SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user Ryan Hall

Saved on

compared with

New Version 24

changes.mady.by.user Ryan Hall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
private String login(HttpServletRequest request, HttpServletResponse response) {
  List<String> errors = new ArrayList<String>();
  request.setAttribute("errors", errors);
        
  String username = request.getParameter("username");
  String password = request.getParameter("password");
        
  // Basic input validation
  if(!username.matches("[\\w]*")) errors.add("Incorrect user name format.");
  if(|| !password.matches("[\\w]*")) {
    errors.add("Incorrect user name or password format.");
        
  if(errors.size() > 0) return "error.jsp";
       }
      
  UserBean dbUser = this.userDAO.lookup(username);
  if(!dbUser.checkPassword(password)) {
    errors.add("Passwords do not match.");
    return "error.jsp";
  }
        
  Cookie userCookie = new Cookie("username", username); // Create a cookie that contains the username
  Cookie passCookie = new Cookie("password", password); // Creates a cookie that contains the password
  response.addCookie(userCookie); // Send the cookie information to the client
  response.addCookie(passCookie);

  return "welcome.jsp";
}

...

Code Block
bgColor#ccccff
private String login(HttpServletRequest request, HttpServletResponse response) {
  List<String> errors = new ArrayList<String>();
  request.setAttribute("errors", errors);

  String username = request.getParameter("username");
  String password = request.getParameter("password");

  // Basic input validation
  if(!username.matches("[\\w]*")) errors.add("Incorrect username format.");
  if( || !password.matches("[\\w]*")) {
    errors.add("Incorrect user name or password format.");

  if(errors.size() > 0) return "error.jsp";
  }

  UserBean dbUser = this.userDAO.lookup(username);
  if(!dbUser.checkPassword(password)) {
    errors.add("Passwords do not match.");
    return "error.jsp";
  }

  HttpSession session = request.getSession();
  session.invalidate(); // Invalidate old session id
  session = request.getSession(true); // Generate new session id
  session.setMaxInactiveInterval(2*60*60); // Set session timeout to two hours
  session.setAttribute("user", dbUser); // Store user bean within the session

  return "welcome.jsp";
}

...