登录模块
表单->后台
首先表单初始化一个用户类
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="s" uri="/struts-tags" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'loginmanager.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<script type="text/javascript">
<%
session.setAttribute("m_administrator", null);
%>
</script>
</head>
<body>
<s:form action="loginManager.action">
<s:textfield label="用户名" name="administrator.administratorname"></s:textfield>
<s:password label="密码" name="administrator.administratorpwd"></s:password>
<s:submit value="登录"></s:submit>
</s:form>
</body>
</html>
用户类的模型:
package com.il360.infolife.model;
import java.io.Serializable;
/**
* @author wangjie
* @version 创建时间:2013-4-22 上午10:23:44
*/
public class Administrator implements Serializable {
private int administratorid;
private String administratorname;
private String administratorpwd;
public Administrator() {
}
public Administrator(int administratorid, String administratorname,
String administratorpwd) {
this.administratorid = administratorid;
this.administratorname = administratorname;
this.administratorpwd = administratorpwd;
}
public int getAdministratorid() {
return administratorid;
}
public void setAdministratorid(int administratorid) {
this.administratorid = administratorid;
}
public String getAdministratorname() {
return administratorname;
}
public void setAdministratorname(String administratorname) {
this.administratorname = administratorname;
}
public String getAdministratorpwd() {
return administratorpwd;
}
public void setAdministratorpwd(String administratorpwd) {
this.administratorpwd = administratorpwd;
}
}
后台Action获取到表单传来的明文账号和密码创建一个Administrator对象,然后根据明文密码获取自定义算法的加密后得密码,将这个加密后得密码与数据库保存的值进行比较,相同则登录成功,设置session,不同则重新输入,跳转页面。
import java.util.Map;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.ActionSupport;
import com.upomp.pay.sign.Password;
public class LoginManagerAction extends ActionSupport {
private Administrator administrator;
private AdministratorService administratorService;
public Administrator getAdministrator() {
return administrator;
}
public void setAdministrator(Administrator administrator) {
this.administrator = administrator;
}
public AdministratorService getAdministratorService() {
return administratorService;
}
public void setAdministratorService(AdministratorService administratorService) {
this.administratorService = administratorService;
}
@Override
public String execute() throws Exception {
administrator.setAdministratorpwd(Password.createPassword(administrator.getAdministratorpwd()));
Administrator admin = administratorService.loginManager(administrator);
if(null == admin){
return ERROR;
}
Map<String, Object> sessionMap = ServletActionContext.getContext().getSession();
sessionMap.put("m_administrator", admin);
return SUCCESS;
}
}
加密算法,可以是MD5:
MD5说明:任何字符串进行md5加密后将得到一个16字节的字节数组,因为一个字节可由两个16进制数表示(一个字节8位,前4位表示一个16进制数,后4位表示一个16进制数),所以可以将这个16进制字节表示位32个16进制数,即32个字符,而16进制的顺序可以由一个字符数据进行映射(即下面的hexDigits),那么就可以自定义16进制的表示。
import java.security.MessageDigest;
/**
* 对密码进行加密和验证的程序
*/
public class Password{
//十六进制下数字到字符的映射数组
private final static String[] hexDigits = {"0", "1", "2", "3", "4",
"5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"};
/** *//** 把inputString加密 */
public static String createPassword(String inputString) {
return encodeByMD5(inputString);
}
/** *//**
* 验证输入的密码是否正确
* @param password 真正的密码(加密后的真密码)
* @param inputString 输入的字符串
* @return 验证结果,boolean类型
*/
public static boolean authenticatePassword(String password, String inputString) {
if(password.equals(encodeByMD5(inputString))) {
return true;
} else {
return false;
}
}
/** *//** 对字符串进行MD5加密 */
private static String encodeByMD5(String originString) {
if (originString != null) {
try {
//创建具有指定算法名称的信息摘要
MessageDigest md = MessageDigest.getInstance("MD5");
//使用指定的字节数组对摘要进行最后更新,然后完成摘要计算
byte[] results = md.digest(originString.getBytes());
//将得到的字节数组变成字符串返回
String resultString = byteArrayToHexString(results);
return resultString.toUpperCase();
} catch(Exception ex) {
ex.printStackTrace();
}
}
return null;
}
/** *//**
* 转换字节数组为十六进制字符串
* @param b 字节数组
* @return 十六进制字符串
*/
private static String byteArrayToHexString(byte[] b) {
StringBuffer resultSb = new StringBuffer();
for (int i = 0; i < b.length; i++) {
resultSb.append(byteToHexString(b[i]));
}
return resultSb.toString();
}
/** *//** 将一个字节转化成十六进制形式的字符串 */
private static String byteToHexString(byte b) {
int n = b;
if (n < 0)
n = 256 + n;
int d1 = n / 16;
int d2 = n % 16;
return hexDigits[d1] + hexDigits[d2];
}
/*
public static void main(String[] args) {
String password = Password.createPassword("infolife!@#$%^&*");
System.out.println("对infolife!@#$%^&*用MD5摘要后的字符串:" + password);
String inputString = "infolife!@#$%^&*";
System.out.println("infolife!@#$%^&*与密码匹配?" +
Password.authenticatePassword(password, inputString));
inputString = "888888";
System.out.println("888888与密码匹配?" +
Password.authenticatePassword(password, inputString));
}
*/
}
对应成功和失败后的跳转:
<action name="loginManager" class="loginManagerAction"> <result name="success" type="redirect">/index.jsp</result> <result name="error">/error.jsp</result> </action>
后台管理还需要对每个action进行判断(查看session是否有用户信息):
if(null == session.getAttribute("m_administrator")){
response.sendRedirect("loginmanager.jsp");
}
可以将从session中获取user信息的代码写到拦截器或者过滤器里面: