Java 使用JDBC域进行身份验证
在我的JavaEE应用程序中,我通过JDBC领域实现了自动验证/自动化(我第一次应用这个解决方案) 以下代码在成功登录时没有任何问题,问题是当我键入错误的凭据时:它无论如何都会登录,即使它捕获到ServletException(登录失败),这些代码行永远不会执行(在调试模式下尝试): setAttribute(“msg”,“登录错误”) nextPage=“/errorPage.jsp” 另一件奇怪的事:不管我传给谁 getServletContext().getRequestDispatcher(下一页).forward(请求, 反应) 作为下一页(我试图静态放置“/errorPage.jsp”),它总是转发到index.jsp Login.jspJava 使用JDBC域进行身份验证,java,jsp,jakarta-ee,jdbc,jdbcrealm,Java,Jsp,Jakarta Ee,Jdbc,Jdbcrealm,在我的JavaEE应用程序中,我通过JDBC领域实现了自动验证/自动化(我第一次应用这个解决方案) 以下代码在成功登录时没有任何问题,问题是当我键入错误的凭据时:它无论如何都会登录,即使它捕获到ServletException(登录失败),这些代码行永远不会执行(在调试模式下尝试): setAttribute(“msg”,“登录错误”) nextPage=“/errorPage.jsp” 另一件奇怪的事:不管我传给谁 getServletContext().getRequestDispatche
@WebServlet("/Login")
public class Login extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public Login() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username").trim();
String password = request.getParameter("password").trim();
String nextPage = "/index.jsp";
try {
request.login(username, password);
}
catch (ServletException ex) {
request.setAttribute("msg", "Error in login");
nextPage = "/errorPage.jsp";
}
getServletContext().getRequestDispatcher(nextPage).forward(request, response);
}
}
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
request.logout();
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Welcome</title>
</head>
<body>
<h1>Hi! You need to login.</h1>
<form method="POST" action="/MyApp/Login">
Usuario: <input type="text" name="username" /> Password: <input
type="password" name="password" /> <input type="submit"
value="Send" />
</form>
</body>
</html>
您在哪里检查表单输入中输入的用户名和密码是否正确。您是通过查询数据库进行身份验证,还是通过匹配代码中设置的用户名和密码值进行身份验证?我相信这会给你一个线索。确保来自表单输入的用户名和密码与代码中设置的用户名和密码匹配。如果您有任何其他问题,请告诉我。如果这解决了您的问题,请将其标记为正确答案
response.setContentType("text/html");
String msg = " ";
String username = request.getParameter("username");
String password = request.getParameter("password");
try {
if (username.equals("nick") && password.equals("nick_password")) {
nextPage = "HELLO" + username + "! Your login is SUCESSFULL";
} else {
nextPage = "HELLO" + username + "!Your login is UNSUCESSFULL";
}
}// close try
在使用
JDBCRealm
时,最好将容器管理的安全性
用于应用程序身份验证/授权
,而不是从应用程序代码(您正在这样做)中处理
因此,我们允许服务器处理此问题,这意味着根据使用基于表单的身份验证(您正在使用)将类似于:
首先是表格:
<form action="j_security_check" method="POST">
Username:<input type="text" name="j_username" placeholder="Username" />
Password:<input type="password" name="j_password" placeholder="Password" />
<input type="submit" value="Log In" />
</form>
我们不能忘记数据保护
(您已经有了):
因此,角色被映射到真实存储库中存在的实际组名。(这是直接在应用服务器上创建的)
为了实现这一点,我们需要在DB
中创建一个表
,以定义用户组
此处的领域
是在服务器管理控制台
中创建的
在GlassFish中,请访问:
配置>>服务器配置>>安全>>领域
下面是一个领域配置的示例
谢谢你的回答。在尝试我发布的解决方案之前,我从您建议的解决方案开始。我用我遇到的问题更新了我的问题。你能添加更多关于数据库映射方式、jdbcRealm配置方式以及正在使用哪个应用服务器的详细信息吗?此外,编辑的代码似乎有点不对劲,我看不出你在哪里使用tareas
或username
,因为你正在传递dao.getUserByName(name)
我认为缺少一些代码,请您编写完整的代码好吗??您认为转发
是验证/身份验证后servlet响应的最佳解决方案吗?身份验证通过JDBC域实现
response.setContentType("text/html");
String msg = " ";
String username = request.getParameter("username");
String password = request.getParameter("password");
try {
if (username.equals("nick") && password.equals("nick_password")) {
nextPage = "HELLO" + username + "! Your login is SUCESSFULL";
} else {
nextPage = "HELLO" + username + "!Your login is UNSUCESSFULL";
}
}// close try
<form action="j_security_check" method="POST">
Username:<input type="text" name="j_username" placeholder="Username" />
Password:<input type="password" name="j_password" placeholder="Password" />
<input type="submit" value="Log In" />
</form>
<security-constraint>
<display-name>securityConstraint1</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<description />
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>appUser</role-name>
<role-name>appAdmin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>securityConstraint2</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<description />
<url-pattern>/protected/admni/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>appAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>appRealm</realm-name>
<form-login-config>
<form-login-page>/index.xhtml</form-login-page>
<form-error-page>/public/forbidden.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>appUser</role-name>
</security-role>
<security-role>
<role-name>appAdmin</role-name>
</security-role>
<error-page>
<error-code>403</error-code>
<location>/public/forbidden.xhtml</location>
</error-page>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<security-role-mapping>
<role-name>appUser</role-name>
<group-name>1</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>appAdmin</role-name>
<group-name>2</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>