Java 如何在servlet中为post请求放置/login/{param}/等参数
我有一个登录servlet,成功登录后,我希望用户 /登录名/{username}/ 如何将Java 如何在servlet中为post请求放置/login/{param}/等参数,java,servlets,url-pattern,path-parameter,Java,Servlets,Url Pattern,Path Parameter,我有一个登录servlet,成功登录后,我希望用户 /登录名/{username}/ 如何将用户名放置在POST请求的URL中? 我查阅了一些答案,如和,但不明白如何真正实现我的目标。 我希望坚持使用servlet,避免使用JAX-RS等技术 这是我的登录逻辑实现: private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKey
用户名
放置在POST请求的URL中?
我查阅了一些答案,如和,但不明白如何真正实现我的目标。
我希望坚持使用servlet,避免使用JAX-RS等技术
这是我的登录逻辑实现:
private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKeySpecException, NoSuchAlgorithmException, ServletException, IOException {
String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
pst = c.prepareStatement(query);
pst.setString(1,userInput);
rs = pst.executeQuery();
while (rs.next()){
imiya = rs.getString("user_name");
kyuch = rs.getString("key");
kodom = rs.getBytes("nitrate");
}
EncryptClass instance = new EncryptClass(2048,100000);
if(instance.chkPass(pass,kyuch,kodom) && imiya.equals(userInput)){
HttpSession session = request.getSession();
session.setAttribute("userLogged",userInput);
request.setAttribute("title",userInput);
String pathInfo = request.getPathInfo();
if(pathInfo!=null || !pathInfo.isEmpty()){
String[] pathArr = pathInfo.split("/");
String val = pathArr[1];//{username}
//now what??.....
}
request.getRequestDispatcher("/LoginLanding.jsp").forward(request,response);
} else {
request.setAttribute("message", message);
request.getRequestDispatcher("/index.jsp").include(request,response);
}
}
这是它的web.xml:
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>AuthPack.ServletLogin</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login/*</url-pattern>
</servlet-mapping>
登录
AuthPack.ServletLogin
登录
/登录/*
在我提交表单后,URL会变成
/登录
但我希望它是这样的:
public class UserFilter implements Filter {
public UserFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
HttpSession session = (((HttpServletRequest) request).getSession());
String RequestedUsername = null;
if(requri.contains("user/")){
//get the username after "user/"
RequestedUsername=requri.substring(5);
if(!RequestedUsername.isEmpty()){
//if not empty set session
session.setAttribute("loggedInUser",RequestedUsername);
}
}
//forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
request.getRequestDispatcher("/profile").forward(request, response);
}
/登录名/{username}
更优选地:
/{username}
在这段代码中,您希望参数位于HttpServletRequest.getParameter()中的可用字段中,该字段可从servlet中的doPost()方法访问:
String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
但是您没有显示是a)以POST的形式提交请求,还是b)通过servlet中的doPost()调用访问这些请求
您可以使用HttpServletRequest.getPathInfo()访问路径上的参数信息(请参阅)
如果您的servlet在/login可用,并且您将用户名附加到该servlet上(如/login/someUser/),那么getPathInfo()将返回该用户名,尽管您可能希望检查其中是否包含斜杠
另一方面,对登录功能执行此操作会产生安全漏洞。与其将用户名放在路径上,不如简单地将用户名和密码作为POST参数发送。您必须使用url重写器或过滤器 以下是使用过滤器方法的示例: 在您的登录servlet中,而不是转到loginLanding.jsp 您重定向到过滤器,如下所示:
//REDIRECT TO filter
response.sendRedirect("/user/"+userInput);
<filter>
<display-name>UserFilter</display-name>
<filter-name>UserFilter</filter-name>
<filter-class>filters.UserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
要创建一个过滤器,它与创建一个servlet非常相似,您可以选择创建这样的映射(web.xml):
第一个环节似乎是解决方案。它到底有什么问题?最好给我们看看你的代码。
public class UserFilter implements Filter {
public UserFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
HttpSession session = (((HttpServletRequest) request).getSession());
String RequestedUsername = null;
if(requri.contains("user/")){
//get the username after "user/"
RequestedUsername=requri.substring(5);
if(!RequestedUsername.isEmpty()){
//if not empty set session
session.setAttribute("loggedInUser",RequestedUsername);
}
}
//forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
request.getRequestDispatcher("/profile").forward(request, response);
}