JavaServlet使用Cookie实现单点登录
目标:my.authentication.normal 和my1.authentication.normal实现单点登录
login.authenticaton.normal是单独的登录验证模块,以上两个网站的用户、密码验证、是否已经登录的验证,全部由登录模块完成。因为不是一个网站,所以需要使用Apache的httpclient调用其它网站。主要是利用cookie实现单点登录。以下的filter、servlet,两个网站全部一样。
前段页面可以用login 、logout等可以用 jsp、html等实现
1、AuthenticationFilter过滤器
package normal.authentication.my;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import normal.authentication.common.CookieUtils;
/**
* Servlet Filter implementation class AuthenticationFilter
*/
@WebFilter("/admin/*")
public class AuthenticationFilter implements Filter {
/**
* Default constructor.
*/
public AuthenticationFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpSR = (HttpServletRequest) request;
HttpServletResponse httpRP = (HttpServletResponse) response;
String strToken=CookieUtils.GetCookieValueByCookieName(httpSR.getCookies(), "token");
if(strToken==null)
{
httpRP.sendRedirect("../login.jsp");
return;
}
String result;
CloseableHttpClient httpclient = HttpClients.createDefault();
try {
HttpPost httpPost = new HttpPost("http://login.authentication.normal:8080/authentication");
List <NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("token", strToken));
System.out.println("normal.my.token="+strToken);
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response2 = httpclient.execute(httpPost);
try {
System.out.println(response2.getStatusLine());
HttpEntity entity2 = response2.getEntity();
result=EntityUtils.toString(entity2);
EntityUtils.consume(entity2);
} finally {
response2.close();
}
} finally {
httpclient.close();
}
if(result.equals("islogin"))
{
System.out.println("hahah isLogin");
chain.doFilter(request, response);
return;
}
else
{
httpRP.sendRedirect("../login.jsp");
}
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
2、Login Servlet
package normal.authentication.my;
import java.io.IOException;
import java.net.URISyntaxException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
/**
* Servlet implementation class Login
*/
@WebServlet("/login")
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Login() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
CloseableHttpClient httpclient = HttpClients.createDefault();
try {
HttpPost httpPost = new HttpPost("http://login.authentication.normal:8080/login");
List <NameValuePair> nvps = new ArrayList <NameValuePair>();
String username = request.getParameter("username");
nvps.add(new BasicNameValuePair("username", username));
nvps.add(new BasicNameValuePair("password", "secret"));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response2 = httpclient.execute(httpPost);
try {
System.out.println(response2.getStatusLine());
HttpEntity entity2 = response2.getEntity();
String result=EntityUtils.toString(entity2);
if(!result.equals("wrong"))
{
Cookie ck = new Cookie("token", result);
ck.setDomain("authentication.normal");
ck.setMaxAge(600);
response.addCookie(ck);
response.getWriter().write("success");
}
else
{
response.getWriter().write("fail");
}
EntityUtils.consume(entity2);
} finally {
response2.close();
}
} finally {
httpclient.close();
}
}
}
3、LogOut Servlet
package normal.authentication.my;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import normal.authentication.common.CookieUtils;
/**
* Servlet implementation class Logout
*/
@WebServlet("/logout")
public class Logout extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Logout() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String cookieToken=CookieUtils.GetCookieValueByCookieName(request.getCookies(), "token");
if(cookieToken==null)
{
response.getWriter().write("logout fail");
return;
}
CloseableHttpClient httpclient = HttpClients.createDefault();
try {
HttpPost httpPost = new HttpPost("http://login.authentication.normal:8080/logout");
List <NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("token", cookieToken));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response2 = httpclient.execute(httpPost);
try {
System.out.println(response2.getStatusLine());
HttpEntity entity2 = response2.getEntity();
String result=EntityUtils.toString(entity2);
if(!result.equals("wrong"))
{
response.getWriter().write("logout success");
}
else
{
response.getWriter().write("logout fail");
}
// do something useful with the response body
// and ensure it is fully consumed
EntityUtils.consume(entity2);
} finally {
response2.close();
}
} finally {
httpclient.close();
}
}
}
4、Login网站(单点登录模块)Authentication Filter
package login.authentication.normal;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class Authentication
*/
@WebServlet("/authentication")
public class Authentication extends HttpServlet {
private static final long serialVersionUID = 1L;
private UserService userService=new UserService();
/**
* @see HttpServlet#HttpServlet()
*/
public Authentication() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Object uuidOB=request.getParameter("token");
if(uuidOB==null)
{
System.out.println("uuidOB=NULL");
return;
}
String uuid=uuidOB.toString();
System.out.println("token="+uuid);
User user=userService.getByToken(uuid);
if(user!=null && user.getLogin())
{
response.getWriter().append("islogin");
}
else
{
System.out.println("not login login.normal网站");
response.getWriter().append("notlogin");
}
}
}
5、Login网站 login Servlet
package login.authentication.normal;
import java.io.FileWriter;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class login
*/
@WebServlet("/login")
public class login extends HttpServlet {
private static final long serialVersionUID = 1L;
private final UserService userService=new UserService();
/**
* Default constructor.
*/
public login() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String token=request.getParameter("token");
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username= request.getParameter("username");
System.out.println(username);
User user=userService.getByName(username);
if(user!=null)
{
String uuid= UUID.randomUUID().toString().replaceAll("-","");
user.setUuid(uuid);
user.setLogin(true);
response.getWriter().write(uuid);
}
else
{
response.getWriter().write("wrong");
}
}
}
6、Login网站 Logout Servlet
package login.authentication.normal;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* Servlet implementation class Logout
*/
@WebServlet("/logout")
public class Logout extends HttpServlet {
private static final long serialVersionUID = 1L;
private final UserService userService=new UserService();
/**
* @see HttpServlet#HttpServlet()
*/
public Logout() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String token=request.getParameter("token").toString();
User u=userService.getByToken(token);
if(u==null)
{
response.getWriter().append("logout fail");
}
else
{
u.setLogin(false);
response.getWriter().append("logoutsuccess");
}
}
}
7、Login网站 User类
package login.authentication.normal;
public class User {
private String name;
private String uuid;
private boolean login=false;
public boolean getLogin() {
return login;
}
public void setLogin(boolean isLogin) {
this.login = isLogin;
}
public String getUuid() {
return uuid;
}
public void setUuid(String uuid) {
this.uuid = uuid;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public User(String name)
{
this.name=name;
}
}
8、Login网站 UserService类
package login.authentication.normal;
import java.util.ArrayList;
import java.util.List;
public class UserService {
static private List<User> users;
static {
users = new ArrayList<User>();
users.add(new User("ZhangSan"));
users.add(new User("LiSi"));
}
public User getByName(String username) {
try {
System.out.println("UserService.getByName()方法,参数:username="+username);
System.out.println("UserCount:"+users.size());
return users.stream().filter(a -> a.getName().equals(username)).findFirst().get();
} catch (Exception ex) {
return null;
}
}
public User getByToken(String uuid) {
try {
System.out.println("UserService.getByToken():"+uuid);
for(User u:users)
{
String userUUID=u.getUuid();
if(userUUID!=null && userUUID.equals(uuid))
{
return u;
}
}
return null;
} catch (Exception ex) {
ex.printStackTrace();
System.out.println("UserService.getByToken() user==null");
return null;
}
}
}