【问题标题】:Blank Servlet with Stored Procedures带有存储过程的空白 Servlet
【发布时间】:2018-04-17 22:26:08
【问题描述】:

我是编程新手,所以对我来说有点难,但我正在尝试使用 java (servlet) 上的存储过程执行登录 (JSP),遗憾的是 servlet 页面只给了我一个空白页,并没有将我重定向到主页 homeAlumno.jsp(目前只有一个 Hello World 的 JSP),我使用的是 netbeans IDE 8.2(带有 Tomcat 服务器),数据库是 Oracle 11g Express Edition,有几个表,任何帮助或建议将不胜感激。

pd:第一次发帖,如果我发错了对不起:'D

这是代码

login.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login CEM</title>
    </head>
    <body style="text-align: center">
        <h1>Menú CEM</h1>
        <form method="POST" action="serv_login">
            <input type="text" name="usuario"  placeholder="Nombre"/>
            <input type="password" name="pass"  placeholder="Password" />
            <input type="submit" value="Login"/>
        </form>
    </body>
</html>

类连接(连接)

package modelo;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

    public class Conexion {
        private static Connection cnx = null;
       public static Connection obtener() throws SQLException,    ClassNotFoundException {
      if (cnx == null) {
         try {
         Class.forName("oracle.jdbc.OracleDriver");
         cnx =  DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe", "system", "123");
     } catch (SQLException ex) {
        throw new SQLException(ex);
     } catch (ClassNotFoundException ex) {
        throw new ClassCastException(ex.getMessage());
     }
  }
  return cnx;
 }
    public static void cerrar() throws SQLException {
          if (cnx != null) {
             cnx.close();
     }
   }
}

serv_login.java (servlet)

package controlador;

import java.io.IOException;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import modelo.Conexion;

/**
*
* @author asd
 */
@WebServlet(name = "serv_login", urlPatterns = {"/serv_login"})
public class serv_login extends HttpServlet {

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
    protected void processRequest(HttpServletRequest request,    HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");

    try {

        String usuario = request.getParameter("usuario");
        String pass = request.getParameter("pass");



        CallableStatement stmt = Conexion.obtener().prepareCall("{call LoginJava(?,?)}");

        stmt.setString(1, usuario);
        stmt.setString(2, pass);


        ResultSet rs = stmt.executeQuery();
        RequestDispatcher rd;

        rd = request.getRequestDispatcher("login.jsp");

        while(rs.next()) {

            if(rs.getString("NOMBRE_ALUMN").equals(request.getParameter("usuario")) && rs.getString("PASS_ALUMN").equals(request.getParameter("pass"))){                                            
                    request.getRequestDispatcher("homeAlumno.jsp"); 
                    rd.forward(request, response);  
                }else{
                    request.getRequestDispatcher("login.jsp");  
                    rd.forward(request, response);
                } 

            }

    } catch (SQLException ex) {
            ex.getMessage();

    } catch (ClassNotFoundException ex) {
        Logger.getLogger(serv_login.class.getName()).log(Level.SEVERE, null, ex);
        ex.getMessage();
    }

}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
 * Handles the HTTP <code>GET</code> method.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    processRequest(request, response);
}

/**
 * Handles the HTTP <code>POST</code> method.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    processRequest(request, response);
}

/**
 * Returns a short description of the servlet.
 *
 * @return a String containing servlet description
 */
@Override
public String getServletInfo() {
    return "Short description";
}// </editor-fold>

}

存储过程(Oracle DB)

create or replace procedure LoginJava(usuario ALUMNO.USU_ALUMN%type,
contraseña ALUMNO.PASS_ALUMN%type)                              
as 
    v_usuario ALUMNO.USU_ALUMN%type;
    v_contraseña ALUMNO.PASS_ALUMN%type;
begin
    select USU_ALUMN, PASS_ALUMN into v_usuario, v_contraseña from ALUMNO
    where USU_ALUMN = usuario and PASS_ALUMN = contraseña;           
    return;
end;

谢谢!

【问题讨论】:

    标签: java jsp servlets stored-procedures oracle11g


    【解决方案1】:

    这是你要做的:

    rd = request.getRequestDispatcher("login.jsp");
    
    ... some code ...
    
    request.getRequestDispatcher("homeAlumno.jsp"); 
    rd.forward(request, response);
    

    带有request.getRequestDispatcher("homeAlumno.jsp") 的行只是创建了一个全新的RequestDispatcher,然后将其丢弃(因为它没有保存到任何变量中)。在下一行中,您只需转发至login.jsp

    尝试执行以下操作:

    request.getRequestDispatcher("homeAlumno.jsp").forward(request, response);
    

    另一件事:在您的循环中,理论上您可以进行多次转发(如果您的程序返回多个记录)。为了以防万一,我会添加一个中断(或将while 替换为if)。

    还有一件事:我不是 Oracle 存储过程语法方面的专家,但您似乎没有从您的过程中返回任何结果集,因此您的循环体根本不会被执行(甚至一次)。

    尝试做这样的事情:

    select count(*) CNT from ALUMNO
    where USU_ALUMN = usuario and PASS_ALUMN = contraseña; 
    

    然后(而不是你的 while 循环):

    rs.next();
    if (rs.getInt("CNT") > 0) {
        // .. there is such a user, do the forward
    } else {
        // no such user, or password mismatch
    }
    

    如果你不介意的话,有几个建议。

    首先,您似乎计划将密码以纯文本形式存储在数据库中。这是一个坏主意:使用带盐的哈希,例如 BCrypt 之类的东西。这里有更多信息:https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/

    此外,您正在通过密码验证重新发明轮子。如果这不仅仅是一个几天后就会被丢弃的学生项目,我建议您查看 Spring Security(独立或在 Spring Boot 中)或类似的安全框架。这使得身份验证更加容易。

    【讨论】:

      猜你喜欢
      • 2013-10-06
      • 2014-01-27
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2023-04-04
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多