<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%> 
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 
<html> 
<head> 
</head> 
<body> 
<c:if test="${!empty sessionScope.error }"> 
你的密碼或用戶名錯(cuò)誤。<!-- 顯示后就需要把里面的值移走 --> 
<c:remove var="error" scope="session"/> 
</c:if> 
<c:if test="${empty sessionScope.user }" var="boo"> 
<h2>這是登錄的頁(yè)面</h2> 
<form action="<c:url value='/LoginServlet'/>" method="post"> 
NAME:<input type="text" name="name" /><br/> 
PWD:<input type="text" name="pwd" /><br/> 
不自動(dòng)登錄:<input type="radio" name="time" value="0" /><br/> 
一天:<input type="radio" name="time" value="1" /><br/> 
七天:<input type="radio" name="time" value="7" /><br/> 
<input type="submit" value="提交" /> 
</form> 
</c:if> 
<c:if test="${!boo }"> 
歡迎您，${sessionScope.user },登錄成功 
<a href="">模塊一 </a> 
<a href="">模塊2 </a> 
<a href="<c:url value='/CancelAutoLogin'/>">取消自動(dòng)登錄</a> 
</c:if> 
</body> 
</html> 

public void doPost(HttpServletRequest request, HttpServletResponse response) 
throws ServletException, IOException { 
String name=request.getParameter("name"); 
String pwd=request.getParameter("pwd"); 
String time=request.getParameter("time"); 
if(name!=null && pwd!=null && name.equals(pwd)){//此處隨意寫寫，后面應(yīng)該去servvice-->dao訪問(wèn)數(shù)據(jù)庫(kù) 
//這里假設(shè)登錄成功了，我們把信息存入session里面 
request.getSession().setAttribute("user", name); 
//兼容中文，我們需要進(jìn)行編碼 
name=URLEncoder.encode(name, "utf-8"); 
pwd=URLEncoder.encode(pwd, "utf-8"); 
Cookie c =new Cookie("autologin", name+","+pwd);//這個(gè)value不能采用這種方式的，安全性考慮，我們必須知道采用加密，或者二次加密， 
int _time=60*60*24*Integer.valueOf(time); 
c.setMaxAge(_time); 
response.addCookie(c); 
response.sendRedirect(request.getContextPath()+"/index.jsp");//在過(guò)濾器中默認(rèn)的設(shè)置是攔截重定向，轉(zhuǎn)發(fā)是內(nèi)部直接轉(zhuǎn)發(fā)，不過(guò)過(guò)濾器，不好辦，但是只需要在web.xml中配置就可以了。 
}else{ 
request.getSession().setAttribute("error", "1"); 
response.sendRedirect(request.getContextPath()+"/index.jsp"); 
} 
} 

public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain) throws IOException, ServletException { 
HttpServletRequest req=(HttpServletRequest) request; 
HttpServletResponse resp=(HttpServletResponse) response; 
String session=(String) req.getSession().getAttribute("user"); 
if(session==null){ 
System.out.println("非正常登錄"); 
resp.sendRedirect(req.getContextPath()+"/index.jsp"); 
}else{ 
System.out.println("成功登錄"); 
chain.doFilter(req, resp); 
} 
} 

<span style="font-size:18px;">public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain) throws IOException, ServletException { 
request.setCharacterEncoding(character);//去客戶端接收的編碼 
response.setContentType("text/html;charset=utf-8");//設(shè)置發(fā)出去的編碼 
chain.doFilter(request, response); 
} 

@Override 
public void init(FilterConfig config) throws ServletException { 
character=config.getInitParameter("character");//a</span><span style="font-size: 18px; font-family: Arial, Helvetica, sans-serif;">haracter 設(shè)置為全局變量，</span><span style="font-size:18px;"> 
}</span> 

<filter> 
<filter-name>character</filter-name> 
<filter-class>cn.hncu.Filter.CharacterFilter</filter-class> 
<init-param> 
<param-name>character</param-name> 
<param-value>UTF-8</param-value> 
</init-param> 
</filter> 

public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain) throws IOException, ServletException { 
//自動(dòng)登錄，必須要設(shè)置session里面是都有值，有，則當(dāng)前登錄過(guò)，沒(méi)有，就要去訪問(wèn)cookie里面的數(shù)據(jù)，cookie里面的數(shù)據(jù) 
//是否和數(shù)據(jù)庫(kù)里面的匹配，是，將session里面的值在這里設(shè)置，否，放走 
HttpServletRequest req=(HttpServletRequest) request; 
HttpServletResponse resp =(HttpServletResponse) response; 
String session =(String) req.getSession().getAttribute("user"); 
if(session==null){//說(shuō)明當(dāng)前沒(méi)有登錄過(guò) 
Cookie cs[]=req.getCookies(); 
if(cs!=null){ 
for(Cookie c:cs){ 
if(c.getName().equals("autologin")){ 
String value=c.getValue();//這是經(jīng)過(guò)加密的，但是我們僅僅只是采用逗號(hào)連接了一下。 
String[] strs=value.split(",");//在logserlvet里面采用的是先編碼，再采用逗號(hào)連接，我們這里需要反過(guò)來(lái) 
String name=URLDecoder.decode(strs[0], "utf-8"); 
String pwd=URLDecoder.decode(strs[1], "utf-8"); 
//將name,pwd數(shù)據(jù)拿到后臺(tái)訪問(wèn)數(shù)據(jù)庫(kù)，我們這里只是隨便寫寫 
if(name.equals(pwd)){ 
req.getSession().setAttribute("user", name);//設(shè)置session里面的參數(shù) 
break; 
} 
} 
} 
} 
} 
chain.doFilter(req, resp);//一定要放走哦。。 
} 

public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain) throws IOException, ServletException { 
HttpServletRequest req=(HttpServletRequest) request; 
HttpServletResponse resp=(HttpServletResponse) response; 
String ip=req.getRemoteAddr();//獲取訪問(wèn)的ip; 
System.out.println(ip+"IIPP"); 
if(set.contains(ip)){//在黑名單之內(nèi) 
System.out.println("set"); 
resp.getWriter().print("您屬于黑名單..<a href='"+req.getContextPath()+"/index.jsp'>返回</a>"); 
//返回也是不行的，因?yàn)閕ndex向服務(wù)器請(qǐng)求的時(shí)候就直接攔截了 
}else{ 
chain.doFilter(req, resp); 
} 
}

public void init(FilterConfig arg0) throws ServletException { 
//這里是黑名單列表，從數(shù)據(jù)庫(kù)中調(diào)取出來(lái)。這里只是簡(jiǎn)單的模擬下 
set.add("192.132.0.12");//這是黑IP,這個(gè)是從后臺(tái)數(shù)據(jù)庫(kù)拿到的。 
set.add("localhost"); 
set.add("192.132.32.4"); 
set.add("127.0.0.1"); 
}

public void doPost(HttpServletRequest req, HttpServletResponse resp) 
throws ServletException, IOException { 
Cookie cc=new Cookie("autologin", "");//刪除cookie的方法，就建立一個(gè)同名connkie，然后設(shè)置cookie的setmaxage=0； 
cc.setMaxAge(0); 
cc.setPath(req.getContextPath()); 
resp.addCookie(cc); 
resp.sendRedirect(req.getContextPath()+"/index.jsp"); 
}