java web自动登录实现

实现思路
  1. 在登录的 api 或 servlet中验证用户名密码
  2. 如果验证成功,则把该用户信息存在 服务器 的 session 缓存中,并把 可以表示该用户的 信息存在 cookie中返回。例如:
    	//存储 session 
    	 request.getSession().setAttribute("userBean", queryUser);
    	Cookie cookie = new Cookie("auto_login", username + "#" + password);
    	// 创建 cookie
        cookie.setMaxAge(60*60*24*7);  //设置时间为 一周
        cookie.setPath(request.getContextPath());
        response.addCookie(cookie);
    
  3. 创建一个过滤器,拦截所有的用户请求
  4. 在该过滤器中做相应的逻辑处理,如下:
    • 获取 服务器 session 缓存中同名的session。例如: UserBean userBean = (UserBean) request.getSession().getAttribute("userBean");
    • 验证是否为空,不为空说明用户登陆之后没有关闭浏览器 ,直接让请求通过过滤器,并定位到相应界面
    • 如果session为空,说明用户 从上一次登陆后关闭过浏览器,则 获取 用户请求中的cookie,验证是否有我们定义的可以标识用户的特殊cookie。
    • 如果没有改cookie ,则直接返回登陆界面。
    • 如果有该cookie,则通过cookie中的信息查新到用户的信息,并跳转到用户想跳转的界面
核心代码 示例
  • servlet 登陆逻辑代码
package com.wl.servlet;

import com.wl.dao.UserDao;
import com.wl.dao.daoImpl.UserDaoImpl;
import com.wl.domain.UserBean;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.SQLException;

@WebServlet(name = "LoginServlet")
public class LoginServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        this.doGet(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        try {
            String username = request.getParameter("username");
            String password = request.getParameter("password");
            String autoLogin = request.getParameter("auto_login");

            System.out.println(username + " = " + password + "  " + autoLogin);
            UserBean userBean = new UserBean();
            userBean.setPassword(password);
            userBean.setUsername(username);
            UserDao userDao = new UserDaoImpl();
            UserBean queryUser = userDao.login(userBean);
            if(queryUser != null){
                if("on".equals(autoLogin)){
                    Cookie cookie = new Cookie("auto_login", username + "#" + password);
                    cookie.setMaxAge(60*60*24*7);
                    cookie.setPath(request.getContextPath());
                    response.addCookie(cookie);
                }
                request.getSession().setAttribute("userBean", queryUser);
                response.sendRedirect("index.jsp");
            }else {
                request.getSession().setAttribute("errorInfo", "用户名密码不正确");
                request.getRequestDispatcher("login.jsp").forward(request,response);
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}

  • filter 过滤器核心代码
package com.wl.filter;

import com.wl.dao.UserDao;
import com.wl.dao.daoImpl.UserDaoImpl;
import com.wl.domain.UserBean;
import util.CookieUtil;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.sql.SQLException;

@WebFilter(filterName = "AutoLoginFilter")
public class AutoLoginFilter implements Filter {
    public void destroy() {
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
        HttpServletRequest request = (HttpServletRequest) req;

        UserBean userBean = (UserBean) request.getSession().getAttribute("userBean");
        if(userBean != null){
            chain.doFilter(req, resp);
        } else {
            Cookie[] cookies = request.getCookies();
            Cookie auto_login = CookieUtil.findCookie(cookies, "auto_login");
            if(auto_login == null) {
                chain.doFilter(req,resp);
            } else {
                String value = auto_login.getValue();
                String username = value.split("#")[0];
                String password = value.split("#")[1];
                UserBean user = new UserBean();
                user.setUsername(username);
                user.setPassword(password);
                UserDao dao = new UserDaoImpl();
                try {
                    UserBean login = dao.login(user);
                    request.getSession().setAttribute("userBean", login);
                } catch (SQLException e) {
                    e.printStackTrace();
                }
                chain.doFilter(req, resp);
            }
        }
        chain.doFilter(req, resp);
    }
    public void init(FilterConfig config) throws ServletException {

    }
}

你可能感兴趣的:(Java)