java verifies that the user is logged in and implements the automatic login method

  • 2020-06-01 09:38:53
  • OfStack

Verify that the user is logged in

package cn.hongxin.filter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter implements Filter{
 public void init(FilterConfig filterConfig) throws ServletException {
 public void doFilter(ServletRequest request, ServletResponse response,
  FilterChain chain) throws IOException, ServletException {
 // will request Equivalent to htt...
 HttpServletRequest req = (HttpServletRequest) request;
 // To obtain session
 HttpSession ss = req.getSession();
 // from session To derive user
  System.err.println(" You're not logged in yet ");
  req.getSession().setAttribute("msg", " Please log in first ");
  // Redirect to login 
  HttpServletResponse resp = (HttpServletResponse) response;
  // release 
  chain.doFilter(request, response);
 public void destroy() {

Configure to web.xml and consider jsps/* :


Automatic login

Automatic login is to help users use the page multiple times without having to enter their username and password again.

The user saves the user's login information, the person, to a local file called Cookie.

Name,value, new Cookie(key,value);

Path - the default value, which is the current serlvet path where cookie is saved.

If Cookie in this path: http: / / loclhost: 8080 / project abc/AServlet

The Cookie path is: http: / / loclhost project/abc

The description:

Place in http: / / loclhost/project/abc directory servlet can read the cookie values.


Save Cookie class: http: / / loclhost: 8080 / project/a/b/AServlet

Then the default path of Cookie is;


Step 1: develop a login page

 <c:when test="${empty}">
 <form name="x" method="post" action="<c:url value='/LoginServlet'/>">
  Name:<input type="text" name="name"/><br/>
  <input type="radio" name="auto" value="-1"> No automatic login 
  <input type="radio" name="auto" value="1">1 day <br/>
  <input type="radio" name="auto" value="7">1 weeks <br/>
  <input type="submit"/>
  You're logged in :${name}<br/>
 <a href="<c:url value='/LoginServlet'/>"> exit </a>

Step 2: successfully save cookie

public void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
 // Receive user name 
 String name = request.getParameter("name");
 String auto = request.getParameter("auto");
 // Put the user information in session
 // judge auto Whether it is -1
  int day = Integer.parseInt(auto);//1|7
  int seconds = 60*60*24*day;
  // The statement cookie
  Cookie c = new Cookie("autoLogin",name);
  // save cookie

Step 3: request to visit any page in the site should be automatically logged in

Write a filter to override all url=/*. Read all cookie in doFilter. Does the name cookie exist with the name autoLogin?

Always let go.

public void doFilter(ServletRequest request, ServletResponse response,
  FilterChain chain) throws IOException, ServletException {
 // Read here cookie
 HttpServletRequest req = (HttpServletRequest) request;
 // Get what you have cookie
 Cookie[] cs = req.getCookies();
  for(Cookie c:cs){
  if(c.getName().equals("autoLogin")){// If there is an automatic login cookie
   String value = c.getValue();// The user name 
   // Login is successful 
   req.getSession().setAttribute("name", value);
 // Whether it is automatically logged in or not 
 chain.doFilter(request, response);

Step 4: configure to web.xml for all url=/*


Step 5: exit development

System.err.println(" User exit ");
 // Delete the entire session
 Cookie c = new Cookie("autoLogin", "ddd");
// request.getSession().removeAttribute("name");

Step 6: optimize the code

Since the user will also enter the doFilter method of AutoFiilter when manually logging in and read all Cookie once. This traversal is redundant for the user.

Therefore, LoginServet and url should be overdone in doFiler.

And to exit also cannot automatically log in.

Related articles: