我有一个 JSP Web 项目,我想为其分配用户角色:管理员和普通用户。用户角色重定向得很好,但在管理部分则不然。我想知道我哪里出错了。
LoginServlet.java
package ExamplePackage;
import ExamplePackage.UserBean;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* Servlet implementation class LoginServlet
*/
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException {
try
{
UserBean admin = new UserBean();
admin.setUserName(request.getParameter("un"));
admin.setPassword(request.getParameter("pw"));
UserBean user = new UserBean();
user.setUserName(request.getParameter("un"));
user.setPassword(request.getParameter("pw"));
admin = UserDAO.login(admin);
user = UserDAO.login(user);
if (admin.isAdmin())
{
HttpSession session = request.getSession(true);
session.setAttribute("currentSessionUser",admin);
response.sendRedirect("AllPost"); //logged-in page
}
else if (user.isUser())
{
HttpSession session = request.getSession(true);
session.setAttribute("currentSessionUser",user);
response.sendRedirect("AllCustomer"); //logged-in page
}
else
response.sendRedirect("indexinvalid.jsp"); //error page
}
catch (Throwable theException)
{
System.out.println(theException);
}
}
}
UserDAO.java
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package ExamplePackage;
import java.text.*;
import java.util.*;
import java.sql.*;
public class UserDAO
{
static Connection currentCon = null;
static ResultSet rs = null;
static ResultSet rs2 = null;
public static UserBean login(UserBean bean) {
//preparing some objects for connection
Statement stmt = null;
String username = bean.getUsername();
String password = bean.getPassword();
String adminlogin =
"select * from users where username='"
+ username
+ "' AND password='"
+ password
+ "' AND role = 'A'";
String userlogin =
"select * from users where username='"
+ username
+ "' AND password='"
+ password
+ "' AND role = 'U'";
// "System.out.println" prints in the console; Normally used to trace the process
System.out.println("Your user name is " + username);
System.out.println("Your password is " + password);
//System.out.println("Query: "+adminlogin);
//System.out.println("Query: "+userlogin);
try
{
//connect to DB
currentCon = ConnectionManager.getConnection();
stmt=currentCon.createStatement();
rs = stmt.executeQuery(adminlogin);
boolean admin = rs.next();
rs2 = stmt.executeQuery(userlogin);
boolean user = rs2.next();
// if user does not exist set the isAdmin variable to false
if (!admin)
{
if (!user){
System.out.println("Sorry, you are not a registered user! Please sign up first");
bean.setAdmin(false);
}
else{
System.out.println("Sorry, you are not a registered user! Please sign up first");
bean.setAdmin(false);
}
}
if (!user)
{
if (!admin){
System.out.println("Sorry, you are not a registered user! Please sign up first");
bean.setUser(false);
}
else{
System.out.println("Sorry, you are not a registered user! Please sign up first");
bean.setUser(false);
}
}
//if user exists set the isAdmin variable to true
else if (admin)
{
String firstName = rs.getString("FirstName");
String lastName = rs.getString("LastName");
System.out.println("Welcome " + firstName);
bean.setFirstName(firstName);
bean.setLastName(lastName);
bean.setAdmin(true);
bean.setUser(false);
}
else if (user)
{
String firstName = rs2.getString("FirstName");
String lastName = rs2.getString("LastName");
System.out.println("Welcome " + firstName);
bean.setFirstName(firstName);
bean.setLastName(lastName);
bean.setUser(true);
bean.setAdmin(false);
}
}
catch (Exception ex)
{
System.out.println("Log In failed: An Exception has occurred! " + ex);
}
//some exception handling
finally
{
if (rs != null) {
try {
rs.close();
} catch (Exception e) {}
rs = null;
}
if (rs2 != null) {
try {
rs2.close();
} catch (Exception e) {}
rs2 = null;
}
if (stmt != null) {
try {
stmt.close();
} catch (Exception e) {}
stmt = null;
}
if (currentCon != null) {
try {
currentCon.close();
} catch (Exception e) {
}
currentCon = null;
}
}
return bean;
}
}
我认为这与 if-else 逻辑有关
最佳答案
附上我的评论。
在LoginServlet.java中
UserBean user = new UserBean();
String role = "";
user.setUserName(request.getParameter("un"));
user.setPassword(request.getParameter("pw"));
role = UserDAO.login(user);//to get role either A for admin or U for user
if(role.equals("A"))//admin
{
HttpSession session = request.getSession(true);
session.setAttribute("currentSessionUser",user);
response.sendRedirect("AllPost"); //logged-in page
}
else if(role.equals("U"))//user
{
HttpSession session = request.getSession(true);
session.setAttribute("currentSessionUser",user);
response.sendRedirect("AllCustomer"); //logged-in page
}
else
response.sendRedirect("indexinvalid.jsp"); //error page
在 UserDAO.java 中
public static String login(UserBean bean) {
String role = "";
//one query is enough to get the role based on user name and password
String userlogin =
"select role from users where username='"
+ username
+ "' AND password='"
+ password;
//execute your query
----------------------------------
if(rs2.next())
role = rs2.getString(1);//role either A for admin or U for user
//catch the exceptions
------------------------------------
return role;
}
关于java - 限制 JSP-Servlet 中的角色,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35401931/