使用cookie实现跨域登录

jsp的登录页面login.jsp

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%
Cookie cookie = new Cookie("auto1","useraccountname"+"#cms#+"+"userpassword");
cookie.setPath("/");
cookie.setDomain(".123.gov.cn");
response.addCookie(cookie);
%>

<html>
<head>
<title>My JSP 'login.jsp' starting page</title>
</head>
<body>
${msg}
<form action="${pageContext.request.contextPath }/login" method="post">
username:<input type="text" name="username"/>
<br/>
password:<input type="password" name="password"/>
<br/>
<input type="checkbox" name="autologin" value="login"/>是否自动登录
<br/>
<input type="submit" value="login"/>
</form>
</body>
</html>

登录成功的页面

<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'success.jsp' starting page</title>
</head>
<body>
当前登录用户名： ${user.username }
</body>
</html>

拦截器

package cn.cc.test;

import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* 登录的过滤器
* @author asus
*
*/
public class LoginFilter implements Filter {

public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
//最终实现的目的：
//www.123.gov.cn登录成功，直接访问success.jsp页面，cmp.123.gov.cn也可以获取到session域里面user对象的属性值
//判断session里面是否有user对象
HttpServletRequest req = (HttpServletRequest) request;
User user = (User) req.getSession().getAttribute("user");
if(user != null) {
//放行
chain.doFilter(request, response);
} else {//在session中没有user对象，从cookie中获取值
//获取所有的cookie
Cookie[] cookies = req.getCookies();
//根据名称获取
Cookie cookie = findCookie(cookies,"auto");
//判断
if(cookie == null) {
//放行
chain.doFilter(request, response);
} else {//在cookie中有相同名称的cookie
//从cookie中把值获取出来
//lucy#cmst#123
String values = cookie.getValue();
//切分
String[] names = values.split("#cms#");
//获取cookie用户名
String username = names[0];
//获取cookie密码
String password = names[1];

//把用户名和密码放到session里面
User u = new User();
u.setUsername(username);
u.setPassword(password);
req.getSession().setAttribute("user", u);
//放行
chain.doFilter(request, response);
}

}
}

//判断是否有相同名称的cookie
private Cookie findCookie(Cookie[] cookies, String name) {
if(cookies == null) {
return null;
}
for (Cookie cookie : cookies) {
//得到cookie的名称
String cookieName = cookie.getName();
//判断
if(cookieName.equals(name)) {
return cookie;
}
}
return null;
}
public void destroy() {
// TODO Auto-generated method stub

}

}

登录的servlet

package cn.cc.test;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class LoginServlet extends HttpServlet {
/**
* 实现登录的功能
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//获取表单输入的用户名和密码
request.setCharacterEncoding("utf-8");
String username = request.getParameter("username");
String password = request.getParameter("password");
//封装到javabean中
if (username .equalsIgnoreCase("admin") && password.equalsIgnoreCase("admin")){
User user = new User();
user.setUsername(username);
user.setPassword(password);
//成功
//判断是否选择复选框
String checkboxValue = request.getParameter("autologin");
//    System.out.println(checkboxValue);
//判断复选框值是否是null
if(checkboxValue != null) { //进行自动登录
Cookie cookie = new Cookie("auto",username+"#cms#"+password);
//设置cookie
cookie.setPath("/");
//设置这个域名下都能得到这个cookie
cookie.setDomain(".123.gov.cn");
//返回到浏览器中
response.addCookie(cookie);
}
//把返回的user对象放到session里面
request.getSession().setAttribute("user", user);
//到成功页面
response.sendRedirect(request.getContextPath()+"/success.jsp");
return;
} else {
//返回到登录页面，传递错误信息
request.setAttribute("msg", "用户名或者密码错误");
//转发
request.getRequestDispatcher("/login.jsp").forward(request, response);
return;
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
}

user类

package cn.cc.test;

public class User {

private String username;
private String password;
private String id;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
最终的实现效果







开始第一个域名没有显示admin

第二个域名登陆成功了显示admin

第一个域名没登录 但是也能显示admin了

这就说明跨域成功登录了

实现的原理

其中的一个域名登陆成功后将账号密码保存到cookie里面 让他跨域 ，当其他的域名访问的时候，通过拦截器 实现拦截看用户登录了吗 没登录先去查找cookie 将用户信息放到session里面然后放行 没有这个cookie就返回登录。



可以查看cookie也进来了