展开全部

看看这个吧！主要是对cookie的操作

package cn.itcast.util;

import java.io.IOException;

import java.io.PrintWriter;

import java.io.UnsupportedEncodingException;

import javax.servlet.FilterChain;

import javax.servlet.ServletException;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

import java.security.MessageDigest;

import java.security.NoSuchAlgorithmException;

import cn.itcast.bean.User;

import cn.itcast.dao.UserDAO;

import cn.itcast.factory.DaoImplFactory;

import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;

/*

* 2007.09.21 by lyhapple

* */

public class CookieUtil {

//保存cookie时的cookieName

private final static String cookieDomainName = “cn.itcast”;

//加密cookie时的网站自定码

private final static String webKey = “itcast”;

//设置cookie有效期是两32313133353236313431303231363533e4b893e5b19e31333238653237个星期，根据需要自定义

private final static long cookieMaxAge = 60 * 60 * 24 * 7 * 2;

//保存Cookie到客户端--------------------------------------------------------------------------------------------------------

//在CheckLogonServlet.java中被调用

//传递进来的user对象中封装了在登陆时填写的用户名与密码

public static void saveCookie(User user, HttpServletResponse response) {

//cookie的有效期

long validTime = System.currentTimeMillis() + (cookieMaxAge * 1000);

//MD5加密用户详细信息

String cookieValueWithMd5 =getMD5(user.getUserName() + ":" + user.getPassword()

+ ":" + validTime + ":" + webKey);

//将要被保存的完整的Cookie值

String cookieValue = user.getUserName() + ":" + validTime + ":" + cookieValueWithMd5;

//再一次对Cookie的值进行BASE64编码

String cookieValueBase64 = new String(Base64.encode(cookieValue.getBytes()));

//开始保存Cookie

Cookie cookie = new Cookie(cookieDomainName, cookieValueBase64);

//存两年(这个值应该大于或等于validTime)

cookie.setMaxAge(60 * 60 * 24 * 365 * 2);

//cookie有效路径是网站根目录

cookie.setPath("/");

//向客户端写入

response.addCookie(cookie);

}

//读取Cookie,自动完成登陆操作--------------------------------------------------------------------------------------------

//在Filter程序中调用该方法,见AutoLogonFilter.java

public static void readCookieAndLogon(HttpServletRequest request, HttpServletResponse response,

FilterChain chain) throws IOException, ServletException,UnsupportedEncodingException{

//根据cookieName取cookieValue

Cookie cookies[] = request.getCookies();

String cookieValue = null;

if(cookies!=null){

for(int i=0;i

if (cookieDomainName.equals(cookies[i].getName())) {

cookieValue = cookies[i].getValue();

break;

}

}

}

//如果cookieValue为空,返回,

if(cookieValue==null){

return;

}

//如果cookieValue不为空,才执行下面的代码

//先得到的CookieValue进行Base64解码

String cookieValueAfterDecode = new String (Base64.decode(cookieValue),"utf-8");

//对解码后的值进行分拆,得到一个数组,如果数组长度不为3,就是非法登陆

String cookieValues[] = cookieValueAfterDecode.split(":");

if(cookieValues.length!=3){

response.setContentType("text/html;charset=utf-8");

PrintWriter out = response.getWriter();

out.println("你正在用非正常方式进入本站...");

out.close();

return;

}

//判断是否在有效期内,过期就删除Cookie

long validTimeInCookie = new Long(cookieValues[1]);

if(validTimeInCookie < System.currentTimeMillis()){

//删除Cookie

clearCookie(response);

response.setContentType("text/html;charset=utf-8");

PrintWriter out = response.getWriter();

out.println("");你的Cookie已经失效,请重新登陆

out.close();

return;

}

//取出cookie中的用户名,并到数据库中检查这个用户名,

String username = cookieValues[0];

//根据用户名到数据库中检查用户是否存在

UserDAO ud = DaoImplFactory.getInstance();

User user = ud.selectUserByUsername(username);

//如果user返回不为空,就取出密码,使用用户名+密码+有效时间+ webSiteKey进行MD5加密

if(user!=null){

String md5ValueInCookie = cookieValues[2];

String md5ValueFromUser =getMD5(user.getUserName() + ":" + user.getPassword()

+ ":" + validTimeInCookie + ":" + webKey);

//将结果与Cookie中的MD5码相比较,如果相同,写入Session,自动登陆成功,并继续用户请求

if(md5ValueFromUser.equals(md5ValueInCookie)){

HttpSession session = request.getSession(true);

session.setAttribute("user", user);

chain.doFilter(request, response);

}

}else{

//返回为空执行

response.setContentType("text/html;charset=utf-8");

PrintWriter out = response.getWriter();

out.println("cookie验证错误！");

out.close();

return;

}

}

//用户注销时,清除Cookie,在需要时可随时调用------------------------------------------------------------

public static void clearCookie( HttpServletResponse response){

Cookie cookie = new Cookie(cookieDomainName, null);

cookie.setMaxAge(0);

cookie.setPath("/");

response.addCookie(cookie);

}

//获取Cookie组合字符串的MD5码的字符串----------------------------------------------------------------------------

public static String getMD5(String value) {

String result = null;

try{

byte[] valueByte = value.getBytes();

MessageDigest md = MessageDigest.getInstance("MD5");

md.update(valueByte);

result = toHex(md.digest());

} catch (NoSuchAlgorithmException e2){

e1.printStackTrace();

}

return result;

}

//将传递进来的字节数组转换成十六进制的字符串形式并返回

private static String toHex(byte[] buffer){

StringBuffer sb = new StringBuffer(buffer.length * 2);

for (int i = 0; i < buffer.length; i++){

sb.append(Character.forDigit((buffer[i] & 0xf0) >> 4, 16));

sb.append(Character.forDigit(buffer[i] & 0x0f, 16));

}

return sb.toString();

}

}

已赞过

已踩过<

你对这个回答的评价是？

评论

收起