Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Simple redirect not working

 
tom davies
Ranch Hand
Posts: 168
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Currently im just trying to set up a simple login and then using a redirect to a new page if the login is correct.
I am using Login code i have used on other java applications and also the same file structure and redirect that i have used in another.
When i enter the details end click login all i get is a blank page and not the page i want to redirect to. Println's i have added to the method to see if it is executing also aren't getting written to the console. I cant see anything i have done wrong. Im sure you lot can though

Here is my login servlet


Here is my login form

 
tom davies
Ranch Hand
Posts: 168
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It appears it doesn't like doing the redirect after line 26 in the servlet.
I have tried it everywhere else before reading through the file and it redirects fine. Obviously it defeats the object of a log in form if i redirect before i authenticate though
Any advice, or reasons why? thanks.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm going to completely gloss over the security implications of storing authentication data in a text file, and also the fact that the file is getting needlessly re-read every time, and just ask if you are sure that your while loop is executing at all?
 
tom davies
Ranch Hand
Posts: 168
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Eventually they will be in a database and encrypted but I just wanted a quick solution for now. I'm not sure if the while loop is running. Why would it not run? I have had the redirect directly before and that executed so none of the previous commands would stop it.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tom davies wrote:I'm not sure if the while loop is running.


Well, that's the next step, isn't it?

Or, a better "quick for now" solution would be to mock an API that authenticates rather than doing "non real" stuff in your servlet. Later, you can make what's behind that API "real" without having to change code in the servlet.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Another nit: will your file be properly closed in all situations?
 
Paul Clapham
Sheriff
Posts: 21416
33
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yet another nit: You should only redirect (at most) once. So if, for example, your input file happened to have two rows which authenticated a particular user, then the loop would go through the part of the code which says "Yes, okay! Redirect to the next page!" twice and then redirect would be called twice. That isn't allowed and you'll get exceptions thrown.

Also, if you don't redirect to the "Okay!" page then you should do something else instead. Like redirecting to the "No!" page, for example. Right now your code does nothing in that case and you'll get an empty page in your browser in that case. Maybe that's actually what is happening.
 
tom davies
Ranch Hand
Posts: 168
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So I shouldn't have the redirect within that while loop? That would mean setting a Boolean value depending on if the login is correct or not, or something similar. I am pretty sure it isn't redirecting to a no page as I have manually entered the log in details into the if statement and it still has the same result.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No one said that, but once you redirect, you should not do anything else.
 
tom davies
Ranch Hand
Posts: 168
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok i have now stored the users in a database an i am using an sql query to match the values.
The page will redirect to the index page instead of a blank page now. The problem is it cannot match the username with the password.
I have tried the SQL query in mySQL workbench and when i execute it it selects the correct value from the password column. That isnt the case with the program below though as it never redirects to the success page.
For some reason if i stick system.out.println() to check the values it does not work . . nothing gets printed on the console so i cant check the values.
Also i am fully aware i am looking up the passsword column. I made a typo when creating the database so that is correct.

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Think about things for a minute. If there is only one record that could possibly contain the correct username and password combo, why would one need a loop?

More thinking: If there is only one record that could possibly contain the correct username and password combo, why would one need to fetch the data of the record at all?
 
J. Kevin Robbins
Bartender
Pie
Posts: 1801
28
Chrome Firefox Browser jQuery Linux MySQL Database Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two more nits to pick. What if I enter "*;" in your username field? That turns your SQL statement into "SELECT passsword FROM Users WHERE Username=*;" That's going to return all passwords and one of them is going to match in your loop (which as Bear pointed out, you don't even need). Now I just logged into your system without an account. This is a prime example of why you should never, ever write your own login security. Java has good login security that you can use; don't roll your own. Never. Never, ever.

And lastly, add a finally block to close your statement, resultset, and connection.
 
tom davies
Ranch Hand
Posts: 168
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think I know now, not quite sure how to put it onto practice though. I was thinking an SQL select statement to select where the username and password matches the same entry in the database. Then check if the returned result set is empty. If its empty then no match. Is that the right idea?
Also thanks for pointing that issue out, I have yet to do any validation on the entries and I will fix that, I just wanted to get it working first.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65228
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two more pioints:
  • Is it not sufficeint to know whether the record exists or not? So why do you need the acutal data? Hint: counts
  • PreparedStatement
  •  
    J. Kevin Robbins
    Bartender
    Pie
    Posts: 1801
    28
    Chrome Firefox Browser jQuery Linux MySQL Database Netbeans IDE
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    If you are writing a login module that will actually be used in production then you need to read this and use the security features already in Java.

    If this is just a learning experience, then by all means, plunge ahead and have fun. But if this is for a real-world application then you are playing with fire and you WILL get burned.
     
    tom davies
    Ranch Hand
    Posts: 168
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thank you, I think I know what to do now! I will make some changes and see if it works
     
    tom davies
    Ranch Hand
    Posts: 168
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    It is working now using a prepared statement and an SQL count statement. Some of my previous attempts may still of worked. I found out that my parameter request for the username did not match the form name. oops!
     
    Bear Bibeault
    Author and ninkuma
    Marshal
    Pie
    Posts: 65228
    95
    IntelliJ IDE Java jQuery Mac Mac OS X
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Congrats. But remember that "works" is overrated. You want "works well".
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic