从登录参数创建用户对象 [英] Creating a user object from login parameters
本文介绍了从登录参数创建用户对象的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试在用户登录后使用所有用户字段创建用户对象,以便我可以从用户的类中检索任何给定的属性。这是User类。
I'm trying to create a user object with ALL of the users fields after a user logs in so that I may retrieve any given attributes from the user's class. Here's the User class.
public class User {
private String username;
private String password;
private String f_name;
private String l_name;
private String email;
private String dob;
private int user_id;
public User(){}
public User(String username, String password)
{
this.username = username;
this.password = password;
}
public User(String username, String password, String f_name, String l_name, String email, String dob, int user_id)
{
this.f_name = f_name;
this.l_name = l_name;
this.username = username;
this.password = password;
this.email = email;
this.dob = dob;
this.user_id = user_id;
}
我有所有字段的getter和setter。所有用户字段也存储在Oracle数据库中。
I have getters and setters for all of the fields. All users fields are also stored in an Oracle database.
在我的Java Servlet中,我有以下代码来创建User对象并设置会话属性:
In my Java Servlet, I have the following code to create a User object and set the session attributes:
HttpSession session = request.getSession();
String username = request.getParameter("username").toString();
String password = request.getParameter("password").toString();
User user1 = new User(username, password);
session.setAttribute("username", username);
session.setAttribute("password", password);
如何根据用户名和密码创建包含所有用户字段的用户对象?
How can I create a user object with ALL of the user's fields based on only the username and password?
推荐答案
你应该:
- 使用
用户对象引用和用户名和密码字段。 - 如果用户经过身份验证和验证,则应返回新
用户包含所有数据的对象引用:f_name,l_name,电子邮件...以及用户名,但密码除外。 这应该是您应该保存为会话属性的对象。 - 如果用户提供了错误的凭据,那么您应该显示错误消息。
- A class that holds the business logic for login using the
Userobject reference and theusernameandpasswordfields. - If the user is authenticated and validated, then it should return a new
Userobject reference that contains all the data:f_name,l_name,email... and theusernameexcept thepassword. This should be the object that you should save as session attribute. - If the user has give wrong credentials, then you should show an error message.
基本代码示例:
public class YourServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username").toString();
String password = request.getParameter("password").toString();
User user = new User(username, password);
UserBL userBL = new UserBL();
user = userBL.validateUser(user);
if (user != null) {
HttpSession session = request.getSession();
session.setAttribute("user", user);
} else {
request.setAttribute("errorMessage", "User is not valid.");
}
request.getRequestDispatcher("/login.jsp").forward(request, response);
}
}
public class UserBL {
String hashPassword(String password) {
//method to hash the password for security purposes
//for simplicity, just returning the same String
return password;
}
public User validateUser(User user) {
UserDAO userDao = new UserDAO();
//password should not be stored in plainText
//so let's hash it
String password = hashPassword(user.getPassword());
return userDao.getUserFromCredentials(user.getUsername(), password);
}
}
public class UserDAO {
public User getUserFromCredentials(String username, String password) {
//probably a query
Connection con = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
User user = null;
try {
con = ... //retrieve your database connection
//pretty basic query example, yours should be more secure
pstmt = con.prepareStatement("SELECT f_name, l_name, email, ... FROM users"
+ " WHERE username = ? AND password = ?");
pstmt.setString(1, username);
pstmt.setString(2, password);
rs = pstmt.executeQuery();
if (rs.next()) {
user = new User(rs.getString("f_name"), rs.getString("l_name"),
rs.getString("email"), ...);
}
} catch (Exception e) {
//handle the exception
e.printStacktrace();
} finally {
//close the resources
try {
rs.close();
pstmt.close();
con.close();
} catch (SQLException e) {
//handle the exception
e.printStacktrace();
}
}
return user;
}
}
这篇关于从登录参数创建用户对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
