Using Javabeans and Sessions to Create a Login Page
In order to implement a login, your code needs to create a Javabean
(object) to represent the user and store the bean in the current
session. The existence of this bean can then be checked to see if the
user is logged in and to accesss their name.
Step 1 : Create the Javabean
- If you don't have one already, create package in the source
area of your project, then create a java class to represent your user.
- Java class should have the following:
- attributes for name, user id, and password.
- boolean attribute to indicate if the user login was successful
- get/set/is methods for all attributes
- a default constructor
- a login method to access the database to see if the id/password
exists, if it does, then retrieve the user name
- a logout method to clear the login status.
- Note, the names you select for your variables and methods
should follow the java rules. The variable names or userid and
password you use here will also be the names you use on the login html
form.
package registrarbeans;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
/**
*
* @author mpenderg
*/
public class Student {
String firstName = "";
String lastName = "";
String id = "";
String password = "";
boolean loggedIn = false;
public Student()
{
}
public boolean isLoggedIn()
{
return loggedIn;
}
public String getFirstName()
{
return firstName;
}
public void setFirstName(String f)
{
firstName = f;
}
public String getLastName()
{
return lastName;
}
public void setLasttName(String l)
{
lastName = l;
}
public String getId()
{
return id;
}
public void setId(String i)
{
id = i;
}
public String getPassword()
{
return password;
}
public void setPassword(String p)
{
password = p;
}
public boolean login(String url)
{
//
// database work
//
try{
// open a connection
Connection con =
null;
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); //
load the driver
con =
DriverManager.getConnection(url);
// con =
DriverManager.getConnection("jdbc:sqlserver://rubble.student.ad.fgcu.edu:1433;databaseName=sp12ism3232x;user=s12ISM3232;password=s12ISM3232;");
// create the sql command
PreparedStatement prep = con.prepareStatement("Select lastname,
firstname from Students where studentid=? and password=?");
prep.setString(1,id);
prep.setString(2,password);
ResultSet
rs = prep.executeQuery();
if(rs.next())
{
lastName =
rs.getString(1);
firstName
= rs.getString(2);
loggedIn =
true;
}
else
loggedIn = false;
prep.close();
con.close();
}
catch(Exception sqlex)
{
loggedIn =
false;
}
return loggedIn;
}
public void logOut()
{
loggedIn = false;
}
}
Step 2 : Create the Login.html form
- You should have a place to enter the user id and the password
- Use a text field for the id, password field for the password
- Name these form fields using the same name as you did in the
javabean
- Set your action to invoke your login.jsp, use method=post
login.html
<html>
<head>
<title>Login Page</title>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
</head>
<body>
<form name="login" action="login.jsp" method="post"><br/>
ID <input type="text" name="id"
size="15" /><br/>
Password <input type="password" name="password" size="15" /><br/>
<input type ="submit" value="login" /><input type="reset"
value="clear" /><br/>
</form>
</body>
</html>
Step 3: create the login.jsp
- Use a userBean directive to create the user javabean, give it a
scope of sesssion so it doesn't go away
- Use a setProperty directive to load the login.html form values
into the bean.
- Set an error page to catch any problems
- Set the max inactive interval for the session (login will expire
after that time or after the user exits the browser)
- Ask the user bean to login, print out the status.
login.jsp
<%@page
contentType="text/html" pageEncoding="UTF-8"%>
<%@page errorPage =
"errorPage.jsp" %>
<jsp:useBean
id="student" class="registrarbeans.Student" scope="session" />
<jsp:setProperty
name="student" property="*" />
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<title>Login</title>
</head>
<body>
<%
session.setMaxInactiveInterval(1800);
// 30 minute time out
student.login("jdbc:sqlserver://rubble.student.ad.fgcu.edu:1433;databaseName=sp12ism3232x;user=s12ISM3232;password=s12ISM3232;");
if(student.isLoggedIn())
out.println("Hello "+student.getFirstName()+"
"+student.getLastName()+"<br/>");
else
out.println("Invalid login<br />");
out.println("<a href='checkLogin.jsp'>check</A>");
%>
</body>
</html>
Step 4 : create a logout page
- This one is easy, just create a logout.jps
- logout.jsp should have a directive to get the user bean (student
in this case)
- then it calls the logout method of the bean
logout.JSP
<%@page contentType="text/html"
pageEncoding="UTF-8"%>
<%@page errorPage = "errorPage.jsp" %>
<jsp:useBean id="student"
class="registrarbeans.Student" scope="session" />
<!DOCTYPE html>
<html>
<head>
<meta
http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Logout</title>
</head>
<body>
<%
student.logOut();
%>
</body>
</html>
Step 5: Checking to see if the user is logged in.
- Any page that wants to see if the user is logged in and access
their name only needs to create the user javabean and call isLoggedIn().
- you can call response.sendRedirect to force the login page to
come up if the user is not logged in.
checkLogin.jsp
<%@page
contentType="text/html" pageEncoding="UTF-8"%>
<jsp:useBean
id="student" class="registrarbeans.Student" scope="session" />
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<title>Check login</title>
</head>
<body>
<%
if(!student.isLoggedIn())
{
response.sendRedirect("login.html"); // Tell the browser to go to
this page
return; // do nothing more
}
%>
<h3>Hello <%=
student.getFirstName()+" "+student.getLastName() %> </h3>
<%@include
file="footer.jsp" %>
</body>
</html>