上一篇博客提到,爲了安全起見,session常常用來保存用戶的登錄信息。那麼服務器是怎麼來實現的呢?這裏我簡單模擬一下。
- 第一步,編寫登錄主頁:
<!DOCTYPE html>
<html>
<head>
<title>登陸頁面</title>
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
</head>
<body>
<form action="/JavaWeb/LoginServlet" method="post">
用戶名:<input type="text" name="userName"/>
<br/>
密碼: <input type="text" name="userPwd"/>
<br/>
<input type="submit" value="登陸"/>
</form>
</body>
</html>
- 第二步,創建LoginServlet類,因爲是爲了獲取服務端資源信息,所以這裏用doGet方法來處理請求。實際處理過程肯定是需要查詢數據庫中的用戶信息的,這裏簡化了,旨在瞭解Session的用法即可。
package gz.itcast;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.setCharacterEncoding("utf-8");
//接收參數
String userName = request.getParameter("userName");
String userPwd = request.getParameter("userPwd");
//判斷登陸是否成功
if(userName.equals("劉小斌") && userPwd.equals("123456")) {
//登陸成功
//創建session對象
HttpSession session = request.getSession();
//把用戶數據保存在session域對象中
session.setAttribute("loginName", userName);
//跳轉到用戶主頁
response.sendRedirect(request.getContextPath()+"/IndexServlet");
} else {
//登陸失敗,請求重定向
response.sendRedirect(request.getContextPath() + "/fail.html");
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
- 爲請求成功創建的IndexServlet類:
package gz.itcast;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class IndexServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
String html = "";
//得到session對象
HttpSession session = request.getSession(false);
if(session==null){
//沒有登錄成功,跳轉到登錄頁面
response.sendRedirect(request.getContextPath()+"/login.html");
return;
}
//取出會話數據
String loginName = (String)session.getAttribute("loginName");
if(loginName==null){
//沒有登錄成功,跳轉到登錄頁面
response.sendRedirect(request.getContextPath()+"/login.html");
return;
}
html = "<html><body>歡迎回來," +loginName+ "</a></body></html>";
writer.write(html);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}
- 爲請求失敗創建的失敗頁面:
<!DOCTYPE html>
<html>
<head>
<title>信息提示頁面</title>
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="this is my page">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<!--<link rel="stylesheet" type="text/css" href="./styles.css">-->
</head>
<body>
<font color = red size = 3>用戶名或密碼輸入錯誤!請重新輸入。</font>
</br></br>
<a href="/JavaWeb/login.html">返回登陸頁面,重新輸入。</a>
</body>
</html>
工程的層次結構:
好了,下面打開tomcat服務器,看看效果:
輸入登陸界面的URL:
輸入錯誤登陸名或密碼:
跳轉到了出錯頁面:
輸入正確用戶名和密碼:
跳轉到用戶主頁:
注意,這時刷新用戶主頁或者進行一些其他的操作,用戶信息還在。除非會話消失,session域對象纔會消失。
操作過程中出現的一些問題:session類名寫錯了,發現了以後直接修改還不夠,必須到web.xml中配置,否則會出現404錯誤。當然了,如果重定向過程中把url寫錯了,會出現500錯誤。