How to use jsp / servlet

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • game2d
    New Member
    • Apr 2013
    • 59
    #1

    How to use jsp / servlet

    I need help making proper way to make website using jsp/servlet.

    file path: WebContent > login.jsp
    Code:
           <form method="post" action="servlet">
          what's your username?<br /> <input type="text" name="usernameF" /><br />
          what's your password?<br /> <input type="password" name="passwordF" /><br />
	  <input type="submit" name="submitB" value="login" />
       </form>

    file path: Java Resources > src > servlet.java
    Code:
    ...
protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		response.setContentType("text/html"); // useing html
		
		PrintWriter out = response.getWriter(); // write to browser
		HttpSession session = request.getSession(true);
		
		if (request.getParameter("submitB") != null) {
			if (usernameR.equals("")) {
				out.print("Error enter name");
			} else if (passwordR.equals("")) {
				out.print("Error enter password");
			} else {
				session.setAttribute("username", usernameR);
				response.sendRedirect(login.jsp);
			}
                }
}
...


    Question 1: is this the proper way of using jsp/servlet?
    Question 2: when user hit submit button in html form than it will run java code. but in servlet.java class the error will never print on login.jsp. how can i print errors on login.jsp? by error i mean:
    out.print("Erro r enter name");
    out.print("Erro r enter password");

    p.s i look tutorial online but they only use jsp which is not good coding. if you have proper jsp/servlet tutorial let me know.

    Thank you so much
    Tags: None
    • chaarmann
      Recognized Expert Contributor
      • Nov 2007
      • 785
      #2
      Answert to question 1:
      How do you define "proper"? If it is a small demo and security is not so important, then it is.

      Answer to question 2: You should check the username/password fields (empty, invalid characters etc.) BEFORE you submit the request, by using Javascript in your browser. This puts load off your server. Then you can directly pop up the error message by using "alert('myError Message')" and focus on the wrong field.
      You must also check all input on the server AFTER submitting. Users can turn off javascript just before sending, or send a request by typing arguments directly into the URL, or by using hacking tools. Some errors (like wrong password) can only be checked on the server anyway. Then you should re-send the login page, enriched with an error message.

      Tip to avoid a common beginner's mistake:
      Never ever send an internal error message back to the client. Just log it, give it a number and then forward to a custom error page stating "There was an internal error logged under number nnnn. Please contact the administrator by providing this number under ...". I have seen so many pages where error like the following pop up that provides excellent info for easy hacking (just making one up, but you get the idea): "ASPX error in Oracle database table CUSTOMERS. Null cannot be compared to password 'MyPassword' for user 'John Doe'"

        Comment

        • zmbd
          Recognized Expert Moderator Expert
          • Mar 2012
          • 5501
          #3
          One question per thread please.
          Both of your questions are quite broad... can you focus down to one particular issue you are having, provide the details, describe what you want, what's happening, and what have YOU done in an attempt to fix the issue.

            Comment

            Previous template Next
            Working...