input validation against DB in Spring+hibernate -


its spring mvc app hibernate.

@service public class userserviceimpl implements userservice {      @autowired     userdao userdao;     @autowired     private sessionfactory sessionfactory;      @override     public boolean save(user user) {          return userdao.save(user);     }      @override     public void update(user user) {          userdao.update(user);          // return this.userdao.update(user);     }      @override     @transactional     public user findbyid(int id) {          return this.userdao.findbyid(id);     }      @override     @transactional     public list<user> listpersons() {          return this.userdao.listpersons();     }      @override     @transactional     public user deleteuser(int id) {          return userdao.deleteuser(id);     }      public boolean validateuser(int id) {          list<user> list= (list<user>) findbyid(id);            return false;          }      public user validateuser(user user) {             session session = this.sessionfactory.getcurrentsession();          string query = "select u.name, u.password user u u.name='"+ user.getname() + "' , u.password='"                 + user.getpassword() + "'";          session.createquery(query);                 resultset rs = (resultset) session.createquery (query);              try {                 if (rs.next()){                      return user;                 } else                     return user;             } catch (sqlexception e) {                  e.printstacktrace();             }             return user;          } } userserviceimpl class has method validate user input[ password , userid];

user logs in login.jsp page filling out form:

<body>      welcome back!      <br> registered user can log in...     <br>     <br>     <form:form action="admin" modelattribute="user" method="post">         <table border="1">              <tr>                 <td><form:label path="userid">your id:- </form:label></td>                 <td><form:input path="userid" /></td>             </tr>             <tr>                 <td><form:label path="password">password:- </form:label></td>                 <td><form:input path="password" /></td>             </tr>              <tr>                 <td><form:label path="role">select log in role a:- </form:label></td>                 <td><form:select path="role">                         <form:option value="none" lable="---select---">please select</form:option>                         <form:options items="${roles}" />                     </form:select></td>                 <td><input type="submit" value="login" /></td>             </tr>         </table>     </form:form> </body>

the form goes contrroller:

@requestmapping(value = "/admin", method = requestmethod.post)     public string loggeduser(@modelattribute("user") user user, bindingresult result, model model) {          // role, id , pw value jsp         string role = user.getrole();         string loadedpw = user.getpassword();         string loadeduid = user.getuserid();         // want check password , userid here again db         //loadedpw.        //directing admin page , gen page     if (role.equalsignorecase("admin") || role.equalsignorecase("principal")) {             return "adminpage";                  } else             return "genpage";     }

my user object 

@entity @table(name = "user") public class user implements serializable {     private static final long serialversionuid = 1l;     @id     @column(name = "id")     @generatedvalue(strategy = generationtype.auto)     private int id;     @column(name = "name")     private string name;     @column(name = "user_id")     private string userid;     @column(name = "password")/*         @notnull(message="please select password")     @length(min=5, max=10, message="password should between 5 - 10 charactes")*/      private string password;      @column(name = "email")     private string email;      @column(name = "role")     private string role;      @column(name = "department")     private string department;     @column(name = "rid")     private int rid;         public int getrid() {         return rid;     }     public void setrid(int rid) {         this.rid = rid;     }        @manytoone     @jointable(name = "user_roles", joincolumns = {             @joincolumn(name = "user_id", referencedcolumnname = "id") }, inversejoincolumns = {                     @joincolumn(name = "roles_id", referencedcolumnname = "id") })      /*@manytoone(cascade=cascadetype.all)*/     public roles roles;      public roles getroles() {         return roles;     }     public void setroles(roles roles) {         this.roles = roles;     }     // no arg constructor     public user() { //getters , setters ........     }

how can validate password , userid inputs on login.jsp against user table? have use jdbc resultset or there other better way validate user inputs? using hibernate 4.3x spring mvc 4.x .

how can validate password , userid inputs on login.jsp against user table?

you can use spring-security module, powerful authenticating & authorizing user requests (like in web application) , can find example here

spring-security module provides various methods configure user details inmemory, database, ldap, etc.., case need go jdbc authentication using (authenticationmanagerbuilder.jdbcauthentication()).

the approach need provide configuration class overriding methods configauthentication() , configure() methods of websecurityconfigureradapter

do have use jdbc resultset or there other better way validate user inputs?

no, don't need handle jdbc resultset directly, rather in spring-security, need provide datasource (database access details) , sql query select username,password users username=?.

you can refer here configuring jdbc authentication.


-

Comments

Post a Comment

Popular posts from this blog

java - SSE Emitter : Manage timeouts and complete() -

i writing web app multiple listeners(evcentsource sse clients js) connected server . want store sse emitter per connected listener : can done in memory or other means assigning id each client able achieve far now question ; how send response/event specific client connected web app ? while doing sseemmiters stored either getting completed or timed out. how prevent ? how keep sseemmiter available open infinite time (till client closes) , send events selectively .
Read more

jquery - uncaught exception: DataTables Editor - remote hosting of code not allowed -

i'm trying implement crud operation using datatableseditor using datatables.but i'm getting error messages: 1)uncaught exception: datatables editor - remote hosting of code not allowed. please see http://editor.datatables.net details on how purchase editor license 2)typeerror: a.editor undefined 3) $.fn.datatable.editor not constructor" what reason? here configuration: <%@ page language="java" contenttype="text/html; charset=iso-8859-1" pageencoding="iso-8859-1"%> <!doctype html public "-//w3c//dtd html 4.01 transitional//en" "http://www.w3.org/tr/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>insert title here</title> <link rel="stylesheet" type="text/css" href="//cdn.datatables.net/1.10.12/css/jquery.datatables.min.css"> <link re...
Read more

java - How to resolve error - package com.squareup.okhttp3 doesn't exist? -

i trying convert json java object use of gson in maven, following youtube video guidance - https://www.youtube.com/watch?v=vqgghm9pwe0 , theres error occurs when in main class error - package com.squareup.okhttp3 doesn't exist. code below: java package com.codebeasty.json; import com.squareup.okhttp3.okhttpclient; public class main { private static okhttpclient client = new okhttpclient(); public static void main (string [] args) { } } i put in dependency in pom.xml: <dependencies> <dependency> <groupid>com.squareup.okhttp3</groupid> <artifactid>okhttp</artifactid> <version>3.4.2</version> </dependency> <dependency> <groupid>com.google.code.gson</groupid> <artifactid>gson</artifactid> <version>2.8.0</version> </dependency> </dependencies> i dont understand why doesn't recognize com.squareup. there may need download? have downl...
Read more