jsp的登录页面login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <% Cookie cookie = new Cookie("auto1","useraccountname"+"#cms#+"+"userpassword"); cookie.setPath("/"); cookie.setDomain(".123.gov.cn"); response.addCookie(cookie); %> <html> <head> <title>My JSP 'login.jsp' starting page</title> </head> <body> ${msg} <form action="${pageContext.request.contextPath }/login" method="post"> username:<input type="text" name="username"/> <br/> password:<input type="password" name="password"/> <br/> <input type="checkbox" name="autologin" value="login"/>是否自动登录 <br/> <input type="submit" value="login"/> </form> </body> </html>
登录成功的页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'success.jsp' starting page</title>
</head>
<body>
当前登录用户名: ${user.username }
</body>
</html>
拦截器
package cn.cc.test; import javax.servlet.*; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import java.io.IOException; /** * 登录的过滤器 * @author asus * */ public class LoginFilter implements Filter { public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { //最终实现的目的: //www.123.gov.cn登录成功,直接访问success.jsp页面,cmp.123.gov.cn也可以获取到session域里面user对象的属性值 //判断session里面是否有user对象 HttpServletRequest req = (HttpServletRequest) request; User user = (User) req.getSession().getAttribute("user"); if(user != null) { //放行 chain.doFilter(request, response); } else {//在session中没有user对象,从cookie中获取值 //获取所有的cookie Cookie[] cookies = req.getCookies(); //根据名称获取 Cookie cookie = findCookie(cookies,"auto"); //判断 if(cookie == null) { //放行 chain.doFilter(request, response); } else {//在cookie中有相同名称的cookie //从cookie中把值获取出来 //lucy#cmst#123 String values = cookie.getValue(); //切分 String[] names = values.split("#cms#"); //获取cookie用户名 String username = names[0]; //获取cookie密码 String password = names[1]; //把用户名和密码放到session里面 User u = new User(); u.setUsername(username); u.setPassword(password); req.getSession().setAttribute("user", u); //放行 chain.doFilter(request, response); } } } //判断是否有相同名称的cookie private Cookie findCookie(Cookie[] cookies, String name) { if(cookies == null) { return null; } for (Cookie cookie : cookies) { //得到cookie的名称 String cookieName = cookie.getName(); //判断 if(cookieName.equals(name)) { return cookie; } } return null; } public void destroy() { // TODO Auto-generated method stub } }
登录的servlet
package cn.cc.test; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class LoginServlet extends HttpServlet { /** * 实现登录的功能 */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //获取表单输入的用户名和密码 request.setCharacterEncoding("utf-8"); String username = request.getParameter("username"); String password = request.getParameter("password"); //封装到javabean中 if (username .equalsIgnoreCase("admin") && password.equalsIgnoreCase("admin")){ User user = new User(); user.setUsername(username); user.setPassword(password); //成功 //判断是否选择复选框 String checkboxValue = request.getParameter("autologin"); // System.out.println(checkboxValue); //判断复选框值是否是null if(checkboxValue != null) { //进行自动登录 Cookie cookie = new Cookie("auto",username+"#cms#"+password); //设置cookie cookie.setPath("/"); //设置这个域名下都能得到这个cookie cookie.setDomain(".123.gov.cn"); //返回到浏览器中 response.addCookie(cookie); } //把返回的user对象放到session里面 request.getSession().setAttribute("user", user); //到成功页面 response.sendRedirect(request.getContextPath()+"/success.jsp"); return; } else { //返回到登录页面,传递错误信息 request.setAttribute("msg", "用户名或者密码错误"); //转发 request.getRequestDispatcher("/login.jsp").forward(request, response); return; } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request,response); } }
user类
package cn.cc.test; public class User { private String username; private String password; private String id; public String getId() { return id; } public void setId(String id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } 最终的实现效果
开始第一个域名没有显示admin
第二个域名登陆成功了显示admin
第一个域名没登录 但是也能显示admin了
这就说明跨域成功登录了
实现的原理
其中的一个域名登陆成功后将账号密码保存到cookie里面 让他跨域 ,当其他的域名访问的时候,通过拦截器 实现拦截看用户登录了吗 没登录先去查找cookie 将用户信息放到session里面然后放行 没有这个cookie就返回登录。
可以查看cookie也进来了