...
| Code Block | ||
|---|---|---|
| ||
import java.util.ArrayList; import java.util.List; import javax.servlet.http.*; import com.rhallsrv.insecure.model.UserDAO; import com.rhallsrv.insecure.databeans.UserBean; public class InsecureServlet extends HttpServlet { private UserDAO userDAO; // ... private String login(HttpServletRequest request, HttpServletResponse response) { List<String> errors = new ArrayList<String>(); request.setAttribute("errors", errors); Â Â Â Â Â Â Â String username = request.getParameter("username"); String password = request.getParameter("password"); Â Â Â Â Â Â // Basic input validation if(!username.matches("[\\w]*") || !password.matches("[\\w]*")) { errors.add("Incorrect user name or password format."); return "error.jsp"; } Â Â Â Â Â UserBean dbUser = this.userDAO.lookup(username); if(!dbUser.checkPassword(password)) { errors.add("Passwords do not match."); return "error.jsp"; } Â Â Â Â Â Â Cookie userCookie = new Cookie("username", username); // Create a cookie that contains the username Cookie passCookie = new Cookie("password", password); // Creates a cookie that contains the password response.addCookie(userCookie); // Send the cookie information to the client response.addCookie(passCookie); return "welcome.jsp"; } } |
...