【问题标题】:values are getting inserted in database but they should not值被插入到数据库中,但它们不应该
【发布时间】:2016-10-16 02:20:03
【问题描述】:

LoginServlet.java

package bean;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
    @Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html");
        try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);


            String name=request.getParameter("name");
            String password=request.getParameter("password");
            boolean status=false;
    try{
        Connection con=ConnectionProvider.getCon();
        String sql="select * from roles where name='" + name + "' and pass='" + password + "'";
        PreparedStatement stmt =con.prepareStatement(sql);
        String role="admin";                        
        ResultSet rs=stmt.executeQuery();
        if(rs.next())
        {
            status=true;
            role=rs.getString("role");
        }

         if(status){
        out.print("Welcome, "+name);
        HttpSession session=request.getSession();
        session.setAttribute("name",name);
        if(role!=null && role.equals("admin") ){   
          response.sendRedirect("create.html");

        }
        else {
           response.sendRedirect("create1.html");          

      }

    }
    else{
        out.print("Sorry, username or password error!");
        request.getRequestDispatcher("login.html").include(request, response);
    }
    }catch( SQLException | ServletException | IOException e){}


        }
}
}

create.html

<a href="LogoutServlet">Logout</a>
<a href="department.jsp">Create Department</a>
<a href="c_user.jsp">Create Users</a>
<hr/>

department.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>JSP Page</title>
</head>
<body>
  <h1>Create Department</h1>
<br>
<form action="DepartmentServlet">
    <table border="1">
        <tbody>
            <tr>
                <td>Company Name :</td>
                <td><input type="text" name="company" value="" size="50"    /></td>
            </tr>
            <tr>
                <td>Department Name</td>
                <td><input type="text" name="department" value="" size="50" />  </td>
            </tr>
            <tr>
                <td>Head Office :</td>
                <td><input type="text" name="place" value="" size="50"   /></td>
            </tr>

        </tbody>
    </table>
    <input type="reset" value="Clear" name="Clear" />
    <input type="submit" value="Submit" name="Submit" />
</form>
 </body>
</html>

DepartmentServlet.java

package bean; 

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


public class DepartmentServlet extends HttpServlet {   

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
   response.setContentType("text/html");
    try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);

            HttpSession session=request.getSession(false);
            if(session!=null){
                String name=(String)session.getAttribute("name"); 
                boolean status=false;
    try{
        String department=request.getParameter("department");
        String company=request.getParameter("company");
        String place=request.getParameter("place");

        Connection con=ConnectionProvider.getCon();
        String sql="insert into department(departmentname,company,place) values (?,?,?)";
        PreparedStatement pstmt =con.prepareStatement(sql);

        pstmt.setString(1,department); 
        pstmt.setString(2,company);
        pstmt.setString(3,place);

        int rs=pstmt.executeUpdate();
        if(rs>0){status=true;}
    }catch(Exception e){}
              if(status){
                out.print("Values have been inserted,"+name);
                request.getSession();}
              else 
              {
                  out.print("failed");
              }                  
              }
            else{
                out.print("Please login first");
                request.getRequestDispatcher("login.html").include(request, response);
            }
        }
}   
}

LogoutServlet.java

package bean;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LogoutServlet extends HttpServlet {
            @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
                try (PrintWriter out = response.getWriter()) {
                    request.getRequestDispatcher("link.html").include(request, response);

                    HttpSession session=request.getSession(false);
                    session.invalidate();

                    out.print("You are successfully logged out!");
                }
 }
 }

使用DepartmentServlet,我将值插入到数据库中。问题是,我可以在没有登录的情况下打开create.htmldepartment.jsp,即使我没有登录,值也会被插入到数据库中。我知道问题在于会话没有正确传递(使用)。我该如何解决?有人可以纠正吗?

【问题讨论】:

  • 代码墙问题在未来对其他人没有用处,并且通常不会得到好的答案。相反,创建一个minimal reproducible example
  • }catch( SQLException | ServletException | IOException e){} 可能很多重要信息没有在这里打印
  • 好的,但是如果我不能得到任何满意的答案,让我们再等大约 24 小时,我会发布一个新问题或编辑这个
  • @RahulGupta 24 小时后会发生什么?
  • 等待任何类型的答案好坏

标签: java jsp session servlets


【解决方案1】:

更改条件if(session != null)
if(session != null &amp;&amp; session.getAttribute("name") != null)

【讨论】:

  • 另一个问题,我可以通过直接输入 url 来打开 create.html 和 department.jsp,您可以检查一下吗?
  • @RahulGupta 如果可行,请接受答案。
  • 如果没有人回答第二部分,问题只能解决一半,我会接受。
【解决方案2】:

您必须实施过滤器以限制对 .jsp/.html 的访问,这将检查活动会话。如果未找到活动会话,则它将请求重定向到登录页面(在你案例链接。使用下面的 doFilter 方法实现

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        HttpSession session = request.getSession(false);

        if (session == null || session.getAttribute("name") == null) {
            response.sendRedirect(request.getContextPath() + "/link"); 
        } else {
            chain.doFilter(req, res); 
        }
    }

【讨论】:

    猜你喜欢
    • 2021-12-22
    • 1970-01-01
    • 2021-06-26
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2022-06-28
    相关资源
    最近更新 更多