User.java
package com.po; public class User implements java.io.Serializable { private String username; private String password; public User() { } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
UserDao.java
package com.dao; import com.po.User; // 用户的业务逻辑类 public class UserDao { public static boolean userLogin(User user) { if (user.getUsername().equals("admin") && user.getPassword().equals("admin")) { return true; } else { return false; } } }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> </web-app>
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>welcome</title> </head> <body> <form action="checking.jsp" method="get"> <input type="text" name="username" value="" placeholder="username"> <input type="password" name="password" value="" placeholder="password"> <%-- JavaBean的属性要与input标签的name保持一致,这样才能通过jsp:setProperty自动设置所创建对象的属性 --%> <input type="submit"/> </form> JSESSIONID=<%=request.getSession().getId()%> </body> </html>
checking.jsp
<%@ page import="com.dao.UserDao" %> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>waiting</title> </head> <body> <jsp:useBean id="user" class="com.po.User" scope="page"/> <%-- 如果使用其它更大的作用域,会发现只要成功登陆一次,之后即使密码错误也能成功登陆 --%> <jsp:setProperty name="user" property="*"/> <%-- 请求重定是客户端行为,不会携带上一次请求的信息 --%> <%-- 请求分派是服务端行为,请求的信息会一直传递下去 --%> <% if (UserDao.userLogin(user)) { request.getRequestDispatcher("LoginSuccess.jsp").forward(request, response); } else { response.sendRedirect("LoginFailure.jsp"); } %> </body> </html>
LoginFailure.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> 登陆失败<br> </body> </html>
LoginSuccess.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> 登陆成功<br> </body> </html>
【一些问题】
1、无法避免URL重写。。。---------> 改成 POST 即可
2、通过URL绕开登陆界面直接登陆。。。
【添加的小功能】
package com.status; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; import java.util.Stack; public class Online implements HttpSessionListener{ private static Stack<String> online = new Stack<>(); public static Stack<String> getOnline() { return online; } @Override public void sessionCreated(HttpSessionEvent httpSessionEvent) { online.push(httpSessionEvent.toString()); } @Override public void sessionDestroyed(HttpSessionEvent httpSessionEvent) { online.pop(); } }
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> <session-config> <session-timeout>1</session-timeout> </session-config> <listener> <listener-class> com.status.Online </listener-class> </listener> </web-app>
<%@ page import="com.status.Online" %> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> 登陆成功<br> <hr> 在线用户:<br> <% int i = 0; for (String user: Online.getOnline()) { out.print(++i + "、" + user + "<br>"); } %> </body> </html>
事实上并不需要真正登陆,只要访问服务器下面的任何页面就算“在线”了。。。(因为这些行为都会导致JVM创建session)