Spring MVC @SessionAttributes

Question

这是我的控制器代码：我在下面的“doLogin”方法中将我的对象放在一个地图中，我试图在我的“注销”函数中访问它，但是当我试图获取我的值时，我得到null值使用“map.get（key）”的会话属性

@Controller
@SessionAttributes(value={"session1"})
public class CredentialsController {

    @Autowired
     private Authentication authenticationDao;

    @Autowired
     private User userDao;

    @RequestMapping(value="/start",method=RequestMethod.GET)   //Default Method
    public  String  doStart(@ModelAttribute CredentialsBean credentialsBean)  
    {
        return "login";
    }

    @RequestMapping(value="/login",method=RequestMethod.GET)   //Default Method
    public  String  doLogin(@ModelAttribute CredentialsBean credentialsBean,Map<String,Object> map)
    {   
        String result="";
        if(credentialsBean!=null){
            if(authenticationDao.authenticate(credentialsBean)){
                String userType=authenticationDao.authorize(credentialsBean.getUserID());
                if(userType.equalsIgnoreCase("A")){

                    CredentialsBean cBean= authenticationDao.changeLoginStatus(credentialsBean, 1);
                    map.put("session1",cBean);  ----->Here I am putting the object inside a map .
                    result= "admin";
                    //map.put("username",credentialsBean.getProfileBean().getFirstName());
                }
                else{


                    CredentialsBean cBean=authenticationDao.changeLoginStatus(credentialsBean, 1);
                    map.put("session1",cBean.getUserID());
                    //System.out.println(cBean.getUserID());
                    result= "customer";

                    //map.put("username",credentialsBean.getProfileBean().getFirstName());
                }
            }
            else{
                result="ERROR";
            }
        }

        return result;
    }

    @RequestMapping(value="/logout",method=RequestMethod.GET)   //Default Method
    public  String  doLogout(Map<String,Object >  map)
    {
        CredentialsBean credentialsBean=(CredentialsBean)map.get("session1");

        //System.out.println(userID);
        System.out.println(credentialsBean.getUserID());
        if(credentialsBean!=null){
            if(userDao.logout(credentialsBean.getUserID())){
                return "logout";
            }
            else{
                return "error1";
            }

        }
        else{
            return "error";
        }
    }
}

Answer 1

这是我的方式：在你的doLogin方法中你应该添加HttpSession session ：

@RequestMapping(value="/login",method=RequestMethod.GET)   //Default Method
public  String  doLogin(@ModelAttribute CredentialsBean credentialsBean, HttpSession session)
{   
    String result="";
    if(credentialsBean!=null){
        if(authenticationDao.authenticate(credentialsBean)){
            String userType=authenticationDao.authorize(credentialsBean.getUserID());
            if(userType.equalsIgnoreCase("A")){

                CredentialsBean cBean= authenticationDao.changeLoginStatus(credentialsBean, 1);
                // add object to session
                session.setAttribute("session1",cBean);
                result= "admin";
                //map.put("username",credentialsBean.getProfileBean().getFirstName());
            }
            else{
                CredentialsBean cBean=authenticationDao.changeLoginStatus(credentialsBean, 1);
                session.setAttribute("session1",cBean);
                result= "customer";
            }
        }
        else{
            result="ERROR";
        }
    }

    return result;
}

请注意，你应该为了日后安全取回其添加到同类型的会话对象（因为现在你添加不同的对象cBean和cBean.getUserID()对于同一个密钥session1 ）

然后在您的注销中：

    @RequestMapping(value="/logout",method=RequestMethod.GET)   //Default Method
    public  String  doLogout(HttpSession session)
    {
        CredentialsBean credentialsBean=(CredentialsBean)session.getAttribute("session1");
       .....
}

但无论如何，既然你在这里实现login \\ logout，我鼓励你学习更多有关Spring Security的知识。