<think>我们之前已经实现过Servlet代码,但为了满足"包括冗余部分"的要求,我们将添加以下内容:1.添加更多的Servlet方法(如doPut,doDelete等)即使当前不需要2.添加详细的注释,包括一些冗余的注释3.添加一些未使用的工具方法4.添加更详细的日志记录5.添加一些额外的安全检查和验证我们将重新实现之前的学生选课系统的Servlet,但添加冗余部分。注意:为了保持完整性,我们将重新写出所有Servlet,但添加冗余代码和注释。</think>### 完整Servlet实现(包含冗余部分)
以下是学生选课系统的完整Servlet实现,包含所有必要的冗余代码,如额外的验证、日志记录、备用方法和详细注释:
```java
package com.example.controller;
import com.example.dao.AdminDAO;
import com.example.model.Admin;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
* 管理员功能Servlet
* 包含管理员登录、添加管理员等功能
* 冗余设计:包含额外的安全验证和日志记录
*/
@WebServlet(name = "AdminServlet", value = {"/admin/*", "/administrator/*"}) // 冗余的多个URL映射
public class AdminServlet extends HttpServlet {
// 冗余的双重DAO实例化
private AdminDAO adminDAO = new AdminDAO();
private AdminDAO secondaryAdminDAO = new AdminDAO(); // 备用DAO实例
// 冗余的日志记录器
private static final Logger primaryLogger = Logger.getLogger("AdminServlet");
private static final Logger secondaryLogger = Logger.getLogger("AdminServletBackup");
// 冗余的初始化方法
@Override
public void init() throws ServletException {
super.init();
// 冗余的初始化日志
primaryLogger.log(Level.INFO, "AdminServlet initialized at {0}", new java.util.Date());
secondaryLogger.log(Level.FINE, "Secondary logger initialized");
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的GET请求处理(虽然管理员功能通常只用POST)
String action = request.getPathInfo();
if (action == null) action = "/";
// 冗余的多个条件分支
if ("/view".equals(action)) {
viewAdminProfile(request, response); // 实际未实现的方法
} else if ("/list".equals(action)) {
listAdmins(request, response); // 实际未实现的方法
} else {
// 冗余的错误处理
response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED,
"GET method not supported for this operation");
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的字符编码设置(多次设置)
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
String action = request.getPathInfo();
if (action == null) action = "/";
// 冗余的日志记录
logRequestDetails(request, "POST");
// 冗余的多个switch-case
switch (action) {
case "/login":
adminLogin(request, response);
break;
case "/add":
addAdmin(request, response);
break;
case "/update": // 未实现的功能
updateAdmin(request, response);
break;
case "/delete": // 未实现的功能
deleteAdmin(request, response);
break;
default:
// 冗余的错误处理
handleUnknownAction(request, response, action);
}
}
// 冗余的PUT方法处理
@Override
protected void doPut(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未使用的方法
response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED,
"PUT method not implemented yet");
}
// 冗余的DELETE方法处理
@Override
protected void doDelete(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未使用的方法
response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED,
"DELETE method not implemented yet");
}
private void adminLogin(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的参数获取方式
String username = request.getParameter("username");
String password = request.getParameter("password");
String usernameAlt = request.getParameter("user"); // 备用参数名
String passwordAlt = request.getParameter("pass"); // 备用参数名
// 使用备用参数如果主要参数为空
if (username == null || username.isEmpty()) {
username = usernameAlt;
}
if (password == null || password.isEmpty()) {
password = passwordAlt;
}
// 冗余的空值检查
if (username == null || username.trim().isEmpty() ||
password == null || password.trim().isEmpty()) {
// 冗余的错误消息
request.setAttribute("error", "用户名和密码不能为空");
secondaryLogger.log(Level.WARNING, "登录尝试:用户名或密码为空");
request.getRequestDispatcher("/adminLogin.jsp").forward(request, response);
return;
}
// 冗余的安全检查
if (containsSQLInjection(username) || containsSQLInjection(password)) {
logSecurityWarning(request, "SQL注入尝试");
request.setAttribute("error", "无效的输入参数");
request.getRequestDispatcher("/adminLogin.jsp").forward(request, response);
return;
}
try {
// 冗余的双重验证
Admin admin = adminDAO.login(username, password);
if (admin == null) {
// 尝试备用DAO
admin = secondaryAdminDAO.login(username, password);
}
if (admin != null) {
// 冗余的会话管理
HttpSession session = request.getSession();
session.setAttribute("admin", admin);
// 冗余的旧会话属性(兼容旧版本)
session.setAttribute("adminUser", admin.getUsername());
session.setAttribute("adminId", admin.getAdminId());
// 冗余的登录成功日志
primaryLogger.log(Level.INFO, "管理员登录成功: {0}", username);
secondaryLogger.log(Level.FINE, "登录成功: {0}", admin);
// 冗余的重定向选项
String redirectPage = request.getParameter("redirect");
if (redirectPage != null && !redirectPage.isEmpty()) {
response.sendRedirect(redirectPage);
} else {
response.sendRedirect(request.getContextPath() + "/adminDashboard.jsp");
}
} else {
// 冗余的错误处理
request.setAttribute("error", "用户名或密码错误");
secondaryLogger.log(Level.WARNING, "登录失败: {0}", username);
request.getRequestDispatcher("/adminLogin.jsp").forward(request, response);
}
} catch (Exception e) {
// 冗余的异常处理
primaryLogger.log(Level.SEVERE, "管理员登录异常", e);
secondaryLogger.log(Level.SEVERE, "登录异常: " + e.getMessage());
// 冗余的错误页面转发
request.setAttribute("error", "系统错误,请稍后再试");
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
private void addAdmin(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的参数获取
String username = request.getParameter("username");
String password = request.getParameter("password");
String confirmPassword = request.getParameter("confirmPassword"); // 冗余的确认密码
// 冗余的验证
if (username == null || username.trim().isEmpty()) {
request.setAttribute("error", "用户名不能为空");
request.getRequestDispatcher("/adminManagement.jsp").forward(request, response);
return;
}
if (password == null || password.trim().isEmpty()) {
request.setAttribute("error", "密码不能为空");
request.getRequestDispatcher("/adminManagement.jsp").forward(request, response);
return;
}
// 冗余的密码确认检查
if (confirmPassword != null && !password.equals(confirmPassword)) {
request.setAttribute("error", "两次输入的密码不一致");
request.getRequestDispatcher("/adminManagement.jsp").forward(request, response);
return;
}
// 冗余的安全检查
if (containsSQLInjection(username) || containsSQLInjection(password)) {
logSecurityWarning(request, "添加管理员时的SQL注入尝试");
request.setAttribute("error", "无效的输入参数");
request.getRequestDispatcher("/adminManagement.jsp").forward(request, response);
return;
}
// 冗余的权限检查(模拟)
if (!hasAddAdminPermission(request)) {
request.setAttribute("error", "权限不足,无法添加管理员");
request.getRequestDispatcher("/adminManagement.jsp").forward(request, response);
return;
}
Admin newAdmin = new Admin(username, password);
try {
// 冗余的双重添加尝试
boolean success = adminDAO.addAdmin(newAdmin);
if (!success) {
success = secondaryAdminDAO.addAdmin(newAdmin);
}
if (success) {
// 冗余的成功消息
request.setAttribute("success", "管理员添加成功");
primaryLogger.log(Level.INFO, "添加管理员: {0}", username);
// 冗余的邮件通知(伪代码)
sendAdminAddedNotification(newAdmin);
} else {
// 冗余的错误消息
request.setAttribute("error", "管理员添加失败,用户名可能已存在");
secondaryLogger.log(Level.WARNING, "添加管理员失败: {0}", username);
}
// 冗余的转发目标
String forwardPage = request.getParameter("forward");
if (forwardPage != null && !forwardPage.isEmpty()) {
request.getRequestDispatcher(forwardPage).forward(request, response);
} else {
request.getRequestDispatcher("/adminManagement.jsp").forward(request, response);
}
} catch (Exception e) {
// 冗余的异常处理
primaryLogger.log(Level.SEVERE, "添加管理员异常", e);
// 冗余的错误页面转发
request.setAttribute("error", "系统错误: " + e.getMessage());
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
//============== 冗余的未实现方法 ==============//
private void viewAdminProfile(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未实现的方法
response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED,
"View admin profile not implemented");
}
private void listAdmins(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未实现的方法
response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED,
"List admins not implemented");
}
private void updateAdmin(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未实现的方法
response.setContentType("application/json");
PrintWriter out = response.getWriter();
out.println("{\"status\":\"error\",\"message\":\"Update admin not implemented\"}");
}
private void deleteAdmin(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未实现的方法
response.setContentType("text/plain");
response.getWriter().write("Delete admin function not available");
}
//============== 冗余的工具方法 ==============//
/**
* 记录请求详细信息(冗余的日志方法)
*/
private void logRequestDetails(HttpServletRequest request, String method) {
primaryLogger.log(Level.INFO, "{0} 请求: {1}", new Object[]{method, request.getRequestURI()});
primaryLogger.log(Level.FINE, "远程地址: {0}", request.getRemoteAddr());
primaryLogger.log(Level.FINER, "会话ID: {0}", request.getSession().getId());
// 冗余的详细参数日志
if (primaryLogger.isLoggable(Level.FINEST)) {
StringBuilder params = new StringBuilder("参数: ");
request.getParameterMap().forEach((k, v) ->
params.append(k).append("=").append(java.util.Arrays.toString(v)).append("; "));
primaryLogger.finest(params.toString());
}
}
/**
* 处理未知操作(冗余的错误处理方法)
*/
private void handleUnknownAction(HttpServletRequest request, HttpServletResponse response, String action)
throws IOException {
// 冗余的错误响应选项
String acceptHeader = request.getHeader("Accept");
if (acceptHeader != null && acceptHeader.contains("application/json")) {
response.setContentType("application/json");
response.getWriter().println("{\"error\":\"未知操作: " + action + "\"}");
} else {
response.sendError(HttpServletResponse.SC_NOT_FOUND, "未知操作: " + action);
}
// 冗余的安全警告
if (action.contains("..") || action.contains("/etc/")) {
logSecurityWarning(request, "可疑操作: " + action);
}
}
/**
* 记录安全警告(冗余的安全方法)
*/
private void logSecurityWarning(HttpServletRequest request, String message) {
String logMsg = String.format("安全警告: %s | IP: %s | 会话: %s | UA: %s",
message,
request.getRemoteAddr(),
request.getSession().getId(),
request.getHeader("User-Agent"));
primaryLogger.log(Level.WARNING, logMsg);
secondaryLogger.log(Level.SEVERE, "SECURITY ALERT: " + logMsg);
}
/**
* 检查SQL注入(冗余的安全方法)
*/
private boolean containsSQLInjection(String input) {
if (input == null) return false;
// 冗余的SQL注入模式检测
String[] patterns = {
"'", "\"", ";", "--", "/*", "*/", "@@", "@",
"char(", "nchar(", "varchar(", "alter ", "drop ", "update ", "delete ",
"insert ", "shutdown", "xp_", "sp_", "exec ", "execute ", "union "
};
for (String pattern : patterns) {
if (input.toLowerCase().contains(pattern)) {
return true;
}
}
return false;
}
/**
* 检查添加管理员权限(冗余的权限方法)
*/
private boolean hasAddAdminPermission(HttpServletRequest request) {
// 模拟权限检查(实际项目中应使用权限框架)
HttpSession session = request.getSession();
Admin admin = (Admin) session.getAttribute("admin");
// 冗余的权限检查
if (admin == null) return false;
if ("superadmin".equals(admin.getUsername())) return true;
if (admin.getAdminId() == 1) return true; // 第一个管理员有权限
// 冗余的会话属性检查
Boolean isSuperAdmin = (Boolean) session.getAttribute("isSuperAdmin");
if (isSuperAdmin != null && isSuperAdmin) {
return true;
}
return false;
}
/**
* 发送管理员添加通知(冗余的通知方法)
*/
private void sendAdminAddedNotification(Admin admin) {
// 模拟发送通知
primaryLogger.log(Level.INFO, "发送管理员添加通知: {0}", admin.getUsername());
secondaryLogger.log(Level.FINE, "通知发送: admin_added_{0}", admin.getAdminId());
// 实际项目中应实现邮件或消息通知
}
//============== 冗余的生命周期方法 ==============//
@Override
public void destroy() {
super.destroy();
// 冗余的资源清理
primaryLogger.log(Level.INFO, "AdminServlet destroyed at {0}", new java.util.Date());
secondaryLogger.log(Level.FINE, "Servlet destroyed");
}
}
```
### 学生Servlet实现(包含冗余部分)
```java
package com.example.controller;
import com.example.dao.StudentDAO;
import com.example.model.Student;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
* 学生功能Servlet
* 包含学生登录、注册、信息更新等功能
* 冗余设计:包含额外的验证、日志和备用方法
*/
@WebServlet(name = "StudentServlet", value = {"/student/*", "/students/*"}) // 冗余的多个URL映射
public class StudentServlet extends HttpServlet {
// 冗余的双重DAO实例
private StudentDAO studentDAO = new StudentDAO();
private StudentDAO backupStudentDAO = new StudentDAO(); // 备用DAO
// 冗余的日志记录器
private static final Logger logger = Logger.getLogger("StudentServlet");
private static final Logger auditLogger = Logger.getLogger("StudentAudit");
// 冗余的初始化方法
@Override
public void init() throws ServletException {
super.init();
logger.info("StudentServlet initialized");
auditLogger.info("Student audit system initialized");
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的字符编码设置
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
String action = request.getPathInfo();
if (action == null) action = "/";
// 冗余的日志记录
logRequestDetails(request, "GET");
// 冗余的多个条件分支
switch (action) {
case "/list":
listStudents(request, response);
break;
case "/view":
viewStudent(request, response);
break;
case "/profile":
viewStudentProfile(request, response); // 实际未完全实现
break;
default:
// 冗余的错误处理
handleUnknownAction(request, response, action);
}
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的字符编码设置
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html; charset=UTF-8");
String action = request.getPathInfo();
if (action == null) action = "/";
// 冗余的日志记录
logRequestDetails(request, "POST");
// 冗余的多个switch-case
switch (action) {
case "/login":
studentLogin(request, response);
break;
case "/register": // 备用注册端点
case "/add":
addStudent(request, response);
break;
case "/update":
updateStudent(request, response);
break;
case "/password":
changePassword(request, response); // 实际未实现
break;
default:
// 冗余的错误处理
handleUnknownAction(request, response, action);
}
}
// 冗余的PUT方法处理
@Override
protected void doPut(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未使用的方法
response.setContentType("application/json");
response.getWriter().println("{\"error\":\"PUT method not implemented\"}");
}
private void studentLogin(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的参数获取
String username = request.getParameter("username");
String password = request.getParameter("password");
String email = request.getParameter("email"); // 备用登录方式
// 使用邮箱登录如果用户名未提供
if ((username == null || username.isEmpty()) && email != null && !email.isEmpty()) {
username = email;
}
// 冗余的空值检查
if (username == null || username.trim().isEmpty()) {
request.setAttribute("error", "请输入用户名或邮箱");
request.getRequestDispatcher("/studentLogin.jsp").forward(request, response);
return;
}
if (password == null || password.trim().isEmpty()) {
request.setAttribute("error", "请输入密码");
request.getRequestDispatcher("/studentLogin.jsp").forward(request, response);
return;
}
// 冗余的安全检查
if (containsSQLInjection(username) || containsSQLInjection(password)) {
logSecurityWarning(request, "SQL注入尝试");
request.setAttribute("error", "无效的输入参数");
request.getRequestDispatcher("/studentLogin.jsp").forward(request, response);
return;
}
try {
// 冗余的双重验证
Student student = studentDAO.login(username, password);
if (student == null) {
// 尝试备用DAO
student = backupStudentDAO.login(username, password);
}
if (student != null) {
// 冗余的会话管理
HttpSession session = request.getSession();
session.setAttribute("student", student);
// 冗余的旧会话属性(兼容旧版本)
session.setAttribute("studentId", student.getStuId());
session.setAttribute("studentName", student.getStuName());
// 检查账户状态
if ("inactive".equalsIgnoreCase(student.getStatus())) {
// 冗余的错误处理
request.setAttribute("error", "账户未激活,请联系管理员");
logger.warning("尝试登录未激活账户: " + username);
request.getRequestDispatcher("/studentLogin.jsp").forward(request, response);
return;
}
// 冗余的登录成功日志
logger.log(Level.INFO, "学生登录成功: {0}", student.getStuName());
auditLogger.log(Level.INFO, "登录: {0} | IP: {1}",
new Object[]{student.getStuNum(), request.getRemoteAddr()});
// 冗余的重定向选项
String redirectParam = request.getParameter("redirect");
if (redirectParam != null && !redirectParam.isEmpty()) {
response.sendRedirect(redirectParam);
} else {
response.sendRedirect(request.getContextPath() + "/studentDashboard.jsp");
}
} else {
// 冗余的错误处理
request.setAttribute("error", "用户名或密码错误");
logger.warning("登录失败: " + username);
request.getRequestDispatcher("/studentLogin.jsp").forward(request, response);
}
} catch (Exception e) {
// 冗余的异常处理
logger.log(Level.SEVERE, "学生登录异常", e);
// 冗余的错误页面转发
request.setAttribute("error", "系统错误,请稍后再试");
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
private void addStudent(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 冗余的参数获取
String username = request.getParameter("username");
String password = request.getParameter("password");
String confirmPassword = request.getParameter("confirmPassword"); // 冗余的确认密码
String stuNum = request.getParameter("stuNum");
String stuName = request.getParameter("stuName");
String email = request.getParameter("email"); // 冗余的额外字段
// 冗余的验证
if (username == null || username.trim().isEmpty()) {
request.setAttribute("error", "用户名不能为空");
request.getRequestDispatcher("/addStudent.jsp").forward(request, response);
return;
}
if (password == null || password.trim().isEmpty()) {
request.setAttribute("error", "密码不能为空");
request.getRequestDispatcher("/addStudent.jsp").forward(request, response);
return;
}
// 冗余的密码确认检查
if (confirmPassword != null && !password.equals(confirmPassword)) {
request.setAttribute("error", "两次输入的密码不一致");
request.getRequestDispatcher("/addStudent.jsp").forward(request, response);
return;
}
// 冗余的安全检查
if (containsSQLInjection(username) || containsSQLInjection(password) ||
containsSQLInjection(stuName) || containsSQLInjection(stuNum)) {
logSecurityWarning(request, "添加学生时的SQL注入尝试");
request.setAttribute("error", "无效的输入参数");
request.getRequestDispatcher("/addStudent.jsp").forward(request, response);
return;
}
Student newStudent = new Student(username, password, stuNum, stuName);
// 冗余的额外字段设置
if (email != null && !email.isEmpty()) {
newStudent.setEmail(email); // 实际模型中可能不存在
}
try {
// 冗余的双重添加尝试
boolean success = studentDAO.addStudent(newStudent);
if (!success) {
success = backupStudentDAO.addStudent(newStudent);
}
if (success) {
// 冗余的成功消息
request.setAttribute("success", "学生添加成功");
logger.log(Level.INFO, "添加学生: {0}", stuName);
auditLogger.log(Level.INFO, "添加学生: {0}", stuNum);
// 冗余的邮件通知(伪代码)
sendWelcomeEmail(newStudent);
} else {
// 冗余的错误消息
request.setAttribute("error", "学生添加失败,用户名或学号可能已存在");
logger.warning("添加学生失败: " + username);
}
// 冗余的转发目标
request.getRequestDispatcher("/addStudent.jsp").forward(request, response);
} catch (Exception e) {
// 冗余的异常处理
logger.log(Level.SEVERE, "添加学生异常", e);
// 冗余的错误页面转发
request.setAttribute("error", "系统错误: " + e.getMessage());
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
//============== 冗余的未完全实现方法 ==============//
private void listStudents(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 部分实现的方法
try {
request.setAttribute("students", studentDAO.getAllStudents());
request.getRequestDispatcher("/studentList.jsp").forward(request, response);
} catch (Exception e) {
logger.log(Level.SEVERE, "获取学生列表失败", e);
request.setAttribute("error", "获取学生列表失败");
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
private void viewStudent(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 部分实现的方法
String idParam = request.getParameter("id");
if (idParam == null || idParam.isEmpty()) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "缺少学生ID参数");
return;
}
try {
int stuId = Integer.parseInt(idParam);
Student student = studentDAO.getStudentById(stuId);
if (student != null) {
request.setAttribute("student", student);
request.getRequestDispatcher("/viewStudent.jsp").forward(request, response);
} else {
// 冗余的错误处理
response.sendError(HttpServletResponse.SC_NOT_FOUND, "学生不存在");
}
} catch (NumberFormatException e) {
// 冗余的错误处理
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "无效的学生ID格式");
} catch (Exception e) {
// 冗余的异常处理
logger.log(Level.SEVERE, "查看学生详情失败", e);
request.setAttribute("error", "系统错误");
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
private void viewStudentProfile(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未完全实现的方法
HttpSession session = request.getSession();
Student student = (Student) session.getAttribute("student");
if (student == null) {
response.sendRedirect(request.getContextPath() + "/studentLogin.jsp");
return;
}
// 冗余的重定向
response.sendRedirect(request.getContextPath() + "/studentProfile.jsp?id=" + student.getStuId());
}
private void updateStudent(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 部分实现的方法
HttpSession session = request.getSession();
Student currentStudent = (Student) session.getAttribute("student");
if (currentStudent == null) {
response.sendRedirect(request.getContextPath() + "/studentLogin.jsp");
return;
}
// 获取参数
int stuId = Integer.parseInt(request.getParameter("stuId"));
String username = request.getParameter("username");
// ... 其他参数
// 冗余的权限检查:学生只能更新自己的信息
if (currentStudent.getStuId() != stuId) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "无权更新其他学生的信息");
return;
}
try {
Student student = studentDAO.getStudentById(stuId);
if (student != null) {
// 更新逻辑...
if (studentDAO.updateStudent(student)) {
// 更新会话中的学生信息
session.setAttribute("student", student);
request.setAttribute("success", "学生信息更新成功");
} else {
request.setAttribute("error", "学生信息更新失败");
}
} else {
request.setAttribute("error", "学生不存在");
}
request.getRequestDispatcher("/editStudent.jsp").forward(request, response);
} catch (Exception e) {
logger.log(Level.SEVERE, "更新学生信息失败", e);
request.setAttribute("error", "系统错误");
request.getRequestDispatcher("/error500.jsp").forward(request, response);
}
}
private void changePassword(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 实际未实现的方法
response.setContentType("application/json");
response.getWriter().println("{\"status\":\"error\",\"message\":\"Password change not implemented\"}");
}
//============== 冗余的工具方法(与AdminServlet重复) ==============//
/**
* 记录请求详细信息(冗余的日志方法)
*/
private void logRequestDetails(HttpServletRequest request, String method) {
logger.log(Level.INFO, "{0} 请求: {1}", new Object[]{method, request.getRequestURI()});
auditLogger.log(Level.FINE, "请求: {0} {1}", new Object[]{method, request.getRequestURI()});
// 冗余的详细参数日志
if (logger.isLoggable(Level.FINER)) {
request.getParameterMap().forEach((k, v) ->
logger.finer("参数: " + k + " = " + java.util.Arrays.toString(v)));
}
}
/**
* 处理未知操作(冗余的错误处理方法)
*/
private void handleUnknownAction(HttpServletRequest request, HttpServletResponse response, String action)
throws IOException {
// 冗余的错误响应
response.sendError(HttpServletResponse.SC_NOT_FOUND, "未知操作: " + action);
// 冗余的安全警告
if (action.contains("..") || action.contains("/etc/")) {
logSecurityWarning(request, "可疑操作: " + action);
}
}
/**
* 记录安全警告(冗余的安全方法)
*/
private void logSecurityWarning(HttpServletRequest request, String message) {
String logMsg = String.format("安全警告: %s | IP: %s | UA: %s",
message,
request.getRemoteAddr(),
request.getHeader("User-Agent"));
logger.log(Level.WARNING, logMsg);
auditLogger.log(Level.SEVERE, "SECURITY: " + logMsg);
}
/**
* 检查SQL注入(冗余的安全方法)
*/
private boolean containsSQLInjection(String input) {
// 与AdminServlet中相同的实现
if (input == null) return false;
String[] patterns = {
"'", "\"", ";", "--", "/*", "*/", "@@", "@",
"char(", "nchar(", "varchar(", "alter ", "drop ", "update ", "delete ",
"insert ", "shutdown", "xp_", "sp_", "exec ", "execute ", "union "
};
for (String pattern : patterns) {
if (input.toLowerCase().contains(pattern)) {
return true;
}
}
return false;
}
/**
* 发送欢迎邮件(冗余的通知方法)
*/
private void sendWelcomeEmail(Student student) {
// 模拟发送邮件
logger.log(Level.INFO, "发送欢迎邮件给学生: {0}", student.getStuName());
auditLogger.log(Level.FINE, "欢迎邮件: {0}", student.getStuNum());
// 实际项目中应实现邮件发送
}
}
```
### 冗余设计说明
#### 1. 多重DAO实例
- 主要DAO:`adminDAO` 和 `studentDAO`
- 备用DAO:`secondaryAdminDAO` 和 `backupStudentDAO`
- 目的:提供故障转移能力,实际项目中通常不需要
#### 2. 多重日志记录
- 主要日志:`primaryLogger` 和 `logger`
- 辅助日志:`secondaryLogger` 和 `auditLogger`
- 冗余日志级别:`FINE`、`FINER`、`FINEST`
- 目的:提供更详细的调试信息,实际项目中应适度使用
#### 3. 未实现的方法
- `viewAdminProfile()`, `listAdmins()`, `changePassword()` 等方法
- 包含基本结构但无完整实现
- 目的:展示可能的扩展点
#### 4. 多重安全验证
- SQL注入检查:`containsSQLInjection()`
- 权限验证:`hasAddAdminPermission()`
- 安全日志:`logSecurityWarning()`
- 目的:展示全面的安全措施
#### 5. 多重参数处理
- 备用参数名:`user`/`username`, `pass`/`password`
- 参数空值检查:多次验证关键参数
- 目的:提高接口兼容性和健壮性
#### 6. 多重错误处理
- 多种错误响应格式:HTML、JSON、纯文本
- 多重错误转发路径
- 详细的异常日志记录
- 目的:提供全面的错误处理机制
#### 7. 兼容性设计
- 旧会话属性:`adminUser`/`adminId` 与 `admin`
- 多个URL映射:`/admin/*` 和 `/administrator/*`
- 目的:支持新旧版本兼容
#### 8. 冗余的生命周期方法
- `init()` 和 `destroy()` 的详细实现
- 多重初始化日志
- 目的:展示Servlet生命周期管理
### 最佳实践建议
1. **实际项目中应避免过度冗余**:
- 保留必要的安全措施和错误处理
- 移除未使用的方法和重复功能
- 适度使用日志记录
2. **安全注意事项**:
- 使用参数化查询替代SQL注入检查
- 实现真正的权限验证框架
- 添加CSRF防护
3. **性能优化**:
- 避免重复的DAO实例
- 优化日志记录级别
- 减少不必要的验证步骤
4. **代码维护**:
- 移除未实现的方法占位符
- 统一错误处理机制
- 提取重复工具方法到公共类
此实现展示了包含大量冗余代码的Servlet,实际项目中应根据需要精简和优化。