我创建了以下函数,该函数应检查数据库中的“ role”列是否包含admin或为Null(表示它是常规用户)。我尝试在我的 Servlet类中对其进行测试,如下面的代码所示,但是它每次重定向我到USER JSP页面。我的checkRole()方法是否存在任何错误?预先谢谢你。
checkRole()方法public static boolean checkRole() {
boolean find = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE role=?;");
pst.setString(1, role);
rs = pst.executeQuery();
while (rs.next()) {
if (rs.getString("role").equals("admin") {
find = true;
} else {find = false;}
}
} catch (SQLException e) {
e.printStackTrace();
}
return find;
}
{
String pass1 = request.getParameter("password");
String email = request.getParameter("email");
//checks whether user credentials are right and if it is admin
if(User.validate(email,pass1) && User.checkRole()){
request.setAttribute("email",request.getParameter("email"));
request.setAttribute("pass", request.getParameter("password"));
s.invalidate();
forwardTo(ctx, request, response, "/Admin.jsp");
}
//checks whether user credentials are right and if it is a regular user
else if (User.validate(email, pass1) && !User.checkRole()) {
request.setAttribute("email",request.getParameter("email"));
request.setAttribute("pass", request.getParameter("password"));
s.invalidate();
forwardTo(ctx, request, response, "/RegularUser.jsp");
}
else {
//show some error message
}
}
答案 0 :(得分:0)
在checkRole()方法中,您需要在找到管理员后跳出while循环,否则您的“ find”布尔值可能会在下一次迭代时再次设置为false。
答案 1 :(得分:0)
更改您的checkRole方法,如
public static boolean checkRole(String email) {
boolean find = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");
pst.setString(1, email);
rs = pst.executeQuery();
if(rs.next()) {
find = true;
}
} catch (SQLException e) {
e.printStackTrace();
}
return find;
}
然后在servlet代码中编写
之类的条件 if(User.validate(email,pass1) && User.checkRole(email))
答案 2 :(得分:0)
如果您的users表中有多个角色不同的用户,则您的checkRole()方法将始终为true。因为您要选择字段角色为某种类型的所有行。而且,如果您的用户表中存在特定角色类型,则该类型始终为true
就像已经提到的其他答案一样,您需要传递一个唯一的标识符。该查询还应该如何知道您要为哪个用户检查角色?在大多数应用程序中,这是通过user_id / id字段完成的,但由于此处仅包含电子邮件,因此您也可以使用它。我会做这样的事情:
public static boolean isAdmin(String email) {
boolean check = false;
PreparedStatement pst = null;
ResultSet rs = null;
try(Connection conn= ConnectionConfiguration.getConnection()){
pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");
pst.setString(1, email);
rs = pst.executeQuery();
check = rs.next(); // if the resultSet has results, then check will evaluate to true
} catch (SQLException e) {
e.printStackTrace();
}
return check;
}
然后使用您的servlet:
{
String pass1 = request.getParameter("password");
String email = request.getParameter("email");
//first check if valid login details (seperate it out so you can be more specific in the error you give back, and you don't have to repeat yourself)
if(User.validate(email,pass1)){
// s.invalidate(); //this isn't really necessary here, normally you invalidate the session variables when the user logs out. If a different user logs in (whilst one is already logged in), then any session variables you have set would override it.
String url = "/RegularUser.jsp";
String role = "regular";
//now check if user is admin
if(User.isAdmin(email)){
url = "/Admin.jsp"
role = "admin";
}
//set your session variables
//s.setAttribute("user_email", email);
//s.setAttribute("user_role", role);
forwardTo(ctx, request, response, url);
}else{
//wrong login details - set values back in form
request.setAttribute("email",email);
request.setAttribute("pass", pass1);
forwardTo(ctx, request, response, "/Login.jsp");
}
}