实现用户自动登陆的过滤器
原理:在用户登陆成功后,以cookis形式发送用户名、密码给客户端
编写一个过滤器,filter方法中检查cookie中是否带有用户名、密码信息,如果存在则调用业务层登陆方法,登陆成功后则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆
package com.jjyy.web; import java.io.IOException; import java.sql.SQLException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.dbutils.QueryRunner; import org.apache.commons.dbutils.handlers.BeanHandler; import com.jjyy.domain.User; import com.jjyy.util.DaoUtils; import com.jjyy.util.MD5Utils; public class LoginServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //1.获取用户名密码 String name = request.getParameter("name"); String password = MD5Utils.md5(request.getParameter("password")); //2.校验用户名密码 String sql = "select * from user where name = ? and password = ? "; User user = null; try { QueryRunner runner = new QueryRunner(DaoUtils.getSource()); user = runner.query(sql, new BeanHandler<User>(User.class),name,password); } catch (SQLException e) { e.printStackTrace(); } if(user == null){ response.getWriter().write("用户名密码不正确"); return; }else{ //3.登录用户 request.getSession().setAttribute("user", user); // 如果用户勾选过30天内自动登陆,发送自动登陆cookie if("true".equals(request.getParameter("autologin"))){ Cookie autologinC = new Cookie("autologin",user.getName()+":"+user.getPassword()); autologinC.setPath(request.getContextPath()); autologinC.setMaxAge(3600*24*30); response.addCookie(autologinC); } //4.重定向到主页 response.sendRedirect(request.getContextPath()+"/index.jsp"); } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
package com.jjyy.web; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LogoutServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if(request.getSession(false)!=null){ request.getSession().invalidate(); } response.sendRedirect(request.getContextPath()+"/index.jsp"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }
package com.jjyy.domain; import java.io.Serializable; public class User implements Serializable { private int id; private String name; private String password; private String role; public int getId() { return id; } public void setId(int id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getRole() { return role; } public void setRole(String role) { this.role = role; } }
package com.jjyy.filter; import java.io.IOException; import java.sql.SQLException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.registry.infomodel.User; import org.apache.commons.dbutils.QueryRunner; import org.apache.commons.dbutils.handlers.BeanHandler; import com.jjyy.util.DaoUtils; /** * autoLoginFilter * @author JiangYu * */ public class AutoLoginFilter implements Filter { public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; //1.只有未登录的用户才能自动登陆 if(req.getSession(false)==null || req.getSession().getAttribute("user")==null){ //2.只有带了自动登陆cookie的用户才能自动登陆 Cookie [] cs = req.getCookies(); Cookie findC = null; if(cs!=null){ for(Cookie c : cs){ if("autologin".equals(c.getName())){ findC = c; break; } } } if(findC!=null){ //3.自动登录Cookie中保存的用户名密码都需要是正确的才能自动登陆 String name = findC.getValue().split(":")[0]; String password= findC.getValue().split(":")[1]; String sql = "select * from user where name = ? and password = ? "; User user = null; try { QueryRunner runner = new QueryRunner(DaoUtils.getSource()); user = runner.query(sql, new BeanHandler<User>(User.class),name,password); } catch (SQLException e) { e.printStackTrace(); } if(user!=null){ req.getSession().setAttribute("user", user); } } } //无论是否自动登陆,都放行资源 chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { } }
package com.jjyy.filter; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.Map; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class EncodeFilter implements Filter { private FilterConfig config = null; private String encode = null; public void destroy() { } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //响应的乱码处理 response.setContentType("text/html;charset=utf-8"); //装饰 chain.doFilter(new MyHttpServletRequest((HttpServletRequest)request), response); } public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; this.encode = config.getInitParameter("encode")==null?"utf-8":config.getInitParameter("encode"); } //请求乱码的处理 class MyHttpServletRequest extends HttpServletRequestWrapper{ private HttpServletRequest request = null; boolean isNotEncode = true; public MyHttpServletRequest(HttpServletRequest request) { super(request); this.request = request; } @Override public Map getParameterMap() { try { if(request.getMethod().equalsIgnoreCase("POST")){ request.setCharacterEncoding(encode); return request.getParameterMap(); }else if(request.getMethod().equalsIgnoreCase("GET")){ //request.getParameterMap()第一次会解决,然后缓存起来 //request.getParameterMap()第二次直接从缓存中的map Map<String,String[]> map = request.getParameterMap(); if(isNotEncode){ for(Map.Entry<String, String[]> entry:map.entrySet()){ String [] vs = entry.getValue(); for(int i=0;i<vs.length;i++){ vs[i]= new String(vs[i].getBytes("iso8859-1"),encode); } } isNotEncode = false; } return map; }else{ return request.getParameterMap(); } } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return super.getParameterMap(); } @Override public String getParameter(String name) { return getParameterValues(name)==null?null:getParameterValues(name)[0]; } @Override public String[] getParameterValues(String name) { return (String[])getParameterMap().get(name); } } }
package com.jjyy.util; import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class MD5Utils { public static String md5(String plainText) { byte[] secretBytes = null; try { secretBytes = MessageDigest.getInstance("md5").digest(plainText.getBytes()); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("没有md5这个算法!"); } String md5code = new BigInteger(1, secretBytes).toString(16); for (int i = 0; i < 32 - md5code.length(); i++) { md5code = "0" + md5code; } return md5code; } }
package com.jjyy.util; import java.sql.Connection; import java.sql.SQLException; import javax.sql.DataSource; import com.mchange.v2.c3p0.ComboPooledDataSource; public class DaoUtils { private static DataSource source = new ComboPooledDataSource(); private DaoUtils() { } public static DataSource getSource(){ return source; } public static Connection getConn(){ try { return source.getConnection(); } catch (SQLException e) { e.printStackTrace(); throw new RuntimeException(e); } } }