我有一个方法可以验证一个用户试图登录到我在Tomcat上托管的Web应用程序,如果我输入一个不存在的用户名,它给我一个 Index 0 out of bounds for length 0
而不是返回null并显示无效的登录凭证页面。如果用户名不存在,如何确保它返回null?
验证用户方法。
public User validateUser(Login login) {
// SQL statement
String sql = "select * from users where username='" + login.getUsername() + "'";
// Running query
List<User> users = jdbcTemplate.query(sql, new UserMapper());
User user = users.get(0);
// Getting encrypted password
String encodedPassword = user.getPassword();
// Getting login password
String rawPassword = login.getPassword();
// Validating them
boolean isPasswordMatch = passwordEncoder.matches(rawPassword, encodedPassword);
if(isPasswordMatch){
return user;
}
else {
return null;
}
}
Controller:
@RequestMapping(value = "/loginProcess", method = RequestMethod.POST)
public ModelAndView loginProcess(HttpServletRequest request, HttpServletResponse response,
@ModelAttribute("login") Login login) {
ModelAndView mav = null;
// Validating user
User user = userService.validateUser(login);
if (null != user) {
// Setting view
mav = new ModelAndView("loginProcess", "firstname", user.getFirstname());
// Creating session and saving user
HttpSession httpSession = request.getSession(true);
httpSession.setAttribute("User", user);
}
// Returning invalid credentials
return mav = new ModelAndView("loginIncorrect");
}
如果用户的长度为0,你可以返回null。