Implement login verification in nutz, and implement login verification in nutz

Implement login verification in nutz, and implement login verification in nutz

1. What is nutz?

Nutz is a lightweight web-side development framework. Home page: http://www.nutzam.com/core/nutz_preface.html

Ii. session Introduction

As we all know, http is stateless. That is, when multiple requests are sent in the same browser, the server does not know that these requests come from the same browser. So in order to make the server know that these requests are from the same browser, the session technology is used. That is, when the browser sends a request to the server for the first time, the server generates a sessionId and returns the sessionId to the browser. The browser saves the sessionId as a cookie on the client, during the next request to the server, the sessionId will be taken over. The server can locate the value saved in the session based on the sessionId and perform a series of operations using the value saved in the session.

Session-related connections: http://www.cnblogs.com/sharpxiajun/p/3395607.html

Iii. Implementation of login verification in nutz

1. Preparations

You need to make the following preparations:/toLogin points to the logon page;/login click the logon post-Logon method;/logout points to logout;/test points to the general business processing method. /Home points to the home page after successful logon.

Here:/toLogin and/login do not require logon verification.

/Logout,/test, And/home require logon verification.

The result is as follows:

When you click log on/login, the user is verified based on the user name/password. If the logon succeeds, the user is saved to the session and redirected to the/home homepage. If the logon fails, to/toLogin.

Implements a filter for other login verification methods. In this filter, the user object in the session is verified based on the existence of the user object. If yes, the/home page is displayed, otherwise, the/toLogin page is redirected.

The class code for logging on to, logging out, and logging on to the home page is as follows:

 

Package xxx. xxx. module; import javax. servlet. http. httpServletRequest; import javax. servlet. http. httpSession; import org. nutz. ioc. loader. annotation. iocBean; import org. nutz. mvc. annotation. at; import org. nutz. mvc. annotation. filters; import org. nutz. mvc. annotation. OK; @ IocBeanpublic class LoginDemo {/*** this method points to the logon page */@ Filters // After configuring Filters, this method will not execute the filter @ At ("/toLogin ") @ OK ("") // configure the logon page path public void toLogin () {}/*** This method is the processing method for Logon * The result is redirected. * If the logon succeeds, jump to/home. If logon fails, jump to/toLogin * @ param req * @ param session * @ return */@ At ("/login") @ OK ("redirect: $ {obj = true? '/Home':'/tologin'} ") @ Filters public boolean login (HttpServletRequest req, HttpSession session) {String userName = req. getParameter ("name"); String pwd = req. getParameter ("pwd"); boolean result = false; // the result of successful logon. The default value is false if (! IsBlank (userName )&&! IsBlank (pwd) {/*** query and verify the database based on the entered user name and password to check whether the user exists. * Generally, passwords are encrypted when users are registered or new users are added. Alternatively, you can use the username salt to encrypt the password and save it to the database. * The user name and password must be encrypted in the same way. Query the user from the database based on the user name and the encrypted password. * If yes, the logon is successful. * // *** Here, the user simulates the objects queried from the database */User user = new User (); if (user! = Null) {result = true; // The successfully logged on session. setAttribute ("user", user); // Save the user to the session.} Return result;}/*** logout * @ param session */@ At ("/logout") @ OK ("redirect:/toLogin ") public void logout (HttpSession session) {session. invalidate (); // destroy the session}/*** determines whether str is null or "" If yes, return true. Otherwise, false * @ param str * @ return */private boolean isBlank (String str) {if (str = null | "". equals (str. trim () {return true;} else {return false ;}}}View Code

 

2. Use the built-in CheckSession. class Filter

You need to configure the filter in the main entry class of indexModule, as shown below:

 

Package xxx. xxx. module; import org. nutz. mvc. annotation. by; import org. nutz. mvc. annotation. filters; import org. nutz. mvc. filter. checkSession; // where "user" is the attribute name in the session. "/ToLogin" indicates the processing if this attribute does not exist. The logon page is displayed. @ Filters (@ By (type = CheckSession. class, args = {"user", "/toLogin"}) public class InitModule {}View Code

 

The CheckSession. class source code in nutz is as follows:

 

Package org. nutz. mvc. filter; import javax. servlet. http. httpSession; import org. nutz. mvc. actionContext; import org. nutz. mvc. actionFilter; import org. nutz. mvc. mvcs; import org. nutz. mvc. view; import org. nutz. mvc. view. serverRedirectView;/*** check the current Session. If a property exists and is not null, <br> * otherwise, return a ServerRecirectView to the corresponding path * <p> * constructor requires two parameters * <ul> * <li> the first one is the name of the attribute to be checked. If this attribute exists in the session, it indicates that the check * <li> is passed. The second is where the current request is redirected if the check fails. It is similar to/yourpath/xxx. xx path * </ul> ** @ author zozoh (zozohtnt@gmail.com) */public class CheckSession implements ActionFilter {private String name; private String path; public CheckSession (String name, string path) {this. name = name; this. path = path;} public View match (ActionContext context) {HttpSession session = Mvcs. getHttpSession (false); if (session = null | null = session. getAttribute (name) return new ServerRedirectView (path); return null ;}}View Code

 

3. Custom Filters

The Code Implementation of the custom filter MyFilter is as follows:

 

Package xxx. xxx. filters; import javax. servlet. http. httpSession; import org. nutz. ioc. loader. annotation. iocBean; import org. nutz. mvc. actionContext; import org. nutz. mvc. actionFilter; import org. nutz. mvc. view; import org. nutz. mvc. view. serverRedirectView;/*** custom logon verification! * @ Author **/@ IocBeanpublic class MyFilter implements ActionFilter {@ Override public View match (ActionContext actionContext) {HttpSession session = actionContext. getRequest (). getSession (); if (session. getAttribute ("user ")! = Null) {return null; // execution method} // when the verification fails, the system jumps to another page! Return new ServerRedirectView ("/toLogin.html ");}}View Code

 

In fact, it is very similar to the implementation of CheckSession.

The configuration of the custom Filter is similar to that of the built-in CheckSession. class. The configuration is as follows:

 

@ Filters (@ By (type = MyFilter. class, args = {"ioc: myFilter "}))View Code

 

Iv. Precautions and references

1. Notes

For Classes managed by IOC, @ IocBean must be added before the class name.

If you need to save multiple attributes in the session during logon, you need to put the "user" and "user" attributes used for Logon verification at the end to prevent various null pointers. References: http://wendal.net/399.html

2. References

Filters: http://www.nutzam.com/core/mvc/action_filter.html

View returned by the entry function related: http://www.nutzam.com/core/mvc/view.html

Http://wendal.net/436.html

========================================================== ========================================================== ====================

The above is just a little bit of experience I have learned from my personal experience in using nutz. If there are any errors or inconveniences, please point out more and make progress together!

If any reprint is found, specify the source. Thank you!