Retrieving results for comparison in form based authentication with entitie

Similar Messages

• Performing form based authentication with entities

  Hey everyone,
  Im in a major dilemma.Im trying to perform form-based authentication using entities.I have created the entity class from the database,and I used a SLSB to access the bean method via JNDI(when I tried using dependency injection,there was an exception).I also cannot use hibernate as a persistent provider.I used toplink since it is the default in netbeans 5.5.1 and it did not raise any issues.But then,I noticed that toplink is most compatible with the oracle application server,and I use sun java system application server 9.1.I have not been able to successfully perform the authentication.
  here's the code:note,there are still bugs as ive been going back and forth trying to find a solution and also because Ive been working with preexisting code.
  model:
  SLSB
  * userValidationBean.java
  * Created on 26 March 2008, 18:25
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import javax.ejb.Stateless;
  import javax.ejb.Remote;
  import java.util.List;
  import javax.persistence.PersistenceContext;
  import javax.persistence.EntityManager;
  import javax.persistence.Query;
  import Entities.UserTable;
  import javax.transaction.UserTransaction;
  import javax.annotation.Resource;
  //the reason for the many comments is that im still debugging and there are still some bugs.Ive also been trying to go back and forth just
  //to get a solution.
  //the other accompanying classes had preexisting code i wrote earlier.
  * @author Ayo
  @Stateless
  @Remote(userValidationRemote.class)
  public class userValidationBean implements Entities.userValidationRemote {
  @PersistenceContext private EntityManager manager;
  @Resource private javax.transaction.UserTransaction tran;
  /** Creates a new instance of userValidationBean */
  public userValidationBean() {
  //"SELECT u.username,u.password FROM UserTable u WHERE u.username =?1 and u.password=?2"
  public boolean checkUser()
  try
  tran.begin();
  UserTable user=new UserTable();
  Query query=manager.createQuery("select u.username,u.password from u.user_table where u.username=:username and u.password=:password");
  /*query.set("username",user.getUsername());
  query.setParameter("password",user.getPassword());*/
  query.setParameter("username",user.getUsername());
  query.setParameter("password",user.getPassword());
  userValidationBean ubean=(userValidationBean)query.getSingleResult();
  boolean result=ubean==null?true:false;
  tran.commit();
  catch(Exception e)
  System.out.println("Error:"+e);
  // boolean result=ubean==null?true:false;
  return result;
  remote interface
  package Entities;
  import javax.ejb.Remote;
  import Entities.UserTable;
  * This is the business interface for userValidation enterprise bean.
  @Remote
  public interface userValidationRemote {
  public boolean checkUser();
  controller:servlet
  * userCheck.java
  * Created on 15 March 2008, 22:41
  package servlets;
  import Entities.UserTable;
  import Entities.userValidationBean;
  import javax.annotation.*;
  import Entities.userValidationRemote;
  import java.io.*;
  import java.net.*;
  import java.sql.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.ejb.*;
  import javax.naming.*;
  import javax.persistence.*;
  * @author Ayo
  * @version
  public class userCheck extends HttpServlet {
  //@EJB userValidationRemote userRemote;
  boolean checkUser;
  String username,password;
  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  * @param request servlet request
  * @param response servlet response
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  /*con=null;
  ps=null;
  rs=null;
  s=null;
  */response.setContentType("text/html;charset=UTF-8");
  PrintWriter out = response.getWriter();
  username=request.getParameter("username");
  password=request.getParameter("password");
  if(username==""||password=="")
  //RequestDispatcher de=request.getRequestDispatcher("admin_error.jsp");
  //de.forward(request,response);
  //showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  try
  Context ctx=new InitialContext();
  userValidationRemote userRemote=(userValidationRemote)ctx.lookup("Entities.userValidationRemote");
  checkUser= userRemote.checkUser();
  //checkUser= userRemote.checkUser();
  //return;
  //checkUser(UserTable user);
  catch(Exception e)
  out.println("Error:"+e);
  //userValidation.checkUser(UserTable user);
  if(checkUser==true)
  RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
  d.forward(request,response);
  else if(checkUser==false)
  // RequestDispatcher d=request.getRequestDispatcher("admin_error.jsp");
  //d.forward(request,response);
  showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  //call bean(stateless or stateful)which access method on entity that validates.
  // checkUser(request,response);
  /* TODO output your page here
  out.println("<html>");
  out.println("<head>");
  out.println("<title>Servlet userCheck</title>");
  out.println("</head>");
  out.println("<body>");
  out.println("<h1>Servlet userCheck at " + request.getContextPath () + "</h1>");
  out.println("</body>");
  out.println("</html>");
  //out.close();
  /* public synchronized void checkUser(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  if(username==""&&password=="")
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select username,password from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  user=rs.getString(1);
  pass=rs.getString(2);
  //check user type,wether super admin,user or the other subadmins or a regular user.
  checkType(request,response);
  else
  //redirect to admin error page,then close the connection.
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  con.close();
  catch(Exception e)
  private synchronized void checkType(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select user_type,user_id,access_level from user_table where username=? and password=?");
  ps.setString(1,user);
  ps.setString(2,pass);
  rs=ps.executeQuery();
  if(rs.next())
  user_type=rs.getString(1);
  user_id=""+rs.getInt(2);
  access_level=rs.getString(3);
  if(user_type.equals("super")&&(access_level.equals("all")))
  //create admin user session,add to the username and the user_id.
  //redirect to super admin page,with access rights to create
  //health admin,insurance admin and HMO admin.
  //pretty cool stuff!
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_user_page.jsp");
  dispatcher.forward(request,response);
  //session.setAttribute(user_id);
  //remember to create a hidden field if you need to pass this information
  //to another page and retrieve the super admin id to track his activities.
  else if(user_type.equals("health administrator")&&(access_level.equals("Health")))
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher des=request.getRequestDispatcher("health_admin_user_page.jsp");
  des.forward(request,response);
  //check for other user types,health admin,hmo admin and insurance admin.
  else if(user_type.equals("hmo administrator")&&(access_level.equals("HMO")))
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher d=request.getRequestDispatcher("hmo_admin_user_page.jsp");
  d.forward(request,response);
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else if(user_type.equals("insurance administrator")&&(access_level.equals("insurance")))
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher de=request.getRequestDispatcher("insurance_admin_user_page.jsp");
  de.forward(request,response);
  else if(user_type.equals("user")&&(access_level.equals("health")))
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  String staff_id=""+rs.getInt(1);
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select * from health_staff_table where staff_id=?");
  ps.setString(1,staff_id);
  rs=ps.executeQuery();
  if(rs.next())
  //retrieve the values from health staff and store them in variables.
  //store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
  //redirect to required page.
  String first_name=rs.getString("first_name");
  String last_name=rs.getString("last_name");
  String work_place=rs.getString("place_of_work");
  HttpSession session=request.getSession(true);
  session.setAttribute("first_name",first_name);
  session.setAttribute("last_name",last_name);
  session.setAttribute("work_place",work_place);
  session.setAttribute("staff_id",staff_id);
  //redirect to user page.
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  //catch exception and redirect to page.
  else if(user_type.equals("user")&&(access_level.equals("HMO")))
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  String staff_id=""+rs.getInt(1);
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select * from hmo_staff_table where staff_id=?");
  ps.setString(1,staff_id);
  rs=ps.executeQuery();
  if(rs.next())
  //retrieve the values from HMO staff and store them in variables.
  //store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
  //redirect to required page.
  String first_name=rs.getString("first_name");
  String last_name=rs.getString("last_name");
  String work_place=rs.getString("place_of_work");
  HttpSession session=request.getSession(true);
  session.setAttribute("first_name",first_name);
  session.setAttribute("last_name",last_name);
  session.setAttribute("work_place",work_place);
  session.setAttribute("staff_id",staff_id);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  //catch exception and redirect to page.
  else if(user_type.equals("user")&&(access_level.equals("insurance")))
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  String staff_id=""+rs.getInt(1);
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select * from insurance_staff_table where staff_id=?");
  ps.setString(1,staff_id);
  rs=ps.executeQuery();
  if(rs.next())
  //retrieve the values from insurance staff and store them in variables.
  //store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
  //redirect to required page.
  String first_name=rs.getString("first_name");
  String last_name=rs.getString("last_name");
  String work_place=rs.getString("place_of_work");
  HttpSession session=request.getSession(true);
  session.setAttribute("first_name",first_name);
  session.setAttribute("last_name",last_name);
  session.setAttribute("work_place",work_place);
  session.setAttribute("staff_id",staff_id);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  //catch exception and redirect to page.
  else
  //invalid login details.After all else fails.
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  request.setAttribute("error_msg",errorMsg);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
  dispatcher.forward(request,response);
  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  /** Handles the HTTP <code>GET</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Handles the HTTP <code>POST</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Returns a short description of the servlet.
  public String getServletInfo() {
  return "Short description";
  // </editor-fold>
  view
  <%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Login</title>
  <style type="text/css">
  <!--
  .style3 {     color: #000000;
       font-family: Arial, Helvetica, sans-serif;
       font-size: 12px;
  .style1 {color: #0000FF}
  .style4 {
       color: #0000FF;
       font-size: 12px;
  .style5 {
       font-size: 12px
  .style6 {
       color: #FF0000;
       font-size: 12px;
  .style7 {
       font-size: 36px
  .style8 {color: #000000}
  -->
  </style>
  </head>
  <body>
  <table width="564" border="0" align="center">
  <tr>
  <td width="558" bgcolor="#CCCCCC" class="style1"><div align="center">
  <p> </p>
  <h1 class="style7">Welcome to HealthPort</h1>
  <p>HealthPort Login</p>
  <p><span class="style8">Today's date is:<%= new java.util.Date() %></span></p>
  <form id="form1" name="form1" method="post" action="userCheck">
  <p align="right" class="style3">Username
  <label></label>
  <input type="text" name="username" id="username" />
  </p>
  <p align="right" class="style3">Password
  <input type="password" name="password" id="password" />
  </p>
  <p align="right" class="style3">
  <span class="style6">
  <label></label>
  <label></label>
  </span>
  <span class="style5">
  <label></label>
  </span>
  <label>
  <input type="submit" name="button" id="button" value="Login" />
  </label>
  </p>
  <div align="right">
  </div></form>
  <div align="right"><div align="left"><p align="right"> </p>
  </div></div></div></td>
  </tr>
  <tr>
  <td bgcolor="#CCCCCC" class="style1"> </td>
  </tr>
  </table>
  </body>
  </html>
  so,that's about it.I'd appreciate it.I know this is a lot.I'm grateful
  Ayo.

  Hi.Im still having issues trying to perform form based authenticatin with entities.I tried this method but im getting errors on the marked lines.
  controller servlet
  * userCheck.java
  * Created on 15 March 2008, 22:41
  package servlets;
  import Entities.UserTable;
  import Entities.userValidationBean;
  import javax.annotation.*;
  import Entities.userValidationRemote;
  import java.io.*;
  import java.net.*;
  import java.sql.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.ejb.*;
  import javax.naming.*;
  import javax.persistence.*;
  * @author Ayo
  * @version
  public class userCheck extends HttpServlet {
  //@EJB userValidationRemote userRemote;
  boolean checkUser;
  String username,password;
  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  * @param request servlet request
  * @param response servlet response
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  /*con=null;
  ps=null;
  rs=null;
  s=null;
  */response.setContentType("text/html;charset=UTF-8");
  PrintWriter out = response.getWriter();
  username=request.getParameter("username");
  password=request.getParameter("password");
  if(username==""||password=="")
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  try
  Context ctx=new InitialContext();
  userValidationRemote userRemote=(userValidationRemote)ctx.lookup("Entities.userValidationRemote");
  (error on this line-saying ')' expected and no matter if i add ) there is still erro)userRemote.authenticate(String p_user,String p_password);
  catch(Exception e)
  out.println("Error:"+e);
  if(checkUser==true)
  RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
  d.forward(request,response);
  else if(checkUser==false)
  showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  request.setAttribute("error_msg",errorMsg);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
  dispatcher.forward(request,response);
  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  /** Handles the HTTP <code>GET</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Handles the HTTP <code>POST</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Returns a short description of the servlet.
  public String getServletInfo() {
  return "Short description";
  // </editor-fold>
  view
  <%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Login</title>
  <style type="text/css">
  <!--
  .style3 {     color: #000000;
       font-family: Arial, Helvetica, sans-serif;
       font-size: 12px;
  .style1 {color: #0000FF}
  .style4 {
       color: #0000FF;
       font-size: 12px;
  .style5 {
       font-size: 12px
  .style6 {
       color: #FF0000;
       font-size: 12px;
  .style7 {
       font-size: 36px
  .style8 {color: #000000}
  -->
  </style>
  </head>
  <body>
  <table width="564" border="0" align="center">
  <tr>
  <td width="558" bgcolor="#9DACBF" class="style1"><div align="center">
  <p> </p>
  <h1 class="style7">Welcome to HealthPort</h1>
  <p>HealthPort Login</p>
  <p><span class="style8">Today's date is:<%= new java.util.Date() %></span></p>
  <form id="form1" name="form1" method="post" action="userCheck">
  <p align="right" class="style3">Username
  <label></label>
  <input type="text" name="username" id="username" />
  </p>
  <p align="right" class="style3">Password
  <input type="password" name="password" id="password" />
  </p>
  <p align="right" class="style3">
  <span class="style6">
  <label></label>
  <label></label>
  </span>
  <span class="style5">
  <label></label>
  </span>
  <label>
  <input type="submit" name="button" id="button" value="Login" />
  </label>
  </p>
  <div align="right">
  </div></form>
  <div align="right"><div align="left"><p align="right"> </p>
  </div></div></div></td>
  </tr>
  <tr>
  <td bgcolor="#CCCCCC" class="style1"> </td>
  </tr>
  </table>
  </body>
  </html>
  SLSB (implements userValidationRemote)
  * userValidationBean.java
  * Created on 26 March 2008, 18:25
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import javax.ejb.Stateless;
  import javax.ejb.Remote;
  import javax.persistence.PersistenceContext;
  import javax.persistence.EntityManager;
  import javax.persistence.Query;
  import Entities.UserTable;
  import javax.annotation.*;
  //import javax.transaction.UserTransaction;
  * @author Ayo
  @Stateless(mappedName="ejb/facade/userValidationBean")
  @Remote(userValidationRemote.class)
  (error on this line saying can't find class TransactionManagement)@TransactionManagement(value=TransactionManagementType.CONTAINER)
  public class userValidationBean implements Entities.userValidationRemote {
  @PersistenceContext(unitName="HealthInsuranceApp-ejbPU") private EntityManager manager;
  /** Creates a new instance of userValidationBean */
  public userValidationBean() {
  //"SELECT u.username,u.password FROM UserTable u WHERE u.username =?1 and u.password=?2"
  public boolean authenticate(String p_user,String p_password)
  UserTable m_user=manager.find(UserTable.class,p_user);
  if(m_user!=null)
  return m_user.getPassword().equals(p_password);
  return false;
  Entity
  * UserTable.java
  * Created on 29 March 2008, 13:24
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import java.io.Serializable;
  import javax.persistence.Column;
  import javax.persistence.Entity;
  import javax.persistence.Id;
  import javax.persistence.Table;
  * Entity class UserTable
  * @author Ayo
  @Entity(name="qs_UserPwd")
  @Table(name = "user_table")
  public class UserTable implements Serializable {
  @Id
  @Column(name = "user_id", nullable = false)
  private Integer userId;
  @Column(name = "username")
  private String username;
  @Column(name = "password")
  private String password;
  @Column(name = "user_type")
  private String userType;
  @Column(name = "access_level")
  private String accessLevel;
  @Column(name = "staff_id")
  private Integer staffId;
  @Column(name = "staff_type", nullable = false)
  private String staffType;
  @Column(name = "time_created")
  private String timeCreated;
  @Column(name = "time_modified")
  private String timeModified;
  @Column(name = "time_logged_in")
  private String timeLoggedIn;
  @Column(name = "time_logged_out")
  private String timeLoggedOut;
  @Column(name = "created_by")
  private String createdBy;
  /** Creates a new instance of UserTable */
  public UserTable() {
  * Creates a new instance of UserTable with the specified values.
  * @param userId the userId of the UserTable
  public UserTable(Integer userId) {
  this.userId = userId;
  * Creates a new instance of UserTable with the specified values.
  * @param userId the userId of the UserTable
  * @param staffType the staffType of the UserTable
  public UserTable(Integer userId, String staffType) {
  this.userId = userId;
  this.staffType = staffType;
  public UserTable(String p_user,String p_password)
  setUsername(p_user);
  setPassword(p_password);
  * Gets the userId of this UserTable.
  * @return the userId
  public Integer getUserId() {
  return this.userId;
  * Sets the userId of this UserTable to the specified value.
  * @param userId the new userId
  public void setUserId(Integer userId) {
  this.userId = userId;
  * Gets the username of this UserTable.
  * @return the username
  public String getUsername() {
  return this.username;
  * Sets the username of this UserTable to the specified value.
  * @param username the new username
  public void setUsername(String p_user) {
  p_user = username;
  * Gets the password of this UserTable.
  * @return the password
  public String getPassword() {
  return this.password;
  * Sets the password of this UserTable to the specified value.
  * @param password the new password
  public void setPassword(String p_password) {
  p_password=password;
  * Gets the userType of this UserTable.
  * @return the userType
  public String getUserType() {
  return this.userType;
  * Sets the userType of this UserTable to the specified value.
  * @param userType the new userType
  public void setUserType(String userType) {
  this.userType = userType;
  * Gets the accessLevel of this UserTable.
  * @return the accessLevel
  public String getAccessLevel() {
  return this.accessLevel;
  * Sets the accessLevel of this UserTable to the specified value.
  * @param accessLevel the new accessLevel
  public void setAccessLevel(String accessLevel) {
  this.accessLevel = accessLevel;
  * Gets the staffId of this UserTable.
  * @return the staffId
  public Integer getStaffId() {
  return this.staffId;
  * Sets the staffId of this UserTable to the specified value.
  * @param staffId the new staffId
  public void setStaffId(Integer staffId) {
  this.staffId = staffId;
  * Gets the staffType of this UserTable.
  * @return the staffType
  public String getStaffType() {
  return this.staffType;
  * Sets the staffType of this UserTable to the specified value.
  * @param staffType the new staffType
  public void setStaffType(String staffType) {
  this.staffType = staffType;
  * Gets the timeCreated of this UserTable.
  * @return the timeCreated
  public String getTimeCreated() {
  return this.timeCreated;
  * Sets the timeCreated of this UserTable to the specified value.
  * @param timeCreated the new timeCreated
  public void setTimeCreated(String timeCreated) {
  this.timeCreated = timeCreated;
  * Gets the timeModified of this UserTable.
  * @return the timeModified
  public String getTimeModified() {
  return this.timeModified;
  * Sets the timeModified of this UserTable to the specified value.
  * @param timeModified the new timeModified
  public void setTimeModified(String timeModified) {
  this.timeModified = timeModified;
  * Gets the timeLoggedIn of this UserTable.
  * @return the timeLoggedIn
  public String getTimeLoggedIn() {
  return this.timeLoggedIn;
  * Sets the timeLoggedIn of this UserTable to the specified value.
  * @param timeLoggedIn the new timeLoggedIn
  public void setTimeLoggedIn(String timeLoggedIn) {
  this.timeLoggedIn = timeLoggedIn;
  * Gets the timeLoggedOut of this UserTable.
  * @return the timeLoggedOut
  public String getTimeLoggedOut() {
  return this.timeLoggedOut;
  * Sets the timeLoggedOut of this UserTable to the specified value.
  * @param timeLoggedOut the new timeLoggedOut
  public void setTimeLoggedOut(String timeLoggedOut) {
  this.timeLoggedOut = timeLoggedOut;
  * Gets the createdBy of this UserTable.
  * @return the createdBy
  public String getCreatedBy() {
  return this.createdBy;
  * Sets the createdBy of this UserTable to the specified value.
  * @param createdBy the new createdBy
  public void setCreatedBy(String createdBy) {
  this.createdBy = createdBy;
  * Returns a hash code value for the object. This implementation computes
  * a hash code value based on the id fields in this object.
  * @return a hash code value for this object.
  @Override
  public int hashCode() {
  int hash = 0;
  hash += (this.userId != null ? this.userId.hashCode() : 0);
  return hash;
  * Determines whether another object is equal to this UserTable. The result is
  * <code>true</code> if and only if the argument is not null and is a UserTable object that
  * has the same id field values as this object.
  * @param object the reference object with which to compare
  * @return <code>true</code> if this object is the same as the argument;
  * <code>false</code> otherwise.
  @Override
  public boolean equals(Object object) {
  // TODO: Warning - this method won't work in the case the id fields are not set
  if (!(object instanceof UserTable)) {
  return false;
  UserTable other = (UserTable)object;
  if (this.userId != other.userId && (this.userId == null || !this.userId.equals(other.userId))) return false;
  return true;
  * Returns a string representation of the object. This implementation constructs
  * that representation based on the id fields.
  * @return a string representation of the object.
  @Override
  public String toString() {
  return "Entities.UserTable[userId=" + userId + "]";
  please what do I do? or is there a better way? seems like my appserver(sun java system app server 9.1)doesnt support dependency injection as
  there's always an exception in the server log when i try it.i use the default transaction provider toplink because use of any of the others raises an exception and my application index page never shows. please i need help? I want to be able to succesfully perform this authentication as its the only way i can move to the next level
  Ayo.

• Form Based Authentication in SharePoint 2013: Getting The remote server returned an error: (500) Internal Server Error

  Hi
   I configured forms based authentication mode in Sharepoint 2013 site. When i tried to log in with windows authentication prompt it throws the following error
  The remote server returned an error: (500) Internal Server Error
  [WebException: The remote server returned an error: (500) Internal Server Error.] System.Net.HttpWebRequest.GetResponse() +8548300 System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +111 [ProtocolException:
  The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+msbin1). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first
  1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  How to fix this issue?
  Regards,
  Siva

  Did you create a new web application or modify an existing web application?
  I would start by checking the ULS logs, maybe there is an incorrect setting within one of the web.config files, or SQL permissions.
  Also, as suggested above, check application pools are running.
  This blog post is a great guide for setting up FBA, check it through to make sure you haven't missed any steps:
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx

• Big problem :anything is accepted by form-based authentication on Jboss

  Hi there
  I'm new to form-based authentication. I've been stuck on this problem for one and a half day. I set up the form-based authentication(with JDBC realm) on JBoss 3.2/Tomcat 5.0. When I visit the protected area, it did ask me for password. But it accepts whatever I input and forwards the desired page, even when I input nothing and just click on submit, it allows me to go through. No error message at all. I am in desperate need for help.
  Here is my configuration. The web.xml is like this
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
  <display-name>LoginTest</display-name>
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>DELETE</http-method>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  <http-method>PUT</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>manager</role-name>
  </auth-constraint>
  <user-data-constraint><transport-guarantee>NONE</transport-guarantee></user-data-constraint>
  </security-constraint>
  <!-- Default login configuration uses form-based authentication -->
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>Manager security role</description>
  <role-name>manager</role-name>
  </security-role>
  </web-app>
  I also add the following JDBC realm definition into the server.xml which is under jboss/server/default/deploy/jbossweb-tomcat50.sar
  <Realm
  className="org.apache.catalina.realm.JDBCRealm" debug="1"
  driverName="org.gjt.mm.mysql.Driver"
  connectionURL="jdbc:mysql://myipdadress:3306/field_bak"
  connectionName="plankton"
  connectionPassword="plankton"
  userTable="users"
  userNameCol="user_name"
  userCredCol="user_pass"
  userRoleTable="user_roles"
  roleNameCol="role_name"
  />
  The JDBC realm is enclosed by the <engine> element. I checked the server log file, when the jboss server is started, it does load the mysql driver correctly and connect to mysql database fine. If I changed the IP of the mysql server to a non-existing one, then when I start jboss server, the server boot process will complain about connection to mysql faiure.
  I guess maybe the server doesn't do the authentication by connecting to mysql and verify it when I submit the log in form. It seems the JDBC realm authentication is bypassed. I notice that even I get rid of the JDBC realm definition from the server.xml file, and test the web application. It behaves exactly the same way. It asks me for password but anything will go through even nothing.
  Can anybody help me about this? I'm really stuck on this.
  Thanks a lot!

  By the way, I did create database"field_bak" and the tables for the JDBC realm verification.
  I also created the users and the roles.
  But it seems like Tomcat container doesn't do the JDBC realm authentication.

• Oracle form based authentication

  can anyone tell me how to do the simple form-based authentication with IIS in OAM10g ??? pls
  Edited by: 859749 on May 19, 2011 4:32 AM

  Please refer to the product documentation.
  http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12488/v2form.htm#BABCDIEE

• Ask for help with form based authentication & authorization

  Hi:
  I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
  in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
  2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

  Hi, Paul:
  Thanks a lot for your reply.
  Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
  <auth-constraint>
  <description>no description</description>
  <role-name>customer</role-name>
  </auth-constraint>
  So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
  What not happen are :
  1. user1 & user2 pass, but redirect to /
  2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
  (login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
  3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
  And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
  Any idea ?
  HaiMing
  "Paul Patrick" <[email protected]> wrote:
  If I understand what your trying to do, everyone should get access to the
  login page since roles are not
  associated with principals until after they authenticate. If I follow what
  you specified in the XML files,
  authenticated users user1 and user2 are members of a group called
  customer_group.
  The principal customer_group (and therefore its members) is mapped in the
  weblogic.xml file to the role
  customer.
  I can't speak to the reason your being redirected to the document root.
  Paul Patrick
  "HaiMing" <[email protected]> wrote in message
  news:[email protected]...
  Hi:
  I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
  web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
  the user does not have the necessary role
  in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
  / error message which complain about the authorization / access control
  error
  2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

• J_security_check in form-based authentication - not checking for blank passwords

  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

  Hi Brian,
  I do not believe it is j_security_check's job to check for blank
  passwords.
  In many security realms, it is "legal" for a user to have a blank
  password. j_security_check forwards whatever password was entered so that
  even users with blank passwords can be authenticated by the realm on the
  backend. For this reason I believe that j_security_check is "doing the
  right thing" by just forwarding whatever is presented to it, rather than
  having its own logic. It is best if j_security_check just acts as a very
  dumb middle man.
  If behavior was altered, it is true that your particular problem would be
  solved, but then many other people would have a problem with their users
  with blank passwords authenticating properly...
  Try looking into how to disable anonymous logins on the LDAP end of
  things. Hope this helps.
  Cheers,
  Joe Jerry
  brian wrote:
  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

• Updating password for Form Based authentication database using code

  Hi,
  We have created FBA(Form Based authentication) for SP2010. We are storing all the usernames and Passwords in FBA database. If any user changes their password needs to be save in FBA Database with latest password.
  can any one suggest me how to do this one.....
  Thanks....

  https://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.changepassword(v=vs.110).aspx
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Manager password in tomcat for form based authentication

  Hi all,
  I have a jsp using form based authentication.I have set up the web.xml,server.xml and created my database with the various users and roles but when i try to deploy the application,it as for the manger username/password and when i enter what i have in the database it refuses to connect.
  Anyone has any idea what i might be doiing wrong?
  Thans in advance

  Hi,
  I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

• Configuring tomcat for form based authentication-help badly needed

  hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way out of this please , i tried even jguard but it needs changes in jvm which also not into my access

  Hi,
  I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

• Window for Form-Based Authentication in web.xml for JAZN.

  Whether probably to make so that the form-authorization in Form-Based Authentication in web.xml for JAZN opened in a separate window?
  Thanks,
  Alexandre

  this is what i have so far...in my web.xml deployment descriptor
  am using Jbuilder 6 with tomcat.....if i run it from IDE, will the featuresi have added to the web.xml file...eg Error page be used ...or only when i deplo the app ???
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <display-name>Java Pet Store</display-name>
  <description>Web Application for Reseach</description>
  <session-config>
  <session-timeout>54</session-timeout>
  </session-config>
  <welcome-file-list>
  <welcome-file>Default.jsp</welcome-file>
  </welcome-file-list>
  <error-page>
  <error-code>500</error-code>
  <location>/</location>
  </error-page>
  <taglib>
  <taglib-uri>PetStoreTagLib</taglib-uri>
  <taglib-location>/WEB-INF/PetStoreTagLib.tld</taglib-location>
  </taglib>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>SecurePages</web-resource-name>
  <url-pattern>Checkout.jsp</url-pattern>
  <url-pattern>OrderList.jsp</url-pattern>
  <url-pattern>OrderDetails.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>LoggedInUser</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/Login.jsp</form-login-page>
  <form-error-page>/ErrorPage.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>Logged In User</description>
  <role-name>LoggedInUser</role-name>
  </security-role>
  </web-app>
  in setting up the tomcat-users.xml file am i to add table to my database, to relate the user to the role.......

• Form Based Authentication not working for my sharepoint site.

  I am using FIM 2010 r2 on Sharepoint -80 . I tried to use forms based authentication instead of default windows based auth. But the site is not even redirecting to the custom login page i am trying to connect .
  Any suggestions ?

  Issue has been resolved.  There was no interesting work-a-round or fix involved.

• Need Sample Code for Form-based Authentication

  Hello.
  I'm trying to setup Form-based Authentication. I keep reading the same (limited) documentation about putting this in your server's .xml files:
  <form method="POST" action="j_security_check">
          <input type="text" name="j_username">
          <input type="password" name="j_password">
  </form>I don't even have a web.xml or sun-web.xml file. I cannot find examples of Sun One WS either.
  Any sample coding - including yoru web.xml, sun-web.xml - would be greatly appeciated.
  Thanks!
  Sam

  Refer http://docs.sun.com/source/817-1833-10/pwadeply.html#wp40541

• Form Based Authentication in Tomcat, getting login and password

  Sorry for my English.
  How I can guess login and password strings of an user, from error page (JSP)using "Form Based Authentication of Tomcat"?
  I need know it to lock the count each 3 error tries (if login is ok but
  password is bad, insteed).
  Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
  HttpServletRequest interface have this result: If no user has been
  authenticated, returns null, false and null respectly. For this reason, they aren't utils for me.
  If I don�t know login what user writed, I can't lock his/her count.
  Exist solution for this? Thanks

  hi i am also facing the same problem. could u please tell me how u overcame the situation ?
  u will reallly pull me out of my troubles
  thanx in advance
  [email protected]

• Catching authentication exception in form-based authentication

  Hi.
  I have a custom UserManager that implements a simple authentication of username/password.
  The web-application is secured using a form-based login-config in web.xml with a form-login-page and a form-error-page. Both these resources points to the same page (login.jsp).
  I want to present a relevant error message when the user fails to log-in (providing wrong username or password, or there is an exception in the UserManager). As far as I can tell there is no way to handle this in a straight-forward manner: When I throw an exception in the UserManager this exception is swallowed by OC4J and never propagates to the form-error-page specified in web.xml. All I can do is to provide a "default" message on the error-page saying "Failed to login". There is no way to tell if the login failed due to invalid username/password or if the login failed due to an unexpected exception in the UserManager implementation (i.e. SQLException).
  I can go around this by storing the relevant error message in a ThreadLocal variable from the UserManager and retrieve this message from the error jsp page. But this is ugly :)
  Shouldn't the form-error-page receive a Throwable in the exception-object? Or is the behavior in OC4J the "standard" way to handle these issues?
  Best Regards //Anders

  Since no one is replying I'm refreshing the thread with some more info..
  Cut from the Servlet 2.3 Specification (in SRV.12.5.3, Form Based Authentication):
  When a user attempts to access a protected web resource, the container checks the user s authentication.
  If the user is authenticated and possesses authority to access the resource, the requested web resource is activated and a reference to it is returned.
  If the user is not authenticated, all of the following steps occur:
  1. The login form associated with the security constraint is sent to the client and the URL path triggering the authentication is stored by the container.
  2. The user is asked to fill out the form, including the username and password fields.
  3. The client posts the form back to the server.
  4. The container attempts to authenticate the user using the information from the form.
  5. If authentication fails, the error page is returned using either a forward or a redirect, and the status code of the response is set to 401.
  6. If authentication succeeds, the authenticated user s principal is checked to see if it is in an authorized role for accessing the resource.
  7. If the user is authorized, the client is redirected to the resource using the stored URL path.
  The error page sent to a user that is not authenticated contains information about the failure.
  The last sentence could be interpreted as "The container should provide the error page with a valid exception object".
  How is this implemented in other servlet containers - JBoss, Websphere, Weblogic, Orion?
  //Anders