Use jsp:useBean with the Account objectHEAD master

author: Stefan Suhren <suhren.stefan@fh-swf.de> 2015-11-16 10:29:28 +0100
committer: Stefan Suhren <suhren.stefan@fh-swf.de> 2015-11-16 10:29:28 +0100
commit: 6df322a7475686908bb7634fdfab85182f46d336 (patch)
tree: bbd2f0953c89a8c545d572021332789d5f658477 /src/de/fhswf/in/inf/fit
parent: be337434a721178cc3efeb468e873b571855b605 (diff)
download: FIT-master.tar.gz
FIT-master.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java b/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java
index e5611b8..498582b 100644
--- a/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java
+++ b/src/de/fhswf/in/inf/fit/aufgabe6/LoginServletWithJpaAndJsp.java
@@ -64,9 +64,15 @@ public class LoginServletWithJpaAndJsp extends HttpServlet
       // This is very insecure and can be exploited via timing attacks
       if (account != null && account.isPasswordCorrect(requestPassword))
       {
-         request.getSession().setAttribute("username", account.getUsername());
+         request.getSession().setAttribute("user", account);
 
-         response.sendRedirect("LoginSuccess.jsp");
+         // RequestDispatcher dispatcher = getServletContext()
+         // .getRequestDispatcher("/LoginSuccess.jsp");
+         //
+         // dispatcher.forward(request, response);
+
+         response
+               .sendRedirect(response.encodeRedirectURL("LoginSuccess.jsp"));
       }
       else
       {
author	Stefan Suhren <suhren.stefan@fh-swf.de>	2015-11-16 10:29:28 +0100
committer	Stefan Suhren <suhren.stefan@fh-swf.de>	2015-11-16 10:29:28 +0100
commit	6df322a7475686908bb7634fdfab85182f46d336 (patch)
tree	bbd2f0953c89a8c545d572021332789d5f658477 /src/de/fhswf/in/inf/fit
parent	be337434a721178cc3efeb468e873b571855b605 (diff)
download	FIT-master.tar.gz FIT-master.zip