API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 4th, 2019
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.08 KB | None | 0 0
raw download clone embed print report
  1. import com.google.gson.JsonObject;
  2.  
  3. import javax.annotation.Resource;
  4. import javax.servlet.annotation.WebServlet;
  5. import javax.servlet.http.HttpServlet;
  6. import javax.servlet.http.HttpServletRequest;
  7. import javax.servlet.http.HttpServletResponse;
  8. import javax.sql.DataSource;
  9.  
  10. import org.jasypt.util.password.PasswordEncryptor;
  11. import org.jasypt.util.password.StrongPasswordEncryptor;
  12.  
  13. import java.io.IOException;
  14. import java.io.PrintWriter;
  15. import java.sql.Connection;
  16. import java.sql.PreparedStatement;
  17. import java.sql.ResultSet;
  18. import java.sql.Statement;
  19. import java.util.HashMap;
  20. import java.util.Map;
  21.  
  22. /**
  23. * This class is declared as LoginServlet in web annotation,
  24. * which is mapped to the URL pattern /api/login
  25. */
  26. @WebServlet(name = "LoginServlet", urlPatterns = "/api/login")
  27. public class LoginServlet extends HttpServlet {
  28. private static final long serialVersionUID = 1L;
  29.  
  30. // Create a dataSource which registered in web.xml
  31. @Resource(name = "jdbc/moviedb")
  32. private DataSource dataSource;
  33.  
  34. /**
  35. * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
  36. */
  37. protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {
  38. String username = request.getParameter("username");
  39. String password = request.getParameter("password");
  40. String userAgent = request.getHeader("User-Agent");
  41. String query_user = "";
  42. String query_pw = "";
  43. String userid = "";
  44. boolean success = false;
  45.  
  46. //response.setContentType("application/json"); // Response mime type
  47. try {
  48. // Get a connection from dataSource
  49. Connection dbcon = dataSource.getConnection();
  50.  
  51. // Declare our statement
  52.  
  53.  
  54. String query = "SELECT c.email as user, c.password as pw, c.id as id "
  55. + "FROM customers c "
  56. + "WHERE c.email = ?;";
  57.  
  58. PreparedStatement statement = dbcon.prepareStatement(query);
  59. statement.setString(1, username);
  60.  
  61. // Perform the query
  62. ResultSet rs = statement.executeQuery();
  63.  
  64. while(rs.next()) {
  65. query_user = rs.getString("user");
  66. query_pw = rs.getString("pw");
  67. userid = rs.getString("id");
  68. }
  69.  
  70.  
  71. // set response status to 200 (OK)
  72. //response.setStatus(200);
  73.  
  74. rs.close();
  75. statement.close();
  76. dbcon.close();
  77. } catch (Exception e) {
  78.  
  79. // write error message JSON object to output
  80. JsonObject jsonObject = new JsonObject();
  81. jsonObject.addProperty("errorMessage", e.getMessage());
  82.  
  83. // set reponse status to 500 (Internal Server Error)
  84. //response.setStatus(500);
  85.  
  86. }
  87.  
  88. /**
  89. * This example only allows username/password to be anteater/123456
  90. * In real world projects, you should talk to the database to verify username/password
  91. */
  92. if (userAgent != null && !userAgent.contains("Android")) {
  93. // Verify reCAPTCHA
  94. String gRecaptchaResponse = request.getParameter("g-recaptcha-response");
  95. try {
  96. RecaptchaVerifyUtils.verify(gRecaptchaResponse);
  97. } catch (Exception e) {
  98. JsonObject responseJsonObject = new JsonObject();
  99. responseJsonObject.addProperty("status", "fail");
  100. responseJsonObject.addProperty("message", "Verification failed.");
  101. response.getWriter().write(responseJsonObject.toString());
  102. return;
  103. }
  104. success = false;
  105. }
  106. if(!query_user.isEmpty() && !query_pw.isEmpty()) {
  107. success = new StrongPasswordEncryptor().checkPassword(password, query_pw);
  108. }
  109.  
  110. if (query_user.equals(username) && success) {
  111. // Login succeeds
  112. // Set this user into current session
  113. String sessionId = ((HttpServletRequest) request).getSession().getId();
  114. Long lastAccessTime = ((HttpServletRequest) request).getSession().getLastAccessedTime();
  115. request.getSession().setAttribute("user", new User(userid));
  116. /*if(request.getSession().getAttribute("employee") != null) {
  117. request.getSession().removeAttribute("employee");
  118. }*/
  119.  
  120. JsonObject responseJsonObject = new JsonObject();
  121. responseJsonObject.addProperty("status", "success");
  122. responseJsonObject.addProperty("message", "success");
  123.  
  124. response.getWriter().write(responseJsonObject.toString());
  125. } else {
  126. // Login fails
  127. JsonObject responseJsonObject = new JsonObject();
  128. responseJsonObject.addProperty("status", "fail");
  129. if (!query_user.equals(username)) {
  130. responseJsonObject.addProperty("message", "user " + username + " doesn't exist");
  131. } else {
  132. responseJsonObject.addProperty("message", "incorrect password");
  133. }
  134. response.getWriter().write(responseJsonObject.toString());
  135. }
  136. }
  137. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!