(User user : list){
			if(user.getUsername().equals(username)){
				return user;
			}
		}
		return null;
	}
	
}



 

 

4.login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <title>My JSP 'login.jsp' starting page</title>
  </head>
  
  <body>
    
    <form action="${pageContext.request.contextPath }/servlet/LoginServlet" method="post">
    
    	用戶名:<input type="text" name="username"><br/>
    	密碼:<input type="password" name="password"><br/>
    	有效期:<input type="radio" name="loginExpiresTime" value="60">1分鐘
    		  <input type="radio" name="loginExpiresTime" value="${3*60}">3分鐘
    		  <input type="radio" name="loginExpiresTime" value="${5*60 }">5分鐘
    	<br/>
    	<input type="submit" value="登陸">
    
    </form>
  </body>
</html>


5.LoginServlet

public class LoginServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		String username = request.getParameter("username");
		String password = request.getParameter("password");
		
		BusinessService service = new BusinessService();
		User user = service.loginUser(username, password);
		if(user==null){
			request.setAttribute("message", "用戶名或密碼錯誤!!");
			request.getRequestDispatcher("/message.jsp").forward(request, response);
			return;
		}
		
		request.getSession().setAttribute("user", user);
		
		//用戶登陸後,就要給用戶發送自動登陸的cookie
		sendAutoLoginCookie(request,response,user);
		
		request.setAttribute("message", "登陸成功!!");
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	//給用戶發送自動登陸的cookie
	private void sendAutoLoginCookie(HttpServletRequest request,
			HttpServletResponse response, User user) {
		
		int loginExpiresTime = Integer.parseInt(request.getParameter("loginExpiresTime"));  //3
		
		//構建給用戶發送的cookie:   
		//autologinCookie=aaa:123  
		//autologinCookie=aaa:md5(password)
		//autologinCookie=aaa:expirestime:md5(password)  //autologinCookie=aaa:20:9837hfhdsudfu
		//autologinCookie=aaa:expirestime:md5(aaa:expirestime:password)  //autologinCookie=aaa:20:9837hfhdsudfu
		
		long expiresTime = System.currentTimeMillis() + loginExpiresTime*1000;   //2011-09-09
		String value = user.getUsername() + ":" + expiresTime + ":" + WebUtils.md5(user.getUsername(),expiresTime,user.getPassword());
		Cookie cookie = new Cookie("autologinCookie",value);
		cookie.setMaxAge(loginExpiresTime);
		cookie.setPath(request.getContextPath());  // /day19
		response.addCookie(cookie);
	}
	
	

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doGet(request, response);
	}

}


 

 

 

 

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章