Java过滤器案例

时间 2019-11-16

标签 java 过滤器案例栏目 Java 繁體版

原文原文链接

实现自动登陆功能

编写前端表单html

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>登陆</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/DoLoginServlet">
    用户：<input type="text" name="username"><br>
    密码：<input type="password" name="password"><br>
    有效期：
    1分钟：<input type="radio" value="${1*60}" name="time">
    5分钟：<input type="radio" value="${5*60}" name="time">
    10分钟：<input type="radio" value="${10*60}" name="time"><br>
    <input type="submit" value="登陆">
</form>
</body>
</html>

处理自动登陆的Servlet前端

@WebServlet(name = "DoLoginServlet", urlPatterns = "/DoLoginServlet")
public class DoLoginServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        UserService userService = new UserService();
        User user = userService.findUser(username, password);
        if (user == null) {
            request.setAttribute("message", "用户名或密码错误");
            request.getRequestDispatcher("/message.jsp").forward(request,response);
            return;
        }
        // 用户成功登陆，设置登陆，回写Cookie
        request.getSession().setAttribute("user", user);
        Integer time = Integer.parseInt(request.getParameter("time"));
        // Cookie有效时间单位为秒 需*1000
        Long expiresTime = System.currentTimeMillis() + time * 1000;
        Cookie cookie = makeCookie(user, expiresTime);
        cookie.setMaxAge(time);
        cookie.setPath("/");
        response.addCookie(cookie);
        response.sendRedirect("/index.jsp");
    }

    private Cookie makeCookie(User user, Long expiresTime) {
        // 用户能够调整系统时间从而改变Cookie的有效期，Cookie的有效期应由服务端决定
        // 单独使用密码进行MD5仍是可能被破解，将三个字段一块儿MD5来验证Cookie的有效性
        // autoLogin = username:expiresTime:md5(password:expiresTime:username)
        String cookieValue = user.getUsername() + ":" + expiresTime + ":" + WebUtils.md5(user.getUsername(),user.getPassword(),expiresTime);
        return new Cookie("autoLogin", cookieValue);
    }


    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doPost(request,response);
    }
}

模拟数据库查用户的Servicejava

public class UserService {
    private static List<User> users;
    static {
        users = new ArrayList<>();
        users.add(new User("ak", "123"));
        users.add(new User("ai", "321"));
    }

    public User findUser(String username, String password) {
        for (User user : users) {
            if (user.getUsername().equals(username) && user.getPassword().equals(password)) {
                return user;
            }
        }
        return null;
    }

    public User findUser(String username) {
        for (User user : users) {
            if (user.getUsername().equals(username)) {
                return user;
            }
        }
        return null;
    }
}

生成MD5的工具类数据库

public class WebUtils {

    public static String md5(String username,String password,Long expiresTime) {
        try {
            String md = password + ":" + expiresTime + ":" + username;
            MessageDigest md5 = MessageDigest.getInstance("MD5");
            byte[] bytes = md5.digest(md.getBytes("utf-8"));
            Base64.Encoder encoder = Base64.getEncoder();
            return encoder.encodeToString(bytes);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}

过滤器拦截全部请求cookie

public class AutoLoginFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;
        // 检查用户是否登陆
        User user = (User) req.getSession().getAttribute("user");
        if (user != null) {
            chain.doFilter(req, resp);
            return;
        }

        // 检查用户是否带自动登陆的Cookie
        Cookie autoLoginCookie = null;
        Cookie[] cookies = req.getCookies();
        for (int i = 0; cookies != null && i < cookies.length; i++) {
            if (cookies[i].getName().equals("autoLogin")) {
                autoLoginCookie = cookies[i];
            }
        }

        if (autoLoginCookie == null) {
            chain.doFilter(req, resp);
            return;
        }

        // 用户带了自动登陆的Cookie，则先检查Cookie的有效期
        String[] values = autoLoginCookie.getValue().split(":");
        if (values.length != 3) {
            chain.doFilter(req,resp);
            return;
        }

        long expiresTime = Long.parseLong(values[1]);
        if (System.currentTimeMillis() > expiresTime) {
            chain.doFilter(req, resp);
            return;
        }

        // 再检查Cookie的有效性
        String username = values[0];
        UserService userService = new UserService();
        user = userService.findUser(username);
        if (user == null) {
            chain.doFilter(req, resp);
            return;
        }

        String server_md5 = WebUtils.md5(user.getUsername(), user.getPassword(), expiresTime);
        String client_md5 = values[2];
        if (!server_md5.equals(client_md5)) {
            chain.doFilter(req, resp);
            return;
        }

        // 执行登陆
        req.getSession().setAttribute("user", user);
        chain.doFilter(req, resp);

    }

    @Override
    public void destroy() {

    }
}