Java 基于用户角色在jsp中显示字段(不使用spring安全性)
我有一个tabs.jsp,它有到其他页面的链接。当管理员登录时,必须为他提供2个额外链接以添加用户和角色。在进行身份验证时,我可以验证用户是否为管理员。在验证时,如果用户存在,im将控制权返回到用户显示页面,如果不重定向回登录页面。如果用户是管理员,我如何实现这额外的2个链接 我的控制器Java 基于用户角色在jsp中显示字段(不使用spring安全性),java,jsp,spring-mvc,web-applications,Java,Jsp,Spring Mvc,Web Applications,我有一个tabs.jsp,它有到其他页面的链接。当管理员登录时,必须为他提供2个额外链接以添加用户和角色。在进行身份验证时,我可以验证用户是否为管理员。在验证时,如果用户存在,im将控制权返回到用户显示页面,如果不重定向回登录页面。如果用户是管理员,我如何实现这额外的2个链接 我的控制器 @RequestMapping(value = "auth", method = RequestMethod.POST) public ModelAndView printStringL
@RequestMapping(value = "auth", method = RequestMethod.POST)
public ModelAndView printStringLogin(
@ModelAttribute("USERS") Users userAuthentication,
HttpSession httpSession, ModelMap model) {
System.out.println(userAuthentication.getUsers_email());
System.out.println(userAuthentication.getUsers_password());
UserAuthentication userAuthentication2 = new UserAuthentication();
boolean exists = false,admin = false;
try {
exists = userAuthentication2.doesUserExist(
userAuthentication.getUsers_email(),
userAuthentication.getUsers_password());
} catch (Exception e) {
e.printStackTrace();
}
if (exists == true) {
System.out.println("user present");
httpSession.setAttribute("id", userAuthentication.getUsers_email());
System.out.println("Session Attribute: "
+ httpSession.getAttribute("id"));
return new ModelAndView("redirect:employee");
} else {
System.out.println("user not present");
return new ModelAndView("loginpage");
}
}
用户身份验证
public class UserAuthentication {
public boolean doesUserExist(String uname, String passwrd) throws Exception {
GetSession ses = new GetSession();
Session session = ses.retSession();
String query = "from Users as u where u.users_email = :sUname and u.users_password = :sPass";
List list = session.createQuery(query).setString("sUname", uname)
.setString("sPass", passwrd).list();
Iterator iterator = list.iterator();
boolean userExists = false;
if (iterator.hasNext()) {
Users obj = (Users) iterator.next();
System.out.print(obj.getUsers_email() + "\t"
+ obj.getUsers_password() + "\n");
System.out.println(obj.getMyRoles());
System.out.println("Is Admin??? :" +obj.getMyRoles().toString().contains("Admin")); //gives if user is admin or not
System.out.println(obj.getUser_id());
userExists = true;
}
System.out.println(userExists);
return userExists;
}
}
Tabs.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<html>
<body>
<div id="tabs" style="background-color: #C8C8C8; font-family: fantasy;">
<a href="employee"> Employee Details </a>
<a href="department"> Departments </a>
<a href="designation"> Designation </a>
<a href="logout"> Logout </a>
<a href="user"> Users </a>
<a href="roles"> Roles </a>
</div>
</body>
</html>
只有当用户是admin且此tabs.jsp包含在应用程序的每个页面中时,才能显示用户和角色链接。将
user
对象放入控制器中的HttpSession
中,并检查登录的用户是否在jsp中是admin
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<html>
<body>
<div id="tabs" style="background-color: #C8C8C8; font-family: fantasy;">
<a href="employee"> Employee Details </a>
<a href="department"> Departments </a>
<a href="designation"> Designation </a>
<a href="logout"> Logout </a>
<c:if test=${sessionScope.user.isAdmin}>
<a href="user"> Users </a>
<a href="roles"> Roles </a>
</c:if>
</div>
</body>
</html>
我很好奇。。为什么你不想使用Spring安全性呢?最初我没有使用Spring安全性就开始构建应用程序,所以继续使用同样的方法。