Access control for JSP pages __jsp

1, how to achieve access control

Users directly visit a page of the site, the system will go to query whether to save the user's login information, if there is, then display the content of the page, if not, go to the login page, require users to log on to the site.

JSP provides us with a set of session tracking mechanisms that maintain the session information for each user, that is, by using session tracking, you can save different data for different users.

2, what is the session.

As far as Web development is concerned, a session is a call between the user and the server through a browser, which contains multiple requests and responses from the browser to the server.

When a user makes a first request to the server, the server creates a unique session for that user, which continues until the user accesses the end, the browser closes, and the session ends.

3, JSP built-in object session

JSP provides information that allows users to store and extract session state by providing a Session object Session,session that can continue to be valid between multiple requests.

The session object is used to store all information about user sessions.

Common methods for session objects:

void setattribute (String key,object value): Stores the value of an object into the session in the form of a key/value. For example: Session.setattribute ("name", "Xinxin"); Store the string Xinxin in session.

Object GetAttribute (String key): Gets the value of the object stored in the session according to the key.

For example: String name = (string) session.getattribute ("name"); Gets the value of the object that is stored in the session by using the key named name.

Each Sesion object corresponds to the browser one by one, that is, to reopen a browser window, which is equivalent to recreating a Session object, the login information you save in other browser windows has nothing to do with the new browser window, so the system will decide that you are not logged in and must jump into the login page.

4, include instructions

JSP provides us with a file reference instruction include. We can write some common content to a separate file, and then refer to the file through the include instruction, thus alleviating the redundancy of the code, and more convenient to modify, that is, the common content only need to modify that separate file.

4.1, if you want to add login verification for multiple pages, there is no way to avoid the occurrence of duplicate code. (Rights Control)

Logon Authentication file checklogin.jsp

<%@ page import= "Com.xinxin.entity.User"%>

<%

User user = (user) Session.getattribute ("Logined_user");

If (user = null) {

Response.sendredirect ("login.html");

}

%>

This can be referenced on other pages:

<%@ include file= "checklogin.jsp"%>

5, JSP built-in object application

A system-like global variable that enables data sharing among users.

The common methods for application objects are as follows:

void setattribute (String key,object value): Stores the value of an object into the application in the form of a key/value. For example: Application.setattribute ("Logined_user", New ArrayList ()); A ArrayList object is stored in the application, and its corresponding key is Logined_user.

Object GetAttribute (String key): Gets the value of the object stored in the application according to the key. For example:

if (Application.getattribute ("Logined_user")!= null) {

List loginedusers = (list) application.getattribute ("Logined_user");

}

6, JSP's built-in objects

Built-in objects for JSP

,

Built-in object name	Description
Out	for customers End output data
Request	Primary for client request processing
Re Sponse	is used to respond to customer requests and to output information to the client. The
Session	is used to store all information about a user's session. The
Application	is similar to a system-wide global variable that enables data sharing between users.
PageContext	is used to facilitate access to various ranges of namespaces, servlet-related objects APIs, and wrap common servlet-related functionality Method.
Config	is used to access the initialization parameters of the servlet instance. The
Page	Represents a servlet instance that is generated from this page.
Exception	Exception object is an exception object that occurs when a page is run with an exception. If you want to apply this object to a JSP page, you must set the Iserrorpage to True, or you will not be able to compile it. He's actually a Java.lang.Throwable object.

7. Produce random number

You can use the random () method of the math class to generate random numbers between 0,0~1.0.