我需要在用户身份验证后从我的JSP页面获取用户名,并将其放入Http Session,然后将此用户名放入SQL查询以获取用户的信息!
这是我的login.JSP页面
int arr[2][2]={{1,5},{2,2},{1,5}}这是我的登录控制器
<%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page language="java" session="true" %>
<html>
<head>
<title>Login </title>
</head>
<body>
<br /> <br /> <br />
<div style="border: 1px solid black; width: 300px; padding-top: 10px;">
<br /> Please enter your username and password to login ! <br /> <span
style="color: red">${message}</span> <br />
<form:form method="post" action="j_spring_security_check"
modelAttribute="users">
<table>
<tr>
<td>Username:</td>
<td><form:input type="text" path="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><form:input path="password" type="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" /></td>
</tr>
</table>
</form:form>
</div>
</body>
</html>
这是我的DAO方法
package com.vandh.app.controller;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpSession;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;
import com.vandh.app.models.Users;
@Controller
public class LoginController {
@RequestMapping(value = { "/", "/home" })
public String getUserDefault() {
return "home";
}
@RequestMapping("/login")
public ModelAndView getLoginForm(
@ModelAttribute Users users,
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout)
{
String message = "";
if (error != null) {
message = "Incorrect username or password !";
} else if (logout != null) {
message = "Logout successful !";
}
return new ModelAndView("login", "message", message);
}
@RequestMapping("/admin**")
public String getAdminProfile() {
return "admin";
}
@RequestMapping("/403")
public ModelAndView getAccessDenied() {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
String username = "";
if (!(auth instanceof AnonymousAuthenticationToken)) {
UserDetails userDetail = (UserDetails) auth.getPrincipal();
username = userDetail.getUsername();
}
return new ModelAndView("403", "username", username);
}
}
我需要在userInfo方法中将用户名放入SQL查询中!
@Repository("loginDao")
public class LoginDaoImpl implements LoginDao {
public static String nick;
@Autowired
SessionFactory sessionFactory;
//public String userLogIn; // checking username in auth. process
Session session = null;
Transaction tx = null;
@Override
public Users findByUserName(String username) {
session = sessionFactory.openSession();
tx = session.getTransaction();
session.beginTransaction();
Users user = (Users) session.load(Users.class, new String(username));
tx.commit();
return user;
}
}
答案 0 :(得分:0)
我不确定您是否理解您的问题,但如果只是参数化查询使用参数创建查询而不是格式化字符串的问题:
String query = "select users.username, users.password, users.name, users.enabled, users.surname, users.email, users.gender, users.age, users.weight, users.height, users.sport, users.place from users where users.username LIKE :paramName";
Query query = session.createSQLQuery(query );
query.setParameter("paramName", username);
List<Users> userInfoList = query.addEntity(Users.class).list();