自动登录原理
利用cookie保存用户登录信息,从cookie中获取用户名和密码,不需要用户自己再次输入
为什么用Filter
如果不用Filter,请求每个servlet时,都要有操作cookie的相同代码来处理自动登录,由于filter能够拦截请求,那么我们可以提取相同的代码到filter中,在filter中处理自动登录。
创建user
package cn.itcast.chapter08.entity;
public class User {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
实现登录页面和首页
login.jsp
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8" import="java.util.*"%>
<html>
<head></head>
<center><h3>用户登录</h3></center>
<body style="text-align: center;">
<form action="${pageContext.request.contextPath }/LoginServlet"
method="post">
<table border="1" width="600px" cellpadding="0" cellspacing="0"
align="center" >
<tr>
<td height="30" align="center">用户名:</td>
<td>
<input type="text" name="username" />${errerMsg }</td>
</tr>
<tr>
<td height="30" align="center">密 码:</td>
<td>
<input type="password" name="password" /></td>
</tr>
<tr>
<td height="35" align="center">自动登录时间</td>
<td><input type="radio" name="autologin"
value="${60*60*24*31 }" />一个月
<input type="radio" name="autologin"
value="${60*60*24*31*3 }" />三个月
<input type="radio" name="autologin"
value="${60*60*24*31*6 }" />半年
<input type="radio" name="autologin"
value="${60*60*24*31*12 }" />一年
</td>
</tr>
<tr>
<td height="30" colspan="2" align="center">
<input type="submit" value="登录" />
<input type="reset" value="重置" />
</td>
</tr>
</table>
</form>
</body>
<html>
index.jsp(需要添加支持jstl的jar【jstl.jar和standard.jar】)
<%@ page language="java" contentType="text/html; charset=utf-8"
pageEncoding="utf-8" import="java.util.*"
%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>显示登录的用户信息</title>
</head>
<body>
<br />
<center>
<h3>欢迎光临</h3>
</center>
<br />
<br />
<c:choose>
<c:when test="${sessionScope.user==null }">
<a href="${pageContext.request.contextPath }/login.jsp">用户登录</a>
</c:when>
<c:otherwise>
欢迎你,${sessionScope.user.username }!
<a href="${pageContext.request.contextPath }/LogoutServlet">注销</a>
</c:otherwise>
</c:choose>
<hr />
</body>
</html>
创建两个servlet
LoginServlet
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
// 获得用户名和密码
String username = request.getParameter("username");
String password = request.getParameter("password");
// 检查用户名和密码
if ("itcast".equals(username) && "123456".equals(password)) {
// 登录成功
// 将用户状态 user 对象存入 session域
User user = new User();
user.setUsername(username);
user.setPassword(password);
request.getSession().setAttribute("user", user);
// 获取用户选择的自动登录有效时间
String autoLogin = request.getParameter("autologin");
if (autoLogin != null) {
// 注意 cookie 中的密码要加密
Cookie cookie = new Cookie("autologin", username + "-"
+ password);
cookie.setMaxAge(Integer.parseInt(autoLogin));
cookie.setPath(request.getContextPath());
response.addCookie(cookie);
}
// 跳转至首页
response.sendRedirect(request.getContextPath()+"/index.jsp");
} else {
request.setAttribute("errerMsg", "用户名或密码错");
request.getRequestDispatcher("/login.jsp")
.forward(request,response);
}
}
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
LogoutServlet
public class LogoutServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
// 用户注销
request.getSession().removeAttribute("user");
// 从客户端删除自动登录的cookie
Cookie cookie = new Cookie("autologin", "msg");
cookie.setPath(request.getContextPath());
cookie.setMaxAge(0);
response.addCookie(cookie);
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
创建过滤器AutoLoginFilter
public class AutoLoginFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
// 获得一个名为 autologin 的cookie
Cookie[] cookies = request.getCookies();
String autologin = null;
for (int i = 0; cookies != null && i < cookies.length; i++) {
if ("autologin".equals(cookies[i].getName())) {
// 找到了指定的cookie
autologin = cookies[i].getValue();
break;
}
}
if (autologin != null) {
// 做自动登录
String[] parts = autologin.split("-");
String username = parts[0];
String password = parts[1];
// 检查用户名和密码
if ("itcast".equals(username)&& ("123456").equals(password)) {
// 登录成功,将用户状态 user 对象存入 session域
User user = new User();
user.setUsername(username);
user.setPassword(password);
request.getSession().setAttribute("user", user);
}
}
// 放行
chain.doFilter(request, response);
}
public void destroy() {
}
}
配置映射信息
<filter>
<filter-name>AutoLoginFilter</filter-name>
<filter-class>cn.itcast.chapter08.filter.AutoLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoLoginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
运行项目,查看结果
http://localhost:8080/chapter08/login.jsp
输入用户名、密码,选择自动登录时间
点击”登录“,结果如下
此时,再打开一个相同的浏览器,访问首页,结果如下
说明实现了自动登录功能。
单击”注销“,结果如下
再开启一个相同的浏览器,访问首页,结果如上,说明cookie被删除了,也说明自动登录功能只有在用户登录期间才可用。