概述
这次的内容呢,是找到了舍友在大二第一学期完成的Java大作业,舍友还非常贴心得为我解答了一些他大作业的大体框架,对于我读懂他的代码可是起到了非常大的作用。
解读同学的代码
他的作业主要完成的是一个
基于Servlet+JavaBean的电子会议厅班级事务发布模块设计实现
所以说他在本次作业中只是实现了电子会议厅的班级事务发布模块,好,现在来看看具体的代码。
具体的页面
1.登陆页面
可以看到呢,同学的这个登陆页面呢也是制作得特别得精美,我也是特别好奇地请教了制作的过程,得知是套用了网络上一些开源的前端UI,我也是得到了这个网站的地址,特别分享在这里。
点击跳转分享UI网站
2.主界面
3.班级事务发布页面
4.班级事务查询页面
问题发现
在我发现舍友的代码已经有部分超过了我的水平之后,我已经开始“压力山大了=。=”,但是我在反复地演示了他的代码之后,发现了一个原则上的问题,这个问题已经超脱了这个代码的本身,所以,正好避过了我面对的一些困难,那么这个问题是什么呢?
他在登陆管理的代码中,只是简单地写了登陆成功的跳转,并没有登陆失败的判断,这个时候就出现了一个很严重的错误,我在没有经过登陆页面的情况下,也就是不登陆,直接输入主页面的地址,也是可以访问的,但是问题又出现了,这个我也不会啊!这个时候只有借助21世纪伟大因特网的力量了,在CSDN上寻找了解决这个问题的方法,最终知道解决这个问题的代码被称为过滤器————Filter
这是原来的跳转代码:
package com.ec.action;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ec.bean.OperateJDBC;
import com.ec.bean.User;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
ServletContext application = this.getServletContext();
OperateJDBC userBuffer=(OperateJDBC)application.getAttribute("users");
if(userBuffer==null)
{
userBuffer=new OperateJDBC();
application.setAttribute("users", userBuffer);
}
User user=null;
String account=request.getParameter("account");
String password=request.getParameter("password");
if(userBuffer.ValidateUser(account,password))
{
user=userBuffer.GetUser(account);
application.setAttribute("currentUser", user);
request.getRequestDispatcher("main.jsp").forward(request,response);
}
else
{
response.sendRedirect("error.jsp");
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}
在参考过在CSDN中找到的解答后,重新地编写了LoginServlet中的代码,更改后的代码如下:
package com.ec.action;
import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.ec.bean.OperateJDBC;
import com.ec.model.UserModel;
import com.ec.utils.JsonUtils;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
HttpSession session = request.getSession(true);
Object userid = session.getAttribute("userid");
try {
if((int)userid == 0) {
}
} catch (Exception e) {
}
ServletContext application = this.getServletContext();
String account=request.getParameter("account");
String password=request.getParameter("password");
Integer UserId = null;
try {
UserId = UserModel.ValidateUser(account,password);
} catch (Exception e) {
e.printStackTrace();
}
if(UserId != null) {
request.getSession().setAttribute("user_id", UserId);
JsonUtils.WriteResponse(response, 200, "登陆成功,即将跳转到管理页面");
} else {
JsonUtils.WriteResponse(response, 201, "账号或密码错误");
}
}
}
并且编写了“登陆过滤器”————LoginServlet,具体代码如下:
package com.ec.filter;
import javafx.scene.shape.Path;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
public class LoginFilter implements Filter {
private static List<String> NotFilterURI;
private static List<String> NotFilterExt;
static {
NotFilterURI = new ArrayList<>();
NotFilterURI.add("/login.jsp");
NotFilterURI.add("/login");
NotFilterExt = new ArrayList<>();
NotFilterExt.add("js");
NotFilterExt.add("css");
NotFilterExt.add("jpg");
NotFilterExt.add("jpeg");
NotFilterExt.add("png");
NotFilterExt.add("gif");
NotFilterExt.add("eot");
NotFilterExt.add("svg");
NotFilterExt.add("ttf");
NotFilterExt.add("woff");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String uri = req.getRequestURI().substring(servletRequest.getServletContext().getContextPath().length(), req.getRequestURI().length());
System.out.println(req.getServletContext().getContextPath());
System.out.println(uri);
int lastpoint = uri.lastIndexOf(".");
if(lastpoint > -1 && uri.length() > lastpoint) {
String ext = uri.substring(lastpoint+1, uri.length());
// 过滤掉静态文件
if(!NotFilterExt.contains(ext)) {
if(!NotFilterURI.contains(uri)) {
HttpSession session = req.getSession(false);
if(session == null) {
response.sendRedirect(req.getServletContext().getContextPath() + "/login.jsp");
return;
}
Object user_id = session.getAttribute("user_id");
if (user_id == null || (Integer) user_id <= 0) {
response.sendRedirect(req.getServletContext().getContextPath() + "/login.jsp");
return;
}
}
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
在经过了诸多次的请教与试验后,终于成功地更改了遇到的这一问题,如果未登陆,直接访问主页面、事务管理页面以及事务查询页面,会自动跳转到登陆页面,这也保证了管理页面的信息安全性
总结
经过本次的对于别人代码的反向解读后,让我明白:编程届的“大佬”不一定就离我们遥不可及,他们很可能就是我们的舍友,古人云“三人行,必有我师焉。”,我们都在一个缓步上升的阶段,需要做到虚心请教,一起进步。