登錄嘗試Servlet - 如果用戶全部3次登錄嘗試失敗，則禁用用戶10分鐘

Question

我一直在深入研究如何對servlet中的登錄嘗試進行驗證。

舉一個例子。

1）如果用戶登錄不正確的密碼//它將返回到登錄頁面
2）用戶將只有3次嘗試。
3）未能在第3次嘗試登錄後。他們將被禁賽10分鐘

的login.jsp

<form action = "loginController"> 
<input type="text" name="username"> 
<input type="text" name="password"> 
<input type="submit" value="Submit"/> 
</form> 

至於我們的servlet文件
loginController.java

我明白，我們必須分配會話的用戶名，這樣每個用戶名將有一個獨特的會話ID附加到它，但我真的不確定我們可以做到這一點。

doPost(HttpServletRequest...) 
{ 
String name = request.getParameter("username"); 
String pass = request.getParameter("password"); 

//we will create session and append it to username 
HttpSession session = request.getSession(true); 
session.setAttribute("username" , name); 

//what im really unsure is how we can get the sessionID to telly with the username 
int countAttempt = new Integer(0); 
if(countAttempt <= 3){ 
response.sendRedirect("login.jsp"); 
} else if(countAttempt == 3){ 
//This will ban users to log in for 10mins.... 
} 

這是核心Java平臺我以前的模塊，有什麼地方對servlet的要求我們與控制器進行通信，並返回到JSP是相當大的挑戰中很容易實現。

任何幫助將大大appreaciated

Answer 1

我希望這將幫助你弄清楚你的問題，我的解決方案IAM增加新的屬性添加到會話「數量」攜帶當前登錄嘗試

doPost(HttpServletRequest...) 
    { 
    String name = request.getParameter("username"); 
    String pass = request.getParameter("password"); 


    //we will create session and append it to username 
    HttpSession session = request.getSession(true); 
    session.setAttribute("username" , name); 
    session.setAttribute("count",new Integer(0)); 
    int countAttempt = ((Integer)session.getAttribute("count")).intValue(); 
    //what im really unsure is how we can get the sessionID to telly with the username 
    if(countAttempt <= 3){ 
    session.setAttribute("count",++countAttempt); 
    response.sendRedirect("login.jsp"); 
    } else if(countAttempt == 3){ 
    //This will ban users to log in for 10mins.... 
    } 

Answer 2

類似下面的回答會給你實現

//inside servlet 
int login_attempts = 3; 

protected void doPost(HttpServletRequest request, HttpServletResponse 
response) throws ServletException, IOException { 

response.setContentType("text/html;charset=UTF-8"); 
    PrintWriter out = response.getWriter(); 

    String email = request.getParameter("email"); 
    String pass = request.getParameter("password"); 

try{ 

    Connection con = DBConnection.getConnection(); 
    PreparedStatement ps =con.prepareStatement("select * from user 
    where mail=? and password=? and account_lock=0 "); 
    ps.setString(1, email); 
    ps.setString(2, pass); 
    ResultSet rs =ps.executeQuery(); 
    if(rs.next()) 
    { 
    String userdbName = rs.getString("user_name"); 
    String customer_id = rs.getString("customer_id"); 
    /*String account_status = rs.getString("account_lock"); 
     int bool1 = Integer.parseInt(account_status); 
    */ 

    HttpSession session=request.getSession(); 
    session.setAttribute("name",userdbName); 
    session.setAttribute("cid",customer_id); 
    response.sendRedirect("personal/home.jsp"); 
    } 

    else{ 
     if(login_attempts==0) 
     { 
     System.out.println("No Login Attempts Available"); 
     } 
     else 
     { 
     login_attempts=login_attempts-1; 
    System.out.println("Login Failed Now Only "+login_attempts+" 
     Login Attempts Available"); 
     if(login_attempts==0) 
      { 
     System.out.println("your account block.contact admin for 
     login."); 
      } 
     } 

    } 
    response.sendRedirect("login.jsp"); 

     } 

     } 
     catch(Exception e) 
     { 
     e.printStackTrace(); 
     } 

    }