我正在尝试将简单的登录表单添加到我的应用程序中。我还在学习,所以我从最简单的开始..登录工作完美,但是我希望使用JSTL将一些用户信息提供给我的jsp ..
用户名为ABC,密码为abc123 ...我想将ABC的数据/信息传递给我的jsp页面。
LoginServlet.java
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package source;
/**
*
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException {
try
{
UserBean bean = new UserBean();
bean.setUserName(request.getParameter("un"));
bean.setPassword(request.getParameter("pw"));
bean = UserDAO.login(bean);
if (bean.isValid())
{
HttpSession session = request.getSession(true);
session.setAttribute("users",bean);
response.sendRedirect("dd1"); //logged-in page
}
else
response.sendRedirect("invalidLogin.jsp"); //error page
}
catch (Throwable theException)
{
System.out.println(theException);
}
}
}
UserDAO的
package source;
/**
*
*/
import java.sql.*;
public class UserDAO
{
static Connection currentCon = null;
static ResultSet rs = null;
public static UserBean login(UserBean bean) {
//preparing some objects for connection
Statement stmt = null;
String username = bean.getUsername();
String password = bean.getPassword();
String searchQuery = "select * from ifs_userrole where username='"+ username+ "' AND password = md5('"+ password +"')";
try
{
//connect to DB
currentCon = ConnectionManager.getConnection();
stmt=currentCon.createStatement();
rs = stmt.executeQuery(searchQuery);
boolean more = rs.next();
// if user does not exist set the isValid variable to false
if (!more)
{
System.out.println("Sorry, you are not a registered user! Please sign up first");
bean.setValid(false);
}
//if user exists set the isValid variable to true
else if (more)
{
String name = rs.getString("name");
String role = rs.getString("role");
System.out.println("Welcome " + name+ role);
bean.setName(name);
bean.setRole(role);
bean.setValid(true);
}
}
catch (Exception ex)
{
System.out.println("Log In failed: An Exception has occurred! " + ex);
}
//some exception handling
finally
{
if (rs != null) {
try {
rs.close();
} catch (Exception e) {}
rs = null;
}
if (stmt != null) {
try {
stmt.close();
} catch (Exception e) {}
stmt = null;
}
if (currentCon != null) {
try {
currentCon.close();
} catch (Exception e) {
}
currentCon = null;
}
}
return bean;
}
}
答案 0 :(得分:2)
您已将其存储为名称为users的会话属性,因此应${users}提供。该bean有两个属性name和role,因此它应该如下所示
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
...
<p>User name: <c:out value="${users.name}" /></p>
<p>User role: <c:out value="${users.role}" /></p>
由于JSP 2.0 也可以忽略<c:out>:
<p>User name: ${users.name}</p>
<p>User role: ${users.role}</p>
如果您不清理用户控制的数据,这只会打开潜在的XSS攻击漏洞。
也就是说,我会将属性名称从users更改为user,因为它实际上只有一个用户:)您的DAO类中也存在一个主要的设计问题。 Connection和ResultSet 绝对不应声明为静态变量。这不是线程安全的。在与执行查询的方法块相同的方法块中声明它们。另请参阅Show JDBC ResultSet in HTML in JSP page using MVC and DAO pattern以获取其他示例。
答案 1 :(得分:0)
你的问题太笼统了,但也许这适合你的情况......
您正在使用此行session.setAttribute("users",bean);将“user”bean添加到会话上下文中,因此,在您的jsp中,您可以执行以下操作;
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page import="com.your.package.hierarchy.UserBean" %>
<c:out value="sessionScope.users.username"/>
我不记得它的“sessionContext”,“sessionScope”或“session”是否是会话范围属性的标识符......
祝你好运!