loginservlet.java

本方案是在与***信息技术（北京）有限公司相关人员协商并分析了北京****投资有限公司综合信息管理系统（以下简称“**管理系统”）相关资料之后提交的网络安全解决方案。 本方案描述***管理系统的网络

package com.test.web.action;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.test.dao.Conn;
import com.test.dao.GetConn;
import com.test.dao.pool.ConnectionPoolConfig;
import com.test.model.LoginBean;
import com.test.model.RoleBean;
import com.test.model.UserBean;
import com.test.servers.ManageOperation;

/**
 * @author hxq
 * @version 1.0 登陆页面控制
 */

public class LoginServlet extends HttpServlet {

	/**
	 * Constructor of the object.
	 */
	public LoginServlet() {
		super();
	}

	/**
	 * Destruction of the servlet. <br>
	 */
	public void destroy() {
		super.destroy(); // Just puts "destroy" string in log
		// Put your code here
	}

	/**
	 * The doGet method of the servlet. <br>
	 * 
	 * This method is called when a form has its tag value method equals to get.
	 * 
	 * @param request
	 *            the request send by the client to the server
	 * @param response
	 *            the response send by the server to the client
	 * @throws ServletException
	 *             if an error occurred
	 * @throws IOException
	 *             if an error occurred
	 */
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
	}

	/**
	 * The doPost method of the servlet. <br>
	 * 
	 * This method is called when a form has its tag value method equals to
	 * post.
	 * 
	 * @param request
	 *            the request send by the client to the server
	 * @param response
	 *            the response send by the server to the client
	 * @throws ServletException
	 *             if an error occurred
	 * @throws IOException
	 *             if an error occurred
	 */
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {

		response.setContentType("text/html");

		// 管理员登陆状态

		// 获取用户名

		String name = request.getParameter("username");

		// request.setAttribute("username", name);

		// if (name == "" || name == null || name.length() > 20) {
		// try {
		// result = "请输入用户名（不超过20字符）！";
		// request.setAttribute("ErrorUserName", result);
		// response.sendRedirect("index.jsp");
		// } catch (Exception e) {
		// }
		// }

		// 获取密码

		String password = request.getParameter("password");
		// if (password == "" || password == null || password.length() > 20) {
		// try {
		// result = "请输入密码（不超过20字符）！";
		// request.setAttribute("ErrorPassword", result);
		// response.sendRedirect("index.jsp");
		// } catch (Exception e) {
		// }
		// }

		// 登记JDBC驱动程序
		Conn con = new Conn();

		// 建立连接

		Statement stmt = null;
		ResultSet rs = null;
		// 连接
		Connection connection = GetConn.GetConnection();
		try {

			stmt = connection.createStatement();
			// SQL语句

			String sql = "select permission,state_pwf,state_lb from role_info  where role_id=(select user_id from user_info where username='"
					+ name + "' and password = '" + password + "')";

			rs = stmt.executeQuery(sql);// 返回查询结果

		} catch (SQLException e) {
			// TODO Auto-generated catch block

			e.printStackTrace();
		}
		try {
			if (rs.next())// 如果记录集非空，表明有匹配的用户名和密码，登陆成功

			{
				RoleBean role = new RoleBean();
				LoginBean login = new LoginBean();

				login.setUsername(request.getParameter("username"));
				ManageOperation manage = new ManageOperation();
				// 查询 登录状态
				manage.select_signState(login);

				int login_state = manage.select_signState(login);

			//	System.out.println("登录与否状态" + login_state);
				login.setSignstate(login_state);
				// if (login_state == 0) {
				// 更新 登录状态
				login.setSignstate(1);
				manage.update_signState(login);

				role.setUsername(request.getParameter("username"));

				System.out.println("当前用户" + role.getUsername());

				if (manage.select_state(role)) {
					int permission = rs.getInt(1);
					int state_pwf = rs.getInt(2);
					int state_lb = rs.getInt(3);
					// System.out.println("登录用户权限：" + permission);
				
					HttpSession session = request.getSession();
					session.setAttribute("username", name);
                    session.setAttribute("permission", permission);
					session.setAttribute("role_pwf", state_pwf);
					session.setAttribute("role_lb", state_lb);

				
					RequestDispatcher rd = request
							.getRequestDispatcher("select.jsp");
					rd.forward(request, response);
					System.out.println("成功登录");

				} else {
					System.out.println("登录未成功");
					response.sendRedirect("index.jsp");
				}

			} else {
				// 否则登录失败

				System.out.println("登录失败：用户名密码错误");

				response.sendRedirect("index.jsp");
			}
		} catch (SQLException e) {
			// TODO Auto-generated catch block

			e.printStackTrace();
		}
		try {
			if (null != rs) {
				rs.close();
			}
			if (null != stmt) {
				stmt.close();
			}
			if (null != connection) {
				connection.close();
			}
		} catch (SQLException e) {
			// TODO Auto-generated catch block

			e.printStackTrace();
		}
	}

	/**
	 * 
	 */

	/**
	 * Initialization of the servlet. <br>
	 * 
	 * @throws ServletException
	 *             if an error occurs
	 */
	public void init() throws ServletException {
		// Put your code here
	}

}