实现用户自动登陆的过滤器
原理:在用户登陆成功后,以cookis形式发送用户名、密码给客户端
编写一个过滤器,filter方法中检查cookie中是否带有用户名、密码信息,如果存在则调用业务层登陆方法,登陆成功后则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆
package com.jjyy.web;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import com.jjyy.domain.User;
import com.jjyy.util.DaoUtils;
import com.jjyy.util.MD5Utils;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//1.获取用户名密码
String name = request.getParameter("name");
String password = MD5Utils.md5(request.getParameter("password"));
//2.校验用户名密码
String sql = "select * from user where name = ? and password = ? ";
User user = null;
try {
QueryRunner runner = new QueryRunner(DaoUtils.getSource());
user = runner.query(sql, new BeanHandler<User>(User.class),name,password);
} catch (SQLException e) {
e.printStackTrace();
}
if(user == null){
response.getWriter().write("用户名密码不正确");
return;
}else{
//3.登录用户
request.getSession().setAttribute("user", user);
// 如果用户勾选过30天内自动登陆,发送自动登陆cookie
if("true".equals(request.getParameter("autologin"))){
Cookie autologinC = new Cookie("autologin",user.getName()+":"+user.getPassword());
autologinC.setPath(request.getContextPath());
autologinC.setMaxAge(3600*24*30);
response.addCookie(autologinC);
}
//4.重定向到主页
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
package com.jjyy.web;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LogoutServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if(request.getSession(false)!=null){
request.getSession().invalidate();
}
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
package com.jjyy.domain;
import java.io.Serializable;
public class User implements Serializable {
private int id;
private String name;
private String password;
private String role;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
}
package com.jjyy.filter;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.registry.infomodel.User;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import com.jjyy.util.DaoUtils;
/**
* autoLoginFilter
* @author JiangYu
*
*/
public class AutoLoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
//1.只有未登录的用户才能自动登陆
if(req.getSession(false)==null || req.getSession().getAttribute("user")==null){
//2.只有带了自动登陆cookie的用户才能自动登陆
Cookie [] cs = req.getCookies();
Cookie findC = null;
if(cs!=null){
for(Cookie c : cs){
if("autologin".equals(c.getName())){
findC = c;
break;
}
}
}
if(findC!=null){
//3.自动登录Cookie中保存的用户名密码都需要是正确的才能自动登陆
String name = findC.getValue().split(":")[0];
String password= findC.getValue().split(":")[1];
String sql = "select * from user where name = ? and password = ? ";
User user = null;
try {
QueryRunner runner = new QueryRunner(DaoUtils.getSource());
user = runner.query(sql, new BeanHandler<User>(User.class),name,password);
} catch (SQLException e) {
e.printStackTrace();
}
if(user!=null){
req.getSession().setAttribute("user", user);
}
}
}
//无论是否自动登陆,都放行资源
chain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
package com.jjyy.filter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class EncodeFilter implements Filter {
private FilterConfig config = null;
private String encode = null;
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//响应的乱码处理
response.setContentType("text/html;charset=utf-8");
//装饰
chain.doFilter(new MyHttpServletRequest((HttpServletRequest)request), response);
}
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
this.encode = config.getInitParameter("encode")==null?"utf-8":config.getInitParameter("encode");
}
//请求乱码的处理
class MyHttpServletRequest extends HttpServletRequestWrapper{
private HttpServletRequest request = null;
boolean isNotEncode = true;
public MyHttpServletRequest(HttpServletRequest request) {
super(request);
this.request = request;
}
@Override
public Map getParameterMap() {
try {
if(request.getMethod().equalsIgnoreCase("POST")){
request.setCharacterEncoding(encode);
return request.getParameterMap();
}else if(request.getMethod().equalsIgnoreCase("GET")){
//request.getParameterMap()第一次会解决,然后缓存起来
//request.getParameterMap()第二次直接从缓存中的map
Map<String,String[]> map = request.getParameterMap();
if(isNotEncode){
for(Map.Entry<String, String[]> entry:map.entrySet()){
String [] vs = entry.getValue();
for(int i=0;i<vs.length;i++){
vs[i]= new String(vs[i].getBytes("iso8859-1"),encode);
}
}
isNotEncode = false;
}
return map;
}else{
return request.getParameterMap();
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return super.getParameterMap();
}
@Override
public String getParameter(String name) {
return getParameterValues(name)==null?null:getParameterValues(name)[0];
}
@Override
public String[] getParameterValues(String name) {
return (String[])getParameterMap().get(name);
}
}
}
package com.jjyy.util;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MD5Utils {
public static String md5(String plainText) {
byte[] secretBytes = null;
try {
secretBytes = MessageDigest.getInstance("md5").digest(plainText.getBytes());
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("没有md5这个算法!");
}
String md5code = new BigInteger(1, secretBytes).toString(16);
for (int i = 0; i < 32 - md5code.length(); i++) {
md5code = "0" + md5code;
}
return md5code;
}
}
package com.jjyy.util;
import java.sql.Connection;
import java.sql.SQLException;
import javax.sql.DataSource;
import com.mchange.v2.c3p0.ComboPooledDataSource;
public class DaoUtils {
private static DataSource source = new ComboPooledDataSource();
private DaoUtils() {
}
public static DataSource getSource(){
return source;
}
public static Connection getConn(){
try {
return source.getConnection();
} catch (SQLException e) {
e.printStackTrace();
throw new RuntimeException(e);
}
}
}