servlet&jsp简单登录验证

• 通过session的getAttribute和setAttribute来获取/设置属性，从而验证用户是否是登录状态
• 为不同身份的登陆者提供不同的权限

作为登录的jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">    <title>My JSP 'userlogin.jsp' starting page</title>  </head>  <body>        <% String authority = (String)request.getParameter("authority"); %>    <form action="LoginTest" method="post">        <input type="text" name="username" value="<%= null == request.getAttribute("username") ? "" : request.getAttribute("username") %>"><br>        <input type="text" name="password"><br>        <select name="authority">            <option value="1" <%= "1".equals(authority) ?  "selected = 'selected'"  : ""%>>common user</option>            <option value="2" <%= "2".equals(authority) ?  "selected = 'selected'"  : ""%>>manager user</option>        </select>        <br>        <input type="submit" value="submit">    </form>  </body></html>

处理验证业务逻辑、转发的servlet

package com.feedmo;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class LoginTest extends HttpServlet {    public void doGet(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        this.doPost(request, response);         }    public void doPost(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        String username = request.getParameter("username");        String password = request.getParameter("password");        String authority = request.getParameter("authority");        if("1".equals(authority)){            if("a".equals(username) && "b".equals(password)){                HttpSession session = request.getSession();                //用户登录信息应该作为一个整体保存，所以使用javabean比较合适                User user = new User();                user.setUsername(username);                user.setPassword(password);                user.setAuthority(authority);                session.setAttribute("user", user);                                request.getRequestDispatcher("sessiontest/index.jsp").forward(request, response);            }            else{                //转向里一个页面可以使用URL重定向或者RequestDispatcher//              response.sendRedirect("sessiontest/userlogin.jsp?error=true&username="+username+"&password="+password);                request.setAttribute("username", username);                request.setAttribute("password", password);                request.setAttribute("authority", authority);                            request.getRequestDispatcher("sessiontest/userlogin.jsp").forward(request, response);            }        }                       else if("2".equals(authority)){            if("c".equals(username) && "d".equals(password)){                HttpSession session = request.getSession();                User user = new User();                user.setUsername(username);                user.setPassword(password);                user.setAuthority(authority);                session.setAttribute("user", user);                                request.getRequestDispatcher("sessiontest/index.jsp").forward(request, response);            }            else{                request.setAttribute("username", username);                request.setAttribute("password", password);                request.setAttribute("authority", authority);                request.getRequestDispatcher("sessiontest/userlogin.jsp").forward(request, response);            }        }        else{            request.setAttribute("username", username);            request.setAttribute("password", password);            request.setAttribute("authority", authority);                        request.getRequestDispatcher("sessiontest/userlogin.jsp").forward(request, response);        }    }}

用户个人信息（User）存储的javabean，作为sessioin的attribute传递

package com.feedmo;public class User {    private String username;    private String password;    private String authority;    public String getUsername() {        return username;    }    public void setUsername(String username) {        this.username = username;    }    public String getPassword() {        return password;    }    public void setPassword(String password) {        this.password = password;    }    public String getAuthority() {        return authority;    }    public void setAuthority(String authority) {        this.authority = authority;    }}

用户信息查询页面，涉及用户的权限控制（这里只是简单地通过session属性惯判断是否是普通用户还是管理用户）

package com.feedmo;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class Query extends HttpServlet {    @Override    protected void doGet(HttpServletRequest req, HttpServletResponse resp)            throws ServletException, IOException {        this.doPost(req, resp);    }    public void doPost(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        HttpSession session  =request.getSession();        if(null == session.getAttribute("user")){            response.sendRedirect("sessiontest/userlogin.jsp");            return ;        }        System.out.println("success");    }}

同样的，用户信息更新页面也要区分用户登录的权限，只有管理员才有权限进入该页面

package com.feedmo;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;public class Update extends HttpServlet {    public void doPost(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        HttpSession session = request.getSession();        if(null == session.getAttribute("user")){            response.sendRedirect("sessiontest/userlogin.jsp");            return;        }        User user = (User)session.getAttribute("user");        if("2".equals(user.getAuthority())){            System.out.println("success");        }        else {            System.out.println("failed");        }    }    @Override    protected void doGet(HttpServletRequest req, HttpServletResponse resp)            throws ServletException, IOException {        this.doPost(req, resp);    }}

用户查询或者更新信息成功的页面

<%@ page language="java" import="com.feedmo.User" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">    <title>My JSP 'index.jsp' starting page</title>  </head>  <body>    <% User user = (User)session.getAttribute("user");        if(null == user){            response.sendRedirect("sessiontest/userlogin.jsp");            return;        }    %>          <a href="Query">query</a>    <% if("2".equals(((User)session.getAttribute("user")).getAuthority())){%>        <a href="Update">update</a>    <% } %>  </body></html>