单点登录--cookie技术实现

第一种为自己实现的单点登录，未使用CAS

主要是cookie跨域实现

代码如下：

package com.bochy.filter;


import java.io.IOException;
import java.security.NoSuchAlgorithmException;


import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;


import org.apache.tomcat.util.http.Cookies;


import com.bochy.manage.UserManager;
import com.bochy.md5.MD_5;




public class AuthorityFilter implements Filter {
private String url;
public void init(FilterConfig config) throws ServletException {
url = config.getInitParameter("LoginProcessURL");
/*if(url == null){
throw new RuntimeException("loginurl为空");
}*/
}
public void doFilter(ServletRequest req, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest)req;
String visiPath = request.getRequestURI();
if(visiPath.trim().equals(url)){
chain.doFilter(req, response);
return;
}
String user = (String) request.getSession().getAttribute("user");
if(user!=null){
chain.doFilter(req, response);
return;
}
Cookie[] cookies = request.getCookies();
if(cookies != null){
for(Cookie ck:cookies){
String path = ck.getPath();
System.out.println(path);
String ckName = ck.getName();
if(ckName.equals("pricipal")){
String value = ck.getValue();
String[] parts = value.split(":");
String username = parts[0];
String password = parts[1];
String dbPwd = UserManager.getInstance().findUserByName(username);
String md5pwd=null;
try {
md5pwd=MD_5.toMD5(dbPwd);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if(md5pwd != null && md5pwd.equals(password)){
request.getSession().setAttribute("user", username);
break;
}
}
}
}
chain.doFilter(request, response);
}


@Override
public void destroy() {
// TODO Auto-generated method stub

}












}

==================================================

package com.bochy.manage;


import java.util.HashMap;
import java.util.Map;


public class UserManager {
private static UserManager instance=new UserManager();
public static UserManager getInstance(){
return instance;
}
private Map users = new HashMap();

private  UserManager(){
users.put("xlj", "abc");
users.put("ligang", "xyz");
users.put("hjw", "hjw");
}


public String findUserByName(String userName){
return (String) users.get(userName);
}

public void addUser(){
users.put("name", "password");
}
}

===============================================

package com.bochy.md5;


import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;


import com.sun.management.VMOption.Origin;


public class MD_5 {

public static String toMD5(String origin) throws NoSuchAlgorithmException{
MessageDigest digest=MessageDigest.getInstance("MD5");
byte[] results = digest.digest(origin.getBytes());
String md5String = toHex(results);
return md5String;
}


private static String toHex(byte[] results) {
// TODO Auto-generated method stub
if(results==null){
return null;
}
StringBuilder hexString =new StringBuilder();
for(int i=0;i<results.length;i++){
int hi=(results[i]>>4)&0x0f;
int lo=results[i]&0x0f;
hexString.append(Character.forDigit(hi, 16)).append(Character.forDigit(lo, 16));

}
return hexString.toString();
}
}

=============================================

package com.bochy.service;


import java.io.IOException;
import java.security.NoSuchAlgorithmException;


import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


import com.bochy.manage.UserManager;
import com.bochy.md5.MD_5;


/**
 * Servlet implementation class LoginService
 */
@WebServlet("/LoginService")
public class LoginServlet extends HttpServlet {

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.setContentType("utf-8");
HttpSession session=request.getSession();
if("logoff".trim().equals(request.getParameter("action"))){
session.invalidate();//注销
Cookie ck=new Cookie("pricipal","");
ck.setMaxAge(0);
ck.setPath("/");//根目录及其子目录都可访问cookie；
//ck.setDomain("itcast.com");//设置域名，这样才能从电脑访问同一域名时携带cookie访问，实现单点登录，另外，注销时cookie设置必须和定义时相同；
response.addCookie(ck);
request.getRequestDispatcher("/index.jsp").forward(request, response);
return;
}

String userName = request.getParameter("username");
String password = request.getParameter("password");
System.out.println(userName+":"+password);
String forwardPath = "";
String pwd=UserManager.getInstance().findUserByName(userName);
if(pwd!=null&&pwd.trim().equals(password)){
session.setAttribute("user", userName);
if(request.getParameter("autoLogin")!=null){
String md5Password = null;
try {
md5Password = MD_5.toMD5(password);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Cookie ck=new Cookie("pricipal",userName+":"+md5Password);
ck.setMaxAge(3600*24*14);
ck.setPath("/");//根目录及其子目录都可访问cookie；
ck.setDomain(".itcast.com");//设置域名，这样才能从电脑访问同一域名时携带cookie访问，实现单点登录，另外，注销时cookie设置必须和定义时相同；
response.addCookie(ck);
}
forwardPath = "/success.jsp";
}else{
forwardPath = "/index.jsp";
}

request.getRequestDispatcher(forwardPath).forward(request,response);
}




}

==================================================

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
  <%
String userName = (String)session.getAttribute("user");
if(userName != null){
%>

您已登录，用户名是 <%=userName%>,您可以<a href="LoginServlet?action=logoff">注销</a>

<%
return;
}
%>
  <form action="LoginServlet" method="post">
    用户名：<input type="text" name="username"><br>
   密&nbsp;&nbsp;码：<input type="password" name="password"><br>
   记住两周<input type="checkbox" name="autoLogin"><!--默认value是on  --><br>
    <input type="submit" value="提交">
      <input type="reset" value="重置">
  </form>
   
</body>
</html>

======================================

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<%
String userName = (String)session.getAttribute("user");
if(userName != null){
%>

您已登录，用户名是 <%=userName%>,您可以<a href="LoginServlet?action=logoff">注销</a>

<%
}
%>
</body>
</html>

================================================

<filter>
<filter-name>authori</filter-name>
<filter-class>com.bochy.filter.AuthorityFilter</filter-class>
<init-param>
<param-name>LoginProcessURL</param-name>
<param-value>/mysite/LoginServlet</param-value>
</init-param>
</filter>


<filter-mapping>
<filter-name>authori</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


  <servlet>
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.bochy.service.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/LoginServlet</url-pattern>
  </servlet-mapping>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>