Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Java Beans and JSP  RSS feed

 
Swapna Gouri Kalanidhi
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers
I have a program where I have a Bean class and 2 JSP classes. It's actually a login program. If the user enters the correct user name and password then he/she should be directed to a specific page. Here are the programs:
Bean Class:

JSP page:

Part of another JSP pg:


The problem is that when the user enters the correct username and pwd he is not directed to the correct pg instead he is directed to the error pg. And the display which I get on the Tomcat console shows that the bean class is not able to fetch the data entered by the user.

The username and the password are the same in the database. Where is the error in my program?
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the problem lies on your setter and getter name of your javabean

set like below in your form

<input type="text" name = "username" size="25" />
<input type="text" name = "password" size="25" />
 
Swapna Gouri Kalanidhi
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank You Seetharaman ! It's working fine...
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why don't you use the powers of the database to verify the login?

You're hauling the complete database table over the network into Java's memory and comparing every row against the given username/password combo in Java instead of using the SQL's WHERE clause!!

Just do a "SELECT id FROM users WHERE username = ? AND password = ?" and simply check if ResultSet#next() returns true or not.

Another thing: what if one hijacked your database? All passwords are stored in plain vanilla text instead of in an one-way encryption like MD5!!

Secure the passwords using MD5 or SHA. Most self-respected databases has functions for it. E.g. "INSERT INTO users (username, password) VALUES (?, MD5(?))" and "SELECT id FROM users WHERE username = ? AND password = MD5(?)".

Make use of the powers of the database as much as possible.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Swapna Gouri Kalanidhi:
Thank You Seetharaman ! It's working fine...


you are welcome

and thank you Bauke Scholtz for important notes
 
Swapna Gouri Kalanidhi
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bauke
I think a mere "Thank You!" would not do good for the information you provided. But am helpless!

Thanks a bunch !

I have thought of protecting the password in the database and had done a small research if I could get any data types for protecting passwords in MySQL. But did not find any. I din't knew about password encryption algorithms that could be used on databases in this way.

Anyways, Thanks a ton for the important information you have given, my task will get easier now.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Swapna Gouri Kalanidhi:
I din't knew about password encryption algorithms that could be used on databases in this way.

SG,Google "MessageDigest" you will get enough infomation . and also use "servlet" as a controller,here you are using only jsp
[ December 27, 2008: Message edited by: seetharaman venkatasamy ]
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Uh, MessageDigest is a Java API.

In case of MySQL you need (as said before) the MD5 function: http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_md5.

Although all major RDBMS supports it, but to keep it cross-DB-compatible you of course can hash it in the Java side using MessageDigest.
[ December 28, 2008: Message edited by: Bauke Scholtz ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!