使用ssm框架,使用cookie做验证实现自动登录。
var.properties中:
# cookie
JSESSIONID=JSESSIONID
tokenName=zpToken
cookiesMaxAge=900
controller中:
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import com.lj.vjg.model.Admin;
import com.lj.vjg.service.AdminService;
import com.lj.vjg.utils.MD5Utils;
@RequestMapping("/admin")
@Controller
public class LoginController {
private Logger logger = Logger.getLogger(LoginController.class);
@Value("${tokenName}")
private String TOKEN;
@Value("${cookiesMaxAge}")
private String cookiesMaxAge;
@Value("${JSESSIONID}")
private String JSESSIONID;
@Autowired
private AdminService service;
/**
* 用户登录
* 1 判断是否单纯跳转
* 2 判断该用户是否存在
* 3 判断密码是否正确
* 4 登录成功,生成TOKEN和sessionID存到cookie中
*
*/
@RequestMapping("/login")
public String checkLogin(Admin admin,Model model,HttpServletRequest request,HttpServletResponse response) throws Exception{
String result = "redirect:/admin/index.do";
// 1
String inputName = admin.getName();
if(inputName == null || inputName.equals("")){
return "admin/login2";
}
// 2
Admin adminDatabase = service.getAdminByName(inputName);
if(adminDatabase == null){
model.addAttribute("msg","登录失败,请重新登录!");
return "admin/login2";
}
//3
String inputPwd = MD5Utils.getMD5(admin.getPassword());
String pwd = adminDatabase.getPassword();
if(!inputPwd.equals(pwd)){
model.addAttribute("msg","登录失败,请重新登录!");
return "admin/login2";
}
// 4
String uuid = UUID.randomUUID().toString().replaceAll("-", "");
// 4.1 将用户存进session,为了让页面使用用户名,并且实现自动登录时验证session中uuid
adminDatabase.setPassword(uuid);
request.getSession().setAttribute("admin", adminDatabase);
// 4.2 将登录凭证存进用户cookie
Cookie cookie = new Cookie(TOKEN, uuid);
cookie.setMaxAge(Integer.parseInt(cookiesMaxAge));//15分钟过期时间
// 4.3 持久化sessionId,即使关闭浏览器在过期时间内仍能自动登录
Cookie sessionCookie = new Cookie(JSESSIONID, request.getSession().getId());
sessionCookie.setMaxAge(Integer.parseInt(cookiesMaxAge));//15分钟过期时间
response.addCookie(cookie);
response.addCookie(sessionCookie);
return result;
}
@RequestMapping("/index")
public String index(){
return "admin/index";
}
}
interceptor中:
import java.util.UUID; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import com.lj.vjg.model.Admin; public class LoginInterceptor implements HandlerInterceptor{ @Value("${tokenName}") private String TOKEN; @Value("${cookiesMaxAge}") private String cookiesMaxAge; @Value("${JSESSIONID}") private String JSESSIONID; /** * 登录拦截器:实现自动登录 * 1.cookie中是否存在登录凭证TOKEN(值由UUID生成) * 2.session中存储的adminModel中的pwd是否和cookie中TOKEN的值一致 * 3.验证成功后,对cookie的TOKEN、session中adminModel的pwd进行更新,并更新保存sessionID的cookie,更新所有cookie的过期时间 * 4.将更新后的cookie写回客户端 * 5.跳转到请求的页面,如果是登录页就跳转到首页 * * return: 存在cookie: * ① 请求login,return false,重定向index * ② 请求其他页面,return true,继续向后执行 * 不存在cookie: * ① 请求login,return true,继续向后执行 * ② 请求其他页面,return false,重定向index */ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { boolean isInterceptor = true; String requestURL = request.getServletPath(); // 1 Cookie[] cookies = request.getCookies(); if(cookies!=null){ for(Cookie coo : cookies){ if(TOKEN.equals(coo.getName())){ // 2 String tokenValue = coo.getValue(); HttpSession session = request.getSession(); Admin admin = (Admin)session.getAttribute("admin"); if(admin!=null && tokenValue.equals(admin.getPassword())){ // 3 String uuid = UUID.randomUUID().toString().replaceAll("-", ""); coo.setValue(uuid); coo.setMaxAge(Integer.parseInt(cookiesMaxAge)); admin.setPassword(uuid); session.setAttribute("admin", admin); Cookie sessionCookie = new Cookie(JSESSIONID, request.getSession().getId()); sessionCookie.setMaxAge(Integer.parseInt(cookiesMaxAge));//15分钟过期时间 // 4 response.addCookie(coo); response.addCookie(sessionCookie); // 5 if(requestURL.indexOf("login") > 0){ response.sendRedirect(request.getContextPath()+"/admin/index.do"); return false; } isInterceptor = false; return true; } } } } if(requestURL.indexOf("login")>0){ return true; } response.sendRedirect(request.getContextPath()+"/admin/login.do"); return false; } public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { // TODO Auto-generated method stub } public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // TODO Auto-generated method stub } }