aspose file tools*
The moose likes Servlets and the fly likes Simple redirect not working Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Simple redirect not working" Watch "Simple redirect not working" New topic
Author

Simple redirect not working

tom davies
Ranch Hand

Joined: Apr 27, 2012
Posts: 168
Currently im just trying to set up a simple login and then using a redirect to a new page if the login is correct.
I am using Login code i have used on other java applications and also the same file structure and redirect that i have used in another.
When i enter the details end click login all i get is a blank page and not the page i want to redirect to. Println's i have added to the method to see if it is executing also aren't getting written to the console. I cant see anything i have done wrong. Im sure you lot can though

Here is my login servlet


Here is my login form

tom davies
Ranch Hand

Joined: Apr 27, 2012
Posts: 168
It appears it doesn't like doing the redirect after line 26 in the servlet.
I have tried it everywhere else before reading through the file and it redirects fine. Obviously it defeats the object of a log in form if i redirect before i authenticate though
Any advice, or reasons why? thanks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61201
    
  66

I'm going to completely gloss over the security implications of storing authentication data in a text file, and also the fact that the file is getting needlessly re-read every time, and just ask if you are sure that your while loop is executing at all?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
tom davies
Ranch Hand

Joined: Apr 27, 2012
Posts: 168
Eventually they will be in a database and encrypted but I just wanted a quick solution for now. I'm not sure if the while loop is running. Why would it not run? I have had the redirect directly before and that executed so none of the previous commands would stop it.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61201
    
  66

tom davies wrote:I'm not sure if the while loop is running.


Well, that's the next step, isn't it?

Or, a better "quick for now" solution would be to mock an API that authenticates rather than doing "non real" stuff in your servlet. Later, you can make what's behind that API "real" without having to change code in the servlet.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61201
    
  66

Another nit: will your file be properly closed in all situations?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18570
    
    8

Yet another nit: You should only redirect (at most) once. So if, for example, your input file happened to have two rows which authenticated a particular user, then the loop would go through the part of the code which says "Yes, okay! Redirect to the next page!" twice and then redirect would be called twice. That isn't allowed and you'll get exceptions thrown.

Also, if you don't redirect to the "Okay!" page then you should do something else instead. Like redirecting to the "No!" page, for example. Right now your code does nothing in that case and you'll get an empty page in your browser in that case. Maybe that's actually what is happening.
tom davies
Ranch Hand

Joined: Apr 27, 2012
Posts: 168
So I shouldn't have the redirect within that while loop? That would mean setting a Boolean value depending on if the login is correct or not, or something similar. I am pretty sure it isn't redirecting to a no page as I have manually entered the log in details into the if statement and it still has the same result.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61201
    
  66

No one said that, but once you redirect, you should not do anything else.
tom davies
Ranch Hand

Joined: Apr 27, 2012
Posts: 168
Ok i have now stored the users in a database an i am using an sql query to match the values.
The page will redirect to the index page instead of a blank page now. The problem is it cannot match the username with the password.
I have tried the SQL query in mySQL workbench and when i execute it it selects the correct value from the password column. That isnt the case with the program below though as it never redirects to the success page.
For some reason if i stick system.out.println() to check the values it does not work . . nothing gets printed on the console so i cant check the values.
Also i am fully aware i am looking up the passsword column. I made a typo when creating the database so that is correct.

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61201
    
  66

Think about things for a minute. If there is only one record that could possibly contain the correct username and password combo, why would one need a loop?

More thinking: If there is only one record that could possibly contain the correct username and password combo, why would one need to fetch the data of the record at all?
J. Kevin Robbins
Bartender

Joined: Dec 16, 2010
Posts: 953
    
  13

Two more nits to pick. What if I enter "*;" in your username field? That turns your SQL statement into "SELECT passsword FROM Users WHERE Username=*;" That's going to return all passwords and one of them is going to match in your loop (which as Bear pointed out, you don't even need). Now I just logged into your system without an account. This is a prime example of why you should never, ever write your own login security. Java has good login security that you can use; don't roll your own. Never. Never, ever.

And lastly, add a finally block to close your statement, resultset, and connection.


"The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do." -- Ted Nelson
tom davies
Ranch Hand

Joined: Apr 27, 2012
Posts: 168
I think I know now, not quite sure how to put it onto practice though. I was thinking an SQL select statement to select where the username and password matches the same entry in the database. Then check if the returned result set is empty. If its empty then no match. Is that the right idea?
Also thanks for pointing that issue out, I have yet to do any validation on the entries and I will fix that, I just wanted to get it working first.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61201
    
  66

Two more pioints:
  • Is it not sufficeint to know whether the record exists or not? So why do you need the acutal data? Hint: counts
  • PreparedStatement
  • J. Kevin Robbins
    Bartender

    Joined: Dec 16, 2010
    Posts: 953
        
      13

    If you are writing a login module that will actually be used in production then you need to read this and use the security features already in Java.

    If this is just a learning experience, then by all means, plunge ahead and have fun. But if this is for a real-world application then you are playing with fire and you WILL get burned.
    tom davies
    Ranch Hand

    Joined: Apr 27, 2012
    Posts: 168
    Thank you, I think I know what to do now! I will make some changes and see if it works
    tom davies
    Ranch Hand

    Joined: Apr 27, 2012
    Posts: 168
    It is working now using a prepared statement and an SQL count statement. Some of my previous attempts may still of worked. I found out that my parameter request for the username did not match the form name. oops!
    Bear Bibeault
    Author and ninkuma
    Marshal

    Joined: Jan 10, 2002
    Posts: 61201
        
      66

    Congrats. But remember that "works" is overrated. You want "works well".
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Simple redirect not working