0059.htm

JspServlet教程专栏 对javaservlet讲述的非常详细

<html>

<head>
<title>新时代软件教程:操作系统 主页制作 服务器 设计软件 网络技术 编程语言 文字编辑</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style>
<!--
body, table {font-size: 9pt; font-family: 宋体}
a {text-decoration:none}
a:hover {color: red;text-decoration:underline}
.1  {background-color: rgb(245,245,245)}
-->
</style>
</head>
<p align="center"><script src="../../1.js"></script></a>
    <p align="center"><big><strong>JSP - FAQ (4)</strong></big></p>

<div align="right">摘自互联网</div>

<p>
27) How are servlets and JSP pages related? TOC <br>
<br>
<br>
<br>
JSP pages are focused around HTML (or XML) with Java codes and JSP tags inside them. When a web server that has JSP support is asked for a JSP page, it checks to see if it has already compiled the page into a servlet. Thus, JSP pages become servlets and are transformed into pure Java and then compiled, loaded into the server and executed. Different JSP implementations do this in more or less efficient ways.<br>
<br>
28) Any good web sites for up to date activities in the Java/JSP/Servlet world? TOC <br>
<br>
<br>
<br>
The following web sites contain information about JSP:<br>
<br>
An IBM Tutorial on JSP: http://www.software.ibm.com/developer/education/java/online-courses.html <br>
An IBM Red Book : http://www.redbooks.ibm.com/abstracts/sg245423.html <br>
Other IBM Information: http://www.software.ibm.com/webservers/appserv/doc/v20dcadv/doc/index.html <br>
JSP-Resource Information - http://www.jspin.com/ is quite comprehensive on sites and articles. <br>
JSP Tags is a site for Taglibs - http://jsptags.com/ <br>
The following web sites focus on JSP solutions<br>
<br>
Servlets Taverne - http://www.interpasnet.com/JSS/<br>
Oi Servlet World - http://i.am/servletforme<br>
Web Development with JSP - http://www.burridge.net/jsp/<br>
<br>
29) How do I force a user to log in? TOC <br>
<br>
<br>
<br>
From: Andre Richards &lt;AndreRic@MWEB.CO.ZA&gt;<br>
<br>
I did as follows:<br>
<br>
<br>
On every page which must be authenticated, I check for a user ID in the session object - if it doesn't exit, I do a redirect to a login page, passing the url the user was trying to access as a parameter.<br>
<br>
On the login page, if the user successfully logs in, I create a session for him/her, and add the user ID to the session. I then redirect back to the original page the user tried to access. This way, even if the user bookmarks a page, he/she will be asked to login once the session has become invalid.<br>
<br>
Some code:<br>
On every page I add the following:<br>
<br>
HttpSession session = request.getSession(true);<br>
if (session.getValue(&quot;CustomerID&quot;) == null) {<br>
response.sendRedirect (response.encodeRedirectUrl<br>
(&quot;Login.jsp?Origin=SharePortfolio.jsp&quot;));<br>
}<br>
else {<br>
// the rest of the page ...<br>
In Login.jsp once the user has provided the correct logon credentials:<br>
<br>
session.putValue(&quot;CustomerID&quot;, CustomerID);<br>
response.sendRedirect(response.encodeRedirectUrl(request.getParameter(&quot;Origin&quot;)));<br>
<br>
<br>
--------------------------------------------------------------------------------<br>
<br>
<br>
Another developer has a different approach:<br>
<br>
From: Christopher Cobb &lt;ccobb@usgs.gov&gt;<br>
<br>
<br>
After researching several approaches, I have finally settled on the following approach. I would like to hear how others<br>
are solving this problem. (FAQ maintainers note: This syntax won't work with JSP 1.0)<br>
<br>
1. User accesses GuardedPage.jsp via<br>
<br>
http://localhost/path/to/GuardedPage.jsp<br>
2. GuardedPage.jsp includes a login checking page:<br>
<br>
&lt;!--#include file=&quot;/admin/&quot; file=&quot;LoginChecker.jsp&quot; --&gt;<br>
Every page that needs to be login-protected should include this file (which, depending on how your site is set up, may be<br>
every page.)<br>
<br>
3. LoginChecker.jsp accesses a bean that does the login checking:<br>
<br>
&lt;USEBEAN lifespan=&quot;session&quot; name =&quot;loginChecker&quot; type=&quot;package.LoginChecker&quot;&gt;<br>
&lt;setfromrequest beanproperty = &quot;*&quot;&gt;<br>
&lt;/USEBEAN&gt;<br>
4. The LoginChecker bean has a property 'loggedIn'. (It also has properies for Username and Password, and a<br>
processRequest() method, which are used later).<br>
<br>
LoginChecker.jsp checks the value of the loggedIn property. If it is not true (i.e., the user is not logged in), a login<br>
page is displayed:<br>
<br>
&lt;excludeif property =&quot;loginChecker:loggedIn&quot; value = &quot;true&quot;&gt;<br>
<br>
&lt;FORM action=&quot;/servlet/DBAccess/path/to/GuardedPage.jsp&quot; method=&quot;post&quot;&gt;<br>
Username: &lt;input name=&quot;userName&quot; size=&quot;15&quot; maxlength=&quot;15&quot; &gt;<br>
Password: &lt;input type=&quot;password&quot; name=&quot;password&quot; size=&quot;15&quot; maxlength=&quot;15&quot;&gt;<br>
&lt;input type=&quot;submit&quot; name=&quot;loginUser&quot; value=&quot;Submit&quot;&gt;<br>
&lt;/FORM&gt;<br>
<br>
&lt;/excludeif&gt;<br>
The first time through, this bean will be 'empty' and the loggedIn property will not be set. The login form will therefore<br>
be displayed.<br>
<br>
5. There is a little trick in the action clause above. When the user types in his login info and presses submit, the<br>
invoked URL is<br>
<br>
/servlet/DBAccess/path/to/GuardedPage.jsp<br>
The action passes through the servlet DBAccess, then continues on to our original page. This servlet does nothing more<br>
than attach an open database connection to the current session:<br>
<br>
session.putValue(&quot;open.connection&quot;, connection);<br>
The servlet then picks up the trailing part of the URL with:<br>
<br>
String trailingURL = request.getPathInfo();<br>
It then calls forward() to pass control back to the requested page. In this example, the new page happens to be the same<br>
as the page we came from.<br>
<br>
getServletConfig(<br>
).getServletContext(<br>
).getRequestDispatcher(response.encodeURL(trailingURL)<br>
).forward(request,response);<br>
6. Now we are back to our original page and the logginChecker bean gets invoked again. Because of the:<br>
<br>
&lt;setfromrequest beanproperty = &quot;*&quot;&gt;<br>
in the loginChecker USEBEAN tag, and because our username and password field names in the LoginChecker.jsp page match our<br>
bean's property names, the username and password that the user typed in get 'magically' populated in the corresponding<br>
properties of the bean.<br>
<br>
7. The LoginChecker bean has a processRequest() method which checks to see if a username and password has been supplied.<br>
If so (and if we are not logged in), it performs a database lookup to log the user in. If the lookup is successful, the<br>
loggedIn property is set to true.<br>
<br>
8. We are finally back to our GuardedPage.jsp page. It will probably not want to display itself unless the user is logged<br>
in. The page should therefore only be included if loggedIn is true:<br>
<br>
&lt;includeif property=&quot;loginChecker:loggedIn&quot; value=&quot;true&quot; &gt;<br>
The contents of GuardePage.jsp are displayed only if loggedIn is true.<br>
<br>
&lt;/includeif&gt;<br>
We're done! GuardedPage.jsp is only displayed if the user is logged in. If the user is not logged in, a login page is<br>
displayed, which if successful, returns the user to the original page.<br>
<br>
9. There is one small cleanup which is needed in Step 4. As coded above, a passthrough servlet is used to attach a<br>
database connection to the session. If the user repeatedly fails to login, the servlet prefix will get repeatedly<br>
pre-pended to the URL. Furthermore, the 'current page' is hardcoded into the LoginChecker.jsp page which restricts it's<br>
reusability. A little JavaScript fixes both of these problems. The following JavaScript should be used in place of the<br>
&lt;FORM&gt; tag in Step 4. above.<br>
<br>
&lt;script language=&quot;JavaScript&quot;&gt;<br>
&lt;!--<br>
if (document.location.pathname.indexOf(&quot;/servlet/package.DBAccess&quot;) == 0)<br>
document.write(<br>
'&lt;FORM action=&quot;' +<br>
document.location.pathname +<br>
'&quot;method=&quot;post&quot;&gt;');<br>
else<br>
document.write(<br>
'&lt;FORM action=&quot;/servlet/package.DBAccess' +<br>
document.location.pathname +<br>
'&quot; method=&quot;post&quot;&gt;');<br>
//--&gt;<br>
&lt;/script&gt;<br>
30) So how can a newbie get started with JSP? TOC <br>
<br>
<br>
<br>
See the QuickStart section of the JSP Book at http://www.esperanto.org.nz/jspbook<br>
<br>
31) How can I ensure that session objects stay in existence when the web server restarts? TOC <br>
<br>
<br>
<br>
There is no requirement that a session object will stay around as far as I can tell, but some web servers will serialize objects if they support the serialization interface.<br>
<br>
32) How can I include one JSP inside another JSP? TOC <br>
<br>
<br>
<br>
JRUN, ServletExec and GNUJSP allow you to specify (it was in the 0.91 spec):<br>
<br>
&lt;%@ include=&quot;./header.jsp&quot; %&gt; - where header.jsp is the file you want to include.<br>
The spec does say that it supports NCSA style includes as in<br>
<br>
&lt;!--#include virtual=&quot;/pathfromdocdir/&quot; file=&quot;copyright.html&quot; --&gt;<br>
&lt;!--#include file=&quot;data/table.html&quot; --&gt;<br>
But there is no requirement that they support JSP.<br>
<br>
</p>

  </table>
<p align="center"><script src="../../2.js"></script></a>
</body>
</html>