【问题标题】:Java Servlet/JSP: Checking whether role is NULL or admin in DatabaseJava Servlet/JSP:检查数据库中的角色是 NULL 还是 admin
【发布时间】:2019-03-31 07:47:12
【问题描述】:

我创建了以下函数,它应该检查我的数据库中的“role”列是否包含管理员或Null(这意味着它是普通用户)。我尝试在我的 Servlet 类 中对其进行测试,如下面的代码所示,但它每次都将我 重定向USER JSP 页面。我的checkRole() 方法有什么错误吗?提前谢谢你。

checkRole()方法

public static boolean checkRole() {

    boolean find = false;
    PreparedStatement pst = null;  
    ResultSet rs = null;  
    try(Connection conn= ConnectionConfiguration.getConnection()){
        pst = conn.prepareStatement("SELECT * FROM users WHERE role=?;");  
        pst.setString(1, role);  
        rs = pst.executeQuery();
        while (rs.next()) {
       if (rs.getString("role").equals("admin") {
           find = true;
            } else {find = false;}
        }
    } catch (SQLException e) {
        e.printStackTrace();
    }
    return find;  
}

SERVLET 代码

        { 
                String pass1 = request.getParameter("password");
                String email = request.getParameter("email");

            //checks whether user credentials are right and if it is admin
                if(User.validate(email,pass1) && User.checkRole()){

                    request.setAttribute("email",request.getParameter("email"));
                    request.setAttribute("pass", request.getParameter("password"));
                    s.invalidate();
                    forwardTo(ctx, request, response, "/Admin.jsp");
                }

     //checks whether user credentials are right and if it is a regular user
                else if (User.validate(email, pass1) && !User.checkRole()) {

                        request.setAttribute("email",request.getParameter("email"));
                        request.setAttribute("pass", request.getParameter("password"));
                        s.invalidate();
                        forwardTo(ctx, request, response, "/RegularUser.jsp");
                    }

                else {

                    //show some error message

                }
            }

【问题讨论】:

    标签: java jsp servlets user-roles


    【解决方案1】:

    在 checkRole() 方法中,您需要在找到管理员后跳出 while 循环,否则您的“find”布尔值可能会在下一次迭代时再次设置为 false。

    【讨论】:

      【解决方案2】:

      更改您的 checkRole 方法,如

      public static boolean checkRole(String email) {
      
          boolean find = false;
          PreparedStatement pst = null;  
          ResultSet rs = null;  
          try(Connection conn= ConnectionConfiguration.getConnection()){
              pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");  
              pst.setString(1, email);  
              rs = pst.executeQuery();
              if(rs.next()) {
                 find = true;
              }
          } catch (SQLException e) {
              e.printStackTrace();
          }
          return find;  
      }
      

      在你的 servlet 代码中写下 if 条件

       if(User.validate(email,pass1) && User.checkRole(email))
      

      【讨论】:

      • 你的sql语句会报错。缺少星号(或字段)
      • 其实我是用手机写的这个答案,所以我错过了!
      【解决方案3】:

      如果您的用户表中有超过 1 个具有不同角色的用户,您的 checkRole() 方法将始终评估为 true。因为您正在选择字段角色属于某种类型的所有行。如果你的 users 表中存在某种角色类型,它永远是真的......

      就像其他答案已经提到的那样,您需要传递一个唯一标识符。查询应该如何知道您正在为哪个用户检查角色?在大多数应用程序中,这是由 user_id/id 字段完成的,但由于您在这里只有电子邮件,因此您也可以使用它。我会这样做:

      public static boolean isAdmin(String email) {
      
      boolean check = false;
      PreparedStatement pst = null;  
      ResultSet rs = null;  
      try(Connection conn= ConnectionConfiguration.getConnection()){
          pst = conn.prepareStatement("SELECT * FROM users WHERE email =? and role='admin';");  
          pst.setString(1, email);  
          rs = pst.executeQuery();
         check = rs.next(); // if the resultSet has results, then check will evaluate to true
      
      } catch (SQLException e) {
          e.printStackTrace();
      }
      return check;  
      }
      

      然后为您的 servlet:

             { 
                          String pass1 = request.getParameter("password");
                          String email = request.getParameter("email");
      
               //first check if valid login details (seperate it out so you can be more specific in the error you give back, and you don't have to repeat yourself)
               if(User.validate(email,pass1)){
                   // s.invalidate(); //this isn't really necessary here, normally you invalidate the session variables when the user logs out. If a different user logs in (whilst one is already logged in), then any session variables you have set would override it.
                    String url = "/RegularUser.jsp";
                    String role = "regular";
                    //now check if user is admin
                    if(User.isAdmin(email)){
                      url = "/Admin.jsp" 
                      role = "admin";
                    }
                //set your session variables
                //s.setAttribute("user_email", email);
                //s.setAttribute("user_role", role);
      
                 forwardTo(ctx, request, response, url);
      
               }else{
      
              //wrong login details - set values back in form
              request.setAttribute("email",email); 
              request.setAttribute("pass", pass1);
              forwardTo(ctx, request, response, "/Login.jsp");
               }
      }
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 2011-01-12
        • 2012-05-16
        • 1970-01-01
        • 2011-06-30
        • 1970-01-01
        • 1970-01-01
        • 2018-05-09
        • 2011-01-12
        相关资源
        最近更新 更多