实现用户注册与登录功能需通过数据库设计、实体类、DAO层、Servlet和前端页面协同完成,核心是使用Servlet处理请求、JDBC操作数据库、BCrypt加密密码,并通过Session管理登录状态。
实现用户注册与登录功能是大多数Java Web应用的基础需求。通常结合Servlet、JSP(或Thymeleaf等模板引擎)、数据库(如MySQL)和JDBC(或MyBatis、Hibernate)来完成。以下是基于原生Java Web技术的实现思路和关键代码示例。
1. 数据库设计
首先创建一张用户表用于存储注册信息:
CREATE TABLE users (id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
email VARCHAR(100)
);
注意:密码应使用强哈希算法(如BCrypt)加密存储,不能明文保存。
2. 用户实体类(User)
定义一个Java类映射数据库表:
public class User {private int id;
private String username;
private String passwor
d;private String email;
// 构造方法、getter/setter省略
}
3. 数据访问层(UserDAO)
负责与数据库交互:
public class UserDAO {private Connection getConnection() throws SQLException {
return DriverManager.getConnection(
"jdbc:mysql://localhost:3306/yourdb", "root", "password");
}
public boolean registerUser(User user) {
String sql = "INSERT INTO users (username, password, email) VALUES (?, ?, ?)";
try (Connection conn = getConnection();
PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setString(1, user.getUsername());
ps.setString(2, BCrypt.hashpw(user.getPassword(), BCrypt.gensalt())); // 加密密码
ps.setString(3, user.getEmail());
return ps.executeUpdate() > 0;
} catch (SQLException e) {
e.printStackTrace();
return false;
}
}
public User login(String username, String password) {
String sql = "SELECT * FROM users WHERE username = ?";
try (Connection conn = getConnection();
PreparedStatement ps = conn.prepareStatement(sql)) {
ps.setString(1, username);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
String hashed = rs.getString("password");
if (BCrypt.checkpw(password, hashed)) {
User user = new User();
user.setId(rs.getInt("id"));
user.setUsername(rs.getString("username"));
user.setEmail(rs.getString("email"));
return user;
}
}
} catch (SQLException e) {
e.printStackTrace();
}
return null;
} }
4. Servlet处理注册与登录
编写两个Servlet分别处理注册和登录请求。
注册Servlet(RegisterServlet):
@WebServlet("/register")
public class RegisterServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
String email = request.getParameter("email");
User user = new User();
user.setUsername(username);
user.setPassword(password);
user.setEmail(email);
UserDAO dao = new UserDAO();
if (dao.registerUser(user)) {
response.sendRedirect("login.jsp?success=1");
} else {
response.sendRedirect("register.jsp?error=1");
}
}
}
登录Servlet(LoginServlet):
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
UserDAO dao = new UserDAO();
User user = dao.login(username, password);
if (user != null) {
HttpSession session = request.getSession();
session.setAttribute("user", user);
response.sendRedirect("dashboard.jsp");
} else {
response.sendRedirect("login.jsp?error=invalid");
}
}
}
5. 前端页面示例(JSP)
register.jsp
login.jsp
登录成功后,将用户信息存入session,在后续页面中可通过(User)session.getAttribute("user")判断是否已登录。
基本上就这些。安全方面建议引入过滤器验证登录状态,防止未授权访问。不复杂但容易忽略的是密码加密和SQL注入防护,务必使用PreparedStatement并校验输入。
