我一直在深入研究如何在 servlet 中对登录尝试进行验证。
举个例子。
1(如果用户登录的密码不正确//它将返回登录页面
2(用户只有3次尝试。
3( 第三次尝试登录失败后。他们将被禁止 10 分钟
登录.jsp
<form action = "loginController">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" value="Submit"/>
</form>
至于我们的servlet文件
loginController.java
我知道我们必须将会话分配给用户名,以便每个用户名都会附加一个唯一的会话ID,但我真的不确定我们如何做到这一点。
doPost(HttpServletRequest...)
{
String name = request.getParameter("username");
String pass = request.getParameter("password");
//we will create session and append it to username
HttpSession session = request.getSession(true);
session.setAttribute("username" , name);
//what im really unsure is how we can get the sessionID to telly with the username
int countAttempt = new Integer(0);
if(countAttempt <= 3){
response.sendRedirect("login.jsp");
} else if(countAttempt == 3){
//This will ban users to log in for 10mins....
}
这在我之前模块的核心 Java 平台中很容易实现,而对于 servlet,其他需要我们与控制器通信并返回 jsp 的 servlet 是一个相当大的挑战。
任何帮助都将得到极大的赞赏
我希望这能帮助您找出问题,在我的解决方案中,我正在向携带当前登录尝试的会话"计数"添加新属性
doPost(HttpServletRequest...)
{
String name = request.getParameter("username");
String pass = request.getParameter("password");
//we will create session and append it to username
HttpSession session = request.getSession(true);
session.setAttribute("username" , name);
session.setAttribute("count",new Integer(0));
int countAttempt = ((Integer)session.getAttribute("count")).intValue();
//what im really unsure is how we can get the sessionID to telly with the username
if(countAttempt <= 3){
session.setAttribute("count",++countAttempt);
response.sendRedirect("login.jsp");
} else if(countAttempt == 3){
//This will ban users to log in for 10mins....
}
像下面的答案会给你一个关于实现的简要想法
//inside servlet
int login_attempts = 3;
protected void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
String email = request.getParameter("email");
String pass = request.getParameter("password");
try{
Connection con = DBConnection.getConnection();
PreparedStatement ps =con.prepareStatement("select * from user
where mail=? and password=? and account_lock=0 ");
ps.setString(1, email);
ps.setString(2, pass);
ResultSet rs =ps.executeQuery();
if(rs.next())
{
String userdbName = rs.getString("user_name");
String customer_id = rs.getString("customer_id");
/*String account_status = rs.getString("account_lock");
int bool1 = Integer.parseInt(account_status);
*/
HttpSession session=request.getSession();
session.setAttribute("name",userdbName);
session.setAttribute("cid",customer_id);
response.sendRedirect("personal/home.jsp");
}
else{
if(login_attempts==0)
{
System.out.println("No Login Attempts Available");
}
else
{
login_attempts=login_attempts-1;
System.out.println("Login Failed Now Only "+login_attempts+"
Login Attempts Available");
if(login_attempts==0)
{
System.out.println("your account block.contact admin for
login.");
}
}
}
response.sendRedirect("login.jsp");
}
}
catch(Exception e)
{
e.printStackTrace();
}
}