This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Login form authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Login form authentication" Watch "Login form authentication" New topic
Author

Login form authentication

sunaina agarwal
Ranch Hand

Joined: Oct 10, 2013
Posts: 49
Hello am new to this mail please forgive me for any posting format violations. I am a beginner and am working on a simple login form authentication project.. i am working on netbeans ide 7.3.1 with Apache Tomcat 7.0.34.0 as the server. My validation Servlet is not redirecting me to the success/ Error Servlet
My ValidationServlet goes something like this:




Please help me in this regard and also after creation of web.xml doc in netbeans the mapping should happen automatically but am typing it every time manually as it failed to create one. Please help me soon i ve my exams tomorrow.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41173
    
  45
The javadocs of the sendRedirect method discuss what you must pass as parameter to it (hint: not the name of a servlet).

I realize that you're a beginner, but your code has a couple of problems that you should learn about and fix as soon as your exam is done:
  • The code is wide open to SQL injection attacks. Use a PreparedStatement instead of string-concatenating your SQL.
  • You should never store password in the DB in clear text. Passwords should be hashed (or digested) before you store them so that nobody can get at them.
  • GET and POST are not interchangeable, and should not be treated as if they were; that is a violation of the HTTP specification.
  • Something like a login must never be done using a GET. The user credentials will end up in browser histories, caches, access logs and other places where they might persist for a long time.

  • You may wish to read some of what's linked in http://www.coderanch.com/how-to/java/SecurityFaq#web-apps in order to understand how to create secure and trustable web apps.


    Ping & DNS - my free Android networking tools app
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    Thank you for the reply but am finding difficulty in using netbeans 7.3.1 as web.xml mapping is not created by default. i.e. i have created a text doc and named it as web.xml. once we code the servlet and save by default the xml mapping should be displayed in web.xml. But in netbeans7.3.1 its not happening. For each servlet am manually typing the xml mapping please help me regarding this.
    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41173
        
      45
    I strongly advise beginners not to use an IDE for coding servlets, or for running a servlet container. The reason is that you're struggling with both servlet concepts and the IDE at the same time, and that's a complication bound to cause confusion.

    But regardless, that's a NetBeans-specific question that has nothing to do with the orginal question about why sendRedirect does not work. You should ask about that in the IDE forum.
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    Here is my new validate servlet as per your instructions but still its not working i have used prepared statement as per your advice but the validate servlet is not at all directing me to the success/error servlet. Please help me regarding this.

    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    This is an automatically generated web.xml please see if i have to make any changes so as the validate servlet to redirect to the error/Success servlet.


    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    This is the error am getting on each time building the project. Kindly reply to me fast. The project submission has to be done soon.

    java.lang.ClassNotFoundException: com.Login.ValidateServlet
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    at org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:532)
    at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:514)
    at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:133)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1137)
    at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:858)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:136)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)

    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41173
        
      45
    Reconsider this:
    Ulf Dittmer wrote:The javadocs of the sendRedirect method discuss what you must pass as parameter to it (hint: not the name of a servlet).
    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41173
        
      45
    i have used prepared statement as per your advice but the validate servlet

    You sort of did, but the code is not using it, it's still using the old insecure code. Remove line 46 and adapt line 47 to use the PreparedStatement to fix that.
    Niraj Jha
    Ranch Hand

    Joined: Feb 20, 2013
    Posts: 63

    It is build problem, clean and build the application again.
    if It will not work then You have two options either you make a web application using same servlet without IDE or make a dynamic web application in Net beans.
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    can i use RequestDispatcher instead of response.sendRedirect. I want the validate servlet to redirect to success servlet on successful validation and to ErrorServlet on failure. can i redirect using Requestdispatcher??
    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41173
        
      45
    So you would rather use another approach than to fix the one that you have in place? Have you read the javadocs that I mentioned twice now?
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    I did clean and build but the problem still persists.
    Niraj Jha
    Ranch Hand

    Joined: Feb 20, 2013
    Posts: 63

    Why don't you make application directly in tomcat web-apps instead of using IDE.
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    This is what our institute people want. Is the coding part correct?? Did you go through?
    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41173
        
      45
    It is not, as I have pointed out repeatedly by now.
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    how to learn j2ee so as to become a good coder?? can anyone help me out please...
    Ulf Dittmer
    Marshal

    Joined: Mar 22, 2005
    Posts: 41173
        
      45
    Doing lots and lots of it. And reading a lot about it, too, so you learn from other people.
    sunaina agarwal
    Ranch Hand

    Joined: Oct 10, 2013
    Posts: 49
    Yes i have satrted doing it am pondering now into head first jsp and servlets book please let me know other things which will help me learn j2ee more quickly and efficiently
    Pat Farrell
    Rancher

    Joined: Aug 11, 2007
    Posts: 4646
        
        5

    sunaina agarwal wrote:please let me know other things which will help me learn j2ee more quickly and efficiently


    Sadly, I don't think it can be done.

    I trust you really are using JEE not J2EE. J2EE was so complex that they redesigned it, and the result was do different that they changed the name.

    This stuff is complicated and you need to understand a lot of it before any of it makes sense.

    The normal way someone learns is to work with an experienced JEE developer.
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Login form authentication
     
    Similar Threads
    Problem in Login using Servlets
    user authentication and dao
    HTTP Status 404 - Servlet is not available
    Httpsesion Listener is not working properly?
    Creating table JDBC-MS-ACCESS