Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Login form authentication

 
sunaina agarwal
Ranch Hand
Posts: 49
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello am new to this mail please forgive me for any posting format violations. I am a beginner and am working on a simple login form authentication project.. i am working on netbeans ide 7.3.1 with Apache Tomcat 7.0.34.0 as the server. My validation Servlet is not redirecting me to the success/ Error Servlet
My ValidationServlet goes something like this:




Please help me in this regard and also after creation of web.xml doc in netbeans the mapping should happen automatically but am typing it every time manually as it failed to create one. Please help me soon i ve my exams tomorrow.
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The javadocs of the sendRedirect method discuss what you must pass as parameter to it (hint: not the name of a servlet).

I realize that you're a beginner, but your code has a couple of problems that you should learn about and fix as soon as your exam is done:
  • The code is wide open to SQL injection attacks. Use a PreparedStatement instead of string-concatenating your SQL.
  • You should never store password in the DB in clear text. Passwords should be hashed (or digested) before you store them so that nobody can get at them.
  • GET and POST are not interchangeable, and should not be treated as if they were; that is a violation of the HTTP specification.
  • Something like a login must never be done using a GET. The user credentials will end up in browser histories, caches, access logs and other places where they might persist for a long time.

  • You may wish to read some of what's linked in http://www.coderanch.com/how-to/java/SecurityFaq#web-apps in order to understand how to create secure and trustable web apps.
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thank you for the reply but am finding difficulty in using netbeans 7.3.1 as web.xml mapping is not created by default. i.e. i have created a text doc and named it as web.xml. once we code the servlet and save by default the xml mapping should be displayed in web.xml. But in netbeans7.3.1 its not happening. For each servlet am manually typing the xml mapping please help me regarding this.
     
    Ulf Dittmer
    Rancher
    Pie
    Posts: 42966
    73
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I strongly advise beginners not to use an IDE for coding servlets, or for running a servlet container. The reason is that you're struggling with both servlet concepts and the IDE at the same time, and that's a complication bound to cause confusion.

    But regardless, that's a NetBeans-specific question that has nothing to do with the orginal question about why sendRedirect does not work. You should ask about that in the IDE forum.
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Here is my new validate servlet as per your instructions but still its not working i have used prepared statement as per your advice but the validate servlet is not at all directing me to the success/error servlet. Please help me regarding this.

     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    This is an automatically generated web.xml please see if i have to make any changes so as the validate servlet to redirect to the error/Success servlet.


     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    This is the error am getting on each time building the project. Kindly reply to me fast. The project submission has to be done soon.

    java.lang.ClassNotFoundException: com.Login.ValidateServlet
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    at org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:532)
    at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:514)
    at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:133)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1137)
    at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:858)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:136)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)

     
    Ulf Dittmer
    Rancher
    Pie
    Posts: 42966
    73
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Reconsider this:
    Ulf Dittmer wrote:The javadocs of the sendRedirect method discuss what you must pass as parameter to it (hint: not the name of a servlet).
     
    Ulf Dittmer
    Rancher
    Pie
    Posts: 42966
    73
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    i have used prepared statement as per your advice but the validate servlet

    You sort of did, but the code is not using it, it's still using the old insecure code. Remove line 46 and adapt line 47 to use the PreparedStatement to fix that.
     
    Niraj Jha
    Ranch Hand
    Posts: 63
    Java Spring Tomcat Server
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    It is build problem, clean and build the application again.
    if It will not work then You have two options either you make a web application using same servlet without IDE or make a dynamic web application in Net beans.
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    can i use RequestDispatcher instead of response.sendRedirect. I want the validate servlet to redirect to success servlet on successful validation and to ErrorServlet on failure. can i redirect using Requestdispatcher??
     
    Ulf Dittmer
    Rancher
    Pie
    Posts: 42966
    73
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    So you would rather use another approach than to fix the one that you have in place? Have you read the javadocs that I mentioned twice now?
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    I did clean and build but the problem still persists.
     
    Niraj Jha
    Ranch Hand
    Posts: 63
    Java Spring Tomcat Server
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Why don't you make application directly in tomcat web-apps instead of using IDE.
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    This is what our institute people want. Is the coding part correct?? Did you go through?
     
    Ulf Dittmer
    Rancher
    Pie
    Posts: 42966
    73
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    It is not, as I have pointed out repeatedly by now.
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    how to learn j2ee so as to become a good coder?? can anyone help me out please...
     
    Ulf Dittmer
    Rancher
    Pie
    Posts: 42966
    73
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Doing lots and lots of it. And reading a lot about it, too, so you learn from other people.
     
    sunaina agarwal
    Ranch Hand
    Posts: 49
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Yes i have satrted doing it am pondering now into head first jsp and servlets book please let me know other things which will help me learn j2ee more quickly and efficiently
     
    Pat Farrell
    Rancher
    Posts: 4660
    5
    Linux Mac OS X VI Editor
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    sunaina agarwal wrote:please let me know other things which will help me learn j2ee more quickly and efficiently


    Sadly, I don't think it can be done.

    I trust you really are using JEE not J2EE. J2EE was so complex that they redesigned it, and the result was do different that they changed the name.

    This stuff is complicated and you need to understand a lot of it before any of it makes sense.

    The normal way someone learns is to work with an experienced JEE developer.
     
    I agree. Here's the link: http://aspose.com/file-tools
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic