2007-10-10

安全有效的实现两星期内自动登陆功能(三)

关键字: java, cookie

 

 前半部分请见安全有效的实现两星期内自动登陆功能(一)

                          安全有效的实现两星期内自动登陆功能(二)

AutoLogonFilter.java

过滤器程序,可在WEB-INF/web.xml中设置过滤规则,本文对过滤规则不作介绍,此程序主要作用是检查用户在上一次登陆时是否保存了Cookie,如果保存了,就处理Cookie信息,并帮助用户自动登陆

本程序主要调用了CookieUtil.java中的读取与自动登陆方法,即readCookieAndLogon方法

 

package cn.itcast.filter;

 

import java.io.IOException;

 

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

 

import cn.itcast bean.User;

import cn.itcast.util.CookieUtil;

 

public class AutoLogonFilter implements Filter {

      

       public void destroy() {

       }

      

//保存cookie时的cookieName,CookieUtil.java中的设置相同

       private final static String cookieDomainName = “cn.itcast”;

      

       public void doFilter(ServletRequest req, ServletResponse resp,

                     FilterChain chain) throws IOException, ServletException {

              HttpServletRequest request = (HttpServletRequest)req;

              HttpServletResponse response = (HttpServletResponse)resp;

              HttpSession session = request.getSession(true);

              User user = (User)session.getAttribute("user");

             

              //如果封装的user不为空,说明已经登陆,则继续执行用户的请求.下面的就不处理了

              if(user!=null){

                     chain.doFilter(request,response);

                     return;

              }

             

              //user为空,说明用户还没有登陆,就尝试得到浏览器传送过来的Cookie

              Cookie cookies[] = request.getCookies();

              String cookieValue = null;

              if(cookies!=null){

                     for(int i=0;i

                            if (cookieDomainName.equals(cookies[i].getName())) {

                                   cookieValue = cookies[i].getValue();

                                   break;

                            }

                     }

              }

 

              //如果cookieValue为空,也继续执行用户请求

              if(cookieValue==null){

                     chain.doFilter(request,response);

                     return;

              }

 

              //cookieValue不为空执行下面的方法,调用CookieUtil.java中的readCookieAndLogon方法

              try{

                     CookieUtil.readCookieAndLogon(cookieValue, request, response, chain);

              }catch(Exception e){

                     e.printStackTrace();

              }

       }

 

       public void init(FilterConfig arg0) throws ServletException {

       }

}

 

CheckLogonServlet.java

验证用户登陆信息的Servlet,此程序调用了CookieUtil.java中的saveCookie方法

 

package cn.itcast.servlet;

 

/*

 * update 2007.09.23 by lyhapple

 * 检查用户登陆

 * */

 

import java.io.IOException;

 

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

 

import cn.itcast.bean.User;

import cn.itcast.dao.UserDAO;

import cn.itcast.factory.DaoImplFactory;

import cn.itcast.util.CookieUtil;

 

public class CheckLogonServlet extends HttpServlet {

 

       public void doGet(HttpServletRequest request, HttpServletResponse response)

                     throws ServletException, IOException {

              doPost(request, response);

       }

 

       public void doPost(HttpServletRequest request, HttpServletResponse response)

                     throws ServletException, IOException {

              request.setCharacterEncoding("utf-8");

              String username = request.getParameter("username").trim();

              String password = CookieUtil.getMD5(request.getParameter("password"));

              String remeberMe = request.getParameter("remeberMe");

              HttpSession session = request.getSession(false);

 

              // 将接收到的用户名传递到UserDaocheckUser方法中,检查用户

              // 返回一个User类型的对象

              UserDAO ud = DaoImplFactory.getInstance();

              User user = ud.selectUserByUsername(username);

              if (user == null) {

                     request.setAttribute("checkUserError","");用户名不存在,请先注册

                     request.getRequestDispatcher("index.jsp").forward(request, response);

                     return;

              }

 

              if(!password.equals(user.getPassword())){

                     request.setAttribute("checkPasswordError","");密码输入错误,请重新输入

                     request.getRequestDispatcher("index.jsp").forward(request, response);

                     return;

              }

             

              //保存Cookie,这里调用了CookieUtil.java中的saveCookie方法,将上面的user对象作为参数传递

              if ("on".equals(remeberMe)) {

                     CookieUtil.saveCookie(user, response);

              }

              //Session中保存用户信息,并转向用户的个人信息页面

              session.setAttribute("user", user);

              request.getRequestDispatcher("User/userInfo.jsp").forward(request,response);

       }

}

 

UserDAO.javaDaoImplFactory.java属于持久层相关的程序,这里就不贴出来了,读者可根据自己需要选择不同的持久层框架,在本程序中只要实现查询用户的功能就可以了

 

转载请注明出处,谢谢!

 

评论
发表评论

您还没有登录,请登录后发表评论

lyhapple
搜索本博客
最近加入圈子
存档
最新评论