Sunday, October 2, 2011

Assignment Week - 10

- Complete Security Model of your web applications as per our defined guidelines,
- Integrate database in your applications
Posted by at No comments:
Labels: ,

Database Used

MYSQL Database has been used (www.mysql.com)
MySQL J Connector for java (http://www.mysql.com/downloads/connector/j/)
Posted by at No comments:
Labels: ,

Home Servlet Changes


package com.evs.objava33.class17;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.evs.objava33.class19.MySqlUserDao;
import com.evs.objava33.class19.User;
import com.evs.objava33.class19.UserDao;

/**
 * Servlet implementation class HomeServlet
 */
@WebServlet("/HomeServlet")
public class HomeServlet extends HttpServlet {
private static final long serialVersionUID = 1L;

private UserDao service = null;

/**
* @see HttpServlet#HttpServlet()
*/
public HomeServlet() {
super();
// TODO Auto-generated constructor stub
service = new MySqlUserDao();
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
User user = (User) request.getSession().getAttribute("user");
List<User> list = service.allUsers();
// if (user == null) {
// response.sendRedirect("LoginServlet?error=1");
// return;
// }
// Cookie[] cookie = request.getCookies() ;
response.addCookie(new Cookie("username", user.getUsername()));

PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">");
out.println("<title>My Application :: Home Page</title>");
out.println("</head>");
out.println("<body>");
out.println("Welcome user (" + user + ") <br />");
out.println("<table border=1 width=100%>");
out.println("<tr><td>Id</td><td>Name</td><td>Pass</td><td>&nbsp;</td></tr>");
for (User u : list) {
out.println("<tr><td>" + u.getUserid() + "</td><td>"
+ u.getUsername() + "</td><td>" + u.getUserpass()
+ "</td> <td> <a href=\"DeleteServlet?userid="
+ u.getUserid() + "\">Delete</a> "
+ "| <a href=\"AddUserServlet?userid=" + u.getUserid()
+ "\">Update</a> " + "</td>" + "</tr>");
}
out.println("</table>");
out.println("<a href=\"AddUserServlet\">Add User</a> | <a href=\"LogoutServlet\">Logout</a>");
out.println("</body>");
out.println("</html>");
response.setStatus(HttpServletResponse.SC_OK);
out.close();
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}

}

Posted by at No comments:
Labels: ,

Login Servlet Changes


package com.evs.objava33.class17;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.evs.objava33.class19.MySqlUserDao;
import com.evs.objava33.class19.User;
import com.evs.objava33.class19.UserDao;

/**
 * Servlet implementation class LoginServlet
 */
@WebServlet("/LoginServlet")
public class LoginServlet extends HttpServlet {
private static final long serialVersionUID = 1L;

private String message = null;
private UserDao service = null;

/*
* (non-Javadoc)
*
* @see javax.servlet.GenericServlet#init(javax.servlet.ServletConfig)
*/
@Override
public void init(ServletConfig config) throws ServletException {
// TODO Auto-generated method stub
super.init(config);
service = new MySqlUserDao();
}

/**
* @see HttpServlet#HttpServlet()
*/
public LoginServlet() {
super();
// TODO Auto-generated constructor stub
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
if (request.getParameter("error") != null) {
message = "Please login first ... ";
}
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">");
out.println("<title>My Application :: Login Page</title>");
out.println("</head>");
out.println("<body>");
if (message != null) {
out.println("<font color=RED>" + message + "</font>");
message = null;
}
out.println("<form action=\"LoginServlet\" method=\"POST\">");
Cookie[] cookie = request.getCookies() ;
String username = "" ;
for ( Cookie c : cookie ) {
if ( "username".equals(c.getName()) ) {
username = c.getValue() ;
break ;
}
}
out.println("Login: <input type=\"text\" name=\"txtLogin\" value=\""+username+"\" /> <br />");
out.println("Password: <input type=\"password\" name=\"txtPass\" /> <br />");
out.println("<input type=\"submit\" name=\"btnSubmit\" value=\"Login\" /> &nbsp;");
out.println("<input type=\"reset\" name=\"btnReset\" value=\"Cancel\" />");
out.println("</form>");
out.println("</body>");
out.println("</html>");
out.close();
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String loginName = request.getParameter("txtLogin");
String loginPass = request.getParameter("txtPass");

if (null != loginName && null != loginPass
&& loginName.trim().length() > 0
&& loginPass.trim().length() > 0) {
// if ("admin".equals(loginName) && "admin".equals(loginPass)) {
User user = service.validateUser(loginName, loginPass);
if (user != null) {
// Success; Validated user
request.getSession().setAttribute("user", user);
response.sendRedirect("HomeServlet");
return;
} else {
message = "Invalid combination";
}
} else {
message = "Please provide username & password ";
}

// Failure
doGet(request, response);
}
}

Posted by at No comments:
Labels: ,

Delete Servlet


package com.evs.objava33.class20;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.evs.objava33.class19.MySqlUserDao;
import com.evs.objava33.class19.UserDao;

/**
 * Servlet implementation class DeleteServlet
 */
@WebServlet("/DeleteServlet")
public class DeleteServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private UserDao service = null;

/**
* @see HttpServlet#HttpServlet()
*/
public DeleteServlet() {
super();
service = new MySqlUserDao();
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String userid = request.getParameter("userid");
service.deleteUser(userid);
response.sendRedirect("HomeServlet");
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
doGet(request, response);
}

}

Posted by at No comments:
Labels: ,

Add User Servlet


package com.evs.objava33.class20;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.evs.objava33.class19.MySqlUserDao;
import com.evs.objava33.class19.User;
import com.evs.objava33.class19.UserDao;

/**
 * Servlet implementation class AddUserServlet
 */
@WebServlet("/AddUserServlet")
public class AddUserServlet extends HttpServlet {
private static final long serialVersionUID = 1L;

private UserDao service = null;

/**
* @see HttpServlet#HttpServlet()
*/
public AddUserServlet() {
super();
// TODO Auto-generated constructor stub
service = new MySqlUserDao();
}

/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">");
out.println("<title>My Application :: Login Page</title>");
out.println("</head>");
out.println("<body>");
out.println("<form action=\"AddUserServlet\" method=\"POST\">");
String userid = request.getParameter("userid");
User user = null;
if (userid != null) {
out.println("UserId : " + userid + "<br />");
user = service.getUser(userid);
}
out.println("<input type=\"hidden\" name=\"userid\" value=\""
+ (userid != null ? userid : "") + "\" >");
out.println("Username: <input type=\"text\" name=\"txtUser\" value=\""
+ (user != null ? user.getUsername() : "") + "\" /> <br />");
out.println("Password: <input type=\"text\" name=\"txtPass\" value=\""
+ (user != null ? user.getUserpass() : "") + "\" /> <br />");
out.println("<input type=\"submit\" name=\"btnSubmit\" value=\""
+ (user != null ? "Update" : "Add") + "\" /> &nbsp;");
out.println("<input type=\"reset\" name=\"btnReset\" value=\"Cancel\" />");
out.println("</form>");
out.println("<a href=\"HomeServlet\">Home</a>");
out.println("</body>");
out.println("</html>");
out.close();
}

/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
*      response)
*/
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String userid = request.getParameter("userid");
String username = request.getParameter("txtUser");
String userpass = request.getParameter("txtPass");
boolean success = false;
if (userid != null && userid.trim().length() > 0) {
// edit
success = service.updateUser(userid, username, userpass);
request.getSession().setAttribute("message",
"User updated successfully");
} else {
success = service.addUser(username, userpass);
request.getSession().setAttribute("message",
"User updated successfully");
}

if (success) {
response.sendRedirect("HomeServlet");
}
request.getSession().setAttribute("message", "User operation failed ");
doGet(request, response);
}

}

Posted by at No comments:
Labels: , ,

MySQL User DAO


package com.evs.objava33.class19;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;

public class MySqlUserDao extends Database implements UserDao {

public User validateUser(String name, String pass) {
Connection con = null;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
con = getConnection();
stmt = con.prepareStatement(VALIDATE_USER);
stmt.setString(1, name);
stmt.setString(2, pass);
rs = stmt.executeQuery();
if (rs.next()) {
return new User(rs.getLong(1), rs.getString(2), rs.getString(3));
}
} catch (SQLException q) {
q.printStackTrace();
} finally {
returnResources(rs, stmt, con);
}
return null;
}

public User getUser(String userid) {
Connection con = null;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
con = getConnection();
stmt = con.prepareStatement(ALL_USER + " WHERE userid=?");
stmt.setString(1, userid);
rs = stmt.executeQuery();
if (rs.next()) {
return new User(rs.getLong(1), rs.getString(2), rs.getString(3));
}
} catch (SQLException q) {
q.printStackTrace();
} finally {
returnResources(rs, stmt, con);
}
return null;
}

public List<User> allUsers() {
Connection con = null;
PreparedStatement stmt = null;
ResultSet rs = null;
List<User> list = null;
try {
con = getConnection();
stmt = con.prepareStatement(ALL_USER);
rs = stmt.executeQuery();
list = new ArrayList<User>();
while (rs.next()) {
list.add(new User(rs.getLong(1), rs.getString(2), rs
.getString(3)));
}
} catch (SQLException q) {
q.printStackTrace();
} finally {
returnResources(rs, stmt, con);
}
return list;
}

@Override
public boolean addUser(String username, String userpass) {
Connection con = null;
PreparedStatement stmt = null;
ResultSet rs = null;
try {
con = getConnection();
stmt = con.prepareStatement(ADD_USER);
stmt.setString(1, username);
stmt.setString(2, userpass);
int ret = stmt.executeUpdate();
return ret > 0;
} catch (SQLException q) {
q.printStackTrace();
} finally {
returnResources(rs, stmt, con);
}
return false;
}

/*
* (non-Javadoc)
*
* @see com.evs.objava33.class19.UserDao#deleteUser(java.lang.String)
*/
@Override
public void deleteUser(String userid) {
executeQuery("DELETE FROM user where userid=" + userid);
}

public boolean updateUser(String userid, String username, String userpass) {
return executeQuery("UPDATE user SET username='" + username
+ "', userpass='" + userpass + "' WHERE userid='" + userid
+ "'") > 0;
}
}

Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)