对用户自动登录的代码进行分析注释后上传代码。
登陆页面跳转的servlet
package zb.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
import zb.Dao.UserDao;
import zb.domain.User;
public class Loginservlet extends HttpServlet {
public Loginservlet() {
super();
}
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
// Put your code here
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//response.setContentType("text/html;charset=utf-8");//设置字符集编码
String username=request.getParameter("username");//获取提交表单中的相应的值
String password =request.getParameter("password");//获取提交表单中的相应的值
String shijian=request.getParameter("roid");//获取提交表单中的相应的值
UserDao dao= new UserDao();//声明UserDao对象
if(shijian==null)//判断是否设定有效期
{
User user =dao.find(username, password);//调用UserDao中的find方法核对用户名和密码
request.getSession().setAttribute("user", user);//获取session并设置定值
response.sendRedirect("/index.jsp");//从定向到index.jsp
}else
{
User user =dao.find(username, password);//调用UserDao中的find方法核对用户名和密码
request.getSession().setAttribute("user", user);//获取session并设置定值
long loginshijian = Long.parseLong(shijian);//有效期字符串转化为long类型的时间
addCookie(response,user,loginshijian);//addCookie 是一个方法,该方法的用途是:将用户名、密码、通过加密后存放入Cookie中,同过response返回客户端
}
}
//以下方法的用途是:将用户名、密码、通过加密后存放入Cookie中,同过response返回客户端
private void addCookie(HttpServletResponse response, User user,
long loginshijian) {
long time =System.currentTimeMillis()+loginshijian;//用当前时间+有效时间 组合成一个新的时间,为下面加密做准备
String md5value = md5(user.getUsername() + ":" + time + ":"
+ user.getPassword());//通过md5的形式进行加密
String cookievalue=user.getUsername()+":"+time+":"+md5value;//设定一个字符串作为Cookie值用
Cookie cookie=new Cookie("logincookie",cookievalue);//声明 Cookie,在filer过滤器中使用,用于自动登录
response.addCookie(cookie);//将cookie返回到客户端
}
// 以下是md5加密方法
private String md5(String input) {
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte result[] = md.digest(input.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(result);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public void init() throws ServletException {
// Put your code here
}
}
filter过滤器
package zb.filterlogin;
import java.io.IOException;
import java.security.MessageDigest;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.misc.BASE64Encoder;
import zb.Dao.UserDao;
import zb.domain.User;
public class Longinfilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;//强制类型转化,父类转子类
HttpServletResponse response = (HttpServletResponse) resp;//强制类型转换,父类转子类
//以下均为设置字符集
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=UTF-8");
User user = (User) request.getSession().getAttribute("user"); //获取session中保存的的user 如果保存着返回user 如果没有返回null
if(user !=null)//判断是sesion中是否保存着,如果保存着呢,则说明当前正在会话中
{
chain.doFilter(request, response);//通过过滤
return ;
}
else
{
Cookie filtercookie =null;//声明cookie
Cookie filtercookies[] =request.getCookies();//声明cookie集合类,使用request.getCookies()方法返回的是所用cookie的名字集合
for(int i=0; filtercookies != null && i<filtercookies.length ;i++)//遍历集合
{
if(filtercookies[i].getName().equals("cookie"))//判断cookie的名字
{
filtercookie= filtercookies[i];//赋值操作
}
}
if(filtercookie==null)//对cookie进行判断
{
request.setAttribute("abc", "用户没有存在,请从新登陆");//向request域中添加abc
request.getRequestDispatcher("/message.jsp").forward(request, response);
chain.doFilter(request, response);//通过过滤
return;
}else
{
String cookievalue=filtercookie.getValue();//获取cookie的值
if(cookievalue.split("\\:").length!=3)
{
request.setAttribute("abc", "用户没有存在,请从新登陆");//向request域中添加abc
request.getRequestDispatcher("/message.jsp").forward(request, response);
chain.doFilter(request, response);//通过过滤
return;
}
else
{
String username=cookievalue.split("按相应的格式获取cookie值中的部分内容
long shijian=Long.parseLong(cookievalue.split("按相应的格式获取cookie值中的部分内容
String md5value =cookievalue.split("按相应的格式获取cookie值中的部分内容
if(shijian<=System.currentTimeMillis())//判断cookie的有效期
{
chain.doFilter(request, response);//通过过滤
return;
}
UserDao dao=new UserDao();//创建dao对象
user = dao.find(username);//根据用户名查询
String password= user.getPassword();//返回用户名密码
String server_md5value = md5(username + ":" + shijian
+ ":" + password);//进行md5加密
if(md5value!=password)//密码比对
{
request.setAttribute("abc", "用户没有存在,请从新登陆");//向request域中添加abc
request.getRequestDispatcher("/message.jsp").forward(request, response);
chain.doFilter(request, response);//通过过滤
return;
}
request.getSession().setAttribute("user", user);
chain.doFilter(request, response);
}
}
}
}
private String md5(String input) {
try {
MessageDigest md = MessageDigest.getInstance("md5");
byte result[] = md.digest(input.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(result);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
登陆界面
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<form action="servlet/LoginServlet" method="post" >
姓名:<input type="text" name="username" /><br/>
密码:<input type="password" name="password" /><br/>
有效时间:<input type="radio" name="roid" value="${60*1000}"/>1分钟
<input type="radio" name="roid" value="${600*1000}"/>10分钟
<input type="radio" name="roid" value="${3600*1000}"/>1小时
<br/>
<input type="submit" value="登陆"/>
</form>
<br>
</body>
</html>
登陆成功页面
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
欢迎 {user.username} 登陆 ,呵呵!!!This is my JSP page. <br>
</body>
</html>
登陆失败页面
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<html>
<head>
<title>My JSP 'message.jsp' starting page</title>
</head>
<body>
${abc}
</body>
</html>
Dao类---
package zb.Dao;
import java.util.Arrays;
import java.util.List;
import zb.domain.User;
public class UserDao {
List<User> db= Arrays.asList(new User("aa","11"),new User("bb","22"),new User("cc","33")) ;
public User find(String username ,String password )//和对用户名和密码
{
for(User user:db)
{
if(user.getUsername().equals(username.trim()) && user.getUsername().equals(password.trim()) )
{
return user;
}
}
return null;
}
public User find(String username)//根据用户名查询
{
for(User user:db){
if(user.getUsername().equals(username)){
return user;
}
}
return null;
}
}
javaBean
package zb.domain;
public class User {
private String username;
private String password;
public User(String username, String password) {
super();
this.username = username;
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}