0

I'm trying to put a simple login form to my application. Im still learning so I'm starting from the simplest.. The login is working perfectly, however I want to get some of the user info to my jsp using JSTL..

example in the username is ABC and password is abc123... I want to pass the data/info of ABC like his role and name to my jsp page.

LoginServlet.java

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

package source;

/**
 *

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


public class LoginServlet extends HttpServlet {


    @Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
                       throws ServletException, java.io.IOException {

try
{

     UserBean bean = new UserBean();
     bean.setUserName(request.getParameter("un"));
     bean.setPassword(request.getParameter("pw"));


     bean = UserDAO.login(bean);

     if (bean.isValid())
     {

          HttpSession session = request.getSession(true);
          session.setAttribute("users",bean);
          response.sendRedirect("dd1"); //logged-in page
     }

     else
          response.sendRedirect("invalidLogin.jsp"); //error page
}


catch (Throwable theException)
{
     System.out.println(theException);
}
       }
    }

UserDAO

package source;

/**
 *

 */

   import java.sql.*;

   public class UserDAO
   {
      static Connection currentCon = null;
      static ResultSet rs = null;



      public static UserBean login(UserBean bean) {

         //preparing some objects for connection
         Statement stmt = null;

         String username = bean.getUsername();
         String password = bean.getPassword();

         String searchQuery = "select * from ifs_userrole where username='"+ username+ "' AND password = md5('"+ password +"')";



      try
      {
         //connect to DB
         currentCon = ConnectionManager.getConnection();
         stmt=currentCon.createStatement();
         rs = stmt.executeQuery(searchQuery);
         boolean more = rs.next();

         // if user does not exist set the isValid variable to false
         if (!more)
         {
            System.out.println("Sorry, you are not a registered user! Please sign up first");
            bean.setValid(false);
         }

         //if user exists set the isValid variable to true
         else if (more)
         {
            String name = rs.getString("name");
            String role = rs.getString("role");

            System.out.println("Welcome " + name+ role);
            bean.setName(name);
            bean.setRole(role);
            bean.setValid(true);
         }
      }

      catch (Exception ex)
      {
         System.out.println("Log In failed: An Exception has occurred! " + ex);
      }

      //some exception handling
      finally
      {
         if (rs != null)    {
            try {
               rs.close();
            } catch (Exception e) {}
               rs = null;
            }

         if (stmt != null) {
            try {
               stmt.close();
            } catch (Exception e) {}
               stmt = null;
            }

         if (currentCon != null) {
            try {
               currentCon.close();
            } catch (Exception e) {
            }

            currentCon = null;
         }
      }

return bean;

      }
   }
toink
  • 255
  • 4
  • 11
  • 30

2 Answers2

2

You've stored it as a session attribute with name users, so it should be available by ${users}. The bean has two properties name and role, so it should be available as follows

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
...
<p>User name: <c:out value="${users.name}" /></p>
<p>User role: <c:out value="${users.role}" /></p>

Since JSP 2.0 you can also just omit <c:out>:

<p>User name: ${users.name}</p>
<p>User role: ${users.role}</p>

This will only open a potential XSS attack hole if you don't sanitize user-controlled data.

That said, I would change the attribute name from users to user since it's really only one user :) You've also a major design problem in your DAO class. The Connection and ResultSet should absolutely not be declared as static variables. It's not thread safe. Declare them in the very same method block as where you're executing the query. See also Show JDBC ResultSet in HTML in JSP page using MVC and DAO pattern for another example.

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Thanks balusc... I've really learnes a lot from you also from others. You don't how much you've helped me with this. Thanks very much again – toink Mar 22 '12 at 22:31
0

your question is too generic, but maybe this work for your case...

you are adding the "user" bean into session context with this line session.setAttribute("users",bean); so, in your jsp you can do something like this;

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page import="com.your.package.hierarchy.UserBean" %>

<c:out value="sessionScope.users.username"/>

i don't remember if its "sessionContext", "sessionScope" or "session" the identifier for session scope attributes...

good luck!

Franco
  • 7,385
  • 3
  • 27
  • 22