aspose file tools*
The moose likes JSP and the fly likes case sensitive Login authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "case sensitive Login authentication" Watch "case sensitive Login authentication" New topic
Author

case sensitive Login authentication

Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
i want to use admin as username & password. But my code is accepting the string as ADMIN/Admin/aDmin.. etc. How to restrict it ?



using this code i am getting error as :Invalid cursor position.
All working good for the if statement :

but it accepts string with uppercase & lowercase letters. :(

Can you guys help me regarding this..
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61241
    
  66

If you are getting an error, it's not likely executing your comparison code at all. Fix the error, and institute proper exception handing in your application by declaring an error handler in your deployment descriptor.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
Bear Bibeault, can you tell me whether i have written the if statement correctly or not ?
Among all those commented statements, which one should i prefer ?

i have written the code in try catch block..its saying, java.sql.SQLException: Invalid cursor position


java.sql.SQLException: Invalid cursor position
at com.sun.rowset.CachedRowSetImpl.checkCursor(CachedRowSetImpl.java:1611)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:1697)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:2482)
at controller.LoginController.doPost(LoginController.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
Thank you for quick reply Bear Bibeault :)
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61241
    
  66

equals() will perform a case-sensitive comparison.

Until the error is fixed, however, it won't be executed.

And as I said, don't try/catch locally; establish a central error handler via the deployment descriptor that will handle exceptions in a consistent manner across the application.
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
ohh ok.. Thanks for suggesion Bear Bibeault.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61241
    
  66

I would also suggest that you consider using something more secure if this isn't just practice code. You can use the built-in security system, or something like Shiro.

At minimum, you should not be storing passwords in clear text in the database.
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
its not a practice code Bear Bibeault, but i am supposed to use database tables only. :-|
But thanks for the information. :-)
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61241
    
  66

Who said not to use the database? But you should, at minimum, be hashing the passwords for security. Ideally, you'd use a security package that already has the bugs worked out.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

You must use a one-way hash or hmac on the password that you store in your database. Its simply unacceptable to store passwords in the clear in a database.
Poonam Dhatavkar
Greenhorn

Joined: Jan 11, 2013
Posts: 19
Thank you Pat Farrell and Bear Bibeault.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: case sensitive Login authentication