1. 首頁
  2. 問答
  3. 在JSP-Servlet中限制角色

在JSP-Servlet中限制角色

2016-02-15 24 views
1

我有一個JSP Web項目,我想將用戶角色分配給管理員和普通用戶。用戶角色在管理員部分已經被重定向,但是沒有。我想知道我哪裏錯了。在JSP-Servlet中限制角色

LoginServlet.java

package ExamplePackage; 

import ExamplePackage.UserBean; 
import java.io.IOException; 
import javax.servlet.ServletException; 
import javax.servlet.http.HttpServlet; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse; 
import javax.servlet.http.HttpSession; 

/** 
* Servlet implementation class LoginServlet 
*/ 
public class LoginServlet extends HttpServlet { 


    public void doGet(HttpServletRequest request, HttpServletResponse response) 
         throws ServletException, java.io.IOException { 

try 
{  

    UserBean admin = new UserBean(); 
    admin.setUserName(request.getParameter("un")); 
    admin.setPassword(request.getParameter("pw")); 

    UserBean user = new UserBean(); 
    user.setUserName(request.getParameter("un")); 
    user.setPassword(request.getParameter("pw")); 

    admin = UserDAO.login(admin); 
    user = UserDAO.login(user); 

    if (admin.isAdmin()) 
    { 

      HttpSession session = request.getSession(true);  
      session.setAttribute("currentSessionUser",admin); 
      response.sendRedirect("AllPost"); //logged-in page    
    } 

    else if (user.isUser()) 
    {   
      HttpSession session = request.getSession(true);  
      session.setAttribute("currentSessionUser",user); 
      response.sendRedirect("AllCustomer"); //logged-in page    
    }  

    else 
      response.sendRedirect("indexinvalid.jsp"); //error page 
} 


catch (Throwable theException)  
{ 
    System.out.println(theException); 
} 
     } 
    }

UserDAO.java

/* 
* To change this license header, choose License Headers in Project Properties. 
* To change this template file, choose Tools | Templates 
* and open the template in the editor. 
*/ 
package ExamplePackage; 



    import java.text.*; 
    import java.util.*; 
    import java.sql.*; 

    public class UserDAO  
    { 
     static Connection currentCon = null; 
     static ResultSet rs = null; 
     static ResultSet rs2 = null; 



     public static UserBean login(UserBean bean) { 

     //preparing some objects for connection 
     Statement stmt = null;  

     String username = bean.getUsername();  
     String password = bean.getPassword(); 

     String adminlogin = 
       "select * from users where username='" 
         + username 
         + "' AND password='" 
         + password 
         + "' AND role = 'A'"; 

        String userlogin = 
       "select * from users where username='" 
         + username 
         + "' AND password='" 
         + password 
         + "' AND role = 'U'"; 

     // "System.out.println" prints in the console; Normally used to trace the process 
     System.out.println("Your user name is " + username);   
     System.out.println("Your password is " + password); 
     //System.out.println("Query: "+adminlogin); 
     //System.out.println("Query: "+userlogin); 

     try 
     { 
     //connect to DB 
     currentCon = ConnectionManager.getConnection(); 
     stmt=currentCon.createStatement(); 
     rs = stmt.executeQuery(adminlogin);    
     boolean admin = rs.next(); 

     rs2 = stmt.executeQuery(userlogin); 
     boolean user = rs2.next(); 

     // if user does not exist set the isAdmin variable to false 
     if (!admin) 
     { 
      if (!user){ 
      System.out.println("Sorry, you are not a registered user! Please sign up first"); 
      bean.setAdmin(false); 
      } 
      else{ 
      System.out.println("Sorry, you are not a registered user! Please sign up first"); 
      bean.setAdmin(false); 
      }    
     } 
     if (!user) 
     { 
      if (!admin){ 
      System.out.println("Sorry, you are not a registered user! Please sign up first"); 
      bean.setUser(false); 
      } 
      else{ 
      System.out.println("Sorry, you are not a registered user! Please sign up first"); 
      bean.setUser(false); 
      }    
     }   

     //if user exists set the isAdmin variable to true 
     else if (admin) 
     { 
      String firstName = rs.getString("FirstName"); 
      String lastName = rs.getString("LastName"); 

      System.out.println("Welcome " + firstName); 
      bean.setFirstName(firstName); 
      bean.setLastName(lastName); 
      bean.setAdmin(true); 
      bean.setUser(false); 
     } 

     else if (user) 
     { 
      String firstName = rs2.getString("FirstName"); 
      String lastName = rs2.getString("LastName"); 

      System.out.println("Welcome " + firstName); 
      bean.setFirstName(firstName); 
      bean.setLastName(lastName); 
      bean.setUser(true); 
      bean.setAdmin(false); 
     }   
     } 

     catch (Exception ex) 
     { 
     System.out.println("Log In failed: An Exception has occurred! " + ex); 
     } 

     //some exception handling 
     finally 
     { 
     if (rs != null) { 
      try { 
       rs.close(); 
      } catch (Exception e) {} 
       rs = null; 
      } 

     if (rs2 != null) { 
      try { 
       rs2.close(); 
      } catch (Exception e) {} 
       rs2 = null; 
      }   

     if (stmt != null) { 
      try { 
       stmt.close(); 
      } catch (Exception e) {} 
       stmt = null; 
      } 

     if (currentCon != null) { 
      try { 
       currentCon.close(); 
      } catch (Exception e) { 
      } 

      currentCon = null; 
     } 
     } 

return bean; 

     } 
    }

我相信它有什麼做的的if-else邏輯

來源

2016-02-15 Ayapie Tateyama

+0

你的代碼是有冗餘。對於用戶來說,不需要再爲管理員使用兩個查詢。你只有兩個角色,所以只需檢查用戶是否是admin,如果是,則重定向到admin,否則重定向到用戶。 – Satya

+0

如果用戶未註冊,該怎麼辦? –

+0

你應該提到無效用戶的其他部分。 – Satya

回答

1

隨着我的意見。

在LoginServlet.java

UserBean user = new UserBean(); 
String role = ""; 
user.setUserName(request.getParameter("un")); 
user.setPassword(request.getParameter("pw")); 

role = UserDAO.login(user);//to get role either A for admin or U for user 

if(role.equals("A"))//admin 
{ 
     HttpSession session = request.getSession(true);  
     session.setAttribute("currentSessionUser",user); 
     response.sendRedirect("AllPost"); //logged-in page    
} 

else if(role.equals("U"))//user 
{   
     HttpSession session = request.getSession(true);  
     session.setAttribute("currentSessionUser",user); 
     response.sendRedirect("AllCustomer"); //logged-in page    
}  

else 
     response.sendRedirect("indexinvalid.jsp"); //error page

在UserDAO.java

public static String login(UserBean bean) { 
String role = ""; 
//one query is enough to get the role based on user name and password 

String userlogin = 
       "select role from users where username='" 
         + username 
         + "' AND password='" 
         + password; 

//execute your query 
---------------------------------- 
if(rs2.next()) 
role = rs2.getString(1);//role either A for admin or U for user 
//catch the exceptions 
------------------------------------ 

return role; 
}

來源

2016-02-15 05:42:56 Satya

+0

由於某些原因,它不起作用,我做錯了什麼? –

+0

_它不起作用._意味着什麼錯誤? @AyapieTateyama – Satya

+0

用你的答案編輯它。管理員和用戶現在都不工作。 –

相關問題

 相關問題