package cn.itcast.domain; public class User { private int id; private String username; private String password; private String email; public int getId() { return id; } public void setId(int id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } }
package cn.itcast.domain; public class User { private int id; private String username; private String password; private String email; public int getId() { return id; } public void setId(int id) { this.id = id; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } }
页面显示/login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>My JSP 'index.jsp' starting page</title> </head> <body> ${requestScope["login.message"]}<br> <form action="${pageContext.request.contextPath}/login" method="post"> username:<input type="text" name="username"><br> password:<input type="password" name="password"><br> <input type="submit" value="登录"> </form> </body> </html>执行提交到
package cn.itcast.web.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import cn.itcast.domain.User; import cn.itcast.exception.LoginException; import cn.itcast.service.UserService; public class LoginServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // 1.得到用户名与密码 String username = request.getParameter("username"); String password = request.getParameter("password"); // 2.封装属性到javaBean User user = new User(); user.setUsername(username); user.setPassword(password); // 3.调用service中登录方法 UserService service = new UserService(); User existUser = null; try { existUser=service.login(user); if (existUser == null) { // 代表用户名或密码错误,存储错误信息在request域,请求转发到 login.jsp request.setAttribute("login.message", "用户名或密码错误"); request.getRequestDispatcher("/login.jsp").forward(request, response); return; } else { request.getSession().setAttribute("user", existUser);存到session中 response.sendRedirect(request.getContextPath() + "/success.jsp"); return; } } catch (LoginException e) { request.setAttribute("login.message", e.getMessage()); request.getRequestDispatcher("/login.jsp").forward(request, response); return; } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } } package cn.itcast.service; import java.sql.SQLException; import cn.itcast.dao.UserDaoImpl; import cn.itcast.domain.User; import cn.itcast.exception.LoginException; public class UserService { // service层的登录方法 public User login(User user) throws LoginException { User existUser = null; try { existUser = new UserDaoImpl().findUser(user); } catch (SQLException e) { e.printStackTrace(); throw new LoginException("登录失败"); } return existUser; } } package cn.itcast.exception; public class LoginException extends Exception { public LoginException() { super(); } public LoginException(String message, Throwable cause) { super(message, cause); } public LoginException(String message) { super(message); } public LoginException(Throwable cause) { super(cause); } }封装
package cn.itcast.dao; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import cn.itcast.domain.User; import cn.itcast.exception.LoginException; import cn.itcast.utils.JdbcUtils; public class UserDaoImpl implements UserDao{ // 查找用户---使用Statement完成登录操作,存在风险(sql注入) public User findUser(User user) throws SQLException { // 1.sql语句 String sql = "select * from user where username='" + user.getUsername() + "' and password='" + user.getPassword() + "'"; // 2.执行sql Connection con = null; Statement st = null; ResultSet rs = null; try { con = JdbcUtils.getConnection(); st = con.createStatement(); rs = st.executeQuery(sql); if (rs.next()) { // 如果可以next,代表查找到了这个用户的信息,就将结果集中的信息封装到User对象中. User u = new User(); u.setId(rs.getInt("id")); u.setUsername(rs.getString("username")); u.setPassword(rs.getString("password")); u.setEmail(rs.getString("email")); return u; } } finally { try { JdbcUtils.closeResultSet(rs); JdbcUtils.closeStatement(st); JdbcUtils.closeConnection(con); } catch (SQLException e) { e.printStackTrace(); } } return null; } // 使用PreparedStatement来完成操作,它可以解决sql注入. public User findUser(User user) throws SQLException { // 1.sql语句 String sql = "select * from user where username=? and password=?"; // 2.执行sql Connection con = null; PreparedStatement pst = null; ResultSet rs = null; try { con = JdbcUtils.getConnection(); pst = con.prepareStatement(sql); pst.setString(1, user.getUsername()); pst.setString(2, user.getPassword()); rs = pst.executeQuery();// 无参数 if (rs.next()) { // 如果可以next,代表查找到了这个用户的信息,就将结果集中的信息封装到User对象中. User u = new User(); u.setId(rs.getInt("id")); u.setUsername(rs.getString("username")); u.setPassword(rs.getString("password")); u.setEmail(rs.getString("email")); return u; } }finally { try { JdbcUtils.closeResultSet(rs); JdbcUtils.closeStatement(pst); JdbcUtils.closeConnection(con); } catch (SQLException e) { e.printStackTrace(); } } return null; } } package cn.itcast.dao; import cn.itcast.domain.User; public interface UserDao { public User findUser(User user) throws Exception; } <%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>My JSP 'index.jsp' starting page</title> </head> <body>登录成功:${user.username} </body> </html>
注册
