1.步骤:
(1)在用户登陆成功后,发送一个名称为user的cookie给客户端,cookie的值为用户名和md5加密后的密码。
(2)编写一个AutoLoginFilter,这个filter检查用户是否带有名称为user的cookie来,如果有,则调用dao查询cookie的用户名和密码是否和数据库匹配,匹配则向session中存入user对象(即用户登陆标记),以实现程序完成自动登陆。
2.User对象
public class User {
private String username;
private String password;
public User() {
super();
// TODO Auto-generated constructor stub
}
public User(String username, String password) {
super();
this.username = username;
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
3.BusinessService
public class BusinessService {
private static List<User> list = new ArrayList();
static{
list.add(new User("aaa","123"));
list.add(new User("bbb","123"));
list.add(new User("ccc","123"));
list.add(new User("ddd","123"));
}
public User loginUser(String username,String password){
for(User user : list){
if(user.getUsername().equals(username) && user.getPassword().equals(password)){
return user;
}
}
return null;
}
public String findPassword(String username) {
for(User user : list){
if(user.getUsername().equals(username)){
return user.getPassword();
}
}
return null;
}
public User findUser(String username) {
for(User user : list){
if(user.getUsername().equals(username)){
return user;
}
}
return null;
}
}
4.login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'login.jsp' starting page</title>
</head>
<body>
<form action="${pageContext.request.contextPath }/servlet/LoginServlet" method="post">
用户名:<input type="text" name="username"><br/>
密码:<input type="password" name="password"><br/>
有效期:<input type="radio" name="loginExpiresTime" value="60">1分钟
<input type="radio" name="loginExpiresTime" value="${3*60}">3分钟
<input type="radio" name="loginExpiresTime" value="${5*60 }">5分钟
<br/>
<input type="submit" value="登陆">
</form>
</body>
</html>
5.LoginServlet
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
BusinessService service = new BusinessService();
User user = service.loginUser(username, password);
if(user==null){
request.setAttribute("message", "用户名或密码错误!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
return;
}
request.getSession().setAttribute("user", user);
//用户登陆后,就要给用户发送自动登陆的cookie
sendAutoLoginCookie(request,response,user);
request.setAttribute("message", "登陆成功!!");
request.getRequestDispatcher("/message.jsp").forward(request, response);
}
//给用户发送自动登陆的cookie
private void sendAutoLoginCookie(HttpServletRequest request,
HttpServletResponse response, User user) {
int loginExpiresTime = Integer.parseInt(request.getParameter("loginExpiresTime")); //3
//构建给用户发送的cookie:
//autologinCookie=aaa:123
//autologinCookie=aaa:md5(password)
//autologinCookie=aaa:expirestime:md5(password) //autologinCookie=aaa:20:9837hfhdsudfu
//autologinCookie=aaa:expirestime:md5(aaa:expirestime:password) //autologinCookie=aaa:20:9837hfhdsudfu
long expiresTime = System.currentTimeMillis() + loginExpiresTime*1000; //2011-09-09
String value = user.getUsername() + ":" + expiresTime + ":" + WebUtils.md5(user.getUsername(),expiresTime,user.getPassword());
Cookie cookie = new Cookie("autologinCookie",value);
cookie.setMaxAge(loginExpiresTime);
cookie.setPath(request.getContextPath()); // /day19
response.addCookie(cookie);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}