package com.gamecenter.api.util;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.gamecenter.api.common.UserInfo;
/**
* 類說明
* @author chitu
* @version 創建時間:2016年11月21日 下午1:39:51
*/
public class CookieUtil {
//保存cookie時的cookieName
private final static String cookieDomainName = "gamecenter";
//加密cookie時的網站自定碼
private final static String webKey = "gamecenter";
//設置cookie有效期是兩個星期,根據需要自定義
private final static long cookieMaxAge = 60 * 60 * 24 * 7 * 2;
//保存Cookie到客戶端-------------------------------------------------------------------------
//在CheckLogonServlet.java中被調用
//傳遞進來的user對象中封裝了在登陸時填寫的用戶名與密碼
public static void saveCookie(String username,String password, HttpServletResponse response) throws Exception {
//cookie的有效期
long validTime = System.currentTimeMillis() + (cookieMaxAge * 5000);
//MD5加密用戶詳細信息
String cookieValueWithMd5 =getMD5(username + ":" + password+ ":" + validTime + ":" + webKey);
//將要被保存的完整的Cookie值
String cookieValue = username + ":" + validTime + ":" + cookieValueWithMd5;
//再一次對Cookie的值進行BASE64編碼
String cookieValueBase64 = new String(Base64Util.encode(cookieValue.getBytes()));
//開始保存Cookie
Cookie cookie = new Cookie(cookieDomainName, cookieValueBase64);
//存兩年(這個值應該大於或等於validTime)
cookie.setMaxAge(60 * 60 * 24 * 365 * 2);
//cookie有效路徑是網站根目錄
cookie.setPath("/");
//向客戶端寫入
response.addCookie(cookie);
}
//讀取Cookie,自動完成登陸操作----------------------------------------------------------------
//在Filter程序中調用該方法,見AutoLogonFilter.java
public static void readCookieAndLogon(HttpServletRequest request, HttpServletResponse response,FilterChain chain) throws IOException, ServletException,UnsupportedEncodingException{
//根據cookieName取cookieValue
Cookie cookies[] = request.getCookies();
String cookieValue = null;
if(cookies!=null){
for(int i = 0; i < cookies.length; i++){
if (cookieDomainName.equals(cookies[i].getName())) {
cookieValue = cookies[i].getValue();
break;
}
}
}
//如果cookieValue為空,返回,
if(cookieValue==null){
return;
}
//如果cookieValue不為空,才執行下面的代碼
//先得到的CookieValue進行Base64解碼
String cookieValueAfterDecode = new String (Base64Util.decode(cookieValue),"utf-8");
//對解碼后的值進行分拆,得到一個數組,如果數組長度不為3,就是非法登陸
String cookieValues[] = cookieValueAfterDecode.split(":");
if(cookieValues.length!=3){
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("你正在用非正常方式進入本站...");
out.close();
return;
}
//判斷是否在有效期內,過期就刪除Cookie
long validTimeInCookie = new Long(cookieValues[1]);
if(validTimeInCookie < System.currentTimeMillis()){
//刪除Cookie
clearCookie(response);
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("你的Cookie已經失效,請重新登陸");
out.close();
return;
}
//取出cookie中的用戶名,並到數據庫中檢查這個用戶名,
String username = cookieValues[0];
//根據用戶名到數據庫中檢查用戶是否存在
UserDAO ud = DaoImplFactory.getInstance();
User user = ud.selectUserByUsername(username);
//如果user返回不為空,就取出密碼,使用用戶名+密碼+有效時間+ webSiteKey進行MD5加密
if(user!=null){
String md5ValueInCookie = cookieValues[2];
String md5ValueFromUser =getMD5(user.getUserName() + ":" + user.getPassword()
+ ":" + validTimeInCookie + ":" + webKey);
//將結果與Cookie中的MD5碼相比較,如果相同,寫入Session,自動登陸成功,並繼續用戶請求
if(md5ValueFromUser.equals(md5ValueInCookie)){
HttpSession session = request.getSession(true);
session.setAttribute("user", user);
chain.doFilter(request, response);
}
}else{
//返回為空執行
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("cookie驗證錯誤!");
out.close();
return;
}
}
//用戶注銷時,清除Cookie,在需要時可隨時調用-----------------------------------------------------
public static void clearCookie( HttpServletResponse response){
Cookie cookie = new Cookie(cookieDomainName, null);
cookie.setMaxAge(0);
cookie.setPath("/");
response.addCookie(cookie);
}
//獲取Cookie組合字符串的MD5碼的字符串----------------------------------------------------------------
public static String getMD5(String value) {
String result = null;
try{
byte[] valueByte = value.getBytes();
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(valueByte);
result = toHex(md.digest());
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
}
return result;
}
//將傳遞進來的字節數組轉換成十六進制的字符串形式並返回
private static String toHex(byte[] buffer){
StringBuffer sb = new StringBuffer(buffer.length * 2);
for (int i = 0; i < buffer.length; i++){
sb.append(Character.forDigit((buffer[i] & 0xf0) >> 4, 16));
sb.append(Character.forDigit(buffer[i] & 0x0f, 16));
}
return sb.toString();
}
}
