注意:过滤器主要过滤request,response里面的值。
*web.xml----
*登录action添加cookie-------
*filter过滤器获取cookie------
(不用从新输入用户名,密码,直接读取cookie通过查询数据库,获取User user ,
request.getSession().setAttribute("user",user1))
*其他action里面获取---------
(DUser user=(DUser) request.getSession().getAttribute("user");//)自动登录
*注销:删除cookie----------
1、web配置文件--过滤所有请求
<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>com.djh.listener.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2、登录的action里面添加cookie
session.setAttribute("user", user);
Cookie cookie1 = new Cookie("username",user.getUPhoneNum());
Cookie cookie2 = new Cookie("password",user.getUPassword());
// Cookie cookie3 = new Cookie("SESSIONID","----");
cookie1.setMaxAge(60 * 60);
cookie2.setMaxAge(60 * 60);
// cookie3.setMaxAge(0);
cookie1.setPath("/");
cookie2.setPath("/");
// cookie3.setPath("/");
response.addCookie(cookie1);
response.addCookie(cookie2);
3、过滤器类LoginFilter--主要方法是doFilter,在此方法里取出request.getCcookies()值,set到request.getSession().setAttribute("user",user1);
,其他界面通过过滤器set过来的“user”值取出uname,password自动登录。
package com.djh.listener;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import com.djh.entity.DUser;
import com.djh.service.LoginService;
import com.djh.util.MD5;
/**
* @author shenpai
* 实现用户自动登录的过滤器
*/
public class LoginFilter implements Filter {
ApplicationContext context = new ClassPathXmlApplicationContext(new String[]{"applicationContext-*.xml"});
LoginService loginService=(LoginService) context.getBean("loginService");//获取UserService的bean的实例
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
try {
// System.out.println("----------------");
//把ServletRequest和ServletResponse转换成HttpServletRequest和HttpServletResponse的类型
HttpServletRequest request=(HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp ;
//首先检查用户是否登录
DUser user=(DUser) request.getSession().getAttribute("user");//
if(user!=null){
chain.doFilter(request, response);
return;
}
//检查用户是否带来cookie
String username= null;
String password =null;
Cookie[] cookies=request.getCookies();
for(int i=0;cookies!=null && i<cookies.length;i++){
// System.out.println(cookies[i].getName()+cookies[i].getValue()+"----过滤器获取cookies---");
if(cookies[i].getName().equals("username")){
username = cookies[i].getValue();
}
if(cookies[i].getName().equals("password")){
password = cookies[i].getValue();
}
}
if(username==null || password==null){//用户没有带来cookie
chain.doFilter(req, resp);
return;
}
//用户带来了cookie
DUser user1 = loginService.findUserByPhoneNumAndPassword(
username, password);
String save_password = user1.getUPassword();
if(!password.equals(save_password)){
chain.doFilter(req, resp);
return;
}
request.getSession().setAttribute("user",user1); //通过requsest放到相关需要登录信息的action里面,action里面通过reqest.获取用户信息,实现自动登录。
chain.doFilter(req, resp);
return;
} catch (Exception e) {
e.printStackTrace();
}
}
public void init(FilterConfig arg0) throws ServletException {
}
}
4、Action获取用户信息,实现自动登录。
DUser user=(DUser) session.getAttribute("user");//获取登录用户对象
5、注销:删除cookie
// 用户注销
public String logout() {
HttpSession session = request.getSession(false);
if (session != null)
session.removeAttribute("user");
Cookie cookie = cookieUtils.<span style="BACKGROUND-COLOR: #3333ff">delCookie</span>(request);
if (cookie != null)
response.addCookie(cookie);
return "login";
}
private CookieUtils cookieUtils = new CookieUtils();
// 删除cookie
public Cookie <span style="color:#3333ff;">delCookie</span>(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if ("username".equals(cookie.getName())) {
cookie.setValue("");
cookie.setMaxAge(0);
}else if("password".equals(cookie.getName())){
cookie.setValue("");
cookie.setMaxAge(0);
}
return cookie;
}
}
return null;
}