Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import java.sql.Connection;
- import java.sql.DriverManager;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.sql.Statement;
- class Login {
- public Connection getConnection() throws SQLException {
- DriverManager.registerDriver(new
- com.microsoft.sqlserver.jdbc.SQLServerDriver());
- String dbConnection =
- PropertyManager.getProperty("db.connection");
- // Can hold some value like
- // "jdbc:microsoft:sqlserver://<HOST>:1433,<UID>,<PWD>"
- return DriverManager.getConnection(dbConnection);
- }
- String hashPassword(char[] password) {
- // Create hash of password
- }
- public void doPrivilegedAction(String username, char[] password)
- throws SQLException {
- Connection connection = getConnection();
- if (connection == null) {
- // Handle error
- }
- try {
- String pwd = hashPassword(password);
- String sqlString = "SELECT * FROM db_user WHERE username = '"
- + username +
- "' AND password = '" + pwd + "'";
- Statement stmt = connection.createStatement();
- ResultSet rs = stmt.executeQuery(sqlString);
- if (!rs.next()) {
- throw new SecurityException(
- "User name or password incorrect"
- );
- }
- // Authenticated; proceed
- } finally {
- try {
- connection.close();
- } catch (SQLException x) {
- // Forward to handler
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement