我需要帮助来验证用户身份,我的数据库有一个名为 person 的表,其属性为 rol,rol 可以是管理员或员工,我希望当用户登录时管理下一个 jsp 显示(main.jsp)和当 rol = employee 显示 (main-act.jsp) 时,我附加查询中的代码以对用户进行身份验证,并登录:
- 我怎样才能做到这一点?
- 我如何获得我的角色的值(value)?
public class mysqlquery extends Conexion{
Connection con = null;
public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}
public class login extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
if(co.autenticacion(name, password)){
HttpSession objsesion = request.getSession(true);
objsesion.setAttribute("name", name);
//objsesion.setAttribute("rol", rol);
response.sendRedirect("main.jsp");
}else {
response.sendRedirect("index.jsp");
}
}
最佳答案
您可以在 mysql 查询类上添加一个名为 userRole 的字段,并存储在 autenticacion 方法调用中从数据库检索到的角色值,如下所示:
public class mysqlquery extends Conexion{
Connection con = null;
private String userRole;
public String getUserRole() { return userRole; }
public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
userRole = rs.getString("role");
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}
并在Servlet中,像这样修改:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
boolean canAuthenticate = co.autenticacion(name, password);
if(canAuthenticate && co.getUserRole().equals("admin")){
//go to admin page
} else if (canAuthenticate && co.getUserRole().equals("employee")) {
//go to employee page
} else {
response.sendRedirect("index.jsp");
}
}
通过这种方式,您可以决定用户是否可以进行身份验证(拥有正确的用户名和密码)并根据其角色在页面上重定向它。
关于java - 如何根据用户的角色对用户进行身份验证?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37983080/