启动应用程序时出现问题。它抱怨:
org.apache.jasper.servlet.TldScanner.scanJars至少有一个JAR被扫描用于尚未包含TLD的TLD。为此记录器启用调试日志记录,以获取已扫描但未在其中找到TLD的完整JAR列表。在扫描期间跳过不需要的JAR可以缩短启动时间和JSP编译时间。
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<resource-ref>
<description>DB Connection</description>
<res-ref-name>jdbc/users</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<context-param>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/context.xml</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>
context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Resource name="jdbc/users"
global="jdbc/users"
auth="Container"
type="javax.sql.DataSource"
username="root"
password="admin"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/users" />
</Context>
InputServlet
package pl.javastart.prepared.servlet;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
@WebServlet("/InputServlet")
public class InputServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
doPost(request, response);
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
Connection conn = null;
ResultSet resultSet = null;
Statement statement = null;
try {
Context initialContext = new InitialContext();
Context envContext = (Context) initialContext
.lookup("java:comp/env");
DataSource ds = (DataSource) envContext.lookup("jdbc/users");
conn = ds.getConnection();
statement = conn.createStatement();
String username = request.getParameter("username");
String password = request.getParameter("password");
// pass2" OR '1'='1'; --
final String sqlQuery = "SELECT username, password FROM user WHERE "
+"username=" + "\"" + username + "\" "
+"AND "
+"password=" + "\"" + password + "\";";
System.out.println(sqlQuery);
resultSet = statement.executeQuery(sqlQuery);
if(resultSet.next()) {
String userFound = resultSet.getString("username");
request.getSession().setAttribute("username", userFound);
if("admin".equals(userFound)) {
request.getSession().setAttribute("privigiles", "all");
} else{
request.getSession().setAttribute("privigiles", "view");
}
} else {
request.getSession().setAttribute("username", "Nieznajomy");
request.getSession().setAttribute("privigiles", "none");
}
request.getRequestDispatcher("result.jsp").forward(request, response);
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
resultSet.close();
statement.close();
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
result.jsp中
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>Welcome <%= session.getAttribute("username") %></h1>
<h2>Your privigiles: <%= session.getAttribute("privigiles") %></h2>
</body>
</html>
的index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Log in</title>
</head>
<body>
<h1>Log in</h1>
<form action="InputServlet" method="post">
<input type="text" placeHolder="Username" name="username">
<br>
<input type="password" placeHolder="Password" name="password">
<br>
<input type="submit" value="Zaloguj">
</form>
</body>
</html>
旧版Tomcat的解决方案无法在此处使用
答案 0 :(得分:1)
在web.xml中添加servlet映射:
<servlet>
<servlet-name>InputServlet</servlet-name>
<servlet-class>pl.javastart.prepared.servlet.InputServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>InputServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>