我一直在深入研究如何对servlet中的登录尝试进行验证。
举个例子。
1)如果用户登录密码错误//将返回登录页面
2)用户只有3次尝试
3)未能在第3次尝试登录后。他们将被禁止10分钟
login.jsp
<form action = "loginController">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" value="Submit"/>
</form>
至于我们的servlet文件
loginController.java
我知道我们必须将会话分配给用户名,这样每个用户名都会附加一个唯一的会话ID,但我真的不确定我们是如何做到的。
doPost(HttpServletRequest...)
{
String name = request.getParameter("username");
String pass = request.getParameter("password");
//we will create session and append it to username
HttpSession session = request.getSession(true);
session.setAttribute("username" , name);
//what im really unsure is how we can get the sessionID to telly with the username
int countAttempt = new Integer(0);
if(countAttempt <= 3){
response.sendRedirect("login.jsp");
} else if(countAttempt == 3){
//This will ban users to log in for 10mins....
}
这在我之前的模块中的核心java平台中很容易实现,其中servlet需要我们与控制器通信并返回到jsp是一个相当大的挑战。
任何帮助都会得到很大的帮助
答案 0 :(得分:1)
我希望这可以帮助你弄清楚你的问题,在我的解决方案中,iam将新属性添加到会话“count”,其中包含当前的登录尝试
doPost(HttpServletRequest...)
{
String name = request.getParameter("username");
String pass = request.getParameter("password");
//we will create session and append it to username
HttpSession session = request.getSession(true);
session.setAttribute("username" , name);
session.setAttribute("count",new Integer(0));
int countAttempt = ((Integer)session.getAttribute("count")).intValue();
//what im really unsure is how we can get the sessionID to telly with the username
if(countAttempt <= 3){
session.setAttribute("count",++countAttempt);
response.sendRedirect("login.jsp");
} else if(countAttempt == 3){
//This will ban users to log in for 10mins....
}
答案 1 :(得分:1)
如下面的答案将为您提供有关实施的简要介绍
//inside servlet
int login_attempts = 3;
protected void doPost(HttpServletRequest request, HttpServletResponse
response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
String email = request.getParameter("email");
String pass = request.getParameter("password");
try{
Connection con = DBConnection.getConnection();
PreparedStatement ps =con.prepareStatement("select * from user
where mail=? and password=? and account_lock=0 ");
ps.setString(1, email);
ps.setString(2, pass);
ResultSet rs =ps.executeQuery();
if(rs.next())
{
String userdbName = rs.getString("user_name");
String customer_id = rs.getString("customer_id");
/*String account_status = rs.getString("account_lock");
int bool1 = Integer.parseInt(account_status);
*/
HttpSession session=request.getSession();
session.setAttribute("name",userdbName);
session.setAttribute("cid",customer_id);
response.sendRedirect("personal/home.jsp");
}
else{
if(login_attempts==0)
{
System.out.println("No Login Attempts Available");
}
else
{
login_attempts=login_attempts-1;
System.out.println("Login Failed Now Only "+login_attempts+"
Login Attempts Available");
if(login_attempts==0)
{
System.out.println("your account block.contact admin for
login.");
}
}
}
response.sendRedirect("login.jsp");
}
}
catch(Exception e)
{
e.printStackTrace();
}
}