步骤
1.用户注册(添加新用户)
2.用户登录(验证身份)
3.获取当前登录的用户信息
实现过程
1.为了简单起见我们将用户管理在内存中
用户信息:int uid ,String username (唯一),String password
List <user> allUser
2.登录场景
/login.html 提供form表单,收集用户填写的用户名 + 密码信息,并且提交到服务器
/login.do 读取用户提交的用户名 + 密码,完成验证。
如果成功,进行登录(会话中保存当前用户)
如果失败,重定向回/login.html
3.获取当前登录用户
如果没有当前登录用户,重定向跳转到 /login.html
如果用户登陆了则显示当前用户登录信息
/publish.html
代码
login.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>登录</title> </head> <body> <form action="/login.do" method="post"> <input type="text" name="username"> <input type="password" name="password"> <button>登录</button> </form> </body> </html>
User.java
package repo; import java.util.Objects; /** * @author jiaoer **/ public class User { public Integer uid; public String username; public String password; public User(int uid,String username,String password){ this.uid = uid; this.username = username; this.password = password; } @Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; User user = (User) o; return Objects.equals(username, user.username) && Objects.equals(password, user.password); } @Override public int hashCode() { return Objects.hash(username, password); } @Override public String toString() { return "User{" + "uid=" + uid + ", username='" + username + '\'' + ", password='" + password + '\'' + '}'; } }
AllUser.java
package repo; import java.util.ArrayList; import java.util.List; /** * @author jiaoer **/ public class AllUsers { private static List<User> list = new ArrayList<>(); static { list.add(new User(1,"tom","123")); list.add(new User(1,"jerry","123")); list.add(new User(1,"lucky","123")); list.add(new User(1,"huahua","123")); list.add(new User(1,"heye","123")); } public static User find(String username,String password){ User user = new User(-1,username,password); int i = list.indexOf(user); if (i == -1){ return null; } return list.get(i); } }
LoginServlet.java
package servlet; import repo.AllUsers; import repo.User; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.xml.ws.spi.http.HttpContext; import java.io.IOException; import java.io.PrintWriter; /** * @author jiaoer **/ @WebServlet("/login.do") public class LoginServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //1.读取 用户名和密码 req.setCharacterEncoding("utf-8"); String username = req.getParameter("username"); String password = req.getParameter("password"); //TODO: 完善输入的合法性检查 System.out.println("DEBUG: username=" + username); System.out.println("DEBUG: password=" + password); //2.在用户列表中查找匹配(用户名和密码都相等)的用户 User currentuser = AllUsers.find(username, password); //3.成功进行登录,失败跳回登录页 if(currentuser == null){ //登录失败 //重定向回 login.html resp.sendRedirect("/login.html"); return; } //进行登录 -- 会话中保存当前用户登录 HttpSession session = req.getSession(); //这里的key设置任何字符串都可以,只要以后一直统一使用即可 session.setAttribute("currentUser",currentuser); //登录成功 resp.setCharacterEncoding("utf-8"); resp.setContentType("text/plain"); PrintWriter writer = resp.getWriter(); writer.printf("欢迎 %s 使用我们的的系统",currentuser); } }
PublishServlet.java
package servlet; import repo.User; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.io.PrintWriter; /** * @author jiaoer **/ @WebServlet("/publish.html") public class PiublishServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //1. 获取当前登录用户(从会话中获取) User currentUser = null; //1.1获取会话对象(session 对象) HttpSession session = req.getSession(false); if (session == null){ //说明之前没有会话,所以更不可能存在当前用户对象 resp.sendRedirect("/login.html"); return; } //说明session对象存在,从 session 对象中拿当前用户对像 //当前用户对象是LoginServlet 登录成功之后放到 session 对象中的 currentUser =(User) session.getAttribute("currentUser"); if (currentUser == null) { //说明session 存在,但当前用户不存在 resp.sendRedirect("/login.html"); return; } //获取到当前用户了,currentUser resp.setCharacterEncoding("utf-8"); resp.setContentType("text/plain"); PrintWriter writer = resp.getWriter(); writer.printf("<h1>%s</h1>",currentUser); } }
目录结构
这个系统存在一点小缺陷,登录失败会直接跳回login页面,不会有任何提示。