jsp的登录校验Demo
part_1:login.jsp:登录页面:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "https://www.jb51.net/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="https://www.jb51.net/<%=basePath%>"> <title>My JSP 'Login.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link type="text/css" href="https://www.jb51.net/styles.css"> --> </head> <% String fdbkMsg = (String) request.getAttribute("fdbkMsg"); if (null == fdbkMsg) { fdbkMsg = ""; } %> <% Boolean logedIn = (Boolean) session.getAttribute("logedIn"); if (null == logedIn) { logedIn = false; } else if (logedIn) { //如果在本次会话已经登陆,直接重定向到success-page-1 response .sendRedirect("/ServletDemoProject/LOGIN-DEMO/success-page-1.jsp"); } %> <% String username = ""; Cookie[] cookies = request.getCookies(); if ((null != cookies) && (cookies.length > 0)) { for (Cookie c : cookies) { if ("admin".equals(c.getValue())) { username = "admin"; break; } } }//end if-condition %> <body> <br> <div> 请登录: <br> <form action="/ServletDemoProject/servlet/LoginVerificationServlet" method="post"> 用户名: <input type="text" value="<%=username%>" /> <br> 密 码: <input type="password" value="" /> <br> <font color='red'><%=fdbkMsg%></font> <br> <input type="submit" value="提交" /> <br> </form> </div> </body> </html>
part_2:LoginVerificationServlet.java:校验登录信息,此处没有连接数据库,默认只有username:admin,password:888888才算登录成功;登陆失败时:重新转发到Login.jsp并提示用户登陆失败,重新登陆;
package cn.mike.servlet.test_1209_Login; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LoginVerificationServlet extends HttpServlet { private static final long serialVersionUID = -6886327892796230543L; public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); if (("admin".equals(username)) && ("888888".equals(password))) {// 登录成功 // 保存cookie到客户端 Cookie userCookie = new Cookie("username", username); userCookie.setMaxAge(60 * 2);// expiry : 2 minutes response.addCookie(userCookie); // 重定向到一个新的页面,并提示XXX用户登录成功(使用session存取用户名); request.getSession().setAttribute("username", username); request.getSession().setAttribute("logedIn", true); response .sendRedirect("/ServletDemoProject/LOGIN-DEMO/success-page-1.jsp"); } else {// 登陆失败 // 转发到登录界面,并提示错误信息: request.setAttribute("fdbkMsg", "用户名或密码错误!"); request.getRequestDispatcher("/LOGIN-DEMO/Login.jsp").forward( request, response); } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // do same as GET-method : doGet(request, response); } }
part_3:success-page-1.jsp:校验登录成功后重定向到该页面,提示用户已经成功登陆;如果用户试图通过不正当途径,e.g:从地址栏访问,将会转发到登录界面,并作提示;
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "https://www.jb51.net/"; %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="https://www.jb51.net/<%=basePath%>"> <title>My JSP 'success-page-1.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link type="text/css" href="https://www.jb51.net/styles.css"> --> </head> <% String username = (String) session.getAttribute("username"); if (null == username) { //如果username为空值,说明不是通过正常渠道来的,转发到Login页面; request.setAttribute("fdbkMsg", "别想走后门进来,赶紧登录!"); request.getRequestDispatcher("/LOGIN-DEMO/Login.jsp").forward( request, response); } %> <body> <br> <%=username%>已经成功登陆。 <br> <font>您可以选择浏览:</font> <br> <a href="https://www.jb51.net/ServletDemoProject/LOGIN-DEMO/success-page-2.jsp">点这儿有精彩.</a> <br> <a href="https://www.jb51.net/ServletDemoProject/LOGIN-DEMO/success-page-2.jsp">点这儿更精彩.</a> <br /> <a href="https://www.jb51.net/ServletDemoProject/LOGIN-DEMO/success-page-2.jsp">你敢点这儿吗.</a> <br /> </body> </html>
part_4:success-page-2.jsp:登陆成功页面2,如果已经登陆成功将用户名保存到session,在访问该页面时将会校验一下,防止从地址栏暴力访问;