is this(code inside) a good approach for a system login?
package user;
import java.io.IOException;
import java.sql.*;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import user.UserBean;
publicclass LoginServletextends HttpServletimplements Servlet
{
/* (non-Javadoc)
* @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protectedvoid doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
String username = request.getParameter("username");
String password = request.getParameter("password");
String url ="DATABASE URL";
UserBean user =null;
try
{
// check if user exist
}
catch(Exception e)
{
e.printStackTrace();
}
if (user !=null)
{
response.sendRedirect("../controlpanel.jsp");
}
// otherwise the user was not in the database
else
{
String message ="The name and user you attempted to login with do not exist in the database or you mistyped your password. Please try again.";
request.getSession().setAttribute("login_failed", message);
String URIpath = request.getRequestURI();
request.setAttribute("path", URIpath);
getServletContext().getRequestDispatcher("/login.jsp").forward(request, response);
}
}
protectedvoid doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
doPost(request,response);
}
}
the problem is if i make redirection to control panel as a getServletContext().getRequestDispatcher().forward(request, response), users may be confused because the url will be the same as with the error page for login.. do you have any suggestions?
