实现自动登录：Filter 实现思路和方式

1. 当你勾选（记住登录状态），用cookie保存用户名和密码。不勾选，cookie失效。
2. 所有的页面都要经过autoLoginFilter.java 的过滤器，在这类中，必须要判断cookies不为null，获得所有的cookie，得到name为user的cookie，进行用户名和密码的验证，如果不为null，则将user存入session。
3. 在LoginServlet.java中，获得username和password参数，进行dao验证，如果不为空，放入seesion中，进行页面跳转。
4. 创建cookie对象。setpath("/"),表示本应用下的所有路径都能访问此cookie。
5. 对于已经正确登录的用户，再次访问其他页面必定会再次经过autoLoginFilter，这时，判断当前session中的user是否为null，不为null，直接通过。
6. 对于**login.jsp的有关页面，不需要经过autoLoginFilter。

7. package com.learning.web.servlet;
   
   import java.io.IOException;
   import javax.servlet.ServletException;
   import javax.servlet.annotation.WebServlet;
   import javax.servlet.http.Cookie;
   import javax.servlet.http.HttpServlet;
   import javax.servlet.http.HttpServletRequest;
   import javax.servlet.http.HttpServletResponse;
   
   import com.learning.domain.User;
   import com.learning.service.UserService;
   
   @WebServlet("/servlet/loginServlet")
   public class LoginServlet extends HttpServlet {
       private static final long serialVersionUID = 1L;
       protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
               String username = request.getParameter("username");
               String password = request.getParameter("password");
               String autologin = request.getParameter("autologin");
               
               UserService userService=new UserService();
               User user = userService.findUser(username, password);
               //user不为null，则登录成功
               if (user!=null) {
                   //创建cookie来保存用户信息
                   Cookie cookie=new Cookie("user", user.getUsername()+"&"+user.getPassword());
                   cookie.setPath("/");
                   //autologin不为null，则记住了登录状态
                   if (autologin!=null) {
                       cookie.setMaxAge(1*60*60*24);//一天的有效时间
                   }
                   else {
                       cookie.setMaxAge(0);
                   }
                   response.addCookie(cookie);
                   request.getSession().setAttribute("user", user);
                   request.getRequestDispatcher("/home.jsp").forward(request, response);
               }else {
                   response.sendRedirect(request.getContextPath()+"/homeLogin.jsp");
               }
               
       }
   
       protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
           doGet(request, response);
       }
   
   }

   package com.learning.web.filter;
   
   import java.io.IOException;
   
   import javax.servlet.Filter;
   import javax.servlet.FilterChain;
   import javax.servlet.FilterConfig;
   import javax.servlet.ServletException;
   import javax.servlet.ServletRequest;
   import javax.servlet.ServletResponse;
   import javax.servlet.annotation.WebFilter;
   import javax.servlet.annotation.WebInitParam;
   import javax.servlet.http.Cookie;
   import javax.servlet.http.HttpServletRequest;
   import javax.servlet.http.HttpServletResponse;
   import javax.servlet.http.HttpSession;
   import javax.servlet.jsp.jstl.core.Config;
   
   import com.learning.domain.User;
   import com.learning.service.UserService;
   
   @WebFilter(urlPatterns="/*",initParams={@WebInitParam(name="autologin",value="login"),@WebInitParam(name="",value="")})
   public class AutoFilter implements Filter{
   
       private FilterConfig filterConfig;
       @Override
       public void destroy() {
       }
   
       @Override
       public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
               throws IOException, ServletException {
           // 转换对象
           HttpServletRequest httpServletRequest = (HttpServletRequest) request;
           HttpServletResponse httpServletResponse = (HttpServletResponse) response;
           // 获得访问的路径
           String uri = httpServletRequest.getRequestURI();
           String contextPath = httpServletRequest.getContextPath();
           uri = uri.substring(contextPath.length() + 1);
           // 获得初始化参数
           String login = filterConfig.getInitParameter("autologin");
           System.out.println("直接通行的路径："+login);
           // 不包含"login"的路径就要进行过滤 （xxxlogin.jsp 不需要自动登录）
           if (!uri.contains(login)) {
               HttpSession session = httpServletRequest.getSession();
               User u = (User) session.getAttribute("user");
               if (u != null) {
                   System.out.println("session不为null");
                   chain.doFilter(request, response);
               } else {
   
                   // 处理业务逻辑
                   // 1.获得cookie 得到User的信息
   
                   String username = "";
                   String password = "";
                   UserService userService = new UserService();
                   Cookie[] cookies = httpServletRequest.getCookies();
                   for (int i = 0;cookies!=null&& i < cookies.length; i++) {        
                       if ("user".equals(cookies[i].getName())) {
                           String string = cookies[i].getValue();
                           String[] values = string.split("&");
                           username = values[0];
                           password = values[1];
                           User user = userService.findUser(username, password);
                           
                           // 不为空则放入session
                           if (user != null) {
                               System.out.println("自动登录了");
                               httpServletRequest.getSession().setAttribute("user", user);
                           }
                       }
                   }
               }
           }
           // 2.放行
           chain.doFilter(request, response);
       }
   
   
       @Override
       public void init(FilterConfig filterConfig) throws ServletException {
           
           this.filterConfig=filterConfig;
           
       }
   
   }