输入错误的用户名和/或密码后,如何将用户从登录控件重定向到错误页面?
Posted
技术标签:
【中文标题】输入错误的用户名和/或密码后,如何将用户从登录控件重定向到错误页面?【英文标题】:How to redirect user to an error page from login control upon entering wrong username and/or password? 【发布时间】:2013-09-23 17:41:19 【问题描述】:我创建了一个登录表单,当我使用正确的用户名和密码登录时,它工作正常。 当我输入错误的用户名或密码时,我想弹出错误消息或错误页面。 这意味着控制器会将给定的用户名与数据库中的所有用户名进行比较,如果未找到给定的用户名,则应显示错误消息或错误页面。
如何使用 html 或 javascript 做到这一点?有没有办法在 servlet 中创建一个简单的错误消息?但我需要重新加载页面。
<html>
<body>
<form action="search" onsubmit="return validateForm()">
<table>
<tr><td>Username</td>
<td><input type=text name=LoginId /></td>
</tr>
<tr><td>Password</td>
<td><input type=password name=LoginPassword /> </td>
</tr>
<tr>
<td colspan=2>
<center>
<input type=submit value=SignIn /><br>If you forgot your password, <a href="ResetPassword"> Reset </a>your password.
</center>
</td>
</tr>
</table>
</form>
</body>
</html>
SearchServlet.java
/**
* @see HttpServlet#HttpServlet()
*/
public SearchServlet()
super();
// TODO Auto-generated constructor stub
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
// TODO Auto-generated method stub
CustomerDAO customerDAO = new CustomerDAO();
String username = request.getParameter("LoginId");
String password = request.getParameter("LoginPassword");
Login login = customerDAO.getLoginByName(username, password);
PrintWriter out = response.getWriter();
out.println("<html><body>");
out.println("<center><h1>User Information</h1></center>");
out.println("<center><table border=0x>");
out.println("<tr>");
out.println("<td>Login Id : </td><td>"+login.getLoginId()+"</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td>City : </td><td>"+login.getCity()+"</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td>State : </td><td>"+login.getState()+"</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td>Cell Number : </td><td>"+login.getCellnumber()+"</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td>Email :</td><td>"+login.getEmail()+"</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td>Address :</td><td>"+login.getAddress()+"</td>");
out.println("</tr>");
out.println("<tr>");
out.println("<td>ZipCode : </td><td>"+login.getZipcode()+"</td>");
out.println("</tr>");
out.println("</table></center>");
out.println("<p>If these details are correct press continue or to change your information press update.</p>");
out.println("<form action='Continue.jsp'>");
out.println("<center><input type=submit value=continue></center>");
out.println("</form>");
out.println("<form action='search'>");
out.println("<center><a href=Update?City="+login.getCity()+"&State="+login.getState()+"&PhoneNumber="+login.getCellnumber()+"&Email="+login.getEmail()+"&Address="+login.getAddress()+"&ZipCode="+login.getZipcode()+"> update </a></center>");
out.println("</form>");
out.println("</body></html>");
Login l = new Login();
l.setLoginId(request.getParameter("LoginId"));
if(l!=null)
HttpSession session = request.getSession();
session.setAttribute("l", l);
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
// TODO Auto-generated method stub
CustomerDAO.java
public class CustomerDAO extends BaseDAO
public Login getLoginByName(String username, String password)
Login login = null;
try
BaseDAO baseDAO = new BaseDAO();
Connection c =baseDAO.getConnection();
// String query = "select * from test.Login where LoginId=? && LoginPassword=?";
String query = "select * from test.Customer where LoginId=? && LoginPassword=?";
PreparedStatement ps = c.prepareStatement(query);
ps.setString(1, username);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();
while(rs.next())
login = new Login();
login.setLoginId(rs.getString("LoginId"));
login.setCity(rs.getString("City"));
login.setState(rs.getString("State"));
login.setCellnumber(rs.getString("PhoneNumber"));
login.setEmail(rs.getString("Email"));
login.setAddress(rs.getString("Address"));
login.setZipcode(rs.getInt("ZipCode"));
System.out.println();
c.close();
catch(Exception e)
System.err.println("Username or Password you enterd is incorrect.");
return login;
登录.java
package com.dao;
public class Login
String LoginId;
String password;
String confirmpassword;
String city;
String state;
String cellnumber;
int zipcode;
String Email;
String Address;
public Login()
// TODO Auto-generated constructor stub
public String getLoginId()
return LoginId;
public void setLoginId(String loginId)
LoginId = loginId;
public String getPassword()
return password;
public void setPassword(String password)
this.password = password;
public String getConfirmpassword()
return confirmpassword;
public void setConfirmpassword(String confirmpassword)
this.confirmpassword = confirmpassword;
public String getCity()
return city;
public void setCity(String city)
this.city = city;
public String getState()
return state;
public void setState(String state)
this.state = state;
public String getCellnumber()
return cellnumber;
public void setCellnumber(String cellnumber)
this.cellnumber = cellnumber;
public int getZipcode()
return zipcode;
public void setZipcode(int zipcode)
this.zipcode = zipcode;
public void setEmail(String email)
Email = email;
public String getEmail()
return Email;
public void setAddress(String address)
Address = address;
public String getAddress()
return Address;
【问题讨论】:
Login 是什么,你能解释一下吗?
您可能只想考虑使用基于容器的安全性,除非那不是一个选项。您可以配置登录页面和登录错误页面,以及该方法的其他好处。
【参考方案1】:
之后:
PrintWriter out = response.getWriter();
添加->
if (login == null)
out.println("<html><body>");
out.println("<center><h1>Login failed, wrong username or password</h1></center>");
out.println("</body>");
out.println("<script type='text/javascript'>");
out.println("function reload() ");
out.println("setTimeout(function()");
out.println("window.location = '"+request.getContextPath()+"/search';");
out.println(", 5000);");
out.println("reload();");
out.println("</script>");
out.println("</html>");
但这是一种糟糕的身份验证方式,您将不得不编写自己的授权过滤器,而且那是很多冗余代码,而不是使用 Web 容器身份验证机制,请参阅securing web app
它很容易覆盖,可以添加自定义登录、添加软登录、角色和类似的东西。
【讨论】:
它正在工作,但我需要与此消息一起重新加载页面。这怎么可能? 我问你是否需要在显示消息后重新加载页面,我更新了答案,所以在显示错误后,浏览器将在 5 秒后重定向到 /search servlet以上是关于输入错误的用户名和/或密码后,如何将用户从登录控件重定向到错误页面?的主要内容,如果未能解决你的问题,请参考以下文章