我正在 Spring MVC 中开发登录框架。我在没有会话的情况下这样做
I am working on a login framework in Spring MVC. I am doing it without session
任何人都可以向我解释如何在 spring 中使用会话对象,例如,会话必须在用户登录时启动,并且在同一用户注销时应被销毁。
下面是我没有会话的代码。
主控制器:
@RequestMapping(value="/login", method=RequestMethod.GET)
public ModelAndView getLoginForm() {
ModelAndView loginView = new ModelAndView("login");
return loginView;
}
@RequestMapping(value="/check", method=RequestMethod.POST)
public ModelAndView processRequest(@RequestParam("email") String email, @RequestParam("password") String password, Student student) {
ModelAndView logsuccess = new ModelAndView("logsuccess");
ModelAndView loginView = new ModelAndView("login");
System.out.println("Entered email : " + email);
System.out.println("Entered password : " + password);
student.setEmail(email);
student.setPassword(password);
Student s = st.validatingStudent(student);
if(s==null) {
ModelAndView loginErrView = new ModelAndView("login","error","Username/password wrong");
return loginErrView;
} else {
return logsuccess;
}
}
验证方法:
public Student validatingStudent(Student student) {
List validStdt = new ArrayList();
String sql = "select * from studentdb where email = '"+ student.getEmail()+"' and password = '"+ student.getPassword() +"'";
System.out.println("Entered Query: " + sql);
int i=jt.queryForInt("select count(*) from studentdb where email = '"+ student.getEmail()+"' and password = '"+ student.getPassword() +"'");
if(i!=0)
student = jt.queryForObject(sql, new ValidationRowMapper());
else
student=null;
return student;
}
我看到了@SessionAttributes 注释,但有人认为这不是实现 Session 的最佳解决方案。
您应该使用 spring 安全来完成所有登录,这是一个简单的示例,使用 tymeleaf helloworld 模板。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/keep-alive" access="permitAll" />
<security:intercept-url pattern="/*" access="hasRole('USER')" />
<security:form-login authentication-failure-url="/denied" />
<security:session-management>
<security:concurrency-control max-sessions="10" expired-url="/expired" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="greg" password="password" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<context:component-scan base-package="net.isban" />
<context:property-placeholder location="classpath:application.properties" />
<mvc:annotation-driven />
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean id="templateResolver" class="org.thymeleaf.templateresolver.ServletContextTemplateResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".html" />
<property name="templateMode" value="HTML5" />
</bean>
<bean id="templateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine">
<property name="templateResolver" ref="templateResolver" />
</bean>
<bean class="org.thymeleaf.spring4.view.ThymeleafViewResolver">
<property name="templateEngine" ref="templateEngine" />
</bean>
</beans>
Tymeleaf 模板看起来像这样
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Timeout POCC</title>
<link th:href="@{/resources/css/bootstrap.min.css}" rel="stylesheet" />
</head>
<body>
<div class="container">
<h2 th:text="${message}"></h2>
</div>
<!-- /container -->
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script th:src="@{/resources/js/bootstrap.min.js}"></script>
<script>
$('body').click(function() {
var request = $.ajax({
url : "keep-alive",
type : "GET"
});
});
</script>
</body>
</html>
在 web.xml
中设置会话超时
<session-config>
<session-timeout>1</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
任何人都可以向我解释如何在 spring 中使用会话对象,例如,会话必须在用户登录时启动,并且在同一用户注销时应被销毁。
下面是我没有会话的代码。
主控制器:
@RequestMapping(value="/login", method=RequestMethod.GET)
public ModelAndView getLoginForm() {
ModelAndView loginView = new ModelAndView("login");
return loginView;
}
@RequestMapping(value="/check", method=RequestMethod.POST)
public ModelAndView processRequest(@RequestParam("email") String email, @RequestParam("password") String password, Student student) {
ModelAndView logsuccess = new ModelAndView("logsuccess");
ModelAndView loginView = new ModelAndView("login");
System.out.println("Entered email : " + email);
System.out.println("Entered password : " + password);
student.setEmail(email);
student.setPassword(password);
Student s = st.validatingStudent(student);
if(s==null) {
ModelAndView loginErrView = new ModelAndView("login","error","Username/password wrong");
return loginErrView;
} else {
return logsuccess;
}
}
验证方法:
public Student validatingStudent(Student student) {
List validStdt = new ArrayList();
String sql = "select * from studentdb where email = '"+ student.getEmail()+"' and password = '"+ student.getPassword() +"'";
System.out.println("Entered Query: " + sql);
int i=jt.queryForInt("select count(*) from studentdb where email = '"+ student.getEmail()+"' and password = '"+ student.getPassword() +"'");
if(i!=0)
student = jt.queryForObject(sql, new ValidationRowMapper());
else
student=null;
return student;
}
我看到了@SessionAttributes 注释,但有人认为这不是实现 Session 的最佳解决方案。
您应该使用 spring 安全来完成所有登录,这是一个简单的示例,使用 tymeleaf helloworld 模板。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/keep-alive" access="permitAll" />
<security:intercept-url pattern="/*" access="hasRole('USER')" />
<security:form-login authentication-failure-url="/denied" />
<security:session-management>
<security:concurrency-control max-sessions="10" expired-url="/expired" error-if-maximum-exceeded="true" />
</security:session-management>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="greg" password="password" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<context:component-scan base-package="net.isban" />
<context:property-placeholder location="classpath:application.properties" />
<mvc:annotation-driven />
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean id="templateResolver" class="org.thymeleaf.templateresolver.ServletContextTemplateResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".html" />
<property name="templateMode" value="HTML5" />
</bean>
<bean id="templateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine">
<property name="templateResolver" ref="templateResolver" />
</bean>
<bean class="org.thymeleaf.spring4.view.ThymeleafViewResolver">
<property name="templateEngine" ref="templateEngine" />
</bean>
</beans>
Tymeleaf 模板看起来像这样
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>Timeout POCC</title>
<link th:href="@{/resources/css/bootstrap.min.css}" rel="stylesheet" />
</head>
<body>
<div class="container">
<h2 th:text="${message}"></h2>
</div>
<!-- /container -->
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script th:src="@{/resources/js/bootstrap.min.js}"></script>
<script>
$('body').click(function() {
var request = $.ajax({
url : "keep-alive",
type : "GET"
});
});
</script>
</body>
</html>
在 web.xml
中设置会话超时<session-config>
<session-timeout>1</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>