1.简介
用户登录模块,指的是根据用户输入的用户名和密码,对用户的身份进行验证等。如果用户没有登录,用户就无法访问其他的一些jsp页面,甚至是action都不能访问。
二、简单设计及实现
本程序是基于Java的SSH框架进行的。
1.数据库设计
分别是id,也就是UUID,用户名、密码、权限、注册时间、记录插入数据库的时间、备注等几个字段。
3.新建一个UserInfoService接口
4.新建一个UserInfoServiceImpl类
5.新建UserInfoAction类,(当然,我们的BaseAction肯定是从struts2中的ActionSupport派生出来的)
6.配置Spring的applicationContext.xml文件,依次注入Dao、Service和Action。
7.配置Spring的Hibernate的Java Bean的映射文件
8.配置Struts2文件,增加相应的Action,login等
9.登录页面login.jsp中的ajax请求:
10.为了防止用户在不登陆的情况下,访问其他页面,我们在每一个jsp页面中添加如下代码:
思考:
完成上述复杂的功能之后,我们是不是就完成任务了呢?显然不是,我们经过测试我们就会发现,在我们没有登录的情况下,我们确实没有办法访问其他的JSP页面,但是我们可以直接在浏览器中访问struts中配置的action!这依然有很大的漏洞,那我们怎么对action进行拦截呢?也即是对非login.action进行拦截判断,如果用户已经登录,就正常登录,如果用户没有登录,就返回login,让其登录。因此我们需要使用struts2的拦截器。
12.拦截器在Struts2中的配置
为每一个action配置拦截器,比如:
当然,对于用户登录的action,我们也配置相应的拦截器:
总结:
用户登录模块,指的是根据用户输入的用户名和密码,对用户的身份进行验证等。如果用户没有登录,用户就无法访问其他的一些jsp页面,甚至是action都不能访问。
二、简单设计及实现
本程序是基于Java的SSH框架进行的。
1.数据库设计
我们应该设计一个用户表,其Userinfo表,对应的SQL语句为(Oracle数据库):
create table userinfo
(
id varchar2(36) primary key,
username varchar2(50) not null,
password varchar2(50) not null,
auth_limit varchar2(10) not null,
register_time varchar2(40),
create_time varchar2(40),
remarks varchar2(1024)
);分别是id,也就是UUID,用户名、密码、权限、注册时间、记录插入数据库的时间、备注等几个字段。
2.使用MyEclipse的Hibernate逆向工具,生成对应的Java Bean和相应的hibernate的xml配置文件Userinfo.hbm.xml
package edu.njupt.zhb.bean;
/**
* Userinfo entity. @author MyEclipse Persistence Tools
*/
public class Userinfo implements java.io.Serializable {
// Fields
private String id;
private String username;
private String password;
private String authLimit;
private String registerTime;
private String createTime;
private String remarks;
// Constructors
/** default constructor */
public Userinfo() {
}
/** minimal constructor */
public Userinfo(String id, String username, String password,
String authLimit) {
this.id = id;
this.username = username;
this.password = password;
this.authLimit = authLimit;
}
/** full constructor */
public Userinfo(String id, String username, String password,
String authLimit, String registerTime, String createTime,
String remarks) {
this.id = id;
this.username = username;
this.password = password;
this.authLimit = authLimit;
this.registerTime = registerTime;
this.createTime = createTime;
this.remarks = remarks;
}
// Property accessors
public String getId() {
return this.id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return this.username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
this.password = password;
}
public String getAuthLimit() {
return this.authLimit;
}
public void setAuthLimit(String authLimit) {
this.authLimit = authLimit;
}
public String getRegisterTime() {
return this.registerTime;
}
public void setRegisterTime(String registerTime) {
this.registerTime = registerTime;
}
public String getCreateTime() {
return this.createTime;
}
public void setCreateTime(String createTime) {
this.createTime = createTime;
}
public String getRemarks() {
return this.remarks;
}
public void setRemarks(String remarks) {
this.remarks = remarks;
}
}3.新建一个UserInfoService接口
/*
* $filename: VideoInfoService.java,v $
* $Date: 2014-1-2 $
* Copyright (C) ZhengHaibo, Inc. All rights reserved.
* This software is Made by Zhenghaibo.
*/
package edu.njupt.zhb.service;
import edu.njupt.zhb.bean.Userinfo;
/*
*@author: ZhengHaibo
*web: http://blog.csdn.net/nuptboyzhb
*GitHub https://github.com/nuptboyzhb
*mail: zhb931706659@126.com
*2014-1-2 Nanjing,njupt,China
*/
public interface UserInfoService {
String getUserInfoList(int page, int rows);
String addUser(Userinfo userinfo);
String deleteUser(String userId);
String editUser(Userinfo userinfo);
Userinfo getUserInfoByName(String username);
}
4.新建一个UserInfoServiceImpl类
/*
* $filename: VideoInfoServiceImpl.java,v $
* $Date: 2014-1-2 $
* Copyright (C) ZhengHaibo, Inc. All rights reserved.
* This software is Made by Zhenghaibo.
*/
package edu.njupt.zhb.service.impl;
import java.util.ArrayList;
import java.util.List;
import net.sf.json.JSONObject;
import edu.njupt.zhb.bean.Userinfo;
import edu.njupt.zhb.dao.BaseDao;
import edu.njupt.zhb.service.UserInfoService;
import edu.njupt.zhb.utils.DataGrid;
import edu.njupt.zhb.utils.Tips;
import edu.njupt.zhb.view.ViewUser;
/*
*@author: ZhengHaibo
*web: http://blog.csdn.net/nuptboyzhb
*GitHub https://github.com/nuptboyzhb
*mail: zhb931706659@126.com
*2014-1-2 Nanjing,njupt,China
*/
public class UserInfoServiceImpl implements UserInfoService{
private BaseDao<Userinfo> userinfoBaseDao;
public BaseDao<Userinfo> getUserBaseDao() {
return userinfoBaseDao;
}
public void setUserBaseDao(BaseDao<Userinfo> userinfoBaseDao) {
this.userinfoBaseDao = userinfoBaseDao;
}
@Override
public String getUserInfoList(int page, int rows) {
// TODO Auto-generated method stub
System.out.println("page="+page+",rows="+rows);
String hql = "from Userinfo";
try {
List<Userinfo> list = userinfoBaseDao.find(hql,page,rows);
List<ViewUser> resultList = new ArrayList<ViewUser>();
for(Userinfo userinfo:list){
ViewUser viewUser = new ViewUser();
viewUser.setBz(userinfo.getRemarks());
viewUser.setId(userinfo.getId());
viewUser.setPwd(userinfo.getPassword());
viewUser.setYhm(userinfo.getUsername());
viewUser.setYhqx(userinfo.getAuthLimit());
viewUser.setZcsj(userinfo.getRegisterTime());
resultList.add(viewUser);
}
DataGrid<ViewUser> dataGrid = new DataGrid<ViewUser>();
dataGrid.setRows(resultList);
dataGrid.setTotal(userinfoBaseDao.total(hql));
String result = JSONObject.fromObject(dataGrid).toString();
return result;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
public String addUser(Userinfo userinfo) {
// TODO Auto-generated method stub
Tips tips = new Tips();
String hql = "from Userinfo where username = '"+userinfo.getUsername()+"'";
try {
List<Userinfo> list = userinfoBaseDao.find(hql);
if(list!=null&&list.size()>0){
tips.setMsg("添加失败!用户名已经存在!");
return JSONObject.fromObject(tips).toString();
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
userinfoBaseDao.save(userinfo);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
tips.setMsg("添加失败");
return JSONObject.fromObject(tips).toString();
}
tips.setMsg("添加成功");
return JSONObject.fromObject(tips).toString();
}
public String deleteUser(String userid) {
// TODO Auto-generated method stub
Tips tips = new Tips();
try {
userinfoBaseDao.executeHql("delete from Userinfo where id = '"+userid+"'");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
tips.setMsg("删除失败");
return JSONObject.fromObject(tips).toString();
}
tips.setMsg("删除成功");
return JSONObject.fromObject(tips).toString();
}
public String editUser(Userinfo userinfo) {
// TODO Auto-generated method stub
Tips tips = new Tips();
String hql = "from Userinfo where username = '"+userinfo.getUsername()+"'";
try {
List<Userinfo> list = userinfoBaseDao.find(hql);
if(list!=null&&list.size()>0){
tips.setMsg("更新失败!用户名已经存在!");
return JSONObject.fromObject(tips).toString();
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
userinfoBaseDao.update(userinfo);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
tips.setMsg("编辑失败");
return JSONObject.fromObject(tips).toString();
}
tips.setMsg("编辑成功");
return JSONObject.fromObject(tips).toString();
}
@Override
public Userinfo getUserInfoByName(String username) {
// TODO Auto-generated method stub
Userinfo userinfo = null;
String hql = "from Userinfo where username = '"+username+"'";
try {
List<Userinfo> list = userinfoBaseDao.find(hql);
if(list == null || list.size()==0){
return null;
}
userinfo = list.get(0);
return userinfo;
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
}
5.新建UserInfoAction类,(当然,我们的BaseAction肯定是从struts2中的ActionSupport派生出来的)
/*
* $filename: VideoInfoAction.java,v $
* $Date: 2014-1-2 $
* Copyright (C) ZhengHaibo, Inc. All rights reserved.
* This software is Made by Zhenghaibo.
*/
package edu.njupt.zhb.action;
import java.util.UUID;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import edu.njupt.zhb.bean.Userinfo;
import edu.njupt.zhb.service.UserInfoService;
import edu.njupt.zhb.utils.Tips;
import edu.njupt.zhb.utils.TipsMsg;
import edu.njupt.zhb.utils.Utils;
/*
*@author: ZhengHaibo
*web: http://blog.csdn.net/nuptboyzhb
*GitHub https://github.com/nuptboyzhb
*mail: zhb931706659@126.com
*2014-1-2 Nanjing,njupt,China
*/
public class UserInfoAction extends BaseAction {
/**
*
*/
private static final long serialVersionUID = 3321845277376234101L;
private Userinfo userinfo;
private String userId;
private String username;
private String password;
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public Userinfo getUserinfo() {
return userinfo;
}
public void setUserinfo(Userinfo userinfo) {
this.userinfo = userinfo;
}
private UserInfoService userInfoService;
public UserInfoService getUserInfoService() {
return userInfoService;
}
public void setUserInfoService(UserInfoService userInfoService) {
this.userInfoService = userInfoService;
}
public void getUserInfoList() {
String jsonResult = userInfoService.getUserInfoList(page, rows);
System.out.println(jsonResult);
super.writeStr(jsonResult);
}
/**
* 添加用户
*
* @return
*/
public void addUser() {
if (userinfo == null) {
Tips tips = new Tips();
tips.setMsg("添加失败!对象为空");
getPrintWriter().write(JSONArray.fromObject(tips).toString());
return;
}
userinfo.setId(UUID.randomUUID() + "");
userinfo.setCreateTime(Utils.getNowTime());
String jsonResult = userInfoService.addUser(userinfo);
getPrintWriter().write(jsonResult);
}
/**
* 删除用户
*
* @return
*/
public void deleteUser() {
if (userId == null) {
Tips tips = new Tips();
tips.setMsg("删除失败!学号无效");
getPrintWriter().write(JSONArray.fromObject(tips).toString());
return;
}
String jsonResult = userInfoService.deleteUser(userId);
getPrintWriter().write(jsonResult);
}
/**
* 编辑用户
*
* @return
*/
public void editUser() {
if (userinfo == null) {
Tips tips = new Tips();
tips.setMsg("编辑失败!对象为空");
getPrintWriter().write(JSONArray.fromObject(tips).toString());
return;
}
userinfo.setId(userId);
String jsonResult = userInfoService.editUser(userinfo);
getPrintWriter().write(jsonResult);
}
public void login() {
TipsMsg tipsMsg = new TipsMsg();
if(username==null){
tipsMsg.setId("1");
tipsMsg.setMsg("用户名为空!");
String result = JSONObject.fromObject(tipsMsg).toString();
super.writeStr(result);
return;
}
Userinfo userinfo = userInfoService.getUserInfoByName(username);
if(userinfo==null){
tipsMsg.setId("1");
tipsMsg.setMsg("用户名不存在");
String result = JSONObject.fromObject(tipsMsg).toString();
super.writeStr(result);
return;
}
if(!userinfo.getPassword().equals(password)){
tipsMsg.setId("1");
tipsMsg.setMsg("用户名或密码错误");
String result = JSONObject.fromObject(tipsMsg).toString();
super.writeStr(result);
return;
}
super.setCurrentUser(userinfo);
tipsMsg.setId("2");
tipsMsg.setMsg("登录成功");
String result = JSONObject.fromObject(tipsMsg).toString();
super.writeStr(result);
return;
}
}
6.配置Spring的applicationContext.xml文件,依次注入Dao、Service和Action。
<bean id="baseDao" class="edu.njupt.zhb.dao.BaseDao">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean><bean id="userInfoService" class="edu.njupt.zhb.service.impl.UserInfoServiceImpl">
<property name="userBaseDao" ref="baseDao"></property>
</bean><bean id="userInfoAction" class="edu.njupt.zhb.action.UserInfoAction" scope="prototype">
<property name="userInfoService" ref="userInfoService"></property>
</bean>7.配置Spring的Hibernate的Java Bean的映射文件
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.dialect">org.hibernate.dialect.OracleDialect</prop>
<prop key="current_session_context_class">thread</prop>
</props>
</property>
<property name="mappingResources">
<list>
...
<value>edu/njupt/zhb/bean/Userinfo.hbm.xml</value>
</list>
</property>
</bean>8.配置Struts2文件,增加相应的Action,login等
<action name="getUserInfoList" class="userInfoAction" method="getUserInfoList"></action>
<action name="addUser" class="userInfoAction" method="addUser"></action>
<action name="deleteUser" class="userInfoAction" method="deleteUser"></action>
<action name="editUser" class="userInfoAction" method="editUser"></action>
<action name="login" class="userInfoAction" method="login"></action>9.登录页面login.jsp中的ajax请求:
$("#btnLogin").click(function(){
var message = "";
var userName=$('input[name="userName"]').val();
var userPass=$('input[name="userPass"]').val();
if(userName == ""){
alert("请输入用户名!");
return;
}else if(userPass == ""){
alert("请输入密码!");
return;
}
$.ajax({
type:"post",
url:'login.action?username='+userName+'&password='+userPass,
dateType:"json",
success:function(data){
var json=eval("("+data+")");
if(json.id=='1'){
alert(json.msg);
return;
}else{
$("#frm").submit();
}
}
});
});10.为了防止用户在不登陆的情况下,访问其他页面,我们在每一个jsp页面中添加如下代码:
<%if(null == request.getSession().getAttribute("user")){
response.getWriter().write("<script>window.location.href = 'login.jsp'</script>");
}
%>思考:
完成上述复杂的功能之后,我们是不是就完成任务了呢?显然不是,我们经过测试我们就会发现,在我们没有登录的情况下,我们确实没有办法访问其他的JSP页面,但是我们可以直接在浏览器中访问struts中配置的action!这依然有很大的漏洞,那我们怎么对action进行拦截呢?也即是对非login.action进行拦截判断,如果用户已经登录,就正常登录,如果用户没有登录,就返回login,让其登录。因此我们需要使用struts2的拦截器。
11.拦截器的Java代码
/*
* $filename: CheckLoginInterceptor.java,v $
* $Date: 2014-1-15 $
* Copyright (C) ZhengHaibo, Inc. All rights reserved.
* This software is Made by Zhenghaibo.
*/
package edu.njupt.zhb.utils;
import java.util.Map;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import edu.njupt.zhb.action.UserInfoAction;
import edu.njupt.zhb.bean.Userinfo;
/*
*@author: ZhengHaibo
*web: http://blog.csdn.net/nuptboyzhb
*GitHub https://github.com/nuptboyzhb
*mail: zhb931706659@126.com
*2014-1-15 Nanjing,njupt,China
*/
public class CheckLoginInterceptor extends AbstractInterceptor{
/**
*
*/
private static final long serialVersionUID = 2092930262572782343L;
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
// TODO Auto-generated method stub
//System.out.println("begin check login interceptor!");
// 对LoginAction不做该项拦截
Object action = actionInvocation.getAction();
if (action instanceof UserInfoAction) {
//System.out.println("exit check login, because this is login action.");
//UserInfoAction userinfoAction = (UserInfoAction)action;
return actionInvocation.invoke();
}
// 确认Session中是否存在User
Map<String,Object> session = actionInvocation.getInvocationContext().getSession();
Userinfo user = (Userinfo) session.get("user");
if (user != null) {
// 存在的情况下进行后续操作。
//System.out.println("already login!");
return actionInvocation.invoke();
} else {
// 否则终止后续操作,返回LOGIN
System.out.println("no login, forward login page!");
return "login";
}
}
}
12.拦截器在Struts2中的配置
<interceptor name="loginIntercepter"
class="edu.njupt.zhb.utils.CheckLoginInterceptor">
</interceptor>
<!-- 拦截器栈 -->
<interceptor-stack name="loginStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="loginIntercepter" />
</interceptor-stack>为每一个action配置拦截器,比如:
<action name="getStudentList" class="dataGridDemoAction"
method="getStudentList">
<result type="httpheader"></result>
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="addStudent" class="dataGridDemoAction" method="addStudent">
<result type="httpheader"></result>
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="deleteStudent" class="dataGridDemoAction" method="deleteStudent">
<result type="httpheader"></result>
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="editStudent" class="dataGridDemoAction" method="editStudent">
<result type="httpheader"></result>
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>当然,对于用户登录的action,我们也配置相应的拦截器:
<!-- 用户信息Action -->
<action name="getUserInfoList" class="userInfoAction" method="getUserInfoList">
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="addUser" class="userInfoAction" method="addUser">
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="deleteUser" class="userInfoAction" method="deleteUser">
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="editUser" class="userInfoAction" method="editUser">
<interceptor-ref name="loginStack" />
<result name="login">/login.jsp</result>
</action>
<action name="login" class="userInfoAction" method="login">
<interceptor-ref name="loginStack" />
</action>总结:
以上步骤完成之后,我们基本上就完成了一个简单的用户登录模块的设计和实现了。而且我们可以根据用户的权限,显示不同的内容。比如管理员和普通操作员等具有不同的操作权限。
说明:
以上代码只是一些代码片段,我这里主要介绍的是思路。以上代码还有一些小小的漏洞,比如,我们在没有登录的情况下,还是可以直接访问getUserinfoList、deleteUser、editUser等与login在同一个Action类中的action。因此,我们设计的时候,要尽量将login和logout单独一个action。还有:上面写的getUserinfoList等一些action,目的是管理员对用户表进行增删改查等操作的,和本博客关系不大。本文主要注意的是:一个是在jsp页面中对未登陆用户的拦截,还有就是通过配置Struts2的拦截器,对未登录用户直接访问action方式进行拦截的。
未经允许,不得用于商业目的
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
