【发布时间】:2010-12-09 19:47:09
【问题描述】:
我目前在所有 jsp 文件的顶部包含以下内容:
<%@ include file="inc/inc_cookie_login.jsp"%>
<%@ include file="inc/inc_protect_page.jsp"%>
<%@ include file="inc/inc_log_access.jsp"%>
jsps 有分别check for cookie and set a user object in the session if cookie exists, prevents access to the jsp unless a session has been set, write to a text file the User IP, name, page accessed, etc.,@的scriptlet。
上面的 scriptlet 方法运行良好,但现在我设置了更好的服务器并且可以利用 web.xml 文件,我一直在重构我的应用程序以实现最佳实践。以上是在尖叫FIXME!我应该调查侦听器、过滤器吗?还是我目前的方法足够?
=== inc_cookie_login.jsp ====
<%@ page import="model.STKUser"%>
<%@ page import="model.STKUserCookie"%>
<%@ page import="data.STKUserDAO"%>
<%
if ( request.getSession().getAttribute("STKUserSession") == null) {
STKUserCookie userCookie = new STKUserCookie(request);
String userBadge = userCookie.getUserID();
STKUserDAO userDAO = new STKUserDAO();
STKUser user = userDAO.getUser(userBadge);
if (user != null) {
user.setIpAddress(request.getRemoteAddr());
userDAO.updateLoginCount(user);
request.getSession().setMaxInactiveInterval(36000); //set to 10 hours
request.getSession().setAttribute("STKUserSession", user);
}
}
%>
【问题讨论】:
标签: java web-applications jsp servlets