我是Spring MVC的完全新手,需要有关登录/注销功能的帮助。我已经找到了登录部分(我认为),但仍然在努力解决注销功能。我是否需要建立会话才能将用户注销?
控制器Java文件
@RequestMapping(value = "/Login.do")
public String Login(@ModelAttribute("searchVO") UserInfoVO searchVO, ModelMap model, HttpServletRequest request) throws Exception {
int check = sampleService.loginSample(searchVO);
String username = request.getParameter("registerUsername");
String password = request.getParameter("registerPassword");
if(check>0&&searchVO.getRegisterUsername()!=null){
return "forward:/Menu.do";
}
else{
return "sample/Login";
}
}
登录XML文件
<select id="leagueDAO.loginSample" parameterClass="userinfoVO" resultClass="int">
SELECT COUNT(*) totcnt
FROM REGISTER
WHERE 1=1
AND REGISTERUSERNAME = #registerUsername#
AND REGISTERPASSWORD = #registerPassword#
</select>
登录JSP页面
<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="text/css" rel="stylesheet" href="<c:url value='/css/egovframework/sample.css'/>"/>
<script type="text/javaScript" language="javascript" defer="defer">
function doLogin(){
document.listForm.action = "<c:url value='/Login.do?'/>";
}
function doRegisterPage(){
document.listForm.action = "<c:url value='/Register.do?'/>";
}
</script>
</head>
<br/>
<br/>
<br/>
<br/>
<body style="font-family:Arial; text-align: center; font-size:16px; margin-left:330px;">
<form:form commandName="loginForm" id="listForm" name="listForm" method="post">
<h1 style="padding-top: 40px; margin-bottom:-10px; width:280px; height:300px; text-align:center; font-family:Mistral; font-size:56px; color:#000000; margin-top: 50px; margin-left:330px;">Welcome!
<br/>
<input id="registerUsername" onKeydown="Javascript: if (event.keyCode==13) javascript:doLogin();" align="middle" name="registerUsername" style="border: 5px padding: 8px 0px 0px 2px; margin-top:10px; width:200px; height:30px; font-family:Arial; font-size:18px;" type="text"></input>
<input id="registerPassword" onKeydown="Javascript: if (event.keyCode==13) javascript:doLogin();" align="middle" name="registerPassword" style="border: 5px padding: 8px 0px 0px 2px; margin-top:10px; width:200px; height:30px; font-family:Arial; font-size:18px;" type="password"><br/></input>
<button onclick="javascript:doLogin()" style="cursor:pointer; margin-top:20px; width:208px; height:40px; font-family:Arial; font-size: 16px; color: #FFFFFF; background-color: #32CD32;">Sign In</button><br/>
<br/>
<button onclick="javascript:doRegisterPage()" style="cursor:pointer; margin-bottom:30px;width:208px; height:40px; font-family:Arial; font-size: 16px; color: #FFFFFF; background-color: #0000CD;">Create Account</button><br/>
</form:form>
</body>
</html>
编辑:
添加
时出现错误消息HttpSession session = request.getSession();
session.invalidate();
org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet action threw exception
java.lang.StackOverflowError
at javax.servlet.ServletRequestWrapper.getRemoteAddr(ServletRequestWrapper.java:260)
答案 0 :(得分:1)
您正在使用Spring MVC,而您似乎正在尝试实现自己的登录和注销功能。相反,我建议使用Spring Security来处理身份验证。
在pom.xml中,在依赖项部分
中添加这些内容 <dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
然后,您可以使用硬编码用户(auth.inMemoryAuthentication()
),数据库(auth.jdbcAuthentication()
)和其他方法(如LDAP)轻松配置身份验证。
创建自己的身份验证功能会带来很大的安全风险,而且我发现它适得其反,因为您基本上都在尝试重新发明轮子。对于学术或学习目的,特别是在信息安全方面,确定这是一个很好的练习。但是如果你的目标是要对Spring作为一个整体有很好的理解,那么也要学习Spring-Security。
答案 1 :(得分:0)
与登录方法类似,您可以在控制器中创建一个方法来获取会话并使其无效。当用户点击退出时调用此方法
HttpSession session = request.getSession();
session.invalidate();
答案 2 :(得分:0)
这里您没有在登录时创建任何会话。您只需重定向页面即可。 请参考此内容以创建登录和注销:http://docs.spring.io/spring-security/site/docs/4.0.x/reference/html/jc.html