ciao, devo fare un sistema di login per un'applicazione web, per un esame universitario.

Ci sto sbattendo la testa da mesi con tutorial e altro ma non riesco a venirne fuori.


qualcuno sa darmi qualche consiglio d'esperienza?

di seguito posto i file che ho creato, se qualcuno ha voglia e tempo di aiutarmi posso anche mandarli via email per averli più chiari.

praticamente mi da sempre login failed, e non riesco a capire come funziona la ServletRequest di java..

Grazie a tutti

pagina form.htlm:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title></title>
<meta name="description" content="">
<meta name="keywords" content="">
<meta name="author" content="Unregistered User">
<meta name="generator" content="AceHTML Freeware">
</head>
<body>
<form action='provajsp.jsp'>
Nick: <input type='text' name='userName'>
Pass: <input type='password' name='password'>
<input type='submit'>
</form>
</body>
</html>

file provajsp.jsp
</c:choose>

</body>
</html>
file loginBean.java

package Login;

import javax.servlet.ServletRequest;

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

public class LoginBean {

//private bean instance variables or properties
private ServletRequest req;
public boolean loginSuccess;


public LoginBean( ){ }//bean's no-args constructor

public boolean getLoginSuccess( ) throws LoginException {

//the ServletRequest property has to be set before this
//method is called, because that's where we get the
//username and password from

if (req == null)
throw new IllegalStateException(
"The ServletRequest cannot be null in getLogin( )");

WebCallbackHandler webcallback = new WebCallbackHandler(req);

try{

LoginContext lcontext = new LoginContext(
"WebLogin",webcallback);

//Call the LoginContext's login( ) method; if it doesn't
//throw an exception, the method returns true
lcontext.login( );

return true;

} catch (LoginException lge){

//login failed because the LoginContext.login( ) method
//threw a LoginException
return false;

}

} //getLoginSuccess

public void setReq(ServletRequest request) {

if (request == null)
throw new IllegalArgumentException(
"ServletRequest argument was null in: "+
getClass( ).getName( ));

this.req = request;

} //setReq

} // LoginBean

file WebCallbackHandler.java

package Login;
import javax.security.auth.callback.*;
import javax.servlet.ServletRequest;

public class WebCallbackHandler implements CallbackHandler {

private String userName;
private String password;

public WebCallbackHandler(ServletRequest request){

userName = request.getParameter("userName");
password = request.getParameter("password");

}

public void handle(Callback[] callbacks) throws java.io.IOException,
UnsupportedCallbackException {

//Add the username and password from the request parameters to
//the Callbacks
for (int i = 0; i < callbacks.length; i++){

if (callbacks[i] instanceof NameCallback){

NameCallback nameCall = (NameCallback) callbacks[i];

nameCall.setName(userName);

} else if (callbacks[i] instanceof PasswordCallback){

PasswordCallback passCall = (PasswordCallback) callbacks[i];

passCall.setPassword(password.toCharArray( ));

} else{

throw new UnsupportedCallbackException (callbacks[i],
"The CallBacks are unrecognized in class: "+getClass( ).
getName( ));

}

} //for
} //handle

}

file DataSourvceLoginModule.java

package Login;
import java.util.Map;
import java.sql.*;

import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;

import javax.security.auth.spi.LoginModule;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;

import javax.sql.*;

public class DataSourceLoginModule implements LoginModule {

//These instance variables will be initialized by the
//initialize( ) method
CallbackHandler handler;
Subject subject;
Map sharedState;
Map options;

private boolean loginPassed = false;

public DataSourceLoginModule( ){}//no-arguments constructor

public void initialize(Subject subject, CallbackHandler handler,
Map sharedState, Map options){

this.subject = subject;
this.handler = handler;
this.sharedState = sharedState;
this.options = options;

}

public boolean login( ) throws LoginException {

String name = "";
String pass = "";

Context env = null;
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
DataSource pool = null;

boolean passed = false;

try{

//Create the CallBack array to pass to the
//CallbackHandler.handle( ) method
Callback[] callbacks = new Callback[2];

//Don't use null arguments with the NameCallback constructor!
callbacks[0] = new NameCallback("Username:");

//Don't use null arguments with PasswordCallback!
callbacks[1] = new PasswordCallback("Password:", false);

handler.handle(callbacks);

//Get the username and password from the CallBacks
NameCallback nameCall = (NameCallback) callbacks[0];

name = nameCall.getName( );

PasswordCallback passCall = (PasswordCallback) callbacks[1];

pass = new String ( passCall.getPassword( ) );

//Look up our DataSource so that we can check the username and
//password
env = (Context) new InitialContext( ).lookup("java:comp/env");

pool = (DataSource) env.lookup("jdbc/oracle-8i-athletes");

if (pool == null)
throw new LoginException(
"Initializing the DataSource failed.");

//The SQL for checking a name and password in a table named
//athlete
String sql = "select * from athlete where name='"+name+"'";

String sqlpass = "select * from athlete where passwrd='"+pass+"'";

//Get a Connection from the connection pool
conn = pool.getConnection( );

stmt = conn.createStatement( );

//Check the username
rs = stmt.executeQuery(sql);

//If the ResultSet has rows, then the username was
//correct and next( ) returns true
passed = rs.next( );

rs.close( );

if (! passed){

loginPassed = false;
throw new FailedLoginException(
"The username was not successfully authenticated");

}

//Check the password
rs = stmt.executeQuery(sqlpass);

passed = rs.next( );

if (! passed){

loginPassed = false;
throw new FailedLoginException(
"The password was not successfully authenticated");

} else {

loginPassed = true;
return true;

}

} catch (Exception e){

throw new LoginException(e.getMessage( ));

} finally {

try{

//close the Statement
stmt.close( );

//Return the Connection to the pool
conn.close( );

} catch (SQLException sqle){ }

} //finally

} //login

public boolean commit( ) throws LoginException {

//We're not doing anything special here, since this class
//represents a simple example of login authentication with JAAS.
//Just return what login( ) returned.
return loginPassed;
}

public boolean abort( ) throws LoginException {

//Reset state
boolean bool = loginPassed;
loginPassed = false;

return bool;
}

public boolean logout( ) throws LoginException {

//Reset state
loginPassed = false;
return true;

} //logout

} //DataSourceLoginModule