1
确定登录进程的静态值不是来自它正在工作的数据库。问题开始时,我试图用数据库做到这一点。我试图改变这个查询很多次,什么也没有。Spring登录过程。数据库postgresql
好吧,如果我有用户:gabrysia和例如密码gabrysia999999在我的数据库。我实现这样的错误:org.postgresql.util.PSQLException:错误:列“gabrysia999999”不存在。 。 如果需要,我可以显示web.xml,根上下文或其他文件。
<!!!!!!!! LogonFormController Class !!!!!!!!!!! >
@RequestMapping(value = "/logonForm.html", method = RequestMethod.POST)
protected String onSubmit(HttpServletRequest request,
HttpServletResponse response, @Valid LogonCommand logon,
BindingResult errors, HttpSession session) throws Exception {
int cookieLife = 60000;
boolean value = true;
List<Register> register = rsi.booleancheckUser(logon.getLogin(),
logon.getPassword());
for (Register Register : register) {
if (Register.getUsername().equalsIgnoreCase(logon.getLogin())
&& (Register.getPassword().equals(logon.getPassword()))) {
value = false;
}
}
if (errors.hasErrors()) {
return "logonForm";
} else if (value = true) {
// wykorzystanie mechanizmĂłw logowania. Koniec z uĹĽyciem
// System.out
log.error("no user like login='" + logon.getLogin()
+ "', password='" + logon.getPassword() + "'");
// Nie tylko walidator może umieszczać opisy błędów w obiekcie
// typu BindException
errors.rejectValue("login", null,
"no user like this loginie or pass");
return "logonForm";
} else {
log.info("user logged");
if (logon.isRemember()) {
log.info("remember user in cookie");
Cookie c1 = new Cookie("login", logon.getLogin());
c1.setMaxAge(cookieLife);
response.addCookie(c1);
} else {
Cookie c1 = new Cookie("login", null);
c1.setMaxAge(0);
response.addCookie(c1);
}
session.setAttribute("logInSession", logon);
return "redirect:/";
}
}
//operation to take from database login and pass
package app.Spring.dao;
import java.util.List;
import org.hibernate.Criteria;
import org.hibernate.Query;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.SessionAttributes;
import app.Spring.domain.Register;
@SessionAttributes(value = { "register" })
public class RegisterServiceImpl implements RegisterService {
protected final Logger log = LoggerFactory.getLogger(getClass());
protected SessionFactory sessionFactory;
public void setSessionFactory(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
public void add(Register user) {
sessionFactory.getCurrentSession().saveOrUpdate(user);
sessionFactory.getCurrentSession().flush();
}
@Override
public List<Register> booleancheckUser(String login, String password) {
// Ta funkcja oczywiście powinna korzystać z bazy
String hqlQuery = "FROM " + Register.class.getName()
+ " v WHERE v.username='" + login + "' AND v.password="
+ password;
Query query = sessionFactory.getCurrentSession().createQuery(hqlQuery);
return (List<Register>) query.list();
}
//Register Class
package app.Spring.domain;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="register")
public class Register implements Serializable {
/**
*
*/
private static final long serialVersionUID = 1L;
private Long user_id;
private String username;
private String password;
public Register() {
}
@Id
@GeneratedValue
@Column(name="user_id")
public Long getId() {
return user_id;
}
public void setId(Long user_id) {
this.user_id = user_id;
}
@Column(name="username")
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Column(name="password")
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
} }
不要将用户提供的值连接到SQL语句中。使用'PreparedStatement'来保护自己免受SQL注入。 –
请改变你的编码风格,SQL注入在2015年不应该是可能的。 –