Fatal编程技术网
  • java/
  • Java 如何在servlet中为post请求放置/login/{param}/等参数

Java 如何在servlet中为post请求放置/login/{param}/等参数

java servlets

Java 如何在servlet中为post请求放置/login/{param}/等参数,java,servlets,url-pattern,path-parameter,Java,Servlets,Url Pattern,Path Parameter,我有一个登录servlet,成功登录后,我希望用户 /登录名/{username}/ 如何将用户名放置在POST请求的URL中? 我查阅了一些答案,如和,但不明白如何真正实现我的目标。 我希望坚持使用servlet,避免使用JAX-RS等技术 这是我的登录逻辑实现: private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKey

我有一个登录servlet,成功登录后,我希望用户

/登录名/{username}/

如何将
用户名
放置在POST请求的URL中?

我查阅了一些答案,如和,但不明白如何真正实现我的目标。 我希望坚持使用servlet,避免使用JAX-RS等技术

这是我的登录逻辑实现:

   private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKeySpecException, NoSuchAlgorithmException, ServletException, IOException {
    String userInput = request.getParameter("user_name");
    String pass = request.getParameter("pass");
    pst = c.prepareStatement(query);
    pst.setString(1,userInput);
    rs = pst.executeQuery();
    while (rs.next()){
        imiya = rs.getString("user_name");
        kyuch = rs.getString("key");
        kodom = rs.getBytes("nitrate");
    }
    EncryptClass instance = new EncryptClass(2048,100000);
    if(instance.chkPass(pass,kyuch,kodom) && imiya.equals(userInput)){
        HttpSession session = request.getSession();
        session.setAttribute("userLogged",userInput);
        request.setAttribute("title",userInput);
        String pathInfo = request.getPathInfo();
        if(pathInfo!=null || !pathInfo.isEmpty()){
            String[] pathArr = pathInfo.split("/");
            String val = pathArr[1];//{username}
          //now what??.....
        }
        request.getRequestDispatcher("/LoginLanding.jsp").forward(request,response);
    } else {
        request.setAttribute("message", message);
        request.getRequestDispatcher("/index.jsp").include(request,response);
    }
}
这是它的web.xml:

<servlet>
    <servlet-name>Login</servlet-name>
    <servlet-class>AuthPack.ServletLogin</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Login</servlet-name>
    <url-pattern>/Login/*</url-pattern>
</servlet-mapping>


登录
AuthPack.ServletLogin
登录
/登录/*
在我提交表单后,URL会变成

/登录

但我希望它是这样的:

public class UserFilter implements Filter {

public UserFilter() {
}

public void destroy() {
}

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
      String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
        HttpSession session = (((HttpServletRequest) request).getSession());

        String RequestedUsername = null;

        if(requri.contains("user/")){
          //get the username after "user/"
          RequestedUsername=requri.substring(5);
          if(!RequestedUsername.isEmpty()){
           //if not empty set session
           session.setAttribute("loggedInUser",RequestedUsername);
             }
        }

      //forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
      request.getRequestDispatcher("/profile").forward(request, response);


     }
/登录名/{username}

更优选地:

/{username}

在这段代码中,您希望参数位于HttpServletRequest.getParameter()中的可用字段中,该字段可从servlet中的doPost()方法访问:

String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
但是您没有显示是a)以POST的形式提交请求,还是b)通过servlet中的doPost()调用访问这些请求

您可以使用HttpServletRequest.getPathInfo()访问路径上的参数信息(请参阅)

如果您的servlet在/login可用,并且您将用户名附加到该servlet上(如/login/someUser/),那么getPathInfo()将返回该用户名,尽管您可能希望检查其中是否包含斜杠

另一方面,对登录功能执行此操作会产生安全漏洞。与其将用户名放在路径上,不如简单地将用户名和密码作为POST参数发送。

您必须使用url重写器或过滤器

以下是使用过滤器方法的示例:

在您的登录servlet中,而不是转到loginLanding.jsp 您重定向到过滤器,如下所示:

//REDIRECT TO filter 
response.sendRedirect("/user/"+userInput);

  <filter>
    <display-name>UserFilter</display-name>
    <filter-name>UserFilter</filter-name>
    <filter-class>filters.UserFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>UserFilter</filter-name>
    <url-pattern>/user/*</url-pattern>
  </filter-mapping>
要创建一个过滤器,它与创建一个servlet非常相似,您可以选择创建这样的映射(web.xml):

第一个环节似乎是解决方案。它到底有什么问题?最好给我们看看你的代码。 
public class UserFilter implements Filter {

public UserFilter() {
}

public void destroy() {
}

 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
      String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
        HttpSession session = (((HttpServletRequest) request).getSession());

        String RequestedUsername = null;

        if(requri.contains("user/")){
          //get the username after "user/"
          RequestedUsername=requri.substring(5);
          if(!RequestedUsername.isEmpty()){
           //if not empty set session
           session.setAttribute("loggedInUser",RequestedUsername);
             }
        }

      //forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
      request.getRequestDispatcher("/profile").forward(request, response);


     }