实现自动登录:Filter 实现思路和方式

时间:2022-09-30 04:44:44
  1. 当你勾选(记住登录状态),用cookie保存用户名和密码。不勾选,cookie失效。
  2. 所有的页面都要经过autoLoginFilter.java 的过滤器,在这类中,必须要判断cookies不为null,获得所有的cookie,得到name为user的cookie,进行用户名和密码的验证,如果不为null,则将user存入session。
  3. 在LoginServlet.java中,获得username和password参数,进行dao验证,如果不为空,放入seesion中,进行页面跳转。
  4. 创建cookie对象。setpath("/"),表示本应用下的所有路径都能访问此cookie。
  5. 对于已经正确登录的用户,再次访问其他页面必定会再次经过autoLoginFilter,这时,判断当前session中的user是否为null,不为null,直接通过。
  6. 对于**login.jsp的有关页面,不需要经过autoLoginFilter。
  7. package com.learning.web.servlet;

import java.io.IOException;
    
import javax.servlet.ServletException;
    
import javax.servlet.annotation.WebServlet;
    
import javax.servlet.http.Cookie;
    
import javax.servlet.http.HttpServlet;
    
import javax.servlet.http.HttpServletRequest;
    
import javax.servlet.http.HttpServletResponse;

import com.learning.domain.User;
    
import com.learning.service.UserService;

@WebServlet("/servlet/loginServlet")
    
public class LoginServlet extends HttpServlet {
    
    private static final long serialVersionUID = 1L;
    
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
            String username = request.getParameter("username");
    
            String password = request.getParameter("password");
    
            String autologin = request.getParameter("autologin");

            UserService userService=new UserService();
    
            User user = userService.findUser(username, password);
    
            //user不为null,则登录成功
    
            if (user!=null) {
    
                //创建cookie来保存用户信息
    
                Cookie cookie=new Cookie("user", user.getUsername()+"&"+user.getPassword());
    
                cookie.setPath("/");
    
                //autologin不为null,则记住了登录状态
    
                if (autologin!=null) {
    
                    cookie.setMaxAge(1*60*60*24);//一天的有效时间
    
                }
    
                else {
    
                    cookie.setMaxAge(0);
    
                }
    
                response.addCookie(cookie);
    
                request.getSession().setAttribute("user", user);
    
                request.getRequestDispatcher("/home.jsp").forward(request, response);
    
            }else {
    
                response.sendRedirect(request.getContextPath()+"/homeLogin.jsp");
    
            }

    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    
        doGet(request, response);
    
    }

}
    package com.learning.web.filter;

import java.io.IOException;

import javax.servlet.Filter;
    
import javax.servlet.FilterChain;
    
import javax.servlet.FilterConfig;
    
import javax.servlet.ServletException;
    
import javax.servlet.ServletRequest;
    
import javax.servlet.ServletResponse;
    
import javax.servlet.annotation.WebFilter;
    
import javax.servlet.annotation.WebInitParam;
    
import javax.servlet.http.Cookie;
    
import javax.servlet.http.HttpServletRequest;
    
import javax.servlet.http.HttpServletResponse;
    
import javax.servlet.http.HttpSession;
    
import javax.servlet.jsp.jstl.core.Config;

import com.learning.domain.User;
    
import com.learning.service.UserService;

@WebFilter(urlPatterns="/*",initParams={@WebInitParam(name="autologin",value="login"),@WebInitParam(name="",value="")})
    
public class AutoFilter implements Filter{

    private FilterConfig filterConfig;
    
    @Override
    
    public void destroy() {
    
    }

    @Override
    
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
    
            throws IOException, ServletException {
    
        // 转换对象
    
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    
        // 获得访问的路径
    
        String uri = httpServletRequest.getRequestURI();
    
        String contextPath = httpServletRequest.getContextPath();
    
        uri = uri.substring(contextPath.length() + 1);
    
        // 获得初始化参数
    
        String login = filterConfig.getInitParameter("autologin");
    
        System.out.println("直接通行的路径:"+login);
    
        // 不包含"login"的路径就要进行过滤 (xxxlogin.jsp 不需要自动登录)
    
        if (!uri.contains(login)) {
    
            HttpSession session = httpServletRequest.getSession();
    
            User u = (User) session.getAttribute("user");
    
            if (u != null) {
    
                System.out.println("session不为null");
    
                chain.doFilter(request, response);
    
            } else {

                // 处理业务逻辑
    
                // 1.获得cookie 得到User的信息

                String username = "";
    
                String password = "";
    
                UserService userService = new UserService();
    
                Cookie[] cookies = httpServletRequest.getCookies();
    
                for (int i = 0;cookies!=null&& i < cookies.length; i++) {
    
                    if ("user".equals(cookies[i].getName())) {
    
                        String string = cookies[i].getValue();
    
                        String[] values = string.split("&");
    
                        username = values[0];
    
                        password = values[1];
    
                        User user = userService.findUser(username, password);

                        // 不为空则放入session
    
                        if (user != null) {
    
                            System.out.println("自动登录了");
    
                            httpServletRequest.getSession().setAttribute("user", user);
    
                        }
    
                    }
    
                }
    
            }
    
        }
    
        // 2.放行
    
        chain.doFilter(request, response);
    
    }

    @Override
    
    public void init(FilterConfig filterConfig) throws ServletException {

        this.filterConfig=filterConfig;

    }

}

相关文章