[英]Java Spring - creating a single session for user handling
我正在开发一个应用程序,可能在会话处理中遇到了一个错误。
本质上有登录用户,注销用户和获取存储的用户。
-但是我认为当我调用这些函数时,每次都会创建一个不同的会话吗? 所以我试图创建一个控制器,可以创建一个会话并从中读取..但是我遇到了类似的错误-将getSession更改为static。
在我的主应用程序中,我将如何调用这些功能,并且只传递一个会话?
会话控制器看起来像这样。
package controller;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.json.simple.JSONObject;
@SuppressWarnings("serial")
public class SessionController extends HttpServlet{
HttpServletRequest request;
SessionController(HttpServletRequest request){
HttpSession session = request.getSession(true);
}
HttpSession getSession(){
HttpSession session = this.request.getSession(true);
return session;
}
@SuppressWarnings("unchecked")
public static JSONObject getLoggedUser() {
session = getSession();
JSONObject user = (JSONObject) session.getAttribute("user");
System.out.println("session getLoggedUser>>>"+session);
System.out.println("---session login user>>>"+session.getAttribute("user"));
return user;
}
public static void logUser(JSONObject object) {
session = getSession();
//store user details
session.setAttribute("user", object);
System.out.println("session login>>>"+session());
System.out.println("---session login user>>>"+session.getAttribute("user"));
}
public static void logOutUser() {
session = getSession();
session.removeAttribute("user");
System.out.println("session logout>>>"+session);
System.out.println("---session login user>>>"+session.getAttribute("user"));
}
}
在MyService中,我有一个这样的登录方法
@SuppressWarnings("unchecked")
@RequestMapping(value = "/login", method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
@ResponseBody
public ResponseEntity<?> login(
@RequestParam(value="email", required=false, defaultValue="email") String email,
@RequestParam(value="password", required=false, defaultValue="password") String password,
HttpServletRequest request
) throws Exception {
System.out.println("email email>>>"+email);
System.out.println("email password>>>"+password);
//find matching account with email
TblLogin checkAccount = tblLoginRepository.findByEmail(email);
if (checkAccount != null) {
//do the passwords match
if(passwordEncoder.matches(password, checkAccount.getPassword())) {
// Encode new password and store it
System.out.println("PASSWORD MATCH");
//build clean user object
JSONObject userDetails = new JSONObject();
//create user object
userDetails.put("id", checkAccount.getId());
userDetails.put("email", checkAccount.getEmail());
userDetails.put("password", checkAccount.getPassword());
userDetails.put("pin", checkAccount.getPin());
//attempt look up to get patient information and append to response
try {
TblPatient extInformation = tblPatientRepository.findByPatientID(checkAccount.getPin());
userDetails.put("forename", extInformation.getForename());
userDetails.put("surname", extInformation.getSurname());
userDetails.put("dateOfBirth", extInformation.getDateOfBirth());
userDetails.put("genderID", extInformation.getGenderID());
}
catch (Exception e) {
userDetails.put("forename", null);
userDetails.put("surname", null);
userDetails.put("dateOfBirth", null);
userDetails.put("genderID", null);
}
//store user in session
SessionController mySession = new SessionController(request);
mySession.logUser(userDetails);
//userDetails.put("session", session);
//System.out.println("session>>>"+session.getAttribute("user"));
//System.out.println("newAcc>>>"+checkAccount);
JSONObject response = ResponseWrapper(null, "success", "User found login succesful");
return new ResponseEntity<>(response, HttpStatus.OK);
} else {
//create error response
JSONObject response = ResponseWrapper(null, "error", "User passwords do not match");
//System.out.println("user PASSWORD error >>>"+response);
return new ResponseEntity<>(response, HttpStatus.OK);
}
} else{
//create error response
JSONObject response = ResponseWrapper(null, "error", "User has not been found");
//System.out.println("user does not exist >>>"+response);
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
我需要做类似的事情吗
HttpSession mySession = new SessionController();
更新1。
我有最新的代码库,如下所示。
getHome-将在会话中查询存储的用户
登录-将在会话中创建用户
注销-将删除会话中的用户
MyService类-现在我需要将mySession存储为全局变量-并仅将其构建一次? 在MyService控制器中的哪个位置,但它需要请求?
package controller;
@RestController
public class MyService {
//api/getHome
@SuppressWarnings("unused")
@RequestMapping(value = {"/api/getHome"}, method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
public ResponseEntity<?> getHome(
HttpServletRequest request
) throws Exception {
SessionController mySession = new SessionController(request);
JSONObject user = mySession.getLoggedUser();
System.out.println("logged in user"+ user);
//get Home Data
MyApiHome myApiHome = new MyApiHome();
JSONArray data = myApiHome.getHomeData();
System.out.println("myHomedata"+ data);
JSONObject response = ResponseWrapper(data, "success", "Fetching home data");
return new ResponseEntity<>(response, HttpStatus.OK);
//getHome service
}
@SuppressWarnings("unchecked")
@RequestMapping(value = "/login", method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
@ResponseBody
public ResponseEntity<?> login(
@RequestParam(value="email", required=false, defaultValue="email") String email,
@RequestParam(value="password", required=false, defaultValue="password") String password,
HttpServletRequest request
) throws Exception {
System.out.println("email email>>>"+email);
System.out.println("email password>>>"+password);
//find matching account with email
TblLogin checkAccount = tblLoginRepository.findByEmail(email);
if (checkAccount != null) {
//do the passwords match
if(passwordEncoder.matches(password, checkAccount.getPassword())) {
// Encode new password and store it
System.out.println("PASSWORD MATCH");
JSONObject userDetails = getUserData(checkAccount);
//store user in session
SessionController mySession = new SessionController(request);
JSONObject user = mySession.logUser(userDetails);
System.out.println("logged in user"+ user);
JSONObject response = ResponseWrapper(null, "success", "User found login succesful");
return new ResponseEntity<>(response, HttpStatus.OK);
} else {
//create error response
JSONObject response = ResponseWrapper(null, "error", "User passwords do not match");
//System.out.println("user PASSWORD error >>>"+response);
return new ResponseEntity<>(response, HttpStatus.OK);
}
} else{
//create error response
JSONObject response = ResponseWrapper(null, "error", "User has not been found");
//System.out.println("user does not exist >>>"+response);
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
@SuppressWarnings("unchecked")
@RequestMapping(value = "/logout", method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
public ResponseEntity<?> logout(
HttpServletRequest request
) throws Exception {
//List<TblLogin> acc = (List<TblLogin>) session.getAttribute("user");
//HttpSession session = request.getSession();
//session.removeAttribute("user");
//log user out of session
//SessionController.logOutUser(request);
SessionController mySession = new SessionController(request);
JSONObject user = mySession.logOutUser();
//create success response
JSONObject response = ResponseWrapper(null, "success", "User logged out");
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
这就是我的SessionController的样子。
package controller;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.json.simple.JSONObject;
@SuppressWarnings("serial")
public class SessionController {
private HttpServletRequest request;
SessionController(HttpServletRequest request){
//HttpSession session = request.getSession(true);
this.request = request;
}
HttpSession getSession(){
HttpSession session = this.request.getSession(true);
return session;
}
@SuppressWarnings("unchecked")
public JSONObject getLoggedUser() {
HttpSession session = getSession();
JSONObject user = (JSONObject) session.getAttribute("user");
System.out.println("session getLoggedUser>>>"+session);
System.out.println("---session login user>>>"+session.getAttribute("user"));
return user;
}
public JSONObject logUser(JSONObject object) {
HttpSession session = getSession();
//store user details
session.setAttribute("user", object);
JSONObject storedUser = (JSONObject) session.getAttribute("user");
System.out.println("session login>>>"+session);
System.out.println("---session login user>>>"+storedUser);
return storedUser;
}
public void logOutUser() {
HttpSession session = getSession();
session.invalidate();
//session.removeAttribute("user");
System.out.println("session logout>>>"+session);
System.out.println("---session login user>>>"+session.getAttribute("user"));
return null;
}
}
您误会了,该会话仅在登录后每次创建一次。 用户会话是在您的服务类mySession.logUser(userDetails);上创建的mySession.logUser(userDetails);
session.invalidate()比session.removeAttribute("user")更可取
我设法通过仅一次创建会话来解决此问题。 因此,发生的事情是我无意间获得了/设置了一个新的会话,而不是仅仅查看一个会话。
-因此会话控制器非常简单。
SessionController.java
package controller;
import javax.servlet.http.HttpSession;
import org.json.simple.JSONObject;
public class SessionController {
SessionController(){
}
public static JSONObject getLoggedUser(HttpSession session) {
JSONObject storedUser = (JSONObject) session.getAttribute("user");
return storedUser;
}
public static JSONObject logUser(JSONObject object, HttpSession session) {
//store user details
session.setAttribute("user", object);
JSONObject storedUser = (JSONObject) session.getAttribute("user");
return storedUser;
}
public static JSONObject logOutUser(HttpSession session) {
session.invalidate();
return null;
}
}
现在在我的服务控制器上-在这里,我创建一个会话,然后通过这些会话方法来泵送该会话。
MyService.java
package controller;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.List;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import freemarker.template.Configuration;
import services.MailService;
import services.SimpleEmailService;
import domain.TblLogin;
import repo.TblLoginRepository;
import domain.TblPatient;
import repo.TblPatientRepository;
@RestController
public class MyService {
@Autowired
private JavaMailSender mailSender;
@Autowired
private Configuration fmConfiguration;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private TblLoginRepository tblLoginRepository;
@Autowired
private TblPatientRepository tblPatientRepository;
private HttpSession session;
MyService(){
}
//api/getHome
@RequestMapping(value = {"/api/getHome"}, method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
public ResponseEntity<?> getHome(
//HttpServletRequest request
) throws Exception {
try {
//get logged in user from session
JSONObject user = SessionController.getLoggedUser(this.session);
}
catch (Exception e) {
}
//get Home Data
MyApiHome myApiHome = new MyApiHome();
JSONArray data = myApiHome.getHomeData();
JSONObject response = ResponseWrapper(data, "success", "Fetching home data");
return new ResponseEntity<>(response, HttpStatus.OK);
//getHome service
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
@ResponseBody
public ResponseEntity<?> login(
@RequestParam(value="email", required=false, defaultValue="email") String email,
@RequestParam(value="password", required=false, defaultValue="password") String password,
HttpServletRequest request
) throws Exception {
//find matching account with email
TblLogin checkAccount = tblLoginRepository.findByEmail(email);
if (checkAccount != null) {
//do the passwords match
if(passwordEncoder.matches(password, checkAccount.getPassword())) {
// Encode new password and store it
JSONObject userDetails = getUserData(checkAccount);
//create ONE session
this.session = request.getSession(true);
//store user in session
SessionController.logUser(userDetails, this.session);
JSONObject response = ResponseWrapper(null, "success", "User found login succesful");
return new ResponseEntity<>(response, HttpStatus.OK);
} else {
//create error response
JSONObject response = ResponseWrapper(null, "error", "User passwords do not match");
return new ResponseEntity<>(response, HttpStatus.OK);
}
} else{
//create error response
JSONObject response = ResponseWrapper(null, "error", "User has not been found");
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
@RequestMapping(value = "/logout", method = RequestMethod.GET)
@CrossOrigin(origins = {"*"})
public ResponseEntity<?> logout(
) throws Exception {
//logout user
SessionController.logOutUser(this.session);
//create success response
JSONObject response = ResponseWrapper(null, "success", "User logged out");
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
使用java,hibernate web应用程序一次限制用户登录单个会话而不使用spring
[英]Restrict a user login to single session at a time using java, hibernate web application without spring
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.