[英]How to authenticate user according to their role?
我需要幫助驗證用戶身份,我的數據庫有一個名為rol的表,其屬性為rol,該rol可以是admin或employee,我希望當用戶登錄時如何以管理員身份管理下一個jsp顯示(main.jsp)以及何時rol =員工顯示(main-act.jsp),我將查詢的代碼附加到用戶的身份驗證中,然后登錄:
public class mysqlquery extends Conexion{
Connection con = null;
public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}
public class login extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
if(co.autenticacion(name, password)){
HttpSession objsesion = request.getSession(true);
objsesion.setAttribute("name", name);
//objsesion.setAttribute("rol", rol);
response.sendRedirect("main.jsp");
}else {
response.sendRedirect("index.jsp");
}
}
您可以在名為userRole的mysql查詢類上添加一個字段,並在autenticacion方法調用中存儲從數據庫中檢索到的角色的值,如下所示:
public class mysqlquery extends Conexion{
Connection con = null;
private String userRole;
public String getUserRole() { return userRole; }
public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
userRole = rs.getString("role");
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}
然后在Servlet中像這樣修改它:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
boolean canAuthenticate = co.autenticacion(name, password);
if(canAuthenticate && co.getUserRole().equals("admin")){
//go to admin page
} else if (canAuthenticate && co.getUserRole().equals("employee")) {
//go to employee page
} else {
response.sendRedirect("index.jsp");
}
}
通過這種方式,您可以確定用戶是否可以進行身份驗證(具有正確的用戶名和密碼)並根據其角色在頁面上將其重定向。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.