case sensitive Login authentication

i want to use admin as username & password. But my code is accepting the string as ADMIN/Admin/aDmin.. etc. How to restrict it ?

using this code i am getting error as :Invalid cursor position.
All working good for the if statement :

but it accepts string with uppercase & lowercase letters. :(

Can you guys help me regarding this..

If you are getting an error, it's not likely executing your comparison code at all. Fix the error, and institute proper exception handing in your application by declaring an error handler in your deployment descriptor.

Bear Bibeault, can you tell me whether i have written the if statement correctly or not ?
Among all those commented statements, which one should i prefer ?

i have written the code in try catch block..its saying, java.sql.SQLException: Invalid cursor position

java.sql.SQLException: Invalid cursor position
at com.sun.rowset.CachedRowSetImpl.checkCursor(CachedRowSetImpl.java:1611)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:1697)
at com.sun.rowset.CachedRowSetImpl.getString(CachedRowSetImpl.java:2482)
at controller.LoginController.doPost(LoginController.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)

Thank you for quick reply Bear Bibeault :)

equals() will perform a case-sensitive comparison.

Until the error is fixed, however, it won't be executed.

And as I said, don't try/catch locally; establish a central error handler via the deployment descriptor that will handle exceptions in a consistent manner across the application.

ohh ok.. Thanks for suggesion Bear Bibeault.

I would also suggest that you consider using something more secure if this isn't just practice code. You can use the built-in security system, or something like Shiro.

At minimum, you should not be storing passwords in clear text in the database.

its not a practice code Bear Bibeault, but i am supposed to use database tables only. :-|
But thanks for the information. :-)

Who said not to use the database? But you should, at minimum, be hashing the passwords for security. Ideally, you'd use a security package that already has the bugs worked out.

You must use a one-way hash or hmac on the password that you store in your database. Its simply unacceptable to store passwords in the clear in a database.

Thank you Pat Farrell and Bear Bibeault.