Les valeurs sont insérées dans la base de données mais elles ne devraient pas l'être.

Question

LoginServlet.java

package bean;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginServlet extends HttpServlet {
    @Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html");
        try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);

            String name=request.getParameter("name");
            String password=request.getParameter("password");
            boolean status=false;
    try{
        Connection con=ConnectionProvider.getCon();
        String sql="select * from roles where name='" + name + "' and pass='" + password + "'";
        PreparedStatement stmt =con.prepareStatement(sql);
        String role="admin";                        
        ResultSet rs=stmt.executeQuery();
        if(rs.next())
        {
            status=true;
            role=rs.getString("role");
        }

         if(status){
        out.print("Welcome, "+name);
        HttpSession session=request.getSession();
        session.setAttribute("name",name);
        if(role!=null && role.equals("admin") ){   
          response.sendRedirect("create.html");

        }
        else {
           response.sendRedirect("create1.html");          

      }

    }
    else{
        out.print("Sorry, username or password error!");
        request.getRequestDispatcher("login.html").include(request, response);
    }
    }catch( SQLException | ServletException | IOException e){}

        }
}
}

créer.html

<a href="LogoutServlet">Logout</a>
<a href="department.jsp">Create Department</a>
<a href="c_user.jsp">Create Users</a>
<hr/>

département.jsp

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>JSP Page</title>
</head>
<body>
  <h1>Create Department</h1>
<br>
<form action="DepartmentServlet">
    <table border="1">
        <tbody>
            <tr>
                <td>Company Name :</td>
                <td><input type="text" name="company" value="" size="50"    /></td>
            </tr>
            <tr>
                <td>Department Name</td>
                <td><input type="text" name="department" value="" size="50" />  </td>
            </tr>
            <tr>
                <td>Head Office :</td>
                <td><input type="text" name="place" value="" size="50"   /></td>
            </tr>

        </tbody>
    </table>
    <input type="reset" value="Clear" name="Clear" />
    <input type="submit" value="Submit" name="Submit" />
</form>
 </body>
</html>

DepartmentServlet.java

package bean; 

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class DepartmentServlet extends HttpServlet {   

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
   response.setContentType("text/html");
    try (PrintWriter out = response.getWriter()) {
            request.getRequestDispatcher("link.html").include(request, response);

            HttpSession session=request.getSession(false);
            if(session!=null){
                String name=(String)session.getAttribute("name"); 
                boolean status=false;
    try{
        String department=request.getParameter("department");
        String company=request.getParameter("company");
        String place=request.getParameter("place");

        Connection con=ConnectionProvider.getCon();
        String sql="insert into department(departmentname,company,place) values (?,?,?)";
        PreparedStatement pstmt =con.prepareStatement(sql);

        pstmt.setString(1,department); 
        pstmt.setString(2,company);
        pstmt.setString(3,place);

        int rs=pstmt.executeUpdate();
        if(rs>0){status=true;}
    }catch(Exception e){}
              if(status){
                out.print("Values have been inserted,"+name);
                request.getSession();}
              else 
              {
                  out.print("failed");
              }                  
              }
            else{
                out.print("Please login first");
                request.getRequestDispatcher("login.html").include(request, response);
            }
        }
}   
}

LogoutServlet.java

package bean;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LogoutServlet extends HttpServlet {
            @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
                try (PrintWriter out = response.getWriter()) {
                    request.getRequestDispatcher("link.html").include(request, response);

                    HttpSession session=request.getSession(false);
                    session.invalidate();

                    out.print("You are successfully logged out!");
                }
 }
 }

Avec DepartmentServlet Je suis en train d'insérer des valeurs dans la base de données. Le problème est le suivant , Je suis capable d'ouvrir create.html y department.jsp sans connexion et les valeurs sont également insérées dans la base de données même si je ne me suis pas connecté. . Je sais que le problème vient du fait que la session n'est pas correctement transmise (utilisée). Comment puis-je le résoudre ? Quelqu'un peut-il le corriger ?

Answer 1

Changez la condition if(session != null)
à if(session != null && session.getAttribute("name") != null)

Answer 2

Vous devrez implémenter un filtre pour restreindre l'accès pour .jsp/ .html qui vérifie la présence d'une session active. Si aucune session active n'est trouvée, la demande sera redirigée vers la page de connexion (dans votre cas, un lien). Utilisez l'implémentation ci-dessous de la méthode doFilter.

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        HttpSession session = request.getSession(false);

        if (session == null || session.getAttribute("name") == null) {
            response.sendRedirect(request.getContextPath() + "/link"); 
        } else {
            chain.doFilter(req, res); 
        }
    }