原生javaweb开发-----超市管理系统（二）：登录功能实现及登录权限拦截

基本流程图

1,编写登录需要的前端页面,这里直接引入现有资源

在web.xml中配置欢迎页，就是将登陆页面作为网站首页。

<!--欢迎页-->
    <welcome-file-list>
        <welcome-file>login.jsp</welcome-file>
    </welcome-file-list>

2,编写Dao层

2.1 编写userDao接口得到要登录的用户

public interface UserDao  {
    //通过userCode查询到数据库里面的登录信息
    public User getLoginUser(Connection connection, String userCode) throws SQLException;
}

2.2 实现UserDao接口

主要作用是从数据库里面返回相应的用户数据；

public class UserDaoImpl implements UserDao{
   public User getLoginUser(Connection connection, String userCode) throws SQLException {

       ResultSet rs=null;
       PreparedStatement pstm=null;
       User  user =null;

      if (connection!=null){
          String sql="select * from smbms_user where userCode=?";
          Object[] params={userCode};
            //返回查询的结果
          rs = BaseDao.execute(connection, sql, params, rs,pstm);

          if (rs.next()){
                  user = new User(); //实体类User
                  user.setId(rs.getInt("id"));
                  user.setUserCode(rs.getInt("userCode"));
                  user.setUserName(rs.getString("userName"));
                  user.setUserPassword(rs.getString("userPassword"));
                  user.setGender(rs.getString("gender"));
                  user.setBirthday(rs.getDate("birthday"));
                  user.setPhone(rs.getInt("phone"));
                  user.setAddress(rs.getString("address"));
                  user.setUserRole(rs.getString("userRole"));
                  user.setCreatedBy(rs.getString("createdBy"));
                  user.setCreationDate(rs.getDate("creationDate"));
                  user.setModifyBy(rs.getString("createdBy"));
                  user.setModifyDate(rs.getDate("modifyDate"));
              }
          //关闭资源
            BaseDao.closeResource(null,pstm,rs);
      }
      return  user;
   }
}

3,编写业务层

3.1 编写userService接口用户登录

public interface UserService {
    //用户登录
    public User Login(String userCode,String password);
}

3.2 实现userService接口

public class UserServiceImpl implements UserService{

    //业务层会调用Dao层，所以要引入Dao层
    private UserDao userDao;
   //在无参构造里面获得userDao实例，在类被加载的时候就引入了Dao层
    public UserServiceImpl(){
         userDao = new UserDaoImpl();
    }

    //连接数据库，返回数据库里面的登录信息
    public User Login(String userCode, String password) {

        Connection connection=null;
        User user=null;

        try {
            connection = BaseDao.getConnection();
            //业务层调用对应的具体的数据库操作
           user = userDao.getLoginUser(connection, userCode);
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            //关闭资源
            BaseDao.closeResource(connection,null,null);
        }
        return user;
    }

}

4,编写用户登录servlet

public class LoginServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //获取前端传过来的参数
        String userCode = req.getParameter("userCode");
        String userPassword = req.getParameter("userPassword");

        //调用业务层，和数据库里面的密码作对比
        UserServiceImpl userService = new UserServiceImpl();
        User user = userService.Login(userCode, userPassword); //将登录的人查出来了

        if (user!=null){  //有这个人，可以登录
            //将用户信息放到Session
            req.getSession().setAttribute(Constants.USER_SESSION,user);
            //跳转到主页
            resp.sendRedirect("jsp/frame.jsp");
        }else{  //查无此人，转发到登录界面,提示登录信息错误
            req.setAttribute("error","用户名或者密码错误！");
            req.getRequestDispatcher("login.jsp").forward(req,resp);
        }

    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

在web,xml中配置LoginServlet

 <!--注册LoginServlet-->
    <servlet>
        <servlet-name>LoginServlet</servlet-name>
        <servlet-class>com.tt.servlet.LoginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>LoginServlet</servlet-name>
        <url-pattern>/login.do</url-pattern>
    </servlet-mapping>

登录权限拦截:

编写LogoutServlet，当用户点击注销或者退出系统时，负责清除session，重定向回到登陆界面。

public class LogoutServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        //清除用户session
        req.getSession().removeAttribute(Constants.USER_SESSION);
        //重定向到登陆页面
        resp.sendRedirect(req.getContextPath()+"/login.jsp");
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}

编写SysFilter过滤器，当用户请求通过时，判断session是否为空，若为空，则跳转到错误页面。

public class SysFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;

        User user = (User) request.getSession().getAttribute(Constants.USER_SESSION);
        if (user==null){
            response.sendRedirect(request.getContextPath()+"/error.jsp");
        }
        filterChain.doFilter(req,resp);
    }

    public void destroy() {

    }
}

在web.xml中注册logoutServlet和SysFilter：

<!--注册logout servlet -->
    <servlet>
        <servlet-name>logoutServlet</servlet-name>
        <servlet-class>com.tt.servlet.LogoutServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>logoutServlet</servlet-name>
        <url-pattern>/logout.do</url-pattern>
    </servlet-mapping>
    <!--用户登录过滤器-->
    <filter>
        <filter-name>SysFilter</filter-name>
        <filter-class>com.tt.filter.SysFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SysFilter</filter-name>
        <url-pattern>/jsp/*</url-pattern>
    </filter-mapping>

最后启动Tomcat:

登录功能实现。