JavaServer Pages (JSP) Authentication Program

In this example we will be creating a simple JSP Authentication program

Download this Sample code (ZIP)

The MySQL Database Table

CREATE TABLE `user` (
  `id` int(10) NOT NULL auto_increment,
  `nm` varchar(200) default NULL,
  `pw` varchar(200) default NULL,
  PRIMARY KEY  (`id`)
)

 

conn.jsp
First to connect MySQL to this Java program, I have to download the MySQL/Java connector library and place it in the WEB-INF\lib directory of this web application.
The Connection String , connecting JSP to MySQL Database)


<%@ page import="java.sql.*" %>
<%
String connectionURL = "jdbc:mysql://localhost/ sample_db";
Connection connection = null;
Statement statement = null;
ResultSet rs = null;

           
Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection(connectionURL, "root", "");
statement = connection.createStatement();
%>

Note this conn.jsp page will be included into any page that requires a database access, this is to eliminate repeatition on this lines of code on every page requiring database access.

 

index.jsp
This page contains the Login form, please note that the first line of this page, remove the session, therefore it also serves as the Logout page.

<%
//This remove the Session (for Logout)
session.removeAttribute("user_id");
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>JSP Authentication Program</title>
</head>

<body>
<b>LOGIN</b>
<form id="form1" name="form1" method="post" action="auth.jsp">
  <table width="40%" border="0">   
    <tr>
      <td>USER ID </td>
      <td><input name="user_id" type="text" id="user_id" /></td>
    </tr>
    <tr>
      <td>PASSWORD</td>
      <td><input name="password" type="password" id="password" /></td>
    </tr>
    <tr>
      <td></td>
      <td><input type="submit" name="Submit" value="Submit" /></td>
    </tr>
  </table>
</form>
</body>
</html>

 

auth.jsp
This page handles is the authorization function, by ensuring that only register use ID in the database table is granted access to the home.jsp welcome page

<%@ page import="java.sql.*" %>
<%@ include file="conn.jsp" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>JSP Authentication Program</title>
</head>

<body>

<%
String un = request.getParameter("user_id");
String pw = request.getParameter("password");

statement = connection.createStatement();
rs = statement.executeQuery("SELECT * FROM user WHERE nm='"+un+"' AND pw='"+pw+"'");

try {

     rs.next();
     session.setAttribute("user_id",rs.getString("nm"));
     rs.close();
%>
  <jsp:forward page="home.jsp" />
 
  <%
}catch(Exception e){
       // out.println("Exception is ;"+e);
        out.println("Sorry invalid ID, <a href=\"index.jsp\">click here</a> to try again");
  }

%>

</body>
</html>

 

home.jsp
This is the welcome page we are trying to access, if only we are a registered user….

<%
 if(session.getAttribute("user_id")==null){
%>
       <jsp:forward page="index.jsp" />;
<%
 }
%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>JSP Authentication Program</title>
</head>

<body>
Welcome: <b><%= session.getAttribute("user_id")%></b> [<a href="index.jsp">Login</a>]
</body>
</html>

 

Screenshot

Download this Sample code (ZIP)