This article is continuation of previous article, So please read the previous article to know how to setup the project. Once user registration done, user's login id and password will be activated by changing user account's status as "active". Here I am using BCrypt algorithm to hash passwords. While user registration, password will be saved in hash form so that database administration team also cant find what exactly the password is. Whenever user enter credentials, system will use same algorithm to hash password, and verifies with hashed password in database.Find below for flow of the program.

Program Flow 

  1. User Enter Required details ( User Id, Password ) and Submit request to server
  2. Generate hash code for User given password Using BCrypt Algorithm
  3. If generated hash code matches with the hash code from database, go to step 4, else go to step 5
  4. Login successful. Put session for the user
  5. Login unsuccessful. Inform the user

HTML Code

Here I have used Bootstrap for easy and good design. Find below for snippet from login page
<div class="form-group">
    <label for="inputEmail" class="control-label">Email</label>
    <input name="inputEmail" type="email" class="form-control" id="inputEmail" placeholder="Enter Email" data-error="Enter valid Email" required>
    <div class="help-block with-errors"></div>
</div>
<div class="form-group">
    <label for="inputPassword" class="control-label">Password</label>
    <input type="password" name="inputPassword" class="form-control" id="inputPassword" placeholder="Enter Password" data-error="Password should not be null" required>
    <div class="help-block with-errors"></div>
</div>

Login Servlet Post Method

This Login servlet will get email and password from user input. It will verify login and gives proper message to user
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    //get mail and password 
    String inputEmail = request.getParameter("inputEmail");
    String inputPassword = BCrypt.hashpw(request.getParameter("inputPassword"), GlobalConstants.SALT);
    StatusPojo sp = new StatusPojo();
    LOGGER.debug(inputEmail);
    try {
        // now get user info based on given email and password
        UserPojo up = UserDAO.verifyLogin(inputEmail, inputPassword);
        if(up != null) {
            if(up.getSTATUS().equals(GlobalConstants.ACTIVE) || up.getSTATUS().equals(GlobalConstants.IN_RESET_PASSWORD)) {
                // if status is active, then put session for user
                request.getSession().setAttribute(GlobalConstants.USER, up.getUSER_ID());
                request.getSession().setAttribute(GlobalConstants.USER_NAME, up.getFIRST_NAME()+" "+up.getLAST_NAME());
                sp.setCode(0);
                sp.setMessage("Success");   
            } else if(up.getSTATUS().equals(GlobalConstants.NEW)){
                sp.setCode(-1);
                sp.setMessage("Account activation is in pending");
            } else {
                sp.setCode(-1);
                sp.setMessage("Unknown error");
            }
            
        } else {
            sp.setCode(-1);
            sp.setMessage("Email or Password is not valid");                
        }
    } catch (DBException e) {
        LOGGER.debug(e.getMessage());
        sp.setCode(-1);
        sp.setMessage(e.getMessage());
    }
    PrintWriter pw = response.getWriter();
    pw.write(Utils.toJson(sp));
    pw.flush();
    pw.close();
}

Database query

To verify user with input email and password
select USER_ID, EMAIL, FIRST_NAME, LAST_NAME, STATUS, CREATED_TIME from DEMO_USER where EMAIL = ? and PASSWORD = ?

5 comments:

  1. change password upload in spring mvc

    ReplyDelete
    Replies
    1. Great Article android based projects

      Java Training in Chennai

      Project Center in Chennai

      Java Training in Chennai

      projects for cse

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

      Delete
  2. คาสิโนออนไลน์ที่น่าเชื่อถือและมีความเป็นมืออาชีพที่สุดในตอนนี้
    โปรโมชั่นGclub ของทางทีมงานตอนนี้แจกฟรีโบนัส 50%
    เพียงแค่คุณสมัคร สล็อตออนไลน์ กับทางทีมงานของเราเพียงเท่านั้น
    ร่วมมาเป็นส่วนหนึ่งกับเว็บไซต์คาสิโนออนไลน์ของเราได้เลยค่ะ
    สมัครสล็อตออนไลน์ >>> Goldenslot
    สนใจร่วมสนุกกับ คาสิโนออนไลน์ คลิ๊กได้เลย
    มีทั้งคาสิโนออนไลน์ หวยออนไลน์ ฟุตบอลออนไลน์ สล็อตออนไลน์ และอื่นๆอีกมากมาย

    ReplyDelete
  3. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks https://sites.google.com/site/hotmailloginonline/

    ReplyDelete
  4. This is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing useful info: hotmail login

    ReplyDelete

Blogroll

Follow this blog by Email

Popular Posts