import java.sql.Connection;import java.sql.DriverManager;import java.sql.Resul

1. import java.sql.Connection;
2. import java.sql.DriverManager;
3. import java.sql.ResultSet;
4. import java.sql.SQLException;
5. import java.sql.Statement;
6.  
7. class Login {
8. public Connection getConnection() throws SQLException {
9. DriverManager.registerDriver(new
10. com.microsoft.sqlserver.jdbc.SQLServerDriver());
11. String dbConnection =
12. PropertyManager.getProperty("db.connection");
13. // Can hold some value like
14. // "jdbc:microsoft:sqlserver://<HOST>:1433,<UID>,<PWD>"
15. return DriverManager.getConnection(dbConnection);
16. }
17.  
18. String hashPassword(char[] password) {
19. // Create hash of password
20. }
21.  
22. public void doPrivilegedAction(String username, char[] password)
23. throws SQLException {
24. Connection connection = getConnection();
25. if (connection == null) {
26. // Handle error
27. }
28. try {
29. String pwd = hashPassword(password);
30.  
31. String sqlString = "SELECT * FROM db_user WHERE username = '"
32. + username +
33. "' AND password = '" + pwd + "'";
34. Statement stmt = connection.createStatement();
35. ResultSet rs = stmt.executeQuery(sqlString);
36.  
37. if (!rs.next()) {
38. throw new SecurityException(
39. "User name or password incorrect"
40. );
41. }
42.  
43. // Authenticated; proceed
44. } finally {
45. try {
46. connection.close();
47. } catch (SQLException x) {
48. // Forward to handler
49. }
50. }
51. }
52. }