package de.fhswf.in.inf.fit.aufgabe6; import java.io.IOException; import javax.persistence.EntityManager; import javax.persistence.EntityManagerFactory; import javax.persistence.Persistence; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import de.fhswf.in.inf.fit.aufgabe5.model.Account; /** * Servlet implementation class LoginServletWithJpaAndJsp */ @WebServlet("/LoginServletWithJpaAndJsp") public class LoginServletWithJpaAndJsp extends HttpServlet { private static final long serialVersionUID = 1L; /** * @see HttpServlet#HttpServlet() */ public LoginServletWithJpaAndJsp() { super(); } /** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse * response) */ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.sendRedirect("LoginFormWithJpaAndJsp.jsp"); } /** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse * response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String requestUsername = request.getParameter("username"); String requestPassword = request.getParameter("password"); if (requestUsername == null || requestPassword == null) { doGet(request, response); } EntityManagerFactory emf = Persistence.createEntityManagerFactory( getServletContext().getInitParameter("persistenceUnit")); EntityManager em = emf.createEntityManager(); Account account = em.find(Account.class, requestUsername); emf.close(); // This is very insecure and can be exploited via timing attacks if (account != null && account.isPasswordCorrect(requestPassword)) { request.getSession().setAttribute("username", account.getUsername()); response.sendRedirect("LoginSuccess.jsp"); } else { doGet(request, response); } } }