我有一个登录servlet,成功登录后,我希望用户
/login/{用户名}/
如何将username放在URL中以供发布?
我已经查找了这样的答案,但不明白如何实际实现我的目标。我想坚持使用servlet,避免使用诸如JAX-RS等技术。
这是我的登录逻辑实现:
private void login_doIT(HttpServletRequest request, HttpServletResponse response) throws SQLException, InvalidKeySpecException, NoSuchAlgorithmException, ServletException, IOException {
String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
pst = c.prepareStatement(query);
pst.setString(1,userInput);
rs = pst.executeQuery();
while (rs.next()){
imiya = rs.getString("user_name");
kyuch = rs.getString("key");
kodom = rs.getBytes("nitrate");
}
EncryptClass instance = new EncryptClass(2048,100000);
if(instance.chkPass(pass,kyuch,kodom) && imiya.equals(userInput)){
HttpSession session = request.getSession();
session.setAttribute("userLogged",userInput);
request.setAttribute("title",userInput);
String pathInfo = request.getPathInfo();
if(pathInfo!=null || !pathInfo.isEmpty()){
String[] pathArr = pathInfo.split("/");
String val = pathArr[1];//{username}
//now what??.....
}
request.getRequestDispatcher("/LoginLanding.jsp").forward(request,response);
} else {
request.setAttribute("message", message);
request.getRequestDispatcher("/index.jsp").include(request,response);
}
}
这是web.xml:
<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>AuthPack.ServletLogin</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login/*</url-pattern>
</servlet-mapping>
我提交表格后,URL变为
/login
但我想要这样的:
/login/{用户名}
优选:
/{用户名}
您必须使用URL重写器或过滤器。
这是使用过滤器方法的示例:
在您的登录servlet 而不是去登录landing.jsp您将重定向到过滤器,例如So :
//REDIRECT TO filter
response.sendRedirect("/user/"+userInput);
要创建一个过滤器,它与创建servlet非常相似,您可以选择创建这样的映射( web.xml ):
<filter>
<display-name>UserFilter</display-name>
<filter-name>UserFilter</filter-name>
<filter-class>filters.UserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UserFilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
您的过滤器应该看起来像这样:
public class UserFilter implements Filter {
public UserFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
String requri = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest) request).getContextPath().length() + 1);
HttpSession session = (((HttpServletRequest) request).getSession());
String RequestedUsername = null;
if(requri.contains("user/")){
//get the username after "user/"
RequestedUsername=requri.substring(5);
if(!RequestedUsername.isEmpty()){
//if not empty set session
session.setAttribute("loggedInUser",RequestedUsername);
}
}
//forward to servlet which will set user details etc... (just get the user session variable from there) in that servlet you forward to landinglogin.jsp
request.getRequestDispatcher("/profile").forward(request, response);
}
在此代码中,您期望参数位于您的servlet中的dopost()方法中访问的httpservletrequest.getParameter()中的可用内容:
String userInput = request.getParameter("user_name");
String pass = request.getParameter("pass");
,但您不显示您是否是a)将请求提交为帖子或b)从您的servlet中的dopost()访问这些请求。
您可以使用httpservletrequest.getpathinfo()(请参阅此链接)
在路径上访问参数信息。String extraPathInfo = request.getPathInfo();
// If extraPathInfo is not null, parse it to extract the user name
String pass = request.getParameter("pass");
如果您的servlet可以在/登录处可用,并且您将用户名附加到了(例如/login/loyuser/),则getPathinfo()将返回,尽管您可能需要检查是否包含slashes。
顺便说一句,为登录功能执行此操作会创建安全漏洞。与其将用户名放在路径上,不如简单地将用户名和密码作为发布参数。