2

我正在尝试在用户登录后创建一个包含所有用户字段的用户对象,以便我可以从用户的类中检索任何给定的属性。这是用户类。

public class User  {

private String username;
private String password;
private String f_name;
private String l_name;
private String email;
private String dob;
private int user_id;

public User(){}

public User(String username, String password)
{
    this.username = username;
    this.password = password;
}

public User(String username, String password, String f_name, String l_name, String email, String dob, int user_id)
{
    this.f_name = f_name;
    this.l_name = l_name;
    this.username = username;
    this.password = password;
    this.email = email;
    this.dob = dob;
    this.user_id = user_id;
}

我有所有领域的 getter 和 setter。所有用户字段也存储在 Oracle 数据库中。

在我的 Java Servlet 中,我有以下代码来创建用户对象并设置会话属性:

HttpSession session = request.getSession();

String username = request.getParameter("username").toString();
String password = request.getParameter("password").toString();

User user1 = new User(username, password);

session.setAttribute("username", username);
session.setAttribute("password", password);

如何仅基于用户名和密码创建具有所有用户字段的用户对象?

4

3 回答 3

5

你应该有:

  • 使用User对象引用和usernameandpassword字段保存登录业务逻辑的类。
  • 如果用户经过身份验证和验证,则它应该返回一个包含所有数据的 对象引用: , , ... 和除了. 这应该是您应该保存为会话属性的对象Userf_namel_nameemailusernamepassword
  • 如果用户提供了错误的凭据,那么您应该显示错误消息。

一个基本的代码示例:

public class YourServlet extends HttpServlet {
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
        String username = request.getParameter("username").toString();
        String password = request.getParameter("password").toString();
        User user = new User(username, password);
        UserBL userBL = new UserBL();
        user = userBL.validateUser(user);
        if (user != null) {
            HttpSession session = request.getSession();
            session.setAttribute("user", user);
        } else {
            request.setAttribute("errorMessage", "User is not valid.");
        }
        request.getRequestDispatcher("/login.jsp").forward(request, response);
    }
}

public class UserBL {
    String hashPassword(String password) {
        //method to hash the password for security purposes
        //for simplicity, just returning the same String
        return password;
    }

    public User validateUser(User user) {
        UserDAO userDao = new UserDAO();
        //password should not be stored in plainText
        //so let's hash it
        String password = hashPassword(user.getPassword());
        return userDao.getUserFromCredentials(user.getUsername(), password);
    }
}

public class UserDAO {
    public User getUserFromCredentials(String username, String password) {
        //probably a query
        Connection con = null;
        PreparedStatement pstmt = null;
        ResultSet rs = null;
        User user = null;
        try {
            con = ... //retrieve your database connection
            //pretty basic query example, yours should be more secure
            pstmt = con.prepareStatement("SELECT f_name, l_name, email, ... FROM users"
                + " WHERE username = ? AND password = ?");
            pstmt.setString(1, username);
            pstmt.setString(2, password);
            rs = pstmt.executeQuery();
            if (rs.next()) {
                user = new User(rs.getString("f_name"), rs.getString("l_name"),
                    rs.getString("email"), ...);
            }
        } catch (Exception e) {
            //handle the exception
            e.printStacktrace();
        } finally {
            //close the resources
            try {
                rs.close();
                pstmt.close();
                con.close();
            } catch (SQLException e) {
                //handle the exception
                e.printStacktrace();
            }
        }
        return user;
    }
}
于 2013-07-03T14:51:23.413 回答
0

这通常是数据库支持的用户名/密码身份验证的工作方式:

  1. 从用户那里获取用户名和密码。
  2. 使用用户名作为键从数据库中加载用户记录。
  3. 将给定的密码与存储的密码进行比较。或者更好的是,散列给定密码并与存储的数据库散列进行比较,因为不建议在数据库中以明文形式存储密码。
  4. 如果给定的密码(散列)等于存储的密码(散列),则允许用户继续前进。
于 2013-07-03T14:36:54.917 回答
0

只需写 f_name = ""; 或构造函数中所有字段的类似内容。它将所有这些字段创建为空字符串。

于 2013-07-03T14:34:32.443 回答