Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

JSP Project with DAO pattern tell me am i on right track

  • 03-02-2006 11:28pm
    #1
    Posts: 0


    hi i realise i probably cannot get the answer outright but from this code am i on the right track???

    package Dxxxx.ActionServlets;

    import Dxxxx.DAOs.GardaDAO;
    import Dxxxx.Entities.Garda;
    import java.io.*;

    import javax.servlet.*;
    import javax.servlet.http.*;


    public class LoginActionServlet extends HttpServlet {


    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();


    String username = request.getParameter("username");
    String password = request.getParameter("password");



    Garda g = new Garda();

    String u = g.getUsername();
    String p = g.getPassword();

    if (username == u && password == p) {

    response.sendRedirect(request.getContextPath() + "/LicenceNoPrompt.jsp");

    }

    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
    processRequest(request, response);
    }
    }




    public interface GardaDAO {

    public Garda findByPrimaryKey(String username);

    }

    package Dxxx.DAOs;

    import Dxxx.Entities.Garda;



    public class GardaDAOImpl implements GardaDAO {



    public Garda findByPrimaryKey(String username){

    Garda g = new Garda();

    try{

    java.lang.Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    java.sql.Connection conn = java.sql.DriverManager.getConnection("jdbc:odbc:PP", "guest", "guest");

    java.sql.Statement stmt = conn.createStatement();

    String sql = "SELECT username, password FROM garda WHERE username = " + username + ";";

    System.out.println(sql);

    java.sql.ResultSet rs = stmt.executeQuery(sql);


    g = new Garda(rs.getString("username"), rs.getString("password"));

    g.setUsername(rs.getString("username"));
    g.setPassword(rs.getString("password"));




    }catch(java.lang.ClassNotFoundException cnfe){
    System.out.println("Class not Found");
    }catch(java.sql.SQLException sqle){
    System.out.println("SQLException");
    }
    return g;
    }

    }
    package Dxxxx.Entities;

    public class Garda {

    String username;
    String password;


    public Garda() {

    }

    public Garda(String username, String password){


    this.username = username;
    this.password = password;
    }

    public void setUsername(String username) {

    this.username = username;
    }

    public void setPassword(String password) {

    this.password = password;
    }
    public String getUsername() {

    return username;
    }
    public String getPassword() {

    return password;
    }

    }


    im trying to basically match parameters from the user entry to the ones that exist on the database.


Comments

  • Registered Users, Registered Users 2 Posts: 441 ✭✭robfitz


    Garda g = new Garda();

    String u = g.getUsername();

    The Garda object g is empty at this point.

    You need to use a GardaDAOImpl object to query the database, using something like this.
    GardaDAOImpl gardaDAO = new GardaDAOImpl();
    Garda g = gardaDAO.findByPrimaryKey(username);

    String u = g.getUsername();


    P.S. You should validate the inputs from the user before using them in a query to the database.


  • Posts: 0 [Deleted User]


    robfitz wrote:
    P.S. You should validate the inputs from the user before using them in a query to the database.



    how do you mean by that??? perhaps you cannot answer that.

    thanks for replying


  • Registered Users, Registered Users 2 Posts: 2,013 ✭✭✭lynchie


    read up on the differences between object and string comparisons. You are doing them wrong in your servlet.

    In your DAOImpl class, you are instaniating your garda class at the beginning, then again after you get the results back from the DB, then you are un necessarliy setting the username and password properties again.


  • Registered Users, Registered Users 2 Posts: 441 ✭✭robfitz


    how do you mean by that???

    It's a major security risk not to validate input from the user, for more details read up on SQL Injection.


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    Damn, beaten to it on the SQL injection thing. Is this a real project, or a college thing? If real, you really should read a book or something on the JDBC. At the moment it has a glaring security flaw.


  • Advertisement
  • Moderators, Politics Moderators Posts: 41,234 Mod ✭✭✭✭Seth Brundle


    Garda object, security flaw.
    hmmm


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    Yes, I noticed that... If it turns out to be that I think I might move country before there's a fencepost error and I'm charged with regicide, or something.

    I'm sure it's a college project. Preferably a first year one. I'm sure it is.

    *goes and hides in corner*


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott




  • Moderators, Politics Moderators Posts: 41,234 Mod ✭✭✭✭Seth Brundle


    rsynnott wrote:

    That doesn't mean that the developers of the Pulse/other state IT contract haven't subbed it out to the lowest bidder! :D


  • Registered Users, Registered Users 2 Posts: 4,003 ✭✭✭rsynnott


    There are limits to the stupidity and short-sightedness of our government. This is hopefully one of them :)


  • Advertisement
  • Posts: 0 [Deleted User]


    hiya

    i am currently doing a final year jsp project of a fantasy football website. i am a 3rd yr student of SW dev but we have only being introduced to jsp and servlets this year. our teacher expects us to whip a project up without giving us any help or slowly building up to the level of creating a working web project.

    i didnt do to well in the garda assignment monday but have been recieving extra tutorials. 4 (out of a class of 6) are struggling.

    i am currently working on the login section of the fantasy football site

    package pff.Dao;
    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.ResultSet;
    import java.util.Vector;
    import pff.entities.User;


    public class DatabaseDAOforUserImpl implements DatabaseDAOforUser {


    public User findUser() {



    User u = new User();

    try{
    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");


    Connection conn = DriverManager.getConnection("jdbc:odbc:football", "guest" , "guest");
    java.sql.Statement stmt = conn.createStatement();

    String query = "SELECT * FROM User_details WHERE username = '?' AND password ='?'";

    ResultSet rs = stmt.executeQuery(query);

    while(rs.next()){



    u.setUsername(rs.getString("username"));
    u.setPassword(rs.getString("password"));



    }

    conn.close();


    }catch(java.lang.ClassNotFoundException cnfe){
    System.out.println("Class not Found");
    }catch(java.sql.SQLException sqle){
    System.out.println("SQLException");
    }
    return u;
    }
    }


    package pff.Dao;
    import java.sql.Connection;
    import java.sql.DriverManager;
    import java.sql.ResultSet;
    import java.util.Vector;
    import pff.entities.User;


    public class DatabaseDAOforUserImpl implements DatabaseDAOforUser {


    public User findUser() {



    User u = new User();

    try{
    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");


    Connection conn = DriverManager.getConnection("jdbc:odbc:football", "guest" , "guest");
    java.sql.Statement stmt = conn.createStatement();

    String query = "SELECT * FROM User_details WHERE username = '?' AND password ='?')";

    ResultSet rs = stmt.executeQuery(query);

    while(rs.next()){



    u.setUsername(rs.getString("username"));
    u.setPassword(rs.getString("password"));



    }

    conn.close();


    }catch(java.lang.ClassNotFoundException cnfe){
    System.out.println("Class not Found");
    }catch(java.sql.SQLException sqle){
    System.out.println("SQLException");
    }
    return u;
    }
    }


    package pff.actionServlets;
    import java.io.*;

    import javax.servlet.*;
    import javax.servlet.http.*;
    import pff.Dao.DatabaseDAOforUserImpl;
    import pff.entities.User;



    public class LoginAction extends HttpServlet {


    public void processLogAction(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();

    DatabaseDAOforUserImpl ddao = new DatabaseDAOforUserImpl();

    String username = request.getParameter("username");
    String password = request.getParameter("password");


    User user = ddao.findUser();

    if(username.equals(user.getUsername() ))
    {
    if(password.equals(user.getPassword() ))
    {

    ServletContext sctx1 = this.getServletContext();

    RequestDispatcher rd1 = sctx1.getRequestDispatcher("/Control.jsp");

    rd1.forward(request, response);
    }

    }


    else{

    ServletContext sctx = this.getServletContext();
    RequestDispatcher rd = sctx.getRequestDispatcher("/Error.jsp");

    rd.forward(request, response);
    }
    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

    processLogAction(request, response);
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {

    processLogAction(request, response);
    }

    }


    <html>
    <head> <title> Premiership Fantasy Football </title>
    </head>
    <body>

    <form name="inputForm" method = "Post" action = "<%=request.getContextPath()%>/LoginAction" %>
    Username
    <input type="text" name="username">
    Password
    <input type="password" name="password">
    <input type="submit" name="Submit" value="Enter Site">
    </form>

    </body>
    </html>

    the if/else password check keeps refering me to the error.jsp page. please help as i cant see where i have gone wrong


  • Registered Users, Registered Users 2 Posts: 2,013 ✭✭✭lynchie


    Suggest you read up on sql / preparedstatements cause your findUser method does nothing. You need to be able to pass in the username of the user to find, use parameters on ur sql query. Your servlet doesnt even pass the username to search for to your dao.

    If you cant see whats wrong with it, you should be sticking log statements or System.outs at key points in your code to help you diagnose the problems.


  • Posts: 0 [Deleted User]


    lynchie wrote:
    Suggest you read up on sql / preparedstatements cause your findUser method does nothing. You need to be able to pass in the username of the user to find, use parameters on ur sql query. Your servlet doesnt even pass the username to search for to your dao.

    If you cant see whats wrong with it, you should be sticking log statements or System.outs at key points in your code to help you diagnose the problems.


    Lynchie thank you for pointing me in the right direction i have now got that sorted.

    I cant thank you enough,. cheers


Advertisement