java cookie 和session 实例_JavaWeb使用Session和Cookie实现登录认证的代码实例分享

本篇文章主要介绍了JavaWeb使用Session和Cookie实现登录认证,具有一定的参考价值,感兴趣的小伙伴们可以参考一下。

后台管理页面往往需要登录才可以进行操作,这时就需要Seession来记录登录状态

要实现起来也是非常简单,只需要自定义一个HandlerInterceptor就行了

自定义的HandlerInterceptor也只有短短几行代码public class LoginInterceptor implements HandlerInterceptor {

@Override

public void afterCompletion(HttpServletRequest request,

HttpServletResponse response, Object obj, Exception err)

throws Exception {

}

@Override

public void postHandle(HttpServletRequest request, HttpServletResponse response,

Object obj, ModelAndView mav) throws Exception {

}

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response,

Object obj) throws Exception {

//获取session里的登录状态值

String str = (String) request.getSession().getAttribute("isLogin");

//如果登录状态不为空则返回true,返回true则会执行相应controller的方法

if(str!=null){

return true;

}

//如果登录状态为空则重定向到登录页面,并返回false,不执行原来controller的方法

response.sendRedirect("/backend/loginPage");

return false;

}

}

Controller代码@Controller

@RequestMapping("/backend")

public class BackendController {

@RequestMapping(value = "/loginPage", method = {RequestMethod.GET})

public String loginPage(HttpServletRequest request,String account, String password){

return "login";

}

@RequestMapping(value = "/login", method = {RequestMethod.POST})

public String login(HttpServletRequest request,RedirectAttributes model, String account, String password){

//验证账号密码,如果符合则改变session里的状态,并重定向到主页

if ("jack".equals(account)&&"jack2017".equals(password)){

request.getSession().setAttribute("isLogin","yes");

return "redirect:IndexPage";

}else {

//密码错误则重定向回登录页,并返回错误,因为是重定向所要要用到RedirectAttributes

model.addFlashAttribute("error","密码错误");

return "redirect:loginPage";

}

}

//登出,移除登录状态并重定向的登录页

@RequestMapping(value = "/loginOut", method = {RequestMethod.GET})

public String loginOut(HttpServletRequest request) {

request.getSession().removeAttribute("isLogin");

return "redirect:loginPage";

}

@RequestMapping(value = "/IndexPage", method = {RequestMethod.GET})

public String IndexPage(HttpServletRequest request){

return "Index";

}

}

spring的配置

一个简单的Session实现登录认证系统就这样完成了,如果想登录状态退出浏览器后仍保留一段时间的可以将Session改为Cookie

一般情况下我们都会使用Cookie

Cookie和Session的方法差不多

使用Cookie的自定义HandlerInterceptorpublic class LoginInterceptor implements HandlerInterceptor {

@Override

public void afterCompletion(HttpServletRequest request,

HttpServletResponse response, Object obj, Exception err)

throws Exception {

}

@Override

public void postHandle(HttpServletRequest request, HttpServletResponse response,

Object obj, ModelAndView mav) throws Exception {

}

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response,

Object obj) throws Exception {

// 获取request的cookie

Cookie[] cookies = request.getCookies();

if (null==cookies) {

System.out.println("没有cookie==============");

} else {

// 遍历cookie如果找到登录状态则返回true执行原来controller的方法

for(Cookie cookie : cookies){

if(cookie.getName().equals("isLogin")){

return true;

}

}

}

// 没有找到登录状态则重定向到登录页,返回false,不执行原来controller的方法

response.sendRedirect("/backend/loginPage");

return false;

}

}

Controller的变化也不大@Controller

@RequestMapping("/backend")

public class BackendController {

@RequestMapping(value = "/loginPage", method = {RequestMethod.GET})

public String loginPage(HttpServletRequest request, String account, String password) {

return "login";

}

@RequestMapping(value = "/login", method = {RequestMethod.POST})

public String login(HttpServletRequest request, HttpServletResponse response, RedirectAttributes model, String account, String password) {

if ("edehou".equals(account) && "aidou2017".equals(password)) {

Cookie cookie = new Cookie("isLogin", "yes");

cookie.setMaxAge(30 * 60);// 设置为30min

cookie.setPath("/");

response.addCookie(cookie);

return "redirect:IndexPage";

} else {

model.addFlashAttribute("error", "密码错误");

return "redirect:loginPage";

}

}

@RequestMapping(value = "/logOut", method = {RequestMethod.GET})

public String loginOut(HttpServletRequest request, HttpServletResponse response) {

Cookie[] cookies = request.getCookies();

for (Cookie cookie : cookies) {

if (cookie.getName().equals("isLogin")) {

cookie.setValue(null);

cookie.setMaxAge(0);// 立即销毁cookie

cookie.setPath("/");

response.addCookie(cookie);

break;

}

}

return "redirect:loginPage";

}

@RequestMapping(value = "/IndexPage", method = {RequestMethod.GET})

public String IndexPage(HttpServletRequest request) {

return "Index";

}

}

spring的配置和之前的一模一样

注意

这里只是演示,建议在实际项目中Cookie的键和值要经过特殊处理,否则会引发安全问题

你可能感兴趣的:(java,cookie,和session,实例)