登录尝试Servlet - 如果用户全部3次登录尝试失败,则禁用用户10分钟

时间:2017-08-11 09:41:19

标签: java jsp servlets

我一直在深入研究如何对servlet中的登录尝试进行验证。

举个例子。

1)如果用户登录密码错误//将返回登录页面
2)用户只有3次尝试 3)未能在第3次尝试登录后。他们将被禁止10分钟

login.jsp 

<form action = "loginController"> 
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" value="Submit"/>
</form>

至于我们的servlet文件
loginController.java

我知道我们必须将会话分配给用户名,这样每个用户名都会附加一个唯一的会话ID,但我真的不确定我们是如何做到的。

doPost(HttpServletRequest...)
{ 
String name = request.getParameter("username");
String pass = request.getParameter("password");

//we will create session and append it to username
HttpSession session = request.getSession(true);
session.setAttribute("username" , name);

//what im really unsure is how we can get the sessionID to telly with the username
int countAttempt = new Integer(0);
if(countAttempt <= 3){
response.sendRedirect("login.jsp");
} else if(countAttempt == 3){
//This will ban users to log in for 10mins....
}

这在我之前的模块中的核心java平台中很容易实现,其中servlet需要我们与控制器通信并返回到jsp是一个相当大的挑战。

任何帮助都会得到很大的帮助

2 个答案:

答案 0 :(得分:1)

我希望这可以帮助你弄清楚你的问题,在我的解决方案中,iam将新属性添加到会话“count”,其中包含当前的登录尝试

 doPost(HttpServletRequest...)
    { 
    String name = request.getParameter("username");
    String pass = request.getParameter("password");


    //we will create session and append it to username
    HttpSession session = request.getSession(true);
    session.setAttribute("username" , name);
    session.setAttribute("count",new Integer(0));
    int countAttempt = ((Integer)session.getAttribute("count")).intValue();
    //what im really unsure is how we can get the sessionID to telly with the username
    if(countAttempt <= 3){
    session.setAttribute("count",++countAttempt);
    response.sendRedirect("login.jsp");
    } else if(countAttempt == 3){
    //This will ban users to log in for 10mins....
    }

答案 1 :(得分:1)

如下面的答案将为您提供有关实施的简要介绍

//inside servlet
 int login_attempts = 3; 

protected void doPost(HttpServletRequest request, HttpServletResponse 
response) throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");
     PrintWriter out = response.getWriter();

     String email = request.getParameter("email");
     String pass = request.getParameter("password");

 try{

     Connection con = DBConnection.getConnection();
     PreparedStatement ps =con.prepareStatement("select * from user 
     where mail=? and password=? and account_lock=0 ");
     ps.setString(1, email);
     ps.setString(2, pass);
     ResultSet rs =ps.executeQuery();
     if(rs.next())
     { 
     String userdbName = rs.getString("user_name");
     String customer_id = rs.getString("customer_id");
     /*String account_status = rs.getString("account_lock");
      int bool1 = Integer.parseInt(account_status);
     */

     HttpSession session=request.getSession();  
     session.setAttribute("name",userdbName);  
     session.setAttribute("cid",customer_id);
     response.sendRedirect("personal/home.jsp"); 
     }

     else{
       if(login_attempts==0)
        {
         System.out.println("No Login Attempts Available");
        }
       else
        {
         login_attempts=login_attempts-1;
    System.out.println("Login Failed Now Only "+login_attempts+" 
         Login Attempts Available");
         if(login_attempts==0)
          {
         System.out.println("your account block.contact admin for 
         login.");
          }
        } 

     }  
     response.sendRedirect("login.jsp");

      }

      }
      catch(Exception e)
      {
       e.printStackTrace();
      }

     }
相关问题
最新问题