我正在 Spring MVC 中开发登录框架。我在没有会话的情况下这样做

I am working on a login framework in Spring MVC. I am doing it without session

任何人都可以向我解释如何在 spring 中使用会话对象,例如,会话必须在用户登录时启动,并且在同一用户注销时应被销毁。

下面是我没有会话的代码。

主控制器:

    @RequestMapping(value="/login", method=RequestMethod.GET)
public ModelAndView getLoginForm() {
    ModelAndView loginView = new ModelAndView("login");
    return loginView;
}

@RequestMapping(value="/check", method=RequestMethod.POST)
public ModelAndView processRequest(@RequestParam("email") String email, @RequestParam("password") String password, Student student) {
    ModelAndView logsuccess = new ModelAndView("logsuccess");
    ModelAndView loginView  = new ModelAndView("login");
    System.out.println("Entered email    : " + email);
    System.out.println("Entered password : " + password);

    student.setEmail(email);
    student.setPassword(password);

    Student s = st.validatingStudent(student);
    if(s==null) {
        ModelAndView loginErrView   = new ModelAndView("login","error","Username/password wrong");
        return loginErrView;
    } else {
        return logsuccess;
    }
}

验证方法:

    public Student validatingStudent(Student student) {
    List validStdt   = new ArrayList();
    String sql       = "select * from studentdb where email =  '"+ student.getEmail()+"' and password = '"+ student.getPassword() +"'";
    System.out.println("Entered Query: " + sql);
    int i=jt.queryForInt("select count(*) from studentdb where email =  '"+ student.getEmail()+"' and password = '"+ student.getPassword() +"'");
    if(i!=0)
        student = jt.queryForObject(sql, new ValidationRowMapper());
    else
        student=null;
        return student;
}

我看到了@SessionAttributes 注释,但有人认为这不是实现 Session 的最佳解决方案。

您应该使用 spring 安全来完成所有登录,这是一个简单的示例,使用 tymeleaf helloworld 模板。

    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
        xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

        <security:http auto-config="true">
                <security:intercept-url pattern="/keep-alive" access="permitAll" />
                <security:intercept-url pattern="/*" access="hasRole('USER')" />
                <security:form-login authentication-failure-url="/denied" />
                <security:session-management>
                        <security:concurrency-control max-sessions="10" expired-url="/expired" error-if-maximum-exceeded="true" />
                </security:session-management>
        </security:http>

        <security:authentication-manager>
                <security:authentication-provider>
                        <security:user-service>
                                <security:user name="greg" password="password" authorities="ROLE_USER" />
                        </security:user-service>
                </security:authentication-provider>
        </security:authentication-manager>

        <context:component-scan base-package="net.isban" />

        <context:property-placeholder location="classpath:application.properties" />

        <mvc:annotation-driven />

        <mvc:resources mapping="/resources/**" location="/resources/" />

        <bean id="templateResolver" class="org.thymeleaf.templateresolver.ServletContextTemplateResolver">
                <property name="prefix" value="/WEB-INF/views/" />
                <property name="suffix" value=".html" />
                <property name="templateMode" value="HTML5" />
        </bean>

        <bean id="templateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine">
                <property name="templateResolver" ref="templateResolver" />
        </bean>

        <bean class="org.thymeleaf.spring4.view.ThymeleafViewResolver">
                <property name="templateEngine" ref="templateEngine" />
        </bean>

</beans>

Tymeleaf 模板看起来像这样

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
        xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="" />
<meta name="author" content="" />

<title>Timeout POCC</title>

<link th:href="@{/resources/css/bootstrap.min.css}" rel="stylesheet" />
</head>
<body>
        <div class="container">
                <h2 th:text="${message}"></h2>
        </div>
        <!-- /container -->
        <script
                src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
        <script th:src="@{/resources/js/bootstrap.min.js}"></script>
        <script>
                $('body').click(function() {
                        var request = $.ajax({
                                url : "keep-alive",
                                type : "GET"
                        });
                });
        </script>
</body>
</html>

在 web.xml

中设置会话超时 
<session-config>
                <session-timeout>1</session-timeout>
                <tracking-mode>COOKIE</tracking-mode>
        </session-config>

您还需要实施自己的 [http://docs.spring.io/autorepo/docs/spring-security/4.1.0.RC1/apidocs/org/springframework/security/core/userdetails/UserDetailsService.html][UserDetailsService]