use*_*666 1 java servlets jdbc
我正在尝试在用户登录后使用所有用户字段创建用户对象,以便我可以从用户的类中检索任何给定的属性.这是User类.
public class User {
private String username;
private String password;
private String f_name;
private String l_name;
private String email;
private String dob;
private int user_id;
public User(){}
public User(String username, String password)
{
this.username = username;
this.password = password;
}
public User(String username, String password, String f_name, String l_name, String email, String dob, int user_id)
{
this.f_name = f_name;
this.l_name = l_name;
this.username = username;
this.password = password;
this.email = email;
this.dob = dob;
this.user_id = user_id;
}
我有所有领域的getter和setter.所有用户字段也存储在Oracle数据库中.
在我的Java Servlet中,我有以下代码来创建User对象并设置会话属性:
HttpSession session = request.getSession();
String username = request.getParameter("username").toString();
String password = request.getParameter("password").toString();
User user1 = new User(username, password);
session.setAttribute("username", username);
session.setAttribute("password", password);
如何仅使用用户名和密码创建包含所有用户字段的用户对象?
你应该有:
User对象引用和username和password字段保存登录业务逻辑的类.User包含所有数据对象的引用:f_name,l_name,email... ...和username除password.这应该是您应该保存为会话属性的对象.基本代码示例:
public class YourServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username").toString();
String password = request.getParameter("password").toString();
User user = new User(username, password);
UserBL userBL = new UserBL();
user = userBL.validateUser(user);
if (user != null) {
HttpSession session = request.getSession();
session.setAttribute("user", user);
} else {
request.setAttribute("errorMessage", "User is not valid.");
}
request.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public class UserBL {
String hashPassword(String password) {
//method to hash the password for security purposes
//for simplicity, just returning the same String
return password;
}
public User validateUser(User user) {
UserDAO userDao = new UserDAO();
//password should not be stored in plainText
//so let's hash it
String password = hashPassword(user.getPassword());
return userDao.getUserFromCredentials(user.getUsername(), password);
}
}
public class UserDAO {
public User getUserFromCredentials(String username, String password) {
//probably a query
Connection con = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
User user = null;
try {
con = ... //retrieve your database connection
//pretty basic query example, yours should be more secure
pstmt = con.prepareStatement("SELECT f_name, l_name, email, ... FROM users"
+ " WHERE username = ? AND password = ?");
pstmt.setString(1, username);
pstmt.setString(2, password);
rs = pstmt.executeQuery();
if (rs.next()) {
user = new User(rs.getString("f_name"), rs.getString("l_name"),
rs.getString("email"), ...);
}
} catch (Exception e) {
//handle the exception
e.printStacktrace();
} finally {
//close the resources
try {
rs.close();
pstmt.close();
con.close();
} catch (SQLException e) {
//handle the exception
e.printStacktrace();
}
}
return user;
}
}
| 归档时间: |
|
| 查看次数: |
5088 次 |
| 最近记录: |