Java：Cookie實現記住用戶名、密碼

package com.laizhi.util;

002

003	import java.io.IOException;

004

005	import java.io.PrintWriter;

006

007	import java.io.UnsupportedEncodingException;

008

009	import javax.servlet.FilterChain;

010

011	import javax.servlet.ServletException;

012

013	import javax.servlet.http.Cookie;

014

015	import javax.servlet.http.HttpServletRequest;

016

017	import javax.servlet.http.HttpServletResponse;

018

019	import javax.servlet.http.HttpSession;

020

021	import java.security.MessageDigest;

022

023	import java.security.NoSuchAlgorithmException;

024

025	import com.laizhi.bean.User;

026

027	import com.laizhi.dao.UserDAO;

028

029	import com.laizhi.factory.DaoImplFactory;

030

031	import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;

032

033

/*

034

035	* 2014.07.01

036

037

* */

038

039	public class CookieUtil {

040	//保存cookie時的cookieName

041	private final static String cookieDomainName = “laizhi”;

042	//加密cookie時的網站自定碼

043

044	private final static String webKey = “123456”;

045	//設置cookie有效期是兩個星期，根據需要自定義

046	private final static long cookieMaxAge = 60 * 60 * 24 * 7 * 2;

047	//保存Cookie到客戶端-------------------------------------------------------------------------

048	//在CheckLogonServlet.java中被調用

049	//傳遞進來的user對象中封裝了在登陸時填寫的用戶名與密碼

050

051	public static void saveCookie(User user, HttpServletResponse response) {

052	//cookie的有效期

053	long validTime = System.currentTimeMillis() + (cookieMaxAge * 5000);

054	//MD5加密用戶詳細信息

055	String cookieValueWithMd5 =getMD5(user.getUserName() + ":" + user.getPassword()

056

057	+ ":" + validTime + ":" + webKey);

058	//將要被保存的完整的Cookie值

059	String cookieValue = user.getUserName() + ":" + validTime + ":" + cookieValueWithMd5;

060	//再一次對Cookie的值進行BASE64編碼

061

062	String cookieValueBase64 = new String(Base64.encode(cookieValue.getBytes()));

063	//開始保存Cookie

064	Cookie cookie = new Cookie(cookieDomainName, cookieValueBase64);

065	//存兩年(這個值應該大於或等於validTime)

066	cookie.setMaxAge(60 * 60 * 24 * 365 * 2);

067

068	//cookie有效路徑是網站根目錄

069

070	cookie.setPath("/");

071

072

//向客戶端寫入

073

074	response.addCookie(cookie);

075

076

}

077

078

079

080	//讀取Cookie,自動完成登陸操作----------------------------------------------------------------

081

082	//在Filter程序中調用該方法,見AutoLogonFilter.java

083

084	public static void readCookieAndLogon(HttpServletRequest request, HttpServletResponse response,

085

086	FilterChain chain) throws IOException, ServletException,UnsupportedEncodingException{

087	//根據cookieName取cookieValue

088	Cookie cookies[] = request.getCookies();

089	String cookieValue = null;

090	if(cookies!=null){

091	for(int i=0;i

092	if (cookieDomainName.equals(cookies[i].getName())) {

093	cookieValue = cookies[i].getValue();

094

break;

095

}

096

097

}

098

099

}

100	//如果cookieValue爲空,返回,

101	if(cookieValue==null){

102

return;

103

}

104	//如果cookieValue不爲空,才執行下面的代碼

105	//先得到的CookieValue進行Base64解碼

106	String cookieValueAfterDecode = new String (Base64.decode(cookieValue),"utf-8");

107	//對解碼後的值進行分拆,得到一個數組,如果數組長度不爲3,就是非法登陸

108	String cookieValues[] = cookieValueAfterDecode.split(":");

109	if(cookieValues.length!=3){

110	response.setContentType("text/html;charset=utf-8");

111	PrintWriter out = response.getWriter();

112	out.println("你正在用非正常方式進入本站...");

113	out.close();

114

return;

115

}

116	//判斷是否在有效期內,過期就刪除Cookie

117	long validTimeInCookie = new Long(cookieValues[1]);

118	if(validTimeInCookie < System.currentTimeMillis()){

119	//刪除Cookie

120	clearCookie(response);

121	response.setContentType("text/html;charset=utf-8");

122	PrintWriter out = response.getWriter();

123	out.println("");你的Cookie已經失效,請重新登陸

124	out.close();

125

return;

126

}

127	//取出cookie中的用戶名,併到數據庫中檢查這個用戶名,

128	String username = cookieValues[0];

129

130	//根據用戶名到數據庫中檢查用戶是否存在

131	UserDAO ud = DaoImplFactory.getInstance();

132	User user = ud.selectUserByUsername(username);

133

134	//如果user返回不爲空,就取出密碼,使用用戶名+密碼+有效時間+ webSiteKey進行MD5加密

135	if(user!=null){

136	String md5ValueInCookie = cookieValues[2];

137	String md5ValueFromUser =getMD5(user.getUserName() + ":" + user.getPassword()

138	+ ":" + validTimeInCookie + ":" + webKey);

139	//將結果與Cookie中的MD5碼相比較,如果相同,寫入Session,自動登陸成功,並繼續用戶請求

140	if(md5ValueFromUser.equals(md5ValueInCookie)){

141	HttpSession session = request.getSession(true);

142	session.setAttribute("user", user);

143	chain.doFilter(request, response);

144

}

145

146

}else{

147

148

//返回爲空執行

149	response.setContentType("text/html;charset=utf-8");

150	PrintWriter out = response.getWriter();

151	out.println("cookie驗證錯誤！");

152	out.close();

153

return;

154

155

}

156

157

}

158

159

160

161	//用戶註銷時,清除Cookie,在需要時可隨時調用-----------------------------------------------------

162	public static void clearCookie( HttpServletResponse response){

163	Cookie cookie = new Cookie(cookieDomainName, null);

164	cookie.setMaxAge(0);

165	cookie.setPath("/");

166	response.addCookie(cookie);

167

}

168

169	//獲取Cookie組合字符串的MD5碼的字符串----------------------------------------------------------------

170	public static String getMD5(String value) {

171	String result = null;

172

try{

173	byte[] valueByte = value.getBytes();

174	MessageDigest md = MessageDigest.getInstance("MD5");

175	md.update(valueByte);

176	result = toHex(md.digest());

177	} catch (NoSuchAlgorithmException e2){

178	e1.printStackTrace();

179

}

180	return result;

181

}

182	//將傳遞進來的字節數組轉換成十六進制的字符串形式並返回

183	private static String toHex(byte[] buffer){

184	StringBuffer sb = new StringBuffer(buffer.length * 2);

185	for (int i = 0; i < buffer.length; i++){

186	sb.append(Character.forDigit((buffer[i] & 0xf0) >> 4, 16));

187	sb.append(Character.forDigit(buffer[i] & 0x0f, 16));

188

}

189	return sb.toString();

190

}

191

}