fc.web.servlet
Class LoginServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by fc.web.servlet.FCBaseServlet
              extended by fc.web.servlet.LoginServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

public class LoginServlet
extends FCBaseServlet

Logs in/logs out the user. Works in conjunction with JDBCAuthFilter and the login page of the application. (handles the submit from the HTML login form). Moreover, the application can logout the user by invoking this servlet with an additional act=logout query string. Uses JDBCSession to create/delete session id's automatically on successful logins/logouts.

Requires the following servlet initialization parameters

On login failure, the following attributes are set in the request before control is transferred to the login page via a server side redirect.
  1. retrycount, value is a Integer object representing the number of times login has been unsuccessfuly tried. Note: the login page should read this attribute if present and store it in the form as a hidden parameter. When the login form is submitted, this variable will be sent back to this servlet in the request as a parameter and upon login failure, be appropriately incremented.
On login success, the following attributes are set as a cookie on the client. This cookie is removed on logout.
  1. SID_COOKIE_NAME the session ID assigned to the user. After logging in, a session will exist in the database. JDBCSession can thereafter be used to store any information for that session in the database via the session ID.
  2. user.name, the name of the user that was succefully used to login to the system. (this is useful for displaying the username in the front end page without hitting the database everytime).
In addition, upon successful login, the onLogin(java.sql.Connection, java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method is invoked. This method can be overriden as necessary by subclasses. Similarly, In addition, upon successful logout, the onLogout(java.sql.Connection, java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method is invoked.

The servlet requires the following request parameters from the login form:

The following request parameters are optional.

Requires the following database schema:

A Users table must exist. (note: "user" is a reserved word in many databases, the table must be called Users.
    The following columns must exist in the Users table.
  1. user_id the user id
  2. username the name of the user (corresponds to the username parameter in the login form)
  3. password the password for the user (corresponds to the password parameter in the login form).
The class will use the DBOMgr framework so a UserMgr class corresponding to the aforementioned User table must exist in the classpath of this servlet.
Since this class uses JDBCSession, the default database tables required by JDBCSession also must exist.

For security reasons, for logging in, the username/password form must be submitted via a POST (GET is fine when logging out).

See Also:
Serialized Form

Field Summary
static String SID_COOKIE_NAME
          value = "sid"
 
Constructor Summary
LoginServlet()
           
 
Method Summary
 void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
           
 void doPost(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
           
 String encodePassword(String password)
          For this method to be available from application code, this servlet should be set to load on startup and code similar to the following example invoked.
static javax.servlet.http.Cookie getSIDCookie(javax.servlet.http.HttpServletRequest req)
          Returns the cookie corresponding to the "sid".
 void init(javax.servlet.ServletConfig conf)
           
 void onLogin(Connection con, String sid, String username, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          This method is invoked upon successful login.
 void onLogout(Connection con, String sid, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          This method is invoked upon successful login.
 String validateUser(Connection con, String username, String password)
          This method validates the specified username/password.
 
Methods inherited from class fc.web.servlet.FCBaseServlet
destroy, getLog, stats, toString
 
Methods inherited from class javax.servlet.http.HttpServlet
service
 
Methods inherited from class javax.servlet.GenericServlet
getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

SID_COOKIE_NAME

public static final String SID_COOKIE_NAME
value = "sid"

See Also:
Constant Field Values
Constructor Detail

LoginServlet

public LoginServlet()
Method Detail

init

public void init(javax.servlet.ServletConfig conf)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Servlet
Overrides:
init in class FCBaseServlet
Throws:
javax.servlet.ServletException

getSIDCookie

public static javax.servlet.http.Cookie getSIDCookie(javax.servlet.http.HttpServletRequest req)
Returns the cookie corresponding to the "sid". (this cookie has key = SID_COOKIE_NAME and the value is the SID created/set at login time). Returns null is no sid cookie is found.


doGet

public void doGet(javax.servlet.http.HttpServletRequest req,
                  javax.servlet.http.HttpServletResponse res)
           throws javax.servlet.ServletException,
                  IOException
Overrides:
doGet in class javax.servlet.http.HttpServlet
Throws:
javax.servlet.ServletException
IOException

doPost

public void doPost(javax.servlet.http.HttpServletRequest req,
                   javax.servlet.http.HttpServletResponse res)
            throws javax.servlet.ServletException,
                   IOException
Overrides:
doPost in class javax.servlet.http.HttpServlet
Throws:
javax.servlet.ServletException
IOException

validateUser

public String validateUser(Connection con,
                           String username,
                           String password)
                    throws SQLException,
                           IOException
This method validates the specified username/password.

This class should be subclassed to override this method and validate the supplied username/password against a database in a different fashion if desired. The default implmentation of this method works with the following initialization parameters.

This method should return the following values:

Throws:
SQLException
IOException

encodePassword

public String encodePassword(String password)
                      throws IOException
For this method to be available from application code, this servlet should be set to load on startup and code similar to the following example invoked.
LoginServlet ls = (LoginServlet) WebApp.allServletsMap.get("fc.web.servlet.LoginServlet"); if (ls == null) { //can happen if servlet is not loaded yet throw new Exception("Unexpected error: LoginServlet was null"); } return ls.encodePassword(passwd);

Throws:
IOException

onLogin

public void onLogin(Connection con,
                    String sid,
                    String username,
                    javax.servlet.http.HttpServletRequest req,
                    javax.servlet.http.HttpServletResponse res)
             throws SQLException,
                    IOException
This method is invoked upon successful login. By default, it does nothing but subclasses can override this method as needed.

Parameters:
con - a connection to the database
username - the username for this user (that was used to login the user via the login query)
sid - the session id for this user
Throws:
SQLException
IOException

onLogout

public void onLogout(Connection con,
                     String sid,
                     javax.servlet.http.HttpServletRequest req,
                     javax.servlet.http.HttpServletResponse res)
              throws SQLException,
                     IOException
This method is invoked upon successful login. By default, it does nothing but subclasses can override this method as needed.

Parameters:
con - a connection to the database
sid - the session id for this user
Throws:
SQLException
IOException