在我的Java EE應用程序中,我通過JDBC領域實施了身份驗證/自動化(第一次應用此解決方案)。使用JDBC領域進行身份驗證
以下代碼在成功登錄時沒有任何問題,問題是當我鍵入錯誤的憑據時:無論如何它都會登錄,即使它捕獲到ServletException(登錄失敗),這些代碼行也不會執行在調試模式下):
request.setAttribute(「msg」,「Login in error」);
nextPage =「/errorPage.jsp」;
另一個奇怪的事情:無論什麼我傳遞給
getServletContext()方法的getRequestDispatcher(下一頁)的.forward(請求,響應 );
as nextPage(我試圖把靜態的「/errorPage.jsp」),它總是轉發到index.jsp。
的Login.jsp
@WebServlet("/Login")
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Login() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username").trim();
String password = request.getParameter("password").trim();
String nextPage = "/index.jsp";
try {
request.login(username, password);
}
catch (ServletException ex) {
request.setAttribute("msg", "Error in login");
nextPage = "/errorPage.jsp";
}
getServletContext().getRequestDispatcher(nextPage).forward(request, response);
}
}
的login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
request.logout();
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Welcome</title>
</head>
<body>
<h1>Hi! You need to login.</h1>
<form method="POST" action="/MyApp/Login">
Usuario: <input type="text" name="username" /> Password: <input
type="password" name="password" /> <input type="submit"
value="Send" />
</form>
</body>
</html>
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>MyApp</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbcRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/errorPage.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin stuff</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>User stuff</web-resource-name>
<url-pattern>/user/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
在此之前,我試過container-managed security
溶液(與登錄的表單動作調用j_security_check組件)。
登錄正常工作與此(即使有錯誤的憑證),但我得到了另一個嚴重的問題之前,我沒有:在一個用例,用戶可以看到該項目正在開發,但它不應該能夠看到其他用戶的項目。我用下面的servlet實現了它,但問題在於(像其他解決方案一樣),它跳過了一些指令(例如,在數據庫中查找用戶的指令),並且出現異常,重定向到錯誤頁。
public class ViewUserProjects extends HttpServlet {
private static final long serialVersionUID = 1L;
public ViewUserProjects() {
super();
// TODO Auto-generated constructor stub
}
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
DAO dao = (DAO) getServletContext().getAttribute("bd");
Principal p = request.getUserPrincipal();
String username = p.getName();
try {
User user = dao.getUserByName(name);
request.getSession().setAttribute("user", user);
ArrayList<Project> projects = new ArrayList<Project>();
tareas = ad.getUserProjects(Integer.parseInt(user.getId()));
request.setAttribute("projects", projects);
getServletContext().getRequestDispatcher(
"/user/viewProjects.jsp").forward(request,
response);
} catch (Exception ex) {
request.setAttribute("msg",
"Error");
getServletContext().getRequestDispatcher("/errorPage.jsp").forward(
request, response);
}
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
}
認證在通過JDBC領域https://docs.oracle.com/javaee/6/tutorial/doc/glxgo.html – user3673449