• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

servlet 4b checking password in VideoLoginServlet  RSS feed

 
Ranch Hand
Posts: 424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hallo,
I think this should be answered by Marilyn:
The VideoLoginServlet is only called by the videologin.html file. So it can get only a user typed password like: Peter2G or so. How can I check it (using the DataPool?)? That was a 'nitpick' from Marilyn.
I see only one chance: I should inform the user what 'his token' in the DataPool is. If he/she logs in a second time, the 'token' could be typed,
but I think this is not intended
=======source in LoginVideoServlet.java======
> String token = passwordInfo.add( password );
======= comment =======
Do you want to add this before checking whether it is the correct password?
 
Chicken Farmer ()
Ranch Hand
Posts: 1932
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if you already know this, but there should only be one password to enter the servlets. Each user does not have their own password. Once the user inputs the right password, that's when they should get a 'token'.
And no, I don't think you would ever want to display what that token is. Instead, your servlets should do the verifying and passing around of it. That's data that should be hidden from the user.
Hope that helps
Jason
 
whippersnapper
Ranch Hand
Posts: 1843
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How hidden is hidden?
The requirements of this assignment have me stumped. What does it mean to hide something in an HTML file?
First I tried sticking the token in an HTML header META tag, but then I run into problems trying to read it back because LogSerlet's overriden doPost() and doGet() methods don't give you direct access to HttpServletRequest, so you can't get header data (or at least I'm not seeing how). Am I totally in the wrong direction here with META?
Sorry for hijacking your thread, Peter.
 
jason adam
Chicken Farmer ()
Ranch Hand
Posts: 1932
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is an html tag that you can put to an input type that does the hiding for you
 
Ranch Hand
Posts: 1012
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
finally! someone is having the same problem that i am!!!
i am on a "forced" vacation from the cattle drive at the moment, but that does not mean i have to be a stranger, right? i bought a book on servlets yesterday and plan on getting back to this program over the weekend.
i found the tag that "hides" the token, but i am still having issues with passing it around from servlet to servlet... i think i have an idea, but it will be a couple days before i can check it out. if i learn anything, i will post it here.
 
Sheriff
Posts: 9087
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Peter Gragert:
The VideoLoginServlet is only called by the videologin.html file. So it can get only a user typed password like: Peter2G or so. How can I check it (using the DataPool?)? That was a 'nitpick' from Marilyn.


The password is "javaranch". Everyone uses the same password to get access. If the user enters the correct password, he gets a token placed into the DataPool. You check whether the user has a token or not.

I see only one chance: I should inform the user what 'his token' in the DataPool is. If he/she logs in a second time, the 'token' could be typed, but I think this is not intended


If the user logs in a second time, he uses the same password (javaranch) and gets a new token which is valid while he is logged in.
 
Marilyn de Queiroz
Sheriff
Posts: 9087
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Michael Matola:
How hidden is hidden?


Not in plain sight.

Am I totally in the wrong direction here with META?

Wrong direction.
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!