思路:当用户进入某一页面时,用过滤器进行预处理,判断Session中是否有保存用户的登录信息,如果没有,则从Cookie中查找是否有保存用户登录信息的cookie,如果有将其取出,进行登录操作。
1. 用户的登录页面login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>登录</title>
</head>
<body>
<form action="loginServlet" method="post">
<table>
<tr>
<td>用户名:</td>
<!-- 从Cookie中取得的用户名会放入request中 -->
<td><input type="text" name="username" value="${requestScope.username}" /></td>
</tr>
<tr>
<td>密码:</td>
<!-- 从Cookie中取得的密码会放入request中 -->
<td><input type="password" name="password" value="${requestScope.password}" /></td>
</tr>
<tr>
<td> </td>
<!-- 选择是否记住密码,若选择,将用户登录信息保存到Cookie中 -->
<td><input type="checkbox" name="flag" checked="checked" />记住密码</td>
</tr>
<tr>
<td><input type="submit" value="登录"/></td>
<td> </td>
</tr>
</table>
</form>
</body>
</html>
2. 处理登录操作的Servlet:
package com.huey.servlet;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* LoginServlet
* @version 2013-08-22
* @author Huey2672
*
*/
public class LoginServlet extends HttpServlet {
/**
*
*/
private static final long serialVersionUID = -6841947113159071810L;
@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
// 取得参数
String username = request.getParameter("username");
String password = request.getParameter("password");
String flag = request.getParameter("flag");
// 出现错误,跳转到错误页面
if (username == null || password == null) {
response.sendRedirect("error.jsp");
}
// 当且仅当用户名是huey密码是123时,登录成功
if (username.equals("huey") && password.equals("123")) {
// 获取session对象
HttpSession session = request.getSession();
// 在session中放入属性username
session.setAttribute("username", username);
// 选择记住密码
if (flag != null) {
// Cookie值不允许出现中文字符,可借助java.net.URLEncoder对其先进行编码
// 当读取Cookie时,再用java.net.URLDecoder对其进行解码
username = URLEncoder.encode(username, "UTF-8");
password = URLEncoder.encode(password, "UTF-8");
// 创建用户名与密码的Cookie对象
// 一般来说,至少还需要对password进行加密
Cookie usernameCookie = new Cookie("username", username);
Cookie passwordCookie = new Cookie("password", password);
// 设置cookie的生存周期
usernameCookie.setMaxAge(7 * 24 * 3600);
passwordCookie.setMaxAge(7 * 24 * 3600);
// 向客户端增加Cookie对象
response.addCookie(usernameCookie);
response.addCookie(passwordCookie);
}
// 登录成功,跳转到欢迎页面
response.sendRedirect("welcome.jsp");
} else {
// 登录失败,跳转回登录页面
response.sendRedirect("login.jsp");
}
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}
}
3. 过滤器:
package com.huey.filter;
import java.io.IOException;
import java.net.URLDecoder;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* LoginFilter
* @version 2013-08-22
* @author Huey2672
*
*/
public class LoginFilter implements Filter {
public void init(FilterConfig arg0) throws ServletException {
}
public void destroy() {
}
/**
* 当用户请求到达时,根据用户所在页面和是否登录的情况进行不同的处理
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// 将请求转换成HttpServletRequest请求
HttpServletRequest httpRequest = (HttpServletRequest)request;
// 将响应转换成HttpServletResponse响应
HttpServletResponse httpResponse = (HttpServletResponse)response;
// 截获用户请求的地址
String from = httpRequest.getServletPath();
if (from.equals("/error.jsp")) {
// 用户请求的地址是错误页面
chain.doFilter(request, response);
} else if (from.equals("/login.jsp")) {
// 用户请求的地址是登录页面
// 获取本站在客户端上保留的所有的cookie
Cookie[] cookies = httpRequest.getCookies();
String username = null;
String password = null;
if (cookies != null) {
// 遍历客户端上的每个cookie
for (Cookie cookie : cookies) {
if (cookie.getName().equals("username")) {
// 获取保存username的cookie,并对其值进行解码
username = URLDecoder.decode(cookie.getValue(), "UTF-8");
} else if (cookie.getName().equals("password")) {
// 获取保存password的cookie,并对其值进行解码
password = URLDecoder.decode(cookie.getValue(), "UTF-8");
}
}
}
// 将保存在cookie中的用户名和密码保存在request
httpRequest.setAttribute("username", username);
httpRequest.setAttribute("password", password);
// 放行请求
chain.doFilter(request, response);
} else if(from.endsWith(".jsp")) {
// 用户请求的地址不是登录页面也不是错误页面等其他页面
// 获取session对象
HttpSession session = httpRequest.getSession();
// 取出当前会话的username属性
String username = (String)session.getAttribute("username");
if (username != null && !session.equals("")) {
// 当前会话中已有用户登录,放行请求
chain.doFilter(request, response);
} else {
// 当前会话中还未有用户登录,则跳转到登录页面
httpResponse.sendRedirect("login.jsp");
}
} else {
// 用户请求的地址是servlet,直接放行请求
chain.doFilter(request, response);
}
}
}
4. 在web.xml配置文件中配置Servlet和Filter(在Servlet3.0中也可以使用Annotation配置):
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>loginServlet</servlet-name>
<servlet-class>com.huey.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>loginServlet</servlet-name>
<url-pattern>/loginServlet</url-pattern>
</servlet-mapping>
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.huey.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
5. 其他页面,index.jsp、welcome.jsp和error.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>首页</title>
</head>
<body>
${sessionScope.username},这是首页~
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>欢迎</title>
</head>
<body>
欢迎您,${sessionScope.username}~
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>错误</title>
</head>
<body>
出错啦~
</body>
</html>