基于Struts+Spring+JDBC架構(gòu)的課程設(shè)計實訓(xùn)教學(xué)示例項目——《網(wǎng)上銀行賬戶管理系統(tǒng)》——分離Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯_第1頁
基于Struts+Spring+JDBC架構(gòu)的課程設(shè)計實訓(xùn)教學(xué)示例項目——《網(wǎng)上銀行賬戶管理系統(tǒng)》——分離Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯_第2頁
基于Struts+Spring+JDBC架構(gòu)的課程設(shè)計實訓(xùn)教學(xué)示例項目——《網(wǎng)上銀行賬戶管理系統(tǒng)》——分離Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯_第3頁
基于Struts+Spring+JDBC架構(gòu)的課程設(shè)計實訓(xùn)教學(xué)示例項目——《網(wǎng)上銀行賬戶管理系統(tǒng)》——分離Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯_第4頁
基于Struts+Spring+JDBC架構(gòu)的課程設(shè)計實訓(xùn)教學(xué)示例項目——《網(wǎng)上銀行賬戶管理系統(tǒng)》——分離Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯_第5頁
已閱讀5頁,還剩20頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報或認(rèn)領(lǐng)

文檔簡介

1、基于Struts+Spring+JDBC架構(gòu)的課程設(shè)計實訓(xùn)教學(xué)示例項目網(wǎng)上銀行賬戶管理系統(tǒng)分離Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯分離前臺用戶信息/帳戶信息管理的Servlet類中的數(shù)據(jù)驗證邏輯與業(yè)務(wù)調(diào)度邏輯1、添加一個針對所有的Servlet類中的方法驗證的過濾器組件基類(1)類名稱為CheckAllWebFormBaseFilter、包名稱為、實現(xiàn)接口(2)編程該CheckAllWebFormBaseFilter類以提供共性的功能實現(xiàn)package com.px1987.webbank.filter;import java.io.IOException;import javax.

2、servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.RequestDispatcher;letException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet. . ServletRequest;import javax.servlet. . Session;import com.px1987.webb

3、ank.config.TargetPageNameConfig;/該Filter組件是為J2EE Web 提供的基類Filterpublic class CheckAllWebFormBaseFilter implements Filter protected String checkAllWebFormBaseFilter_errorInfoTargetPage=null;RequestDispatcher oneRequestDispatcher=null; Session session=null;String verifyCodeInSession=null;public CheckA

4、llWebFormBaseFilter() public void destroy() public void doFilter(ServletRequest request, ServletResponse response,FilterChain filterChain) throws IOException, ServletException request.setCharacterEncoding(GBK);session=( ServletRequest)request).getSession();verifyCodeInSession=(String)session.getAttr

5、ibute(verifyCode);return;public void init(FilterConfig arg0) throws ServletException checkAllWebFormBaseFilter_errorInfoTargetPage=rty(allWebFormBaseFilter_errorInfoTargetPage);(3)在文件中定義一個屬性項目2、添加一個針對UserInfoManageServlet類中的各個方法驗證的過濾器(/ userInfoManageAction.action)(1)類名稱為FormRequestTransferCoding、包名

6、稱為、繼承前面的CheckAllWebFormBaseFilter類(2)編程該FormRequestTransferCoding類 package com.px1987.webbank.filter;import java.io.IOException;import java.util.Date;lterChain;import javax.servlet.FilterConfig;import javax.servlet.RequestDispatcher;import javax.servlet.ServletException;import javax.servlet.ServletR

7、equest;import javax.servlet.ServletResponse;import org.apache mons.validator.GenericValidator;import com.px1987.webbank.config.TargetPageNameConfig;import com.px1987.webbank.exception.WebBankException;import com.px1987.webbank.model.vo.AccountInfoVO;import com.px1987.webbank.util.MD5JavaBean;public

8、class FormRequestTransferCoding extends CheckAllWebFormBaseFilter public FormRequestTransferCoding() super();public void destroy() public void doFilter(ServletRequest request, ServletResponse response,FilterChain filterChain) throws IOException, ServletException super.doFilter(request, response, fil

9、terChain);boolean checkResult=true;String action=request.getParameter(action);/*下面是獲得請求的類型并相應(yīng)地跳轉(zhuǎn)到目標(biāo)處理方法中*if(action.equals(doUserLogin)checkResult=checkDoUserLoginForm(request);else if(action.equals(doGetPassWord)checkResult=checkDoGetPassWordForm(request);else if(action.equals(doGetUserPassWordAndUp

10、date)checkResult=checkDoGetUserPassWordAndUpdateForm(request);else if(action.equals(doUpdateUserPassWord)checkResult=checkDoUpdateUserPassWordForm(request);else if(action.equals(doAddNewAccountInfo)checkResult=checkDoAddNewAccountInfoForm(request);if(action.equals(doGetOutMoney)checkResult=checkDoGe

11、tOutMoneyForm(request);if(action.equals(doTransmitAccount)checkResult=checkDoTransmitAccountForm(request);if(!checkResult)oneRequestDispatcher=request.getRequestDispatcher(checkAllWebFormBaseFilter_errorInfoTargetPage);oneRequestDispatcher.forward(request, response);return;filterChain.doFilter(reque

12、st, response);public void init(FilterConfig arg0) throws ServletException super.init(arg0);public boolean checkDoAddNewAccountInfoForm(ServletRequest request)/*下面為檢查驗證碼是否正確 *String verifyCodeDigitInputed=request.getParameter(verifyCodeDigit);if(GenericValidator.isBlankOrNull(verifyCodeDigitInputed)r

13、equest.setAttribute(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);return false;if(!verifyCodeDigitInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);return false;String balance=request.getParameter(balance);if(!GenericValidator.isFloat(balance)request.setAttribute(er

14、rorText, 存款金額必須為數(shù)字!請重新輸入您的存款金額!);return false;String accountInfo_ActionType=request.getParameter(accountInfo_ActionType);switch(Integer.parseInt(accountInfo_ActionType)case 1:/開設(shè)帳戶String idCard=request.getParameter(idCard);if(Float.parseFloat(balance)1.0f)request.setAttribute(errorText, 開戶存款金額必須大于1元

15、人民幣!請重新輸入您的開戶存款金額!);return false;if(GenericValidator.isBlankOrNull(idCard)request.setAttribute(errorText, 您的身份證號輸入不能為空!請輸入您的有效身份證號!);return false;if(idCard.length()!=18)request.setAttribute(errorText, 有效身份證號應(yīng)該是18位數(shù)字!請輸入您的有效身份證號!);return false;break;case 2:/追加存款String accountID=request.getParameter(a

16、ccountID);if(GenericValidator.isBlankOrNull(accountID) /對于選擇框,有缺少的選擇項目request.setAttribute(errorText, 請選擇您的存款帳號!);return false;break;return true;public boolean checkDoGetOutMoneyForm(ServletRequest request)/*下面為檢查驗證碼是否正確 *String verifyCodeDigitInputed=request.getParameter(verifyCodeDigit);if(Generic

17、Validator.isBlankOrNull(verifyCodeDigitInputed)request.setAttribute(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);return false;if(!verifyCodeDigitInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);return false;String idCard=request.getParameter(idCard);if(GenericVali

18、dator.isBlankOrNull(idCard)request.setAttribute(errorText, 您的身份證號輸入不能為空!請輸入您的有效身份證號!);return false;if(idCard.length()!=18)request.setAttribute(errorText, 有效身份證號應(yīng)該是18位數(shù)字!請輸入您的有效身份證號!);return false;String accountInfo_ActionType=rameter(accountInfo_ActionType);switch(Integer.parseInt(accountInfo_Action

19、Type)case 1:/取出款額String balance=request.getParameter(balance);if(!GenericValidator.isFloat(balance)request.setAttribute(errorText, 取款金額必須為數(shù)字!請重新輸入您的取款金額!);return false;break;case 2:/銷毀帳戶String userPassWord=request.getParameter(userPassWord);if(GenericValidator.isBlankOrNull(userPassWord)request.setA

20、ttribute(errorText, 您的帳戶密碼不能為空!請輸入您的有效帳戶密碼!);return false;break;return true;public boolean checkDoTransmitAccountForm(ServletRequest request)/*下面為檢查驗證碼是否正確 *String verifyCodeDigitInputed=request.getParameter(verifyCodeDigit);if(GenericValidator.isBlankOrNull(verifyCodeDigitInputed)request.setAttribu

21、te(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);return false;if(!verifyCodeDigitInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);return false;String balance=request.getParameter(balance);if(!GenericValidator.isFloat(balance)request.setAttribute(errorText, 取款金額必須為數(shù)

22、字!請重新輸入您的取款金額!);return false;return true;public boolean checkDoUserLoginForm(ServletRequest request)/*下面為檢查驗證碼是否正確 *String verifyCodeDigitInputed=request.getParameter(verifyCodeDigit);if(GenericValidator.isBlankOrNull(verifyCodeDigitInputed)request.setAttribute(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);r

23、eturn false;if(!verifyCodeDigitInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);return false;/* * 下面對用戶在登陸表單中的輸入項目進(jìn)行服務(wù)器端的驗證 */String userName=request.getParameter(userName);String userPassWord=request.getParameter(oneUserPassWordBean.userPassWord);if(Gener

24、icValidator.isBlankOrNull(userName)request.setAttribute(errorText, 用戶名稱不能為空!請輸入您的用戶名稱!);return false;if(GenericValidator.isBlankOrNull(userPassWord)request.setAttribute(errorText, 用戶密碼名稱不能為空!請輸入您的用戶密碼!);return false;if(!GenericValidator.maxLength(userPassWord, 18)request.setAttribute(errorText, 用戶密碼

25、不能超過18位!);return false;if(!GenericValidator.minLength(userPassWord, 4)request.setAttribute(errorText, 用戶密碼不能小于4位!);return false;return true;public boolean checkDoGetPassWordForm(ServletRequest request)/*下面為檢查驗證碼是否正確 *String verifyCodeDigitInputed=request.getParameter(verifyCodeDigit);if(GenericValid

26、ator.isBlankOrNull(verifyCodeDigitInputed)request.setAttribute(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);return false;if(!verifyCodeDigitInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);return false;String passWordAsk=request.getParameter(oneUserPassWordBean.pa

27、ssWordAsk);String passWordAnswer=request.getParameter(oneUserPassWordBean.passWordAnswer);if(GenericValidator.isBlankOrNull(passWordAsk)request.setAttribute(errorText, 找回密碼時的回答問題不能為空!);return false;if(GenericValidator.isBlankOrNull(passWordAnswer)request.setAttribute(errorText, 找回密碼時的回答問題的答案不能為空!);r

28、eturn false;return true;public boolean checkDoGetUserPassWordAndUpdateForm(ServletRequest request)String userNewPassWord=request.getParameter(oneUserPassWordBean.userNewPassWord);if(GenericValidator.isBlankOrNull(userNewPassWord)request.setAttribute(errorText, 用戶新密碼名稱不能為空!請輸入您的用戶新密碼!);return false;i

29、f(!GenericValidator.maxLength(userNewPassWord, 18)request.setAttribute(errorText, 用戶新密碼不能超過18位!);return false;if(!GenericValidator.minLength(userNewPassWord, 4)request.setAttribute(errorText, 用戶新密碼不能小于4位!);return false;String confirmPassWord=request.getParameter(oneUserPassWordBean.confirmPassWord);

30、if(!userNewPassWord.equals(confirmPassWord)request.setAttribute(errorText, 確認(rèn)密碼應(yīng)該與用戶新密碼保持一致!);return false;return true;public boolean checkDoUpdateUserPassWordForm(ServletRequest request)/*下面為檢查驗證碼是否正確 *String verifyCodeDigitInputed=request.getParameter(verifyCodeDigit);if(GenericValidator.isBlankOr

31、Null(verifyCodeDigitInputed)request.setAttribute(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);return false;if(!verifyCodeDigitInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);return false;String userName=request.getParameter(userName);String userPassWord=request.g

32、etParameter(oneUserPassWordBean.userPassWord);lankOrNull(userName)request.setAttribute(errorText, 用戶名稱不能為空!請輸入您的用戶名稱!);return false;if(GenericValidator.isBlankOrNull(userPassWord)request.setAttribute(errorText, 用戶密碼名稱不能為空!請輸入您的用戶密碼!);return false;if(!GenericValidator.maxLength(userPassWord, 18)reque

33、st.setAttribute(errorText, 用戶密碼不能超過18位!);return false;if(!GenericValidator.minLength(userPassWord, 4)request.setAttribute(errorText, 用戶密碼不能小于4位!);return false;String userNewPassWord=request.getParameter(oneUserPassWordBean.userNewPassWord);if(GenericValidator.isBlankOrNull(userNewPassWord)request.se

34、tAttribute(errorText, 用戶新密碼名稱不能為空!請輸入您的用戶新密碼!);return false;if(!GenericValidator.maxLength(userNewPassWord, 18)request.setAttribute(errorText, 用戶新密碼不能超過18位!);return false;if(!GenericValidator.minLength(userNewPassWord, 4)request.setAttribute(errorText, 用戶新密碼不能小于4位!);return false;String confirmPassWo

35、rd=request.getParameter(oneUserPassWordBean.confirmPassWord);if(!userNewPassWord.equals(confirmPassWord)request.setAttribute(errorText, 確認(rèn)密碼應(yīng)該與用戶新密碼保持一致!);return false;return true;(3)FormRequestTransferCoding過濾器組件 formRequestTransferCoding formRequestTransferCoding /userInfoManageAction.action(4)進(jìn)行登

36、陸系統(tǒng)等方面的功能以測試該FormRequestTransferCoding過濾器組件類的效果測試沒有正確地輸入驗證碼的錯誤過濾SQL語句的特殊的字符串下面是一般的JDBC訪問代碼Statement stmt = conn.createStatement(); String checkUser = select * from login where username = + userName +and userpassword = + userPassword +; ResultSet rs = stmt.executeQuery(checkUser); if(rs.next() respon

37、se.sendRedirect(SuccessLogin.jsp); else response.sendRedirect(FailureLogin.jsp);但如果數(shù)據(jù)庫里存在一個名叫“yang”的用戶,那么在不知道密碼的情況下至少有下面幾種方法可以登錄:用戶名:yang密碼: or a=a用戶名:yang密碼: or 1=1/*用戶名:yang or 1=1/*密碼:(任意)因此,應(yīng)該對所接收到的用戶名稱和密碼的字符串進(jìn)行特殊符號的過濾以避免出現(xiàn)“后門”。if(userName.equals() userPswd.equals() throw new UserException(用戶名或密

38、碼不能空。); if(userName.indexOf() != -1 userName.indexOf() != -1 userName.indexOf(,) != -1 userName.indexOf() != -1) throw new UserException(用戶名不能包括 , 等非法字符。); if(userPswd.indexOf() != -1 userPswd.indexOf() != -1 userPswd.indexOf(*) != -1 userPswd.indexOf() != -1) throw new UserException(密碼不能包括 * 等非法字符。

39、); if(userName.startsWith() userPswd.startsWith() throw new UserException(用戶名或密碼中不能用空格。);3、添加一個針對UserRegisterAndUpdateServlet類中的各個方法驗證的過濾器(/ registerAndUpdateAction.action)(1)類名稱為CheckUserRegisterAndUpdateFilter、包名稱為、繼承前面的CheckAllWebFormBaseFilter類(2)編程該CheckUserRegisterAndUpdateFilter類 注意:在該CheckUs

40、erRegisterAndUpdateFilter類中不能采用常規(guī)的獲得表單數(shù)據(jù)的方式獲得表單數(shù)據(jù),因為其表單中有文件上傳的功能實現(xiàn)。另外,由于在在Filter中直接應(yīng)用了DiskFileItemFactory獲得表單的請求參數(shù),因此在Servlet組件中獲得由CheckUserRegisterAndUpdateFilter轉(zhuǎn)發(fā)來的表單的參數(shù)。package com.px1987.webbank.filter;import java.io.IOException;import java.util.HashMap;import java.util.List;import java.util.Ma

41、p;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet. . ServletRequest;import javax.servlet. . Session;import org.apache mons.fileupload.FileItem;import

42、 org.apache mons.fileupload.FileUploadException;import org.apache mons.fileupload.disk.DiskFileItemFactory;import org.apache mons.fileupload.servlet.ServletFileUpload;import org.apache mons.validator.GenericValidator;public class CheckUserRegisterAndUpdateFilter extends CheckAllWebFormBaseFilterpriv

43、ate static final int BUFFER_SIZE = 16 * 1024 ;public CheckUserRegisterAndUpdateFilter() super();public void destroy() public void doFilter(ServletRequest request, ServletResponse response,FilterChain filterChain) throws IOException, ServletException super.doFilter(request, response, filterChain);boo

44、lean checkResult=true;/實例化一個磁盤文件工廠DiskFileItemFactoryDiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory(); diskFileItemFactory.setSizeThreshold(BUFFER_SIZE);/用磁盤文件工廠實例化上傳組件ServletFileUploadServletFileUpload servletFileUpload =new ServletFileUpload(diskFileItemFactory); Map registerFor

45、mAllItemMap =null;FileItem uploadFileItem=null;try/*用上傳組件ServletFileUpload解析request對象,并從request對象中得到表單域List*/List fileItems = servletFileUpload.parseRequest( ServletRequest)request);registerFormAllItemMap= new HashMap();/遍歷List,找到上傳表單域和非上傳表單域for (FileItem fileItem : fileItems)/ 是普通表單域if (fileItem.is

46、FormField()registerFormAllItemMap.put(fileItem.getFieldName(), fileItem.getString();else / 是上傳表單域uploadFileItem=fileItem;catch (FileUploadException e) throw new IOException(e.getMessage(); String action=registerFormAllItemMap.get(action);/*下面是獲得請求的類型并相應(yīng)地跳轉(zhuǎn)到目標(biāo)處理方法中*if(action.equals(doUserRegister)che

47、ckResult=checkDoUserRegisterForm(request,registerFormAllItemMap);else if(action.equals(doUpdateUserInfo)checkResult=checkDoUpdateUserInfoForm(request,registerFormAllItemMap);if(!checkResult)oneRequestDispatcher=request.getRequestDispatcher(checkAllWebFormBaseFilter_errorInfoTargetPage);oneRequestDis

48、patcher.forward(request, response);return;/* 由于在本表單中直接應(yīng)用了DiskFileItemFactory獲得表單的請求參數(shù),為此采用將表單的各個屬性參數(shù)通過request傳到對應(yīng)的Servlet類中*/request.setAttribute(registerFormAllItemMap, registerFormAllItemMap);request.setAttribute(uploadFileItem, uploadFileItem);filterChain.doFilter(request, response);public void i

49、nit(FilterConfig arg0) throws ServletException super.init(arg0);public boolean checkDoUserRegisterForm(ServletRequest request,Map registerFormAllItemMap) Session session=( ServletRequest)request).getSession();String verifyCodeInSession=(String)session.getAttribute(verifyCode);String verifyCodeDigitB

50、yInputed=registerFormAllItemMap.get(verifyCodeDigit);if(GenericValidator.isBlankOrNull(verifyCodeDigitByInputed)request.setAttribute(errorText, 驗證碼不能為空!請輸入本網(wǎng)站所提供的6位驗證碼!);return false;if(!verifyCodeDigitByInputed.equals(verifyCodeInSession)request.setAttribute(errorText,您的驗證碼不正確,請輸入本網(wǎng)站所提供的6位驗證碼!);ret

51、urn false;/* * 下面對用戶在登陸表單中的輸入項目進(jìn)行服務(wù)器端的驗證 */String userName=registerFormAllItemMap.get(userName);String userPassWord=registerFormAllItemMap.get(oneUserPassWordBean.userPassWord);if(GenericValidator.isBlankOrNull(userName)request.setAttribute(errorText, 用戶名稱不能為空!請輸入您的用戶名稱!);return false;if(GenericVali

52、dator.isBlankOrNull(userPassWord)request.setAttribute(errorText, 用戶密碼名稱不能為空!請輸入您的用戶密碼!);return false;if(!GenericValidator.maxLength(userPassWord, 18)request.setAttribute(errorText, 用戶密碼不能超過18位!);return false;if(!GenericValidator.minLength(userPassWord, 4)request.setAttribute(errorText, 用戶密碼不能小于4位!);return false;String confirmPassWord=registerFormAllItemMap.get(oneUserPassWordBean.confirmPassWo

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論