以下是我基于角色的身份验证的servlet程序
以下是Filter
@WebFilter("/loginFilter")
public class LoginCheckFilter implements Filter {
public void init(FilterConfig arg0) throws ServletException {}
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
HttpSession session = request.getSession();
Boolean adminURI = request.getRequestURI().endsWith("login/admin/adminAccount");
Boolean userURI = request.getRequestURI().endsWith("login/user/userAccount");
System.out.println(session.getAttribute("userName"));
if(request.getRequestURI().endsWith("/login")){
chain.doFilter(req,resp);
} else if(session.getAttribute("userName") != null && session.getAttribute("userRole").equals("user") && adminURI){
request.getRequestDispatcher("index.jsp").forward(req,resp);
} else if(session.getAttribute("userName") == null){
request.getRequestDispatcher("index.jsp").forward(req,resp);
} else
chain.doFilter(req,resp);
}
public void destroy() {}
}
我已将此过滤器映射到/*
模式,登录servlet为
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String userName, password;
userName = request.getParameter("userName");
password = request.getParameter("password");
LoginService loginService = new LoginService();
DataAccessObject dataAccessObject = new DataAccessObject();
dataAccessObject.setUserName(userName);
dataAccessObject.setPassword(password);
String result = loginService.authenticate(dataAccessObject);
if(result.equals("admin")){
HttpSession session = request.getSession();
session.setAttribute("userName", userName);
session.setAttribute("userRole", result);
response.sendRedirect("admin/adminAccount");
return;
}
else if(result.equals("user")){
HttpSession session = request.getSession();
session.setAttribute("userName", userName);
session.setAttribute("userRole", result);
response.sendRedirect("user/userAccount");
return;
}
}
}
当我输入网址localhost:8080/login
时,我会看到一个登录界面,但是当我输入id and password
并按提交时,请求会发送到localhost:8080/login/login
,我是servlet的新用户不明白为什么会这样。
我的index.jsp
已登录其操作。当我将我的servlet映射到@WebServlet("/login/login")
时,只有它似乎运行。我做错了什么?
我的理解是,在浏览器转到servlet之后,应该向localhost:8080/login/
发出请求,然后根据条件将页面转移到localhost:8080/login/admin/adminAccount
或/user/userAccount
,我的index.jsp
位于网络目录中的登录文件夹中。
以下是我的jsp代码
<form action="login" method="post">
<table align="center">
<tr>
<td>Username</td>
<td><input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login"/></td>
</tr>
</table>
</form>
答案 0 :(得分:0)
如果有人输入/login
,您的jsp会被呈现,但是action="login"
会将您(因为它相对)发送给[current location="/login"]/login
。
尝试将操作更改为action="/login"
。这应该可以解决问题。