这次添加的代码主要是防止用户不进行常规登录 而常用在地址栏里面输入地址以及防止其他的一些非常规的访问
jsp登录页面:
一个验证的Servlet类:
针对不同类型的用户采用的不同JSP显示页面:
管理员可操作的UpdateServlet
用户只能操作的QueryServlet
一个存取用户信息的javabean类
jsp登录页面:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ page import="com.mison.User"%>
<html>
<head>
<title>My JSP 'sessionLogin.jsp' starting page</title>
</head>
<body>
<%
String username=request.getParameter("username");
String authority=request.getParameter("authority");
%>
<form action="LoginCheck">
username1:<input type="text" name="username" value="<%= null==username?"":username%>"><br>
password:<input type="password" name="password" value=""><br>
authority:
<select name="authority">
<option value="boss" <%= "boss"==authority?"":"selected='selected'" %>>boss</option>
<option value="user" <%= "user"==authority?"":"selected='selected'" %>>user</option>
</select><br>
<input type="submit" value="submit">
</form>
</body>
</html>
一个验证的Servlet类:
package com.mison;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginCheck extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
User user=new User();
HttpSession session =req.getSession();
String username=req.getParameter("username");
String password=req.getParameter("password");
String authority=req.getParameter("authority");
if("boss".equals(authority)){
if("chenjing".equals(username)&&"chenjing".equals(password)){
user.setName(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
req.getRequestDispatcher("sessionout.jsp").forward(req, resp);
}
else{
resp.sendRedirect("sessionLogin.jsp?username="+username+"&authority="+authority);
// user.setName(username);
//
// user.setAuthority(authority);
//
// session.setAttribute("user", user);
//
// RequestDispatcher dp=req.getRequestDispatcher("sessionLogin.jsp");
//
// dp.forward(req, resp);
}
}
else if("user".equals(authority)){
if("chenfeng".equals(username)&&"chenfeng".equals(password)){
user.setName(username);
user.setPassword(password);
user.setAuthority(authority);
session.setAttribute("user", user);
req.getRequestDispatcher("sessionout.jsp").forward(req, resp);
}
else{
resp.sendRedirect("sessionLogin.jsp?username="+username+"&authority="+authority);
// user.setName(username);
//
// user.setAuthority(authority);
//
// session.setAttribute("user", user);
//
// RequestDispatcher dp=req.getRequestDispatcher("sessionLogin.jsp");
//
// dp.forward(req, resp);
}
}
}
}
针对不同类型的用户采用的不同JSP显示页面:
<%@ page language="java" import="com.mison.*" pageEncoding="UTF-8"%>
<html>
<head>
<title>My JSP 'sessionout.jsp' starting page</title>
</head>
<body>
<%
User user=(User)session.getAttribute("user");
if(null==user){
response.sendRedirect("sessionLogin.jsp");
return;
}
%>
<a href="QueryServlet">query</a>
<%if(((User)session.getAttribute("user")).getAuthority().equals("boss")){%>
<a href="UpdateServlet">update</a>
<% }%>
</body>
</html>
管理员可操作的UpdateServlet
package com.mison;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class UpdateServlet extends HttpServlet {
/**
* The doGet method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to get.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session=request.getSession();
if(null==session.getAttribute("user")){
response.sendRedirect("sessionLogin.jsp");
return;
}
User user=(User)session.getAttribute("user");
if("boss".equals(user.getAuthority())){
System.out.println("您是BOSS没错!");
}
else{
System.out.println("您是用户,不是管理者");
}
}
}
用户只能操作的QueryServlet
package com.mison;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class QueryServlet extends HttpServlet {
/**
* The doGet method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to get.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session=request.getSession();
if(null==session.getAttribute("user")){
response.sendRedirect("sessionLogin.jsp");
return;
}
System.out.println("成功");
}
}
一个存取用户信息的javabean类
package com.mison;
public class User {
private String name;
private String password;
private String authority;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getAuthority() {
return authority;
}
public void setAuthority(String authority) {
this.authority = authority;
}
}