[英]How to authenticate user according to their role?
I need help to authenticate a user,my database have a table called person with the attribute rol, the rol can be admin or employee, i want that when the user logins how admin the next jsp display (main.jsp) and when the rol = employee displays (main-act.jsp), I append my code from query for a authentication for the user, and the login: 我需要帮助验证用户身份,我的数据库有一个名为rol的表,其属性为rol,该rol可以是admin或employee,我希望当用户登录时如何以管理员身份管理下一个jsp显示(main.jsp)以及何时rol =员工显示(main-act.jsp),我将查询的代码附加到用户的身份验证中,然后登录:
public class mysqlquery extends Conexion{
Connection con = null;
public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}
public class login extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
if(co.autenticacion(name, password)){
HttpSession objsesion = request.getSession(true);
objsesion.setAttribute("name", name);
//objsesion.setAttribute("rol", rol);
response.sendRedirect("main.jsp");
}else {
response.sendRedirect("index.jsp");
}
}
You can add a field on your mysql query class called userRole and store the value of the role retrieved from the database on the autenticacion method call, like this: 您可以在名为userRole的mysql查询类上添加一个字段,并在autenticacion方法调用中存储从数据库中检索到的角色的值,如下所示:
public class mysqlquery extends Conexion{
Connection con = null;
private String userRole;
public String getUserRole() { return userRole; }
public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
userRole = rs.getString("role");
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}
And in the Servlet, modify it like this: 然后在Servlet中像这样修改它:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
boolean canAuthenticate = co.autenticacion(name, password);
if(canAuthenticate && co.getUserRole().equals("admin")){
//go to admin page
} else if (canAuthenticate && co.getUserRole().equals("employee")) {
//go to employee page
} else {
response.sendRedirect("index.jsp");
}
}
In this way you can decide if user can authenticate (have the right userName and Password) and redirect it on the page based on it's role. 通过这种方式,您可以确定用户是否可以进行身份验证(具有正确的用户名和密码)并根据其角色在页面上将其重定向。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.