我无法承诺,如何在授权后获取用户信息。现在我只是没有任何东西得到user.jsp页面,我应该写什么呢。据我所知,我应该制作servlet,但我无法承担我应该写的内容。
我的过滤器:
public class AuthenticationFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String login = request.getParameter("login");
String password = request.getParameter("password");
UserDaoImpl userDao = new UserDaoImpl();
HttpSession session = request.getSession();
if (nonNull(session) && nonNull(session.getAttribute("login")) && nonNull(session.getAttribute("password"))) {
User.ROLE role = (User.ROLE) session.getAttribute("role");
moveToMenu(request, response, role);
} else if (userDao.userIsExist(login, password)) {
User.ROLE role = userDao.getRoleByLoginPassword(login, password);
request.getSession().setAttribute("password", password);
request.getSession().setAttribute("login", login);
request.getSession().setAttribute("role", role);
moveToMenu(request, response, role);
} else {
moveToMenu(request, response, User.ROLE.UNKNOWN);
}
}
private void moveToMenu(HttpServletRequest req, HttpServletResponse res, User.ROLE role) throws ServletException, IOException {
if (role.equals(User.ROLE.ADMIN)) {
req.getRequestDispatcher("/WEB-INF/view/adminPage.jsp").forward(req, res);
} else if (role.equals(User.ROLE.USER)) {
req.getRequestDispatcher("/WEB-INF/view/userPage.jsp").forward(req, res);
} else {
req.getRequestDispatcher("/WEB-INF/view/index.jsp").forward(req, res);
}
}
}
答案 0 :(得分:0)
好的,我认为将密码存储为纯文本并不是一个好主意,但它只是研究项目,然后我会修复它。
解决方案:
public class AuthenticationFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
UserDaoImpl dao = new UserDaoImpl();
String login = request.getParameter("login");
String password = request.getParameter("password");
int id = dao.findByLogin(login, password);
User user = dao.findById(id);
HttpSession session = request.getSession();
if (nonNull(session) && nonNull(session.getAttribute("user"))) {
User role = (User) session.getAttribute("user");
moveToMenu(request, response, role.getRole());
} else if (dao.userIsExist(login, password)) {
User.ROLE role = dao.getRoleByLoginPassword(login, password);
request.getSession().setAttribute("user", user);
moveToMenu(request, response, role);
} else {
moveToMenu(request, response, User.ROLE.UNKNOWN);
}
}
private void moveToMenu(HttpServletRequest req, HttpServletResponse res, User.ROLE role) throws ServletException, IOException {
if (role.equals(User.ROLE.ADMIN)) {
req.getRequestDispatcher("/WEB-INF/view/adminPage.jsp").forward(req, res);
} else if (role.equals(User.ROLE.USER)) {
req.getRequestDispatcher("/WEB-INF/view/userPage.jsp").forward(req, res);
} else {
req.getRequestDispatcher("/WEB-INF/view/index.jsp").forward(req, res);
}
}
}
和jsp:
<html>
<head>
<title>USER</title>
<jsp:include page="../view/tags/tagPage.jsp"/>
</head>
<body>
<h1>Hello USER!</h1>
<div class="container">
<h1><p class="text-center">User</p></h1>
<table class="table">
<thead>
<tr>
<td>Id</td>
<td>Name</td>
<td>Login</td>
<td>Password</td>
<td>Role</td>
<td>Email</td>
</tr>
</thead>
<tbody>
<tr>
<td><c:out value="${user.id}"/></td>
<td><c:out value="${user.name}"/></td>
<td><c:out value="${user.login}"/></td>
<td><c:out value="${user.password}"/></td>
<td><c:out value="${user.role}"/></td>
<td><c:out value="${user.email}"/></td>
<td>
<form method="post" action="/delete">
<input type="number" hidden name="id" value="${user.id}"/>
<input type="submit" class="btn btn-danger btn-xs"
name="delete" value="Delete"/>
</form>
</td>
</tr>
</tbody>
</table>
<p align="left"><a class="btn btn-info btn-xs" href="logout"
role="button">Logout</a></p>
</div>
</body>
</html>