java - 如何访问用户的登录用户名并将其存储在常规 java 类中使用的变量中

Question

我无法找到此问题的解决方案。

当用户登录(使用我的 servlet)时，我想存储他们输入的凭据(用户名和密码)，然后在普通的 java 类中使用该信息。

--------这是登录 servlet 代码----

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
        String enteredUserName = request.getParameter("username"); //this is the same as name value from login form
        String enteredPassword = request.getParameter("password");
        RequestDispatcher rd = null;

        try {
            Class.forName("org.postgresql.Driver");
        } catch (ClassNotFoundException e1) {

            e1.printStackTrace();
        }

        try (Connection conn = DriverManager.getConnection("jdbc:postgresql://127.0.0.1:xxxx/", "xxxxxx",
                "xxxxxxx")) {

                Statement first_stmt = null;
                String first_query = "select user_name, pass_word, access_level from employees where user_name = " + "'" + enteredUserName + "';";

                first_stmt = conn.createStatement();

                ResultSet rs = first_stmt.executeQuery(first_query);

                while (rs.next()) {
                    int accessLevel_db = rs.getInt("access_level"); 
                    String username_db = rs.getString("user_name");
                    String password_db = rs.getString("pass_word");



            /*TRMSLoginDao access = new TRMSLoginDao();
                //access.login(userName.toString(), password.toString());

            //problem is right here accessLevel never gets updated stays at 0
                if(TRMSLoginDao.login(userName, password)) {*/



            if (enteredUserName.equals(username_db) && enteredPassword.equals(password_db) && accessLevel_db == 3) {
                //establish session stuff
                HttpSession session = request.getSession(); //create session object
                session.setAttribute("username", enteredUserName); // used session to set session attribute
                session.setAttribute("password", enteredPassword); // sets password attribute
                //String entered_UserName = (String) session.getAttribute("username");
                //establish session stuff

                rd = request.getRequestDispatcher("/DistrictManagerHome.jsp");
                rd.forward(request, response);
}}

一旦他们登录到网站，我想在这个 sql 查询中使用他们存储的用户名

就像我想在下面的sql语句中使用当前登录的用户的用户名

-----------如该查询所示--------

public void updateEmployee(Employee theEmployee) throws Exception{

    Connection myConn = null;
    PreparedStatement myStmt = null;

        //get a connection 
        Class.forName("org.postgresql.Driver");
        try (Connection conn = DriverManager.getConnection("jdbc:postgresql://127.0.0.1:xxxx/", "xxxxxx",
                "xxxxxxx")) {

        // create SQL update Statement


        String sql = "update public.employees " + "set user_name=?, pass_word=?, d_o_b=?, first_name=?, last_name=?, manager_email=?, access_level=? " + "where user_name=?;";

        // Prepare Statement


        myStmt = conn.prepareStatement(sql);


        // set params

        myStmt.setString(1, theEmployee.getUserName());
        myStmt.setString(2, theEmployee.getPassWord());
        myStmt.setString(3, theEmployee.getDob());
        myStmt.setString(4, theEmployee.getFirstName());
        myStmt.setString(5, theEmployee.getLastName());
        myStmt.setString(6, theEmployee.getManagerEmail());
        myStmt.setString(7, theEmployee.getAccessLevel());
        myStmt.setInt(8, theEmployee.getId());

        // execute statement

        myStmt.executeUpdate();

    } 
    finally {
        //clean up JDBC objects
        close(myConn,myStmt, null);
    }


}

总之，代码目前可以完美地按预期工作，但是我只能在原始查询中选择 * 。我想根据当前用户的登录凭据进行查询。我只是想通过在需要的代码中利用用户实际输入和经过身份验证的用户名来添加更多功能。

Answer 1

enter image description here

我能够访问 session 属性，如此处添加的图片所示。通过创建一个方法并传入来自 httpservlet 请求的请求和响应参数，我就能够在 SQL 查询中使用当前用户的登录用户名。