Win a copy of Python Continuous Integration and Delivery this week in the Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

login  RSS feed

Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I'm trying to run my login jsp, I have method that make login in the back-bean that call a method from the DAO class, this method that is in the DAO class not work will with me
can any one help me to achieve it?

This is the method in the DAO class:

thank you in advance,
Saloon Keeper
Posts: 20508
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The technical term for webapps that use a "login.jsp" with code is "hacked".

You shouldn't try to write your own login. "Experts" have done that, and their work has been hacked in under 15 minutes. Security is not for people who aren't specifically trained in security and should never be designed by people  who are supposed to be doing other, more "important" things as well.

The J2EE/JEE standard has a builtin security framework that was designed and tested by full-time security professionals. You should use that. You don't even have to write login code, since the login code is already part of your webapp server. It uses the login/loginfail pages named in your web.xml file as form templates (if you're using form-based logins).

If you use the standard container security system, you can also use its features, such as role-based URL authorization and the J2EE security functions.

An app that uses standard container security can always tell who the logged-in user is by checking the HttpServletRequest's getRemoteUser() method. This will return the user's login id. Or null, if the user is not logged in.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!