写了这么多年的网站了,登录系统用了好几种了,有自己实现的,有spring security的,有apache shiro的,但其实原理都是一样,session加cookie实现的。
登录页面login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html><html><head><meta charset="ISO-8859-1"><title>Insert title here</title></head><body> <form name="loginForm" method="post" action="login"> <table border="0px"> <tr> <td>姓名:</td> <td><input name="username" value=""></input></td> </tr> <tr> <td>密码:</td> <td><input name="passwd"></input></td> </tr> <tr> <td><input type="checkbox" name="remeberme" value="remeberme">记住我</input> </td> </tr> <tr> <td></td> <td><input type="submit" class="loginform" name="submit" value="确定"> <input type="button" class="loginform" name="submit" value="取消"></td> </tr> </table> </form></body></html>
login servlet:
package my.authentication.normal;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet implementation class login */@WebServlet("/login")public class login extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public login() { super(); // TODO Auto-generated constructor stub } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub response.getWriter().append("Served at: ").append(request.getContextPath()); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub //doGet(request, response); HttpSession session= request.getSession(); String username= request.getParameter("username"); String remeberme=request.getParameter("remeberme"); if(remeberme!=null) { System.out.println(remeberme); } else { System.out.println("没有选中remeberme"); } if(username.equals("yl")) { session.setAttribute("user", username); if(remeberme!=null) { Cookie ck=new Cookie("remeberme","remeberme"); ck.setDomain("authentication.normal"); /*设置cookie的有效时间,如果不设置,那么关闭浏览器后cookie就消失了,达不到remerber me的效果了*/ ck.setMaxAge(600); response.addCookie(ck); } response.getWriter().write("passwd correct!"); } else { response.getWriter().write("passwd error!"); } }}认证过滤器:
package my.authentication.normal;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.RequestDispatcher;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.annotation.WebFilter;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;/** * Servlet Filter implementation class authentication *///@WebFilter("/my.authentication.normal/*")@WebFilter("/admin/*")public class AuthenticationFilter implements Filter { // FilterConfig fConfig; /** * Default constructor. */ public AuthenticationFilter() { // TODO Auto-generated constructor stub } /** * @see Filter#destroy() */ public void destroy() { // TODO Auto-generated method stub } @Override /** * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain) */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpSR = (HttpServletRequest) request; HttpServletResponse httpRP = (HttpServletResponse) response; String url = httpSR.getRequestURL().toString(); System.out.println("My URL:" + url); HttpSession session = httpSR.getSession(); Cookie[] cks = httpSR.getCookies(); /** 判断客户端是否有remeberme的cookie,如果有,说明已经登录成功了*/ if (cks != null) { Cookie ck = null; for(Cookie ckc:cks) { String ckName=ckc.getName(); System.out.println(ckName); if(ckName.equals("remeberme")) { System.out.println("过滤器获取到remeberme的cookie"); ck=ckc; break; } } if (ck != null) { System.out.println("过滤器获取到remeberme的cookie"); session.setAttribute("user", session.getAttribute("user")); chain.doFilter(request, response); return; } } if (session.getAttribute("user") != null) { chain.doFilter(request, response); } else { httpRP.sendRedirect("/login.jsp"); } } /** * @see Filter#init(FilterConfig) */ public void init(FilterConfig fConfig) throws ServletException {// System.out.println("fConfig器");// this.fConfig=fConfig; }}如果想要实现同一个域名,不同的主机实现SSO功能,可以用cookie实现,设置cookie的域名为主域名,例如"domain.com",然后设置一个单独的认证系统,例如authentication.domain.com/authentication。
原文转载:http://www.shaoqun.com/a/496162.html
tradeindia:https://www.ikjzd.com/w/2305
洋老板:https://www.ikjzd.com/w/2779
mein:https://www.ikjzd.com/w/1601
写了这么多年的网站了,登录系统用了好几种了,有自己实现的,有springsecurity的,有apacheshiro的,但其实原理都是一样,session加cookie实现的。 登录页面login.jsp:<%@pagelanguage="java"contentType="text/html;charset=UTF-8"pageEncoding=&
刘小东:刘小东
沃尔玛:沃尔玛
海南兴隆热带植物园门票是多少?:海南兴隆热带植物园门票是多少?
金子山2020高考生免费吗?连山金子山凭准考证有什么优惠?:金子山2020高考生免费吗?连山金子山凭准考证有什么优惠?
开发客户,从零开始你就做错了!:开发客户,从零开始你就做错了!
No comments:
Post a Comment