登录
基本思路
正常的登录界面,需要键入用户名密码,用户名密码正确可以进入之后的操作;用户名密码错误则要重试。最后要有退出登录功能。
有关用户的信息不仅仅只用用户名和密码,还会有年龄,性别等一系列信息。
所以我们需要写一个用户servlet,一个登录界面和一个登录失败页面。其中用户userServlet需要能查找用户的其他信息,能跳转到登录和登录失败界面,可以用一个if实现。
代码
userServlet
@WebServlet("/user")
public class userServlet extends HttpServlet {
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws IOException {
req.setCharacterEncoding("UTF-8");
String method = req.getParameter("method");
if (method == null || method.equals("")){
method = "login";
}
switch (method){
case "login":
login(req,resp);
break;
case "logout":
logout(req,resp);
break;
}
}
private void logout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
System.out.println("userServlet.logout");
HttpSession httpSession = req.getSession();
httpSession.invalidate();
resp.sendRedirect(req.getContextPath() + "/login.jsp");
}
private void login(HttpServletRequest req, HttpServletResponse resp) throws IOException {
System.out.println("userServlet.login");
String name = req.getParameter("name");
int password = Integer.parseInt(req.getParameter("password"));
Connection connection = null;
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
User user = null;
try {
connection = JDBCUtil.getConnection();
String sql = "SELECT id,age,gender,level FROM user WHERE name=? AND password=?";
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1,name);
preparedStatement.setInt(2,password);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()){
int id = resultSet.getInt("id");
int age = resultSet.getInt("age");
String gender = resultSet.getString("gender");
int level = resultSet.getInt("level");
user = new User(id,name,password,age,gender,level);
}
} catch (SQLException throwables) {
throwables.printStackTrace();
}finally {
JDBCUtil.close(connection,preparedStatement,resultSet);
}
if (user != null) { // 有这个用户登录成功
HttpSession session = req.getSession();
session.setAttribute("user", user);
// /JavaWeb/
resp.sendRedirect(req.getContextPath() + "/");
} else { // 用户名或者密码错误,没有这个用户
resp.sendRedirect(req.getContextPath() + "/fail.jsp");
}
}
}
登录界面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="<%=request.getContextPath()%>/user?method=login" method="post">
用户名:<input type="text" name="name"/><br/>
密码:<input type="password" name="password"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
登录失败界面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
用户名或密码错误<br/>
<a href="<%=request.getContextPath()%>/login.jsp">重试</a>
</body>
</html>
过滤器
有了登录操作让我们更安全的访问界面进行操作,但是有重大bug,当我们不通过进入登录而直接访问所需界面地址是可以直接到达界面的,而每一个都加上登录method太过于繁杂,所以用过滤器。
为什么要用过滤器?
项目开发中,经常会用到重复代码的实现。
1、请求每个servlet都要设置编码
2、判断用户是否登录,只有登录了才有操作权限。
注意
1.
interface FilterChain 过滤链:
执行一个过滤器后执行下一个或者放行
放行:
doFilter(ServletRequest request, ServletResponse response)
2.
这一句很重要,当扫描到这一句时会意识到这是一个Filter,如果没有那么Filter会变成一个普通的类。所以,如果想Filter失去作用只需要注释掉这句。
@WebFilter(filterName = "login", urlPatterns = "/*")
3.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
这里的request和response不同于req和resp,request和response是req和resp的父类,没有转发、重定向等方法,用到时需要强制转化,如:
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
4.
Filter的三个生命历程(init,doFilter,destroy)都要有。
代码
@WebFilter(filterName = "login", urlPatterns = "/*")
public class loginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("loginFilter.init");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
System.out.println("loginFilter.doFilter");
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
String servletPath = httpServletRequest.getServletPath();
System.out.println("servletPath = " + servletPath);
String method = httpServletRequest.getParameter("method");
System.out.println("method = " + method);
if (servletPath.equals("/login.jsp") ||
(servletPath.equals("/user") && method.equals("login"))
|| servletPath.equals("/fail.jsp")){
chain.doFilter(request,response);
return;
}
HttpSession httpSession = httpServletRequest.getSession();
User user = (User) httpSession.getAttribute("user");
System.out.println("user = " + user);
if (user == null){
httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/login.jsp");
return;
}
chain.doFilter(request,response);
}
@Override
public void destroy() {
System.out.println("loginFilter.destroy");
}
}