参考:http://blog.csdn.net/u014010769/article/details/46792919#comments
自动登录分析:
如果是第一次登陆就把user放到session域中,同时建立一个cookie把用户名和密码保存到cookie中,然后写一个过滤器,
如果是未登录的状态就把cookie中把用户名和密码拿出来和数据库中查询的作比较,如果一致就把user设置到session域中。
1.登陆页面login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv=" pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
</head>
<body>
<h1>登录页面</h1><hr>
<form action="${pageContext.request.contextPath }/servlet/LoginServlet" method="post">
用户名:<input type="text" name="name"/><br>
密码:<input type="password" name="password"/><br>
<input type="checkbox" name="autologin" value="true"/>30天内自动登录<br>
<input type="submit" value="提交"/>
</form>
</body>
</html>
2.loginServlet如果登陆成功就添加cookie
package cn.itheima.web;
import java.io.IOException
;
import java.sql.SQLException;
import java.util.HashMap;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import cn.itheima.domain.User;
import com.itheima.util.DataSourceUtil;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
//1.获取请求参数
String name = request.getParameter("name");
String password = request.getParameter("password");
//2.验证密码和数据库中的是否一致
User user=null;
try {
QueryRunner runner=new QueryRunner(DataSourceUtil.getSource());
String sql="select * from user where name=? and password=?";
user=runner.query(sql, new BeanHandler<User>(User.class),name,password);
} catch (SQLException e) {
e.printStackTrace();
throw new RuntimeException();
}
//3.检验
if(user==null){
response.getWriter().write("用户名不存在!");
}else{
request.getSession().setAttribute("user", user);
if("true".equals(request.getParameter("autologin"))){
Cookie c=new Cookie("autologin", user.getName()+":"+user.getPassword());
c.setMaxAge(60*60*12*30);
c.setPath(request.getContextPath());
response.addCookie(c);
}
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
3.一个过滤器:完成了自动登录功能
package cn.itheima.filter;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.dbutils.QueryRunner;
import org.apache.commons.dbutils.handlers.BeanHandler;
import cn.itheima.domain.User;
import com.itheima.util.DataSourceUtil;
public class AutoLoginFilter implements Filter{
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse) response;
Cookie findC=null;
//1.只有未登录的用户才可以自动登录
if(req.getSession().getAttribute("user")==null||req.getSession(false)==null){
//1.获取cookies遍历所有的cookie
Cookie[] cs = req.getCookies();
if(cs!=null){
for(Cookie c:cs){
if(c.getName().equals("autologin")){
findC=c;
break;//找到了就跳出循环
}
}
}
if(findC!=null){
//判断cookie中的用户名和密码跟数据库的是否一致
String cName = findC.getValue();
String[] values = cName.split(":");
String name=values[0];
String password=values[1];
//2.验证密码和数据库中的是否一致
User user=null;
try {
QueryRunner runner=new QueryRunner(DataSourceUtil.getSource());
String sql="select * from user where name=? and password=?";
user=runner.query(sql, new BeanHandler<User>(User.class),name,password);
} catch (SQLException e) {
e.printStackTrace();
throw new RuntimeException();
}
req.getSession().setAttribute("user", user);
}
}
chain.doFilter(req, res);
}
public void destroy() {
}
}
4.注销功能:不仅要杀死session还要把cookie清除否则注销不成功。
package cn.itheima.web;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LogoutServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
if(request.getSession(false)!=null){
request.getSession().invalidate();
}
//删除cookie
Cookie c=new Cookie("autologin","");
c.setMaxAge(0);
c.setPath(request.getContextPath());
response.addCookie(c);
//重定向到主页
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}