我已经构建了一个带有两个jsp文件和一个控制器的小型servlet。
这是login.jsp
:
<body>
<section class="loginform cf">
<form name="login" action="controller/login" method="get" onsubmit="return validateForm()"
accept-charset="utf-8">
<ul>
<li><label for="username">Username</label> <input type="text"
name="username" ></li>
<li><label for="password">Password</label> <input
type="password" name="password" ></li>
<li><input type="submit" value="Login"></li>
</ul>
</form>
<form action="http://localhost:8080/ToDoListProj" method="get">
<input title="Register" type="submit" value="Not Yet A Member?" formaction="register.jsp"/>
<br/>
</form>
</section>
</body>
这是控制器:
package il.ac.hit.controller;
import il.ac.hit.model.HibernateToDoListDAO;
import il.ac.hit.model.Item;
import il.ac.hit.model.ToDoListPlatformException;
import il.ac.hit.model.User;
import java.io.IOException;
import java.io.PrintWriter;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import antlr.StringUtils;
/**
* Servlet implementation class ToDoListPlatformContrller
*/
@WebServlet("/controller/*")
public class ToDoListPlatformController extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public ToDoListPlatformController() {
super();
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
private boolean isAlphaNumeric(String word)
{
return word.matches("[a-zA-Z0-9]+");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String path = request.getPathInfo();
System.out.println(path);
RequestDispatcher dispatcher = null;
switch(path)
{
case "/login":
{
try {
String username = request.getParameter("username");
String password = request.getParameter("password");
if(username != null && password != null && isAlphaNumeric(username) && isAlphaNumeric(password))
{
List<User> usersList = il.ac.hit.model.HibernateToDoListDAO.getInstance().getUsersList();
for(User user : usersList)
{
if(user.getName().equals(username) && user.getPassword().equals(password))
{
Cookie cookie = new Cookie("UserId", username);
cookie.setPath("/");
response.addCookie(cookie);
request.getSession().setAttribute("UserID", username);
request.getSession().setAttribute("table", HibernateToDoListDAO.getInstance().getItemsList(username));
dispatcher = getServletContext().getRequestDispatcher("/view.jsp");
break;
}
}
}
else
{
dispatcher = getServletContext().getRequestDispatcher("/wronglogin.jsp");
}
} catch (ToDoListPlatformException e) {
dispatcher = getServletContext().getRequestDispatcher("/wronglogin.jsp");
}
break;
}
dispatcher.forward(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
当我在登录jsp页面输入用户名和密码并点击提交时,这两个属性都显示在URL行中。
这就是我得到的:
http://localhost:8080/ToDoListProj/controller/login?username=usernamesample&password=passwordasmple
我该如何解决?
答案 0 :(得分:2)
您应该将method="get"
更改为method="post"
。
GET
方法会像您的情况一样将数据添加到URL。在处理身份验证时,切勿使用get
方法。形式。
答案 1 :(得分:0)
使用Http POST代替GET:
在JSP中
<form name="login" action="controller/login" method="post"
并在控制器中:
protected void doPost(HttpServletRequest req, HttpServletResponse resp) {
// read login data from request like you do now in doGet...
答案 2 :(得分:0)
<form name="login" action="controller/login" method="get"
,表单使用get,因此参数显示在网址中,使用method="post"
。现在请记住,在调用此doPost()
后,您必须将代码复制到doPost()
或从doGet()
致电doPost()
答案 3 :(得分:0)
您必须将get
更改为post
方法
<form name="login" action="controller/login" method="post" onsubmit="return validateForm()"
在
get
中,请求参数通过追加传递给服务器 在url的末尾,而在post请求表单元素或 参数作为HTTP正文的一部分传递,不会附加到 URL的结尾。所以每当我们需要发送一些敏感信息时 到服务器,发送post
请求。
答案 4 :(得分:0)
如果您使用https而不是http,则HttpGet为“OK”。 Https将加密你的get参数(但是整个请求url可能在服务器日志中未加密保存,例如,因此HttpPost将是首选方法。)
除了说明你应该使用method=post
的所有答案之外,你可以将doGet
中的代码放在一个自己的函数中,让我们说login
,这样就可以使用HttpPost和HttpGet同时:
private RequestDispatcher login(HttpServletRequest request, HttpServletResponse response) {
String path = request.getPathInfo();
System.out.println(path);
RequestDispatcher dispatcher = null;
switch(path)
{
case "/login":
{
try {
String username = request.getParameter("username");
String password = request.getParameter("password");
if(username != null && password != null && isAlphaNumeric(username) && isAlphaNumeric(password))
{
List<User> usersList = il.ac.hit.model.HibernateToDoListDAO.getInstance().getUsersList();
for(User user : usersList)
{
if(user.getName().equals(username) && user.getPassword().equals(password))
{
Cookie cookie = new Cookie("UserId", username);
cookie.setPath("/");
response.addCookie(cookie);
request.getSession().setAttribute("UserID", username);
request.getSession().setAttribute("table", HibernateToDoListDAO.getInstance().getItemsList(username));
dispatcher = getServletContext().getRequestDispatcher("/view.jsp");
break;
}
}
}
else
{
dispatcher = getServletContext().getRequestDispatcher("/wronglogin.jsp");
}
} catch (ToDoListPlatformException e) {
dispatcher = getServletContext().getRequestDispatcher("/wronglogin.jsp");
}
break;
}
return dispatcher;
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
login(request, response).forward(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
login(request, response).forward(request, response);
}