can anyone tell me how to make a authentication with jsp & servlet ?

this is my index.jsp
<%@page contentType="text/html" pageEncoding="UTF-8"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>JSP Page</title> </head> <body> <div align="center"><br> <form action="AdminProcessor" method="POST"> UserName <input type="text" name="name" ><br> Password <input type="password" name="password" ><br> <input type="submit" value="submit" > <input type="hidden" name="action" value="loging" /> </form> </div> </body> </html>

this is my servlet
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); int count = 0; try { String name = request.getParameter("name"); String password = request.getParameter("password"); HttpSession session = request.getSession(true); ZoneDaoImpl zone = new ZoneDaoImpl(); ArrayList<User> users = zone.getUserDetails(name, password); Iterator<User> i=users.iterator(); if (i.hasNext()) { session.setAttribute("username", users.get(0).getUserId()); count++; } if (count > 0) { response.sendRedirect("FareSelect.jsp"); } else { response.sendRedirect("index.jsp"); } } catch (Exception e) { e.printStackTrace(); } finally { out.close(); } } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); }

it is working properly.
no problem.

1)if someone enter wrong password or username it is redirected to the index.jsp.
I need to add something if he enter incorrect password to the jsp
how to do this?

2) i need to add this to session tracking tooooo?

You don't need to do anything with sessions in your code. The "How do I implement security for my web application ?" section in the ServletsFaq should get you started.

I mean if user login first time and didn't logout.
then next time he try to come this site he don't need to provide username or password.
how to impliment this feature?

Cookies.

Personally I feel this should be handled in a filter, not a servlet--at least the checking for login status--not the login itself.

can you give me exmple for cokkies how to set cokkies to this ?
why do you think that is handle in filter?
when you are talking about filter i feel it shuold better handle in listner?is it?

Samanthi perera wrote:can you give me exmple for cokkies how to set cokkies to this ?

Search the web--there are hundreds of examples.

why do you think that is handle in filter?

Because you need to check for login on a specific set of pages, and filters are good at that.

when you are talking about filter i feel it shuold better handle in listner?is it?

Depends on what specific aspect of the problem you're talking about. But no, I wouldn't use a listener for any of this, because the checking for logged in status and logging in are triggered by hitting a URL (handled by filters) and hitting the login URL (handled by servlets).