Developing a logon screen

[neosnokia]

Hey, i want to create a java login applet, which can be embedded in to a web page and send information such as user name and password to a servelet to be validated by a database.

Are there any tutorials around showing this? I have had a look on the net and i cant find anything. I can create a simple login which has the user name and password embedded in to the code but im totally lost when creating a login which communicates wiht a servlet then on to a database.

[Eranga]

JSP is much better than Applet for your requirement. What's the point of use Applet in your project?

JSP Tutorial - Java Server Pages Tutorials

[neosnokia]

Been told we must use a applet and servlet

[Eranga]

I think it's better to read more about JSP/Servlet by you before doing this.

JSP are actually Servlet. In backend JSP are compiled into Servlet. Best way is, you can keep member details in a database and validate in a Servlet.

[Eranga]

Here is a simple example. Just look at it. May be it can helpful to you.

JSP Login Page

[neosnokia]

Thx, i have the applet passing a string (username and password) to the servlet, and i have a seperate servlet which can read from a database, (for simplicity im using access database) however i cant think how to query a username or password against a database . :(

[Eranga]

Ok, what you have tried(the query) to deal with the user name and the password?

[neosnokia]

well what i have noticed is when you send the data, user name and password, it comes through as one string, so im trying to split that up first

[Eranga]

Java Code:

 <body>
        <%
String url = "jdbc:odbc:userDSN";
String username="";
String password="";
Connection conn=null;
String classPath = "sun.jdbc.odbc.JdbcOdbcDriver";
String usernm = username; // Validating user name
String passwrd = password; // Validating password
    
try{
    Class.forName(classPath);
    conn = DriverManager.getConnection(url,username,password);
    }catch(Exception exc){
        out.println(exc.toString());
    }
%>
<%
    Statement stm=null;
    ResultSet rst=null;
    
    stm= conn.createStatement();
    String query= "SELECT userID, password FROM user WHERE userID =" +usernm;
    
    rst = stm.executeQuery(query);
%>

<%= rst.getString("userID") %>
<%= rst.getString("password") %>



<% 
if (usernm.equals(userID) && passwrd.equals(password)) { %>

<jsp:forward page = "index.jsp"></jsp:forward>

<% } else { %>

<jsp:forward page = "login_handle.jsp"></jsp:forward>


<% }
            rst.close();
            stm.close();
            conn.close();
%> 
    </body>

Here is a simple code I've with me on one of my application, just a part of it. I don't know how far it's clear to you. Have a look at it and try to understand what's going on there.

[Eranga]

I think it's much better to read the following page yourself.

Understanding Login Authentication

[neosnokia]

Cool, ive managed to split the string up in to user name and password, now all i need is to connect to an access database and compare with the results which are in that

[OrangeDog]

It's a good idea to only store and transmit secure hashes of passwords, rather than the passwords themselves.

[Eranga]

I agreed with you OD. I just trying to point-out in my code just the model of login page. Actually at the very first step, he/she don't have an idea what the technology need to use and lot more to understand.

That's why I point the hard corded credentials there.

[neosnokia]

dont worry about password security i just need once the variables have been sent to connect to a database and compare with what is in the database. If they pass that test, then i can gain access and go in

[OrangeDog]

But if they're not hashed, so can everyone else.

[neosnokia]

what do you mean by hashed?

[OrangeDog]

Cryptographic hash function as used in digest authentication and others.

[neosnokia]

oh rite, ok, i really want to keep this simple, i dont really need anything like that in there

[OrangeDog]

Just as long as you know that a system where plaintext passwords are transmitted and stored is in no way secure.

[neosnokia]

yep :-) maybe when i get it working i can look in to that, but for now i need to get it logging in first.