package com.po;public class User implements java.io.Serializable {    private String username;    private String password;    public User() {    }    public String getUsername() {        return username;    }    public void setUsername(String username) {        this.username = username;    }    public String getPassword() {        return password;    }    public void setPassword(String password) {        this.password = password;    }}

package com.dao;import com.po.User;// 用户的业务逻辑类public class UserDao {    public static boolean userLogin(User user) {        if (user.getUsername().equals("admin") && user.getPassword().equals("admin")) {            return true;        } else {            return false;        }    }}

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"         version="3.1">    <welcome-file-list>        <welcome-file>login.jsp</welcome-file>    </welcome-file-list></web-app>

<%@ page contentType="text/html;charset=UTF-8" language="java" %><html>  <head>    <title>welcome</title>  </head>  <body>  <form action="checking.jsp" method="get">    <input type="text" name="username" value="" placeholder="username">    <input type="password" name="password" value="" placeholder="password">    <%-- JavaBean的属性要与input标签的name保持一致，这样才能通过jsp:setProperty自动设置所创建对象的属性 --%>    <input type="submit"/>  </form>  JSESSIONID=<%=request.getSession().getId()%>  </body></html>

<%@ page import="com.dao.UserDao" %><%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head>    <title>waiting</title></head><body>    <jsp:useBean id="user" class="com.po.User" scope="page"/>    <%-- 如果使用其它更大的作用域，会发现只要成功登陆一次，之后即使密码错误也能成功登陆 --%>    <jsp:setProperty name="user" property="*"/>    <%-- 请求重定是客户端行为，不会携带上一次请求的信息 --%>    <%-- 请求分派是服务端行为，请求的信息会一直传递下去 --%>    <%        if (UserDao.userLogin(user)) {            request.getRequestDispatcher("LoginSuccess.jsp").forward(request, response);        } else {            response.sendRedirect("LoginFailure.jsp");        }    %></body></html>

<%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head>    <title>Title</title></head><body>    登陆失败<br></body></html>

<%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head>    <title>Title</title></head><body>    登陆成功<br></body></html>

package com.status;import javax.servlet.http.HttpSessionEvent;import javax.servlet.http.HttpSessionListener;import java.util.Stack;public class Online implements HttpSessionListener{    private static Stack<String> online = new Stack<>();    public static Stack<String> getOnline() {        return online;    }    @Override    public void sessionCreated(HttpSessionEvent httpSessionEvent) {        online.push(httpSessionEvent.toString());    }    @Override    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {        online.pop();    }}

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"         version="3.1">    <welcome-file-list>        <welcome-file>login.jsp</welcome-file>    </welcome-file-list>    <session-config>        <session-timeout>1</session-timeout>    </session-config>    <listener>        <listener-class>            com.status.Online        </listener-class>    </listener></web-app>

<%@ page import="com.status.Online" %><%@ page contentType="text/html;charset=UTF-8" language="java" %><html><head>    <title>Title</title></head><body>    登陆成功<br>    <hr>    在线用户：<br>    <%        int i = 0;        for (String user: Online.getOnline()) {            out.print(++i + "、" + user + "<br>");        }    %></body></html>