自己Cookie写的自动登录功能 包含BASE64 和MD5的使用

sql表

username  password字段

User类

有 id username password等字段

Service有一函数

@Override

public User findUser(String username) 
{
    return userDao.findUser(username);
}

实现

    @Override
    public User findUser(String username) {
        try {
            return qr.query("select * from user where username=?", new BeanHandler<User>(User.class),username);
        } catch (SQLException e) {
            throw new DaoException(e);
        }
    }

Utils

WEBUtils.java

package cn.itcast.util;

import java.lang.reflect.InvocationTargetException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.beanutils.BeanUtils;

import sun.misc.BASE64Encoder;


public class WebUtils {

    public static <T> T fillBean(HttpServletRequest request,
            Class<T> clazz) {
        try {
            T t=clazz.newInstance();
            BeanUtils.populate(t,request.getParameterMap());
            return t;
        } catch(Exception e) {
            throw new RuntimeException(e);
        }
    }

    public static void addAutoLoginFunction(HttpServletRequest request,
            HttpServletResponse response) {
        
        
        String username=request.getParameter("username");
        String password=request.getParameter("password");
        //把帐号BASE64加密 _ 密码双次md5加密， 所以比较的时候 数据库中密码取出md5加密再和这个比较
        
        String encodeUsername=new BASE64Encoder().encode(username.getBytes());
        String encodePassword=Md5Util.md5(password);
        System.out.println("存入数据库 帐号:"+username);
        System.out.println("存入数据库 密码:"+password);
        System.out.println("存入Cookie 帐号:"+encodeUsername);
        System.out.println("存入Cookie密码:"+encodePassword);
        Cookie c=new Cookie("loginInfo",encodeUsername+"_"+encodePassword);
        c.setMaxAge(10000);
        c.setPath(request.getContextPath());
        response.addCookie(c);
    }
    //删除Cookie
    public static void removeAutoLoginCookie(HttpServletRequest request,
            HttpServletResponse response) {
        Cookie cs[]=request.getCookies();
        if(cs!=null)
        {
            for(Cookie c:cs)
            {
                if(c.getName().equals("loginInfo"))
                {
                    Cookie cookie=new Cookie("loginInfo",null);
                    cookie.setMaxAge(0);
                    cookie.setPath(request.getContextPath());
                    response.addCookie(cookie);
//                    c.setMaxAge(0);
//                    c.setPath(request.getContextPath());
                    System.out.println("删除Cookie");
                    return;
                }
            }
        }
    }
    


}

MD5Util.java

package cn.itcast.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import sun.misc.BASE64Encoder;

public class Md5Util {
    public static String md5(String message){
        try{
            MessageDigest md = MessageDigest.getInstance("md5");
            byte b[] = md.digest(message.getBytes());
            return new BASE64Encoder().encode(b);
        }catch(Exception e){
            throw new RuntimeException(e);
        }
    }
}

Servlet中 由doGet()引出以下两个方法 operation=login   operation=logout

    private void logout(HttpServletRequest request, HttpServletResponse response) throws IOException {
        //移除Cookie 去除自动登录功能
        WebUtils.removeAutoLoginCookie(request,response);
        request.getSession().invalidate();
        response.sendRedirect(request.getContextPath());
    }

    private void login(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username=request.getParameter("username");
        String password=request.getParameter("password");
        BusinessService serviceDao=new BusinessServiceImpl();
        password=Md5Util.md5(password);
        User user=serviceDao.login(username,password);
        if(null==user)
        {
            request.setAttribute("message", "用户名或者密码错误");
            request.getRequestDispatcher("/client/message.jsp").forward(request, response);
        }
        else
        {
            request.getSession().setAttribute("user", user);
            String autoLogin=request.getParameter("autologin");
            if(null!=autoLogin)
            {
                //添加自动登录功能
                WebUtils.addAutoLoginFunction(request,response);
            }
            response.sendRedirect(request.getContextPath());
        }
    }

filter过滤器中配置

package cn.itcast.web.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import sun.misc.BASE64Decoder;

import cn.itcast.domain.User;
import cn.itcast.service.BusinessService;
import cn.itcast.service.impl.BusinessServiceImpl;
import cn.itcast.util.Md5Util;

public class AutoLoginFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse resp,
            FilterChain chain) throws IOException, ServletException {

        HttpServletRequest request = (HttpServletRequest)req;
        HttpServletResponse response = (HttpServletResponse)resp;
        BusinessService bService=new BusinessServiceImpl();
        HttpSession session = request.getSession();
        User u = (User)session.getAttribute("user");
        if(null==u)////只有没有登录时才自动登录，已经登录了就不需要了
        {
            System.out.println("自动登录开始执行");
            //1、获取名称为loginInfo的cookie
            Cookie loginInfoCookie=null;
            Cookie cs[]=request.getCookies();
            if(null!=cs)
            {
                for(Cookie c:cs)
                {
                    if("loginInfo".equals(c.getName()))
                    {
                        loginInfoCookie=c;
                        break;
                    }
                }
            }
            //2、有：取出cookie的值：用户名_加密的密码
            if(null!=loginInfoCookie)
            {
                String usernamePassword=loginInfoCookie.getValue();
                System.out.println("帐号密码整串:"+usernamePassword);
                //3、拆出用户名和密码
                String username=usernamePassword.split("\_")[0];
                String password=usernamePassword.split("\_")[1];
                //根据登录的时候 username password放入Cookie的原理
                //username BASE64解密
                username=new String(new BASE64Decoder().decodeBuffer(username));
                System.out.println("Cookie的用户:"+username);
                System.out.println("Cookie的密码:"+password);
                User user=bService.findUser(username);
                if(null!=user)
                {
                    System.out.println("Cookie的用户:"+user.getUsername());
                    System.out.println("Cookie的密码:"+Md5Util.md5(user.getPassword()));
                    //4、再次验证用户名和密码是否正确（根据用户名查出密码，加密后再与cookie中的那个密码进行比对）
                    //将数据库查出的密码 md5加密和cookie中的密码相比
                    if(Md5Util.md5(user.getPassword()).equals(password))
                    {
                        //5、正确：得到用户对象，放到HttpSession中（自动登录）
                        session.setAttribute("user", user);
                        //自动登录搞定
                        System.out.println("自动登录完成");
                    }
                }
            }
        }
        //放行
        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
        
    }

}

web.xml中可以配置对指定的页面进行 自动登录的过滤器， 因为放到session中，所以不需要每个页面都过滤

url-pattern 配置 过滤地址