Everyone is familiar now days from login. Login is required
everywhere when you do some work on web related to you or your
account. Many web applications register users and manage their
accounts for the security purpose.
I don’t go in details about these. I only focus on how do we
authenticate user and create a session for that user in Java. I
assume that the reader has the basic knowledge of database and java
database connectivity as well as starting a new project to develop.
So
prerequisite of this example is:
- A working sever for handle java code(preferable Apache tomcat)
- A database with user table and has some user list with their passwords ( I have used MYSQL database).
- Knowledge of HTML to create login form.
Now
first you have to create a login page using HTML, so that users can
enter their username and password.
html.html
<form
id="form1" method="post" action="login.jsp">
Username<input
name="username" type="text" size="35"
style="height:30px;" placeholder="Enter Your Username"
required />
Password<input
name="password" type="password" size="35"
style="height:30px;" placeholder="Enter Your Password"
required />
<input type="reset" name="Reset"
value="Reset" />
<input type="submit" name="Submit2"
value="Submit" />
</form>
To
authenticate credentials entered by a user we require a java code
(written in login.jsp file) to authenticate user from user list table
of database.
//Get data from login page
String username=req.getParameter("username");
String
password=req.getParameter("password");
//Database
connectivity
Connection conn = null;
Statement
stmt=null;
String
user="";
String
pass="";
Class.forName("com.mysql.jdbc.Driver");
conn
= DriverManager.getConnection("jdbc:mysql://localhost:3306/database_name","DB_username","DB_password");
stmt
= conn.createStatement();
//Execute
SQL query to search in database to authenticate user
String sql="select username, password, type from users where username='"+username+"' and password='"+password+"'"
ResultSet
rs = stmt.executeQuery(sql);
//If
user found in database store his details in variables
if(rs.next())
{
user=rs.getString(1);
pass=rs.getString(2);
type=rs.getString(3);
}
//If
user is valid than create a session and redirect him to his account
page.
if(username.equals(user)
&& pass.equals(password) )
{
HttpSession
session = reqest.getSession(true);
session.setAttribute("user", username);
response.sendRedirect("userhome.jsp");
}
//If
user is not valid then redirect him to login page
else
{
response.sendRedirect("login.jsp");
}
//Close
database connection.
rs.close();
stmt.close();
conn.close();
The
complete java code is
try
{
String username=req.getParameter("username");
String
password=req.getParameter("password");
Connection
conn = null;
Statement
stmt=null;
String
user="";
String
pass="";
Class.forName("com.mysql.jdbc.Driver");
conn
=
DriverManager.getConnection("jdbc:mysql://localhost:3306/databasename","DB_user","DB_password");
stmt
= conn.createStatement();
String
sql="select username, password, type from users where
username='"+username+"' and password='"+password+"'";
ResultSet
rs = stmt.executeQuery(sql);
if(rs.next())
{
user=rs.getString(1);
pass=rs.getString(2);
}
if(username.equals(user)
&& pass.equals(password) )
{
HttpSession
session = request.getSession(true);
session.setAttribute("user", username);
response.sendRedirect("home.jsp");
}
else
{
response.sendRedirect("login.jsp");
}
rs.close();
stmt.close();
conn.close();
}
catch(Exception
e)
{
out.println(e);
}
