003 | import java.io.IOException; |
005 | import java.io.PrintWriter; |
007 | import java.io.UnsupportedEncodingException; |
009 | import javax.servlet.FilterChain; |
011 | import javax.servlet.ServletException; |
013 | import javax.servlet.http.Cookie; |
015 | import javax.servlet.http.HttpServletRequest; |
017 | import javax.servlet.http.HttpServletResponse; |
019 | import javax.servlet.http.HttpSession; |
021 | import java.security.MessageDigest; |
023 | import java.security.NoSuchAlgorithmException; |
025 | import com.laizhi.bean.User; |
027 | import com.laizhi.dao.UserDAO; |
029 | import com.laizhi.factory.DaoImplFactory; |
031 | import com.sun.org.apache.xerces.internal.impl.dv.util.Base64; |
039 | public class
CookieUtil { |
040 | //保存cookie时的cookieName |
041 | private
final static String cookieDomainName = “laizhi”; |
044 | private
final static String webKey = “ 123456 ”; |
045 | //设置cookie有效期是两个星期,根据需要自定义 |
046 | private
final static long cookieMaxAge = 60
* 60 *
24 * 7
* 2 ; |
047 | //保存Cookie到客户端------------------------------------------------------------------------- |
048 | //在CheckLogonServlet.java中被调用 |
049 | //传递进来的user对象中封装了在登陆时填写的用户名与密码 |
051 | public
static void saveCookie(User user,HttpServletResponse response) { |
053 | long
validTime = System.currentTimeMillis() + (cookieMaxAge *
5000 ); |
055 | String cookieValueWithMd5 =getMD5(user.getUserName() + ":" + user.getPassword() |
057 | + ":" + validTime + ":"
+ webKey); |
059 | String cookieValue = user.getUserName() + ":" + validTime + ":"
+ cookieValueWithMd5; |
060 | //再一次对Cookie的值进行BASE64编码 |
062 | String cookieValueBase64 = new String(Base64.encode(cookieValue.getBytes())); |
064 | Cookie cookie = new Cookie(cookieDomainName,cookieValueBase64); |
065 | //存两年(这个值应该大于或等于validTime) |
066 | cookie.setMaxAge( 60
* 60 *
24 * 365
* 2 ); |
074 | response.addCookie(cookie); |
080 | //读取Cookie,自动完成登陆操作---------------------------------------------------------------- |
082 | //在Filter程序中调用该方法,见AutoLogonFilter.java |
084 | public
static void readCookieAndLogon(HttpServletRequest request,HttpServletResponse response, |
086 | FilterChain chain) throws
IOException,ServletException,UnsupportedEncodingException{ |
087 | //根据cookieName取cookieValue |
088 | Cookie cookies[] = request.getCookies(); |
089 | String cookieValue = null ; |
092 | if
(cookieDomainName.equals(cookies[i].getName())) { |
093 | cookieValue = cookies[i].getValue(); |
101 | if (cookieValue== null ){ |
104 | //如果cookieValue不为空,才执行下面的代码 |
105 | //先得到的CookieValue进行Base64解码 |
106 | String cookieValueAfterDecode = new String (Base64.decode(cookieValue), "utf-8" ); |
107 | //对解码后的值进行分拆,得到一个数组,如果数组长度不为3,就是非法登陆 |
108 | String cookieValues[] = cookieValueAfterDecode.split( ":" ); |
109 | if (cookieValues.length!= 3 ){ |
110 | response.setContentType( "text/html;charset=utf-8" ); |
111 | PrintWriter out = response.getWriter(); |
112 | out.println( "你正在用非正常方式进入本站..." ); |
116 | //判断是否在有效期内,过期就删除Cookie |
117 | long
validTimeInCookie = new Long(cookieValues[ 1 ]); |
118 | if (validTimeInCookie < System.currentTimeMillis()){ |
120 | clearCookie(response); |
121 | response.setContentType( "text/html;charset=utf-8" ); |
122 | PrintWriter out = response.getWriter(); |
123 | out.println( "" );你的Cookie已经失效,请重新登陆 |
127 | //取出cookie中的用户名,并到数据库中检查这个用户名, |
128 | String username = cookieValues[ 0 ]; |
131 | UserDAO ud = DaoImplFactory.getInstance(); |
132 | User user = ud.selectUserByUsername(username); |
134 | //如果user返回不为空,就取出密码,使用用户名+密码+有效时间+ webSiteKey进行MD5加密 |
136 | String md5ValueInCookie = cookieValues[ 2 ]; |
137 | String md5ValueFromUser =getMD5(user.getUserName() + ":" + user.getPassword() |
138 | + ":" + validTimeInCookie +
":" + webKey); |
139 | //将结果与Cookie中的MD5码相比较,如果相同,写入Session,自动登陆成功,并继续用户请求 |
140 | if (md5ValueFromUser.equals(md5ValueInCookie)){ |
141 | HttpSession session = request.getSession( true ); |
142 | session.setAttribute( "user" ,user); |
143 | chain.doFilter(request,response); |
149 | response.setContentType( "text/html;charset=utf-8" ); |
150 | PrintWriter out = response.getWriter(); |
151 | out.println( "cookie验证错误!" ); |
161 | //用户注销时,清除Cookie,在需要时可随时调用----------------------------------------------------- |
162 | public
static void clearCookie( HttpServletResponse response){ |
163 | Cookie cookie = new Cookie(cookieDomainName, null ); |
166 | response.addCookie(cookie); |
169 | //获取Cookie组合字符串的MD5码的字符串---------------------------------------------------------------- |
170 | public
static String getMD5(String value) { |
173 | byte [] valueByte = value.getBytes(); |
174 | MessageDigest md = MessageDigest.getInstance( "MD5" ); |
176 | result = toHex(md.digest()); |
177 | } catch (NoSuchAlgorithmException e2){ |
182 | //将传递进来的字节数组转换成十六进制的字符串形式并返回 |
183 | private
static String toHex( byte [] buffer){ |
184 | StringBuffer sb = new StringBuffer(buffer.length * 2 ); |
185 | for
( int i = 0 ; i < buffer.length; i++){ |
186 | sb.append(Character.forDigit((buffer[i] & 0xf0 ) >> 4 , 16 )); |
187 | sb.append(Character.forDigit(buffer[i] & 0x0f , 16 )); |
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理