我已经构建了一个登录servlet,我从HTML POST请求中调用它。我能登录好。下面是我的servlet。
package com.login;
import javax.servlet.*;
import javax.servlet.http.*;
import java.text.MessageFormat;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import java.io.*;
public class validateServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
public void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
response.setContentType("text/html");
String userID=request.getParameter("userID");
String password=request.getParameter("password");
boolean validation = false;
final String SUCCESS = "Sucess.html";
final String FAILURE = "Failure.html";
String strUrl = "index.html";
try {
Hashtable<String, String> loginenv = new Hashtable<String, String>();
String securityPrinciple = MessageFormat.format("CN={0},OU=Employees,OU=MyComapny Users,DC=company,DC=com", userID);
System.out.println("securityPrinciple="+securityPrinciple);
System.out.println("trying to log in: " + userID);
loginenv.put(Context.PROVIDER_URL, "ldap://ds.lapd.com:389");
loginenv.put(Context.SECURITY_AUTHENTICATION, "simple");
loginenv.put(Context.SECURITY_PRINCIPAL, securityPrinciple);
loginenv.put(Context.SECURITY_CREDENTIALS, password);
loginenv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
DirContext ctx = null;
/* get a handle to an Initial DirContext */
ctx = new InitialDirContext(loginenv);
validation = true;
ctx.close();
}
catch (Exception e) {
System.out.println(e);
validation = false;
}
finally{
if(validation){
HttpSession session=request.getSession();
session.setAttribute("userID",userID);
System.out.print("Success");
/* sendRedirect("pages/index.html"); */
strUrl = SUCCESS;
}
else{
System.out.print("Failure");
strUrl = FAILURE;
}
}
RequestDispatcher requestDispatcher = request.getRequestDispatcher(strUrl);
requestDispatcher.forward(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
processRequest(request,response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
processRequest(request,response);
}
}
我从下面附带的HTML页面调用这个servlet。
当我尝试点击index.html(登录页面)时,这完全正常。但是,当我尝试在同一路径下打开任何其他页面时,它不会要求登录。页面无需登录即可打开,甚至无法重定向到登录页面。
无论如何我们可以确保所有页面都需要登录(如果这是第一次会话)?我的意思是说如果记录了page.html,它就不会要求登录page2.html但是如果page2.html是第一页打开它会自动重新登录到登录页面,一旦登录完成,page2.html应该直接打开。
<!DOCTYPE html>
<html>
<head>
<title>Login Check Test Page</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<center>
<form action="validateServlet" method="POST">
USERNAME:<input type="text" name="userID" value="" /><br>
PASSWORD:<input type="password" name="password" value="" /><br>
<input type="submit" value="ENTER" />
</form>
</center>
</body>
</html>