Java Login Example
JSP - PreparedStatement - MySQL- Eclipse - Apache Tomcat
- PreparedStatement can be used to prevent sql injection.
Project:
Project Explorer:
Source code:
LoginDao.java
package com.login.dao;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import com.login.model.Login;
import com.login.utilities.DBUtilities;
public class LoginDao
{
public boolean checkLogin(Login login) throws SQLException
{
Connection con=null;
try{
con=DBUtilities.getConnection();
String query="select * from sec_login where username=? and password=?";
PreparedStatement pst= con.prepareStatement(query);
pst.setString(1, login.getUsername());
pst.setString(2, login.getPassword());
ResultSet rs= pst.executeQuery();
if(rs.next())
{
return true;
}
else
{
return false;
}
}
finally{
DBUtilities.closeConnection(con);
}
}
}
DBUtilities.java
package com.login.utilities;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.SQLException;
public class DBUtilities {
public static Connection getConnection(){
Connection con = null;
try {
Class.forName("com.mysql.jdbc.Driver");
con =DriverManager.getConnection("jdbc:mysql://localhost:3306/nn","root","nn");
} catch (ClassNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return con;
}
public static void closeConnection(Connection con){
if(con!=null){
try{
con.close();
}catch(SQLException e){}
}
}
public static void closePreparedStatement(PreparedStatement ps){
if(ps!=null){
try{
ps.close();
}catch(SQLException e){}
}
}
}
LoginManagement.java
package com.login.model;
import java.sql.SQLException;
import com.login.dao.LoginDao;
public class LoginManagement
{
LoginDao logindao= new LoginDao();
public boolean checkLogin(Login login) throws SQLException
{
return logindao.checkLogin(login);
}
}
LoginController.java
package com.login.controller;
import java.io.IOException;
import java.sql.SQLException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.login.model.Login;
import com.login.model.LoginManagement;
/**
* Servlet implementation class LoginController
*/
@WebServlet("/LoginController")
public class LoginController extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public LoginController() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
LoginManagement loginManagement = new LoginManagement();
RequestDispatcher rd= null;
String action=request.getParameter("actiontype");
if(action.equals("Login"))
{
String username=request.getParameter("username");
String password= request.getParameter("password");
Login login= new Login(username, password);
boolean result=false;
try {
result = loginManagement.checkLogin(login);
if(result)
{
request.setAttribute("user", login.getUsername());
rd=request.getRequestDispatcher("Home.jsp");
rd.forward(request, response);
return;
}
else
{
request.setAttribute("err", "err");
rd=request.getRequestDispatcher("Login.jsp");
rd.forward(request, response);
return;
}
} catch (SQLException e) {
request.setAttribute("err", "err");
rd=request.getRequestDispatcher("Login.jsp");
rd.forward(request, response);
return;
}
}
}
}
Login.java
package com.login.model;
public class Login
{
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Login(String username, String password) {
super();
this.username = username;
this.password = password;
}
}
Login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Log in</title>
<script type="text/javascript">
function validateForm()
{
var x=document.getElementById("username");
if (x.value=="")
{
document.getElementById('username_innermsg').innerHTML="Please enter the Username.";
x.focus();
return false;
}
document.getElementById('username_innermsg').innerHTML='';
var x=document.getElementById("password");
if (x.value=="")
{
document.getElementById('password_innermsg').innerHTML="Please enter the Password.";
x.focus();
return false;
}
document.getElementById('password_innermsg').innerHTML='';
}
</script>
</head>
<body>
<center>
<h1>Log in</h1>
<form action="LoginController" method="post" onsubmit="return validateForm();">
<input type="hidden" name="actiontype" value="Login">
<table >
<tr>
<td>User Name :</td><td><input type="text" name="username" id="username"></td><td width="200px"> <i style="color: red;" id="username_innermsg"></i></td>
</tr>
<tr>
<td>Password :</td><td><input type="password" name="password" id="password"></td><td width="200px"> <i style="color: red;" id="password_innermsg"></i></td>
</tr>
<tr><td></td><td ><input type="submit" value="Login"><input type="reset" value="Cancel"></td><td ></td> </tr>
</table>
</form>
<i style="color: red;">
<%
String er=null;
try{
er= (String)request.getAttribute("err");
if(er.equals("err"))
{
out.print("Incorrect Username/Password.");
}
}
catch (Exception e){
}
%>
</i>
</center>
</body>
</html>
Home.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Home</title>
</head>
<body>
<%
String user =(String)request.getAttribute("user");
%>
welcome <%if(user!=null) out.print(user); %>..
<center>
<h1>You are logged in.</h1>
</center>
</body>
</html>
Download Project: SecureLoginUsingPreparedStatement
