spring mvc 用cookie和拦截器实现自动登录(/免登录)
来源:互联网 发布:fastdfs nginx 400 编辑:程序博客网 时间:2024/06/05 16:37
www.jnshu.com/login/1/14708688 没有程序渣的理想天国。
http://blog.csdn.net/eunyeon/article/details/52892028
Cookie/Session机制详解:http://blog.csdn.net/fangaoxin/article/details/6952954
SpringMVC记住密码功能:http://blog.csdn.net/liupeng_family/article/details/38420963?utm_source=tuicool&utm_medium=referral
SpringMVC中使用Interceptor拦截器:http://elim.iteye.com/blog/1750680
登录Controller中,通过登录验证后:
- if(autoLoginTimeout > 0){
-
- Cookie userNameCookie = new Cookie("loginUserName", user.getUserName());
- Cookie passwordCookie = new Cookie("loginPassword", user.getPassword());
- userNameCookie.setMaxAge(autoLoginTimeout);
- userNameCookie.setPath("/");
- passwordCookie.setMaxAge(autoLoginTimeout);
- passwordCookie.setPath("/");
- response.addCookie(userNameCookie);
- response.addCookie(passwordCookie);
- }
(注:如果不设置cookie的path,会默认设为当前路径,所以最好统一设置一个path,否则登出时可能会发现并没有删除登录时的cookie。 附:Cookie跨域操作 http://www.iteye.com/topic/34400)
若退出登录,则删除cookie:
- @RequestMapping("/logout")
- public String logout(HttpServletRequest request, HttpServletResponse response, Model model){
- User loginUser = (User) request.getSession().getAttribute("loginUser");
-
-
- Cookie userNameCookie = new Cookie("loginUserName", loginUser.getUserName());
- Cookie passwordCookie = new Cookie("loginPassword", loginUser.getPassword());
- userNameCookie.setMaxAge(0);
- userNameCookie.setPath("/");
- passwordCookie.setMaxAge(0);
- passwordCookie.setPath("/");
- response.addCookie(userNameCookie);
- response.addCookie(passwordCookie);
-
- request.getSession().removeAttribute("loginUser");
-
- return "redirect:xxx";
- }
拦截器——用户未登录时检查cookie并实现自动登录(/免登录):
- public class LoginInterceptor implements HandlerInterceptor {
-
- @Resource
- private UserService userService;
-
-
-
-
-
-
-
- @Override
- public boolean preHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler) throws Exception {
- User loginUser = (User) request.getSession().getAttribute("loginUser");
-
- if(loginUser == null){
- String loginCookieUserName = "";
- String loginCookiePassword = "";
-
- Cookie[] cookies = request.getCookies();
- if(null!=cookies){
- for(Cookie cookie : cookies){
-
- if("loginUserName".equals(cookie.getName())){
- loginCookieUserName = cookie.getValue();
- }else if("loginPassword".equals(cookie.getName())){
- loginCookiePassword = cookie.getValue();
- }
-
- }
- if(!"".equals(loginCookieUserName) && !"".equals(loginCookiePassword)){
- User user = userService.getUserByName(loginCookieUserName);
- if(loginCookiePassword.equals(user.getPassword())){
- request.getSession().setAttribute("loginUser", user);
- }
- }
- }
- }
- return true;
- }
-
-
-
-
-
-
-
-
- @Override
- public void postHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler,
- ModelAndView modelAndView) throws Exception {
-
-
- }
-
-
-
-
-
- @Override
- public void afterCompletion(HttpServletRequest request,
- HttpServletResponse response, Object handler, Exception ex)
- throws Exception {
-
-
- }
-
- }
(注:从浏览器获取cookie时getPath会是null,后台只能得到cookie的name和value。
附:cookie.getPath Domain MaxAge 为null的问题:http://blog.csdn.net/eunyeon/article/details/52931370)
spring mvc配置文件:- <mvc:interceptors>
- <bean class="com.interceptor.LoginInterceptor" />
- </mvc:interceptors>