summaryrefslogtreecommitdiffstats
path: root/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java')
-rw-r--r--src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java84
1 files changed, 84 insertions, 0 deletions
diff --git a/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java b/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
new file mode 100644
index 0000000..158dc49
--- /dev/null
+++ b/src/de/fhswf/in/inf/fit/aufgabe3/LoginServlet.java
@@ -0,0 +1,84 @@
+package de.fhswf.in.inf.fit.aufgabe3;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebInitParam;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Servlet implementation class LoginServlet
+ */
+@WebServlet(urlPatterns = { "/LoginServlet" }, initParams = {
+ @WebInitParam(name = "username", value = "admin"),
+ @WebInitParam(name = "password", value = "12345") })
+public class LoginServlet extends HttpServlet
+{
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public LoginServlet()
+ {
+ super();
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException
+ {
+ response.sendRedirect("LoginForm.jsp");
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException
+ {
+ String validUsername = getInitParameter("username");
+ String validPassword = getInitParameter("password");
+
+ String requestUsername = request.getParameter("username");
+ String requestPassword = request.getParameter("password");
+
+ if (requestUsername == null || requestPassword == null)
+ {
+ doGet(request, response);
+ }
+
+ PrintWriter pw = response.getWriter();
+
+ pw.println("<!DOCTYPE html>");
+ pw.println("<html>");
+ pw.println("<head>");
+ pw.println("<meta charset=\"utf-8\" />");
+ pw.println("<title>Login Answer</title>");
+ pw.println("</head>");
+ pw.println("<body>");
+
+ // This is very insecure and can be exploited via timing attacks
+ if (requestUsername.equals(validUsername)
+ && requestPassword.equals(validPassword))
+ {
+ pw.println("<h1>Success</h1>");
+ }
+ else
+ {
+ pw.println("<h1>Failed</h1>");
+ pw.println("<a href=\"LoginForm.jsp\">Retry</a>");
+ }
+
+ pw.println("</body>");
+ pw.println("</html>");
+ }
+}
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-06 19:34:21 +0000