JavaWeb使用Session和Cookie实现登录认证

JavaWeb使用Session和Cookie实现登录认证

后台管理页面往往需要登录才可以进行操作，这时就需要Seession来记录登录状态

要实现起来也是非常简单，只需要自定义一个HandlerInterceptor就行了

自定义的HandlerInterceptor也只有短短几行代码

public class LoginInterceptor implements HandlerInterceptor {

@Override

public void afterCompletion(HttpServletRequest request,

HttpServletResponse response, Object obj, Exception err)

throws Exception {

}

@Override

public void postHandle(HttpServletRequest request, HttpServletResponse response,

Object obj, ModelAndView mav) throws Exception {

}

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response,

Object obj) throws Exception {

//获取session里的登录状态值

String str = (String) request.getSession().getAttribute("isLogin");

//如果登录状态不为空则返回true，返回true则会执行相应controller的方法

if(str!=null){

return true;

}

//如果登录状态为空则重定向到登录页面，并返回false，不执行原来controller的方法

response.sendRedirect("/backend/loginPage");

return false;

}

}

Controller代码

@Controller

@RequestMapping("/backend")

public class BackendController {

@RequestMapping(value = "/loginPage", method = {RequestMethod.GET})

public String loginPage(HttpServletRequest reqscKPZWuest,String account, String password){

return "login";

}

@RequestMapping(value = "/login", method = {RequestMethod.POST})

public String login(HttpServletRequest request,RedirectAttributes model, String account, String password){

//验证账号密码，如果符合则改变session里的状态，并重定向到主页

if ("jack".equals(account)&&"jack2017".equals(password)){

request.getSession().setAttribute("isLogin","yes");

return "redirect:IndexPage";

}else {

//密码错误则重定向回登录页，并返回错误，因为是重定向所要要用到RedirectAttributes

model.addFlashAttribute("error","密码错误");

return "redirect:loginPage";

}

}

//登出，移除登录状态并重定向的登录页

@RequestMapping(value = "/loginOut", method = {RequestMethod.GET})

public String loginOut(HttpServletRequest request) {

request.getSession().removeAttribute("isLogin");

return "redirect:loginPage";

}

@RequestMapping(value = "/IndexPage", method = {RequestMethod.GET})

public String IndexPage(HttpServletRequest request){

return "Index";

}

}

spring的配置

一个简单的Session实现登录认证系统就这样完成了，如果想登录状态退出浏览器后仍保留一段时间的可以将Session改为Cookie

一般情况下我们都会使用Cookie

Cookie和Session的方法差不多

使用Cookie的自定义HandlerInterceptor

public class LoginInterceptor implements HandlerInterceptor {

@Override

public void afterCompletion(HttpServletRequest request,

HttpServletResponse response, Object obj, Exception err)

throws Exception {

}

@Override

public void postHandle(HttpServletRequest request, HttpServletResponse response,

Object obj, ModelAndView mav) throws Exception {

}

@Override

public boolean preHandle(HttpServletRequest request, HttpServletResponse response,

Object obj) throws Exception {

// 获取request的cookie

Cookie[] cookies = request.getCookies();

if (null==cookies) {

System.out.println("没有cookie==============");

} else {

// 遍历cookie如果找到登录状态则返回true执行原来controller的方法

for(Cookie cookie : cookies){

if(cookie.getName().equals("isLogin")){

return true;

}

}

}

// 没有找到登录状态则重定向到登录页，返回false，不执行原来controller的方法

response.sendRedirect("/backend/loginPage");

return false;

}

}

Controller的变化也不大

@Controller

@RequestMapping("/backend")

public class BackendController {

@RequestMapping(value = "/loginPage", method = {RequestMethod.GET})

public String loginPage(HttpServletRequest request, String account, String password) {

return "login";

}

@RequestMapping(value = "/login", method = {RequestMethod.POST})

public String login(HttpServletRequest request, HttpServletResponse response, RedirectAttributes model, String account, String password) {

if ("edehou".equals(account) && "aidou2017".equals(password)) {

Cookie cookie = new Cookie("isLogin", "yes");

cookie.setMaxAge(30 * 60);// 设置为30min

cookie.setPath("/");

response.addCookie(cookie);

return "redirect:IndexPage";

} else {

model.addFlashAttribute("errscKPZWor", "密码错误");

return "redirect:loginPage";

}

}

@RequestMapping(value = "/logOut", method = {RequestMethod.GET})

public String loginOut(HttpServletRequest request, HttpServletResponse response) {

Cookie[] cookies = request.getCookies();

for (Cookie cookie : cookies) {

if (cookie.getName().equals("isLogin")) {

cookie.setValue(null);

cookie.setMaxAge(0);// 立即销毁cookie

cookie.setPath("/");

response.addCookie(cookie);

break;

}

}

http://return "redirect:loginPage";

}

@RequestMapping(value = "/IndexPage", method = {RequestMethod.GET})

public String IndexPage(HttpServletRequest request) {

return "Index";

}

}

spring的配置和之前的一模一样

注意

这里只是演示,建议在实际项目中Cookie的键和值要经过特殊处理，否则会引发安全问题

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。