package com.zhen.test.o4;
import com.zhen.util.ServletUtilities;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* Created by zhen on 2017-11-14.
*/
public class RepeatVisitor extends HttpServlet{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
boolean newbie = true;
Cookie[] cookies = req.getCookies();
if(cookies != null){
for(int i=0; i<cookies.length; i++){
Cookie c = cookies[i];
if((c.getName().equals("repeatVisitor")) && (c.getValue().equals("yes"))){
newbie = false;
break;
}
}
}
String title;
if(newbie) {
Cookie returnVisitorCookie = new Cookie("repeatVisitor", "yes");
returnVisitorCookie.setMaxAge(60*60*24*365);// 1 year
resp.addCookie(returnVisitorCookie);
title = "Welcome Aboard";
}else {
title = "Welcome Back";
}
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
out.println(ServletUtilities.headWithTitle(title) + "" +
"<body bgcolor=\"#FDF5E6\">\n" +
"<h1 align=\"center\">" + title + "</h1>\n" +
"</body></html>");
}
}
public class ClientAccessCount extends HttpServlet{
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String countString = CookieUtilities.getCookieValue(req, "accessCount", "1");
int count = 1;
try{
count = Integer.parseInt(countString);
}catch(NumberFormatException nfe){
}
LongLivedCookie c = new LongLivedCookie("accessCount", String.valueOf(count + 1));
resp.addCookie(c);
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
String title = "Access Count Servlet";
out.println(ServletUtilities.headWithTitle(title) + "" +
"<body bgcolor=\"#FDF5E6\">\n" +
"<h1>" + title + "</h1>\n" +
"<h2>This is visit number " + count + " by this browser.</h2>\n" +
"</body></html>");
}
}
public class RegistrationForm extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/html");
PrintWriter out = resp.getWriter();
String actionUrl = "/webApp1/servlet/com.zhen.test.o5.RegistrationServlet";
String firstName = CookieUtilities.getCookieValue(req, "firstName", "");
String lastName = CookieUtilities.getCookieValue(req, "lastName", "");
String emailAddress = CookieUtilities.getCookieValue(req, "emailAddress", "");
String title = "Please Register";
out.println(ServletUtilities.headWithTitle(title) + "" +
"<body bgcolor=\"#FDF5E6\">\n" +
"<h1>" + title + "</h1>\n" +
"<form action=\"" + actionUrl + "\">\n" +
"First Name:\n" + " <input type=\"text\" name=\"firstName\" value=\"" + firstName + "\">\n" +
"Last Name:\n" + " <input type=\"text\" name=\"lastName\" value=\"" + lastName + "\">\n" +
"Email Address:\n" + " <input type=\"text\" name=\"emailAddress\" value=\"" + emailAddress + "\">\n" +
"<br/>" + "<input type=\"submit\" value=\"Register\">" +
"</form></body></html>");
}
}
public class RegistrationServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/html");
boolean isMissingValue= false;
String firstName = req.getParameter("firstName");
if(isMissingValue(firstName)) {
firstName = "Missing first name";
isMissingValue = true;
}
String lastName = req.getParameter("lastName");
if(isMissingValue(lastName)){
lastName = "Missing last name";
isMissingValue = true;
}
String emailAddress = req.getParameter("emailAddress");
if(isMissingValue(emailAddress)){
emailAddress = "Missing email address";
isMissingValue = true;
}
Cookie c1 = new LongLivedCookie("firstName", firstName);
resp.addCookie(c1);
Cookie c2 = new LongLivedCookie("lastName", lastName);
resp.addCookie(c2);
Cookie c3 = new LongLivedCookie("emailAddress", emailAddress);
resp.addCookie(c3);
String formAddress = "/webApp1/servlet/com.zhen.test.o5.RegistrationForm";
if(isMissingValue){
resp.sendRedirect(formAddress);
}else{
PrintWriter out = resp.getWriter();
String title = "Thanks for Registering";
out.println(ServletUtilities.headWithTitle(title) + "" +
"<body bgcolor=\"#FDF5E6\">\n" +
"<h1 align=\"center\">" + title + "</h1>\n" +
"<ul>\n" +
"<li><b>First Name</b>: " + firstName + "</b></li>" +
"<li><b>Last Name</b>: " + lastName + "</b></li>" +
"<li><b>Email address:" + emailAddress + "</b></li>" +
"</ul></body></html>");
}
}
private boolean isMissingValue(String param) {
return ((param == null) || (param.trim().equals("")));
}
}
public class CookieUtilities {
public static String getCookieValue(HttpServletRequest request, String cookieName, String defaultValue) {
Cookie[] cookies = request.getCookies();
if(cookies != null){
for(Cookie c : cookies){
if(c.getName().equals(cookieName)){
return c.getValue();
}
}
}
return defaultValue;
}
public static Cookie getCookie(HttpServletRequest request, String cookieName) {
Cookie[] cookies = request.getCookies();
if(cookies != null){
for(Cookie c : cookies){
if(c.getName().equals(cookieName)){
return c;
}
}
}
return null;
}
}
Cookie
cookie是小段的文本信息,web服务器将它发送到浏览器,之后,在访问同一网站或域时,浏览器又将它原封不动返回。
cookie使用方式:
1、电商会话中标识用户
2、记录用户名和密码
3、定制站点
4、定向广告
cookie存在的问题:
cookie并不构成严重的安全威胁。cookie不会以任何方式得到解释或执行。浏览器一般对每个站点只接受20个cookie,总共不超过300个,浏览器可以将每个cookie限制在4k,因此不能用来填充硬盘或dos攻击。
cookie可能对隐私造成威胁
删除cookie:
浏览器删除
cookie的发送和接收:
发送到客户程序:
1、创建对象
cookie的key和value都不能包含:[]()=,"/?@:;
Cookie c = new Cookie("userID", "a1234");
2、设置时效
c.setMaxAge(60*60*24*7);// One week
将最大时效设置为0是删除该cookie
3、将cookie放到Http响应报头
response.addCookie(c);
从客户端读取cookie:
1、request.getCookies得到cookie对象组
2、对数据进行循环,调用cookie的getName方法找到cookie,使用它的value
使用cookie属性:
将cookie加到输出报头之前,可以使用setXXX方法设置cookie的各项特征。
尽管每个setXXX都有一个对应的getXXX来取出属性的值,但是,属性是服务器发送到浏览器报头的一部分,但它们不属于由浏览器返回给服务器的报头。
方法:
public void setComment(String comment)
public String getComment()设置和读取cookie注释
public void setDomain(String domainPattern)
public String getDomain()设置和读取cookie适用的域
public void setMaxAge(int lifetime)
public int getMaxAge()规定cookie多长时间后过期,负值(默认值)表示cookie仅仅用于当前浏览会话(用户退出浏览器为止)
public String getName()
public void setPath(String path) 设置获取cookie所适用的路径。如果没有指定一个路径,浏览器只将该cookie返回给发送cookie所在目录之下的URL
public void setSecure(boolean secureFlag)
public boolean getSecure()
设置或取的响应的boolean值,表示cookie是否只能通过加密链接(SSL)发送。默认是false
public void setValue()
public String getValue()
public void setVersion(int version)
public int getVersion()
修改cookie的值:
替换cookie之前的值,需要发送相同的cookie名称,但要使用不同的cookie值。需要重新应用cookie的所有的相关属性,response.addCookie(c)
删除cookie,只需要使用setMaxAge将它最大时效设置为0
使用例子: