我正在尝试使用Java为我的Web应用程序创建一个安全的登录页面,但是当我直接访问经过身份验证的页面(即main.jsp时,该程序而不是重定向到主页,会生成一个新会话并自动获得身份验证)
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.util.*;
import javax.swing.*;
import java.io.*;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class login extends HttpServlet
{
public String generateMD5(String rawPassword)
{
try {
// Static getInstance method is called with hashing MD5
MessageDigest md = MessageDigest.getInstance("MD5");
// digest() method is called to calculate message digest
// of an input digest() return array of byte
byte[] messageDigest = md.digest(rawPassword.getBytes());
// Convert byte array into signum representation
BigInteger no = new BigInteger(1, messageDigest);
// Convert message digest into hex value
String hashtext = no.toString(16);
while (hashtext.length() < 32) {
hashtext = "0" + hashtext;
}
return hashtext;
}
// For specifying wrong message digest algorithms
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{
String email=req.getParameter("email");
String password= req.getParameter("password");
try
{
Class.forName("com.mysql.jdbc.Driver");
} catch (ClassNotFoundException e)
{
e.printStackTrace();
}
try
{
String url = "jdbc:mysql://127.0.0.1/passwordmanager";
Connection con=DriverManager.getConnection(url,"root","1234");
Statement st=con.createStatement();
//password=generateMD5(password);
String check="SELECT * FROM users WHERE email='"+email+"' AND password='"+password+"';";
ResultSet rp = st.executeQuery( check );
if(rp.next())
{
HttpSession session = req.getSession(true);
// session.setAttribute(email,password);
// req.setAttribute("session",session);
//RequestDispatcher vf = req.getRequestDispatcher("verifySession");
RequestDispatcher rd = req.getRequestDispatcher("main.jsp");
//vf.include(req,res);
rd.forward(req,res);
}
else
{
RequestDispatcher rd = req.getRequestDispatcher("failure");
rd.forward(req,res);
}
}
catch(SQLException e)
{
e.printStackTrace();
}
}
}
main.jsp
<
%@ page import="java.servlet.http.*" %>
<%@ page import="java.servlet.*" %>
<%
HttpSession session1 = request.getSession(false);
if(session1==null || !request.isRequestedSessionIdValid())
{response.sendRedirect("index.html");}
out.println(session1.getId());
%>
<html>
<body>
You successfully logged in!
<form method="POST" action="logOut">
<button type="submit"> Log Out </button>
</form>
</body>
</html>
此外,如果我将会话名称从“ session1”更改为“ session”,则会出现重复的局部变量的错误,我不知道它是如何重复的?
会话是jsp中的默认对象
%@ page import="java.servlet.http.*" %>
<%@ page import="java.servlet.*" %>
<%
if(session==null || !request.isRequestedSessionIdValid())
{response.sendRedirect("index.html");}
out.println(session.getId());
%>
<html>
<body>
You successfully logged in!
<form method="POST" action="logOut">
<button type="submit"> Log Out </button>
</form>
</body>
</html>
例如
<%
if (session == null)
{
String address = websiteContext + "/login.jsp";
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(address);
dispatcher.forward(request,response);
}
%>