JSP Servlet中的服务器端验证和会话属性

时间:2016-12-30 15:19:25

标签: java jsp servlets

我设计了一个JSP登录页面和一个用于服务器端验证的相应servlet。当我单击登录页面上的提交按钮时,如果提供的凭据不匹配,则响应页面将再次显示登录页面,并显示添加的错误消息。但是,当我刷新该页面时,它仍然显示错误消息。另一方面,如果登录凭证匹配,则会显示欢迎页面,但是我无法销毁会话。也就是说,如果我点击浏览器的“后退”按钮,它会再次显示登录页面,但如果我再单击“前进”按钮,它会再次显示欢迎页面。

如果用户刷新该页面,我希望抑制登录页面上的错误消息。我还希望用户的会话无效,如果他通过浏览器的“后退”按钮再次显示登录页面,这样(除其他外)他不能使用“前进”按钮返回先前呈现的页面当他登录时对他说。如何修改我的代码以向应用程序提供这些行为?

这是我的代码:

的index.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login Application</title>
</head>
<body>
    <form action="loginServlet" method="post">

            User Login
            <br>

                    User ID
                    <input type="text" name="username" >

                <br><br>
                    Password
                    <input type="password" name="userpass"><br>
                    &nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Login" >



    </form>
</body>
</html>

的welcome.jsp

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Welcome </title>
</head>
<body>

    <h4>
        Welcome 
        <%=session.getAttribute("name")%></h4>
</body>
</html>

LoginDao.java

package com.test.dao;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class LoginDao {
    public static boolean validate(String name, String pass) {      
        boolean status = false;
        Connection conn = null;
        PreparedStatement pst = null;
        ResultSet rs = null;

        String url = "jdbc:mysql://localhost:3306/";
        String dbName = "test";
        String driver = "com.mysql.jdbc.Driver";
        String userName = "root";
        String password = "12345";
        try {
            Class.forName(driver).newInstance();
            conn = DriverManager
                    .getConnection(url + dbName, userName, password);

            pst = conn
                    .prepareStatement("select * from user where email=? and password=?");
            pst.setString(1, name);
            pst.setString(2, pass);

            rs = pst.executeQuery();
            status = rs.next();

        } catch (Exception e) {
            System.out.println(e);
        } finally {
            if (conn != null) {
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if (pst != null) {
                try {
                    pst.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if (rs != null) {
                try {
                    rs.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
        }
        return status;
    }
}

LoginServlet.java

package com.test.servlets;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.amzi.dao.LoginDao;

public class LoginServlet extends HttpServlet{

    private static final long serialVersionUID = 1L;

    public void doPost(HttpServletRequest request, HttpServletResponse response)  
            throws ServletException, IOException {  

        response.setContentType("text/html");  
        PrintWriter out = response.getWriter();  

        String n=request.getParameter("username");  
        String p=request.getParameter("userpass"); 

        HttpSession session = request.getSession(false);
        if(session!=null)
        session.setAttribute("name", n);

        if(LoginDao.validate(n, p)){  
            RequestDispatcher rd=request.getRequestDispatcher("welcome.jsp");  
            rd.forward(request,response);  
        }  
        else{  
            out.print("Invalid Credentials"); 
            RequestDispatcher rd=request.getRequestDispatcher("index.jsp");  

            rd.include(request,response);  


        }  

        out.close();  
    }  
}  

0 个答案:

没有答案