如何根据用户身份验证用户？

Question

我需要帮助来验证用户，我的数据库有一个名为person的表，属性为rol，rol可以是admin或employee，我希望当用户登录管理员下一个jsp显示（main.jsp）和当rol = employee显示（main-act.jsp）时，我将查询中的代码附加到用户的身份验证和登录：

1. 我怎么能这样做？
2. 我如何得到我的rol的价值？




public class mysqlquery extends Conexion{
 Connection con = null;

public boolean autenticacion(String name, String  password){
    PreparedStatement pst = null;
    //PreparedStatement pst1=null;
    ResultSet rs = null;
    //ResultSet rs1 = null;
    try {
        String query= "select * from person where name= ? and pass = ?";
        pst = getConexion().prepareCall(consulta);
        pst.setString(1, user);
        pst.setString(2, password); 
        rs = pst.executeQuery();
        if(rs.absolute(1)){
            return true;
        }
    } catch (Exception e) {
        System.err.println("error: "+e);
    }
    return false;
}


public class login extends HttpServlet {

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    String name= request.getParameter("name");
    String password= request.getParameter("pass");
    mysqlquery co = new mysqlquery();
    if(co.autenticacion(name, password)){
        HttpSession objsesion = request.getSession(true);
        objsesion.setAttribute("name", name);
        //objsesion.setAttribute("rol", rol);
        response.sendRedirect("main.jsp");
    }else {
        response.sendRedirect("index.jsp");
    }
}

Answer 1

您可以在mysql查询类中添加一个名为userRole的字段，并在autenticacion方法调用中存储从数据库中检索的角色的值，如下所示：

public class mysqlquery extends Conexion{
 Connection con = null;
 private String userRole;

 public String getUserRole() { return userRole; }

    public boolean autenticacion(String name, String  password){
        PreparedStatement pst = null;
        //PreparedStatement pst1=null;
        ResultSet rs = null;
        //ResultSet rs1 = null;
        try {
            String query= "select * from person where name= ? and pass = ?";
            pst = getConexion().prepareCall(consulta);
            pst.setString(1, user);
            pst.setString(2, password); 
            rs = pst.executeQuery();
            if(rs.absolute(1)){
                userRole = rs.getString("role");
                return true;
            }
        } catch (Exception e) {
            System.err.println("error: "+e);
        }
        return false;
    }

在Servlet中，修改如下：

protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    String name= request.getParameter("name");
    String password= request.getParameter("pass");
    mysqlquery co = new mysqlquery();
    boolean canAuthenticate = co.autenticacion(name, password);
    if(canAuthenticate  && co.getUserRole().equals("admin")){
        //go to admin page
    } else if (canAuthenticate  && co.getUserRole().equals("employee")) {
       //go to employee page
    } else {
        response.sendRedirect("index.jsp");
    }
}

通过这种方式，您可以决定用户是否可以进行身份​​验证（拥有正确的用户名和密码），并根据其角色在页面上重定向。