User.java
package com.po;
public class User implements java.io.Serializable {
private String username;
private String password;
public User() {
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}UserDao.java
package com.dao; import com.po.User; // 用户的业务逻辑类
public class UserDao {
public static boolean userLogin(User user) {
if (user.getUsername().equals("admin") && user.getPassword().equals("admin")) {
return true;
} else {
return false;
}
}
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>welcome</title>
</head>
<body>
<form action="checking.jsp" method="get">
<input type="text" name="username" value="" placeholder="username">
<input type="password" name="password" value="" placeholder="password">
<%-- JavaBean的属性要与input标签的name保持一致,这样才能通过jsp:setProperty自动设置所创建对象的属性 --%>
<input type="submit"/>
</form>
JSESSIONID=<%=request.getSession().getId()%>
</body>
</html>
checking.jsp
<%@ page import="com.dao.UserDao" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>waiting</title>
</head>
<body>
<jsp:useBean id="user" class="com.po.User" scope="page"/>
<%-- 如果使用其它更大的作用域,会发现只要成功登陆一次,之后即使密码错误也能成功登陆 --%>
<jsp:setProperty name="user" property="*"/>
<%-- 请求重定是客户端行为,不会携带上一次请求的信息 --%>
<%-- 请求分派是服务端行为,请求的信息会一直传递下去 --%>
<%
if (UserDao.userLogin(user)) {
request.getRequestDispatcher("LoginSuccess.jsp").forward(request, response);
} else {
response.sendRedirect("LoginFailure.jsp");
}
%>
</body>
</html>
LoginFailure.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
登陆失败<br>
</body>
</html>
LoginSuccess.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
登陆成功<br>
</body>
</html>
【一些问题】
1、无法避免URL重写。。。---------> 改成 POST 即可
2、通过URL绕开登陆界面直接登陆。。。
【添加的小功能】
package com.status; import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import java.util.Stack; public class Online implements HttpSessionListener{
private static Stack<String> online = new Stack<>(); public static Stack<String> getOnline() {
return online;
} @Override
public void sessionCreated(HttpSessionEvent httpSessionEvent) {
online.push(httpSessionEvent.toString());
} @Override
public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
online.pop();
}
}
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list> <session-config>
<session-timeout>1</session-timeout>
</session-config> <listener>
<listener-class>
com.status.Online
</listener-class>
</listener>
</web-app>
<%@ page import="com.status.Online" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
登陆成功<br>
<hr>
在线用户:<br>
<%
int i = 0;
for (String user: Online.getOnline()) {
out.print(++i + "、" + user + "<br>");
}
%>
</body>
</html>
事实上并不需要真正登陆,只要访问服务器下面的任何页面就算“在线”了。。。(因为这些行为都会导致JVM创建session)