我创建了一个signIn servlet:
@WebServlet(
name = "SignInServlet",
description = "check email & pass",
urlPatterns = {"/authorization_signin"}
)
public class SignInServlet extends javax.servlet.http.HttpServlet {
public SignInServlet(){
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws javax.servlet.ServletException, IOException {
request.setCharacterEncoding("UTF-8");
UserDataSet user = new UserDataSet();
SignInModel modelSignIn = new SignInModel();
user.setEmail(request.getParameter("email"));
user.setPassword(request.getParameter("password"));
user = modelSignIn.doSignIn(user);
if (request.getSession().getAttribute("loggedUser") == null) {
if (user != null) {
request.getSession().setAttribute("loggedUser", user); request.getRequestDispatcher("authorization.jsp").forward(request, response);
response.setStatus(HttpServletResponse.SC_OK);
} else {
request.setAttribute("errorMessage", "Email or password is incorrect");
request.getRequestDispatcher("index.jsp").forward(request, response);
response.setStatus(HttpServletResponse.SC_OK);
}
}
}
@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException{
response.setContentType("text/html; charset=utf-8");
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
}
}
当用户登录时,servlet会将他重定向到" authorization.jsp"
<body>
<%
if (request.getSession().getAttribute("loggedUser") != null){
UserDataSet user = (UserDataSet) request.getSession().getAttribute("loggedUser");
System.out.println("In author :" + request.getSession().getAttribute("loggedUser"));
%>
<h1> Hello <%= user.getFirstName() %> <%= user.getLastName() %>!</h1>
<h2>AUTORIZED!</h2>
<a href="/authorization_logout">Log Out</a>
<%
}
else {
%>
<h1>GO HOME</h1>
<%
}
%>
</body>
然后浏览器显示此页面和已登录用户的数据
如果写入URL&#34; localhost:8080&#34;然后转到&#34; index.jsp&#34;,然后 再次在&#34; authorization.jsp&#34;
过滤检查会话:
@WebFilter(filterName = "LoginFilter")
public class LoginFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
HttpServletRequest httpRequest = (HttpServletRequest) req;
HttpServletResponse httpResponse = (HttpServletResponse) resp;
System.out.println("Enter filter");
System.out.println("Filter session: " + httpRequest.getSession(false).getAttribute("loggedUser"));
UserDataSet user = (UserDataSet) httpRequest.getSession(false).getAttribute("loggedUser");
if (user != null) {
System.out.println("CHAIN");
chain.doFilter(req, resp);
} else {
httpResponse.sendRedirect("/");
System.out.println("Not signin");
}
}
public void init(FilterConfig config) throws ServletException {
}
}
getSession().getAttribute("loggedUser")返回null
为什么呢?
下一篇文字:
如果我登录并且servlet打开&#34; authorization.jsp&#34;,那么尝试在任何* .jsp上抛出URL,其中将检查会话,结果将是null
出了什么问题?
答案 0 :(得分:0)
我的朋友帮助我在stackoverflow
如果你在session.getSession()。setAttribute的会话中放入了一些东西,你必须从会话中读取它,而不是请求。尝试&lt;%= session.getAttribute(&#34; test&#34;)%&gt;
答案 1 :(得分:0)
我用过
<%= request.getParameter("loggedUser") %>
由于某种原因,当我使用request.getSession()。getAttribute(“ loggedUser”)时,我在Java日志中看到[1],至少在传递值时,我也在同一代码中观察到了request.getParameter的工作原理查询字符串,“未检查或不安全的操作”将从日志中消失。 在我看来,这可以解决这个问题。
[1]
_index__jsp.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.