Authentication Using a Database
To authenticate a user, you need access to information about the registered users. For the sample application in this chapter, all user information is kept in a database. There are other options, including flat files and LDAP directories. When a user fills out the login page form and clicks Enter, the authentication page shown in Example 13-3 is processed. This is a large page, so each part is discussed in detail after the complete page.
Example 13-3. Authentication page (authenticate.jsp)
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="sql" uri="http://java.sun.com/jsp/jstl/sql" %> <%@ taglib prefix="ora" uri="orataglib" %> <%-- Remove the validUser session bean, if any --%> <c:remove var="validUser" /> <c:if test="${empty param.userName || empty param.password}"> <c:redirect url="login.jsp" > <c:param name="errorMsg" value="You must enter a User Name and Password." /> </c:redirect> </c:if> <%-- See if the user name and password combination is valid. If not, redirect back to the login page with a message. --%> <sql:query var="empInfo"> SELECT * FROM Employee WHERE UserName = ? AND Password = ? <sql:param value="${param.userName}" /> <sql:param value="${param.password}" /> </sql:query> <c:if test="${empInfo.rowCount == 0}"> <c:redirect url="login.jsp" > <c:param name="errorMsg" value="The User Name or Password you entered is not valid." /> </c:redirect> </c:if> <%-- Create an EmployeeBean and save it in the session ...Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
