登录尝试Servlet - 如果用户全部3次登录尝试失败，则禁用用户10分钟

Question

我一直在深入研究如何对servlet中的登录尝试进行验证。

举一个例子。

1）如果用户登录不正确的密码//它将返回到登录页面
2）用户将只有3次尝试。
3）未能在第3次尝试登录后。他们将被禁赛10分钟

的login.jsp

<form action = "loginController"> 
<input type="text" name="username"> 
<input type="text" name="password"> 
<input type="submit" value="Submit"/> 
</form> 

至于我们的servlet文件
loginController.java

我明白，我们必须分配会话的用户名，这样每个用户名将有一个独特的会话ID附加到它，但我真的不确定我们可以做到这一点。

doPost(HttpServletRequest...) 
{ 
String name = request.getParameter("username"); 
String pass = request.getParameter("password"); 

//we will create session and append it to username 
HttpSession session = request.getSession(true); 
session.setAttribute("username" , name); 

//what im really unsure is how we can get the sessionID to telly with the username 
int countAttempt = new Integer(0); 
if(countAttempt <= 3){ 
response.sendRedirect("login.jsp"); 
} else if(countAttempt == 3){ 
//This will ban users to log in for 10mins.... 
} 

这是核心Java平台我以前的模块，有什么地方对servlet的要求我们与控制器进行通信，并返回到JSP是相当大的挑战中很容易实现。

任何帮助将大大appreaciated

Answer 1

我希望这将帮助你弄清楚你的问题，我的解决方案IAM增加新的属性添加到会话“数量”携带当前登录尝试

doPost(HttpServletRequest...) 
    { 
    String name = request.getParameter("username"); 
    String pass = request.getParameter("password"); 


    //we will create session and append it to username 
    HttpSession session = request.getSession(true); 
    session.setAttribute("username" , name); 
    session.setAttribute("count",new Integer(0)); 
    int countAttempt = ((Integer)session.getAttribute("count")).intValue(); 
    //what im really unsure is how we can get the sessionID to telly with the username 
    if(countAttempt <= 3){ 
    session.setAttribute("count",++countAttempt); 
    response.sendRedirect("login.jsp"); 
    } else if(countAttempt == 3){ 
    //This will ban users to log in for 10mins.... 
    } 

Answer 2

类似下面的回答会给你实现

//inside servlet 
int login_attempts = 3; 

protected void doPost(HttpServletRequest request, HttpServletResponse 
response) throws ServletException, IOException { 

response.setContentType("text/html;charset=UTF-8"); 
    PrintWriter out = response.getWriter(); 

    String email = request.getParameter("email"); 
    String pass = request.getParameter("password"); 

try{ 

    Connection con = DBConnection.getConnection(); 
    PreparedStatement ps =con.prepareStatement("select * from user 
    where mail=? and password=? and account_lock=0 "); 
    ps.setString(1, email); 
    ps.setString(2, pass); 
    ResultSet rs =ps.executeQuery(); 
    if(rs.next()) 
    { 
    String userdbName = rs.getString("user_name"); 
    String customer_id = rs.getString("customer_id"); 
    /*String account_status = rs.getString("account_lock"); 
     int bool1 = Integer.parseInt(account_status); 
    */ 

    HttpSession session=request.getSession(); 
    session.setAttribute("name",userdbName); 
    session.setAttribute("cid",customer_id); 
    response.sendRedirect("personal/home.jsp"); 
    } 

    else{ 
     if(login_attempts==0) 
     { 
     System.out.println("No Login Attempts Available"); 
     } 
     else 
     { 
     login_attempts=login_attempts-1; 
    System.out.println("Login Failed Now Only "+login_attempts+" 
     Login Attempts Available"); 
     if(login_attempts==0) 
      { 
     System.out.println("your account block.contact admin for 
     login."); 
      } 
     } 

    } 
    response.sendRedirect("login.jsp"); 

     } 

     } 
     catch(Exception e) 
     { 
     e.printStackTrace(); 
     } 

    }