Java Weblog: Login

Welcome! You've decided to learn how to make a more secure weblog. Follow the steps below:

Login
Time for the login functionality. First you will need to add a new field in your blog_pass table in the database for usernames, and then subsequently in your comments and thread tables. Go into phpMyAdmin, and to your blog database. Here is the MySQL code:

You can always do this using the GUI, too. Just go into the table, click on the Structure tab, and go down to where it says "Add [1] field(s)" and just add it to the end of the table and click "Go." The next screen will allow you to name the field, give it the length/values, and other attributes. Then click "Save," as "Go" will just allow you to add another field, but won't add the first one until you click on "Save." As long as you are referencing the table fields by name and not by number, it really doesn't matter where the new fields go.

Then, yet another .jsp file

login.jsp
Here it is:

Credentials.java
This class checks the users credentials at every page they visit, making sure that they are still logged in correctly.

Login.java
This class handles the login action of the weblog. If a user tries to access the blog using just http://localhost:8080/blog/Show, they will automatically be redirected to the login page.

Logout.java
This class handles the logout action of the weblog, and closes the user's session.

web.xml
Time to add in those servlets! Add in Login and Logout.

Editing the Rest of Your Classes
The login system works using sessions that each user has until he or she logs out. At every page they visit on the weblog, the application must check their credentials and, based on the outcome, allow or disallow them from viewing that page. This requires a lot of changes in your other classes so that they do this credential check.

Show.java
In the doGet method, add the following code, right at the beginning, before the

add the following:

Then, to add some personality to the weblog, add this into the HTML header after displaying "My Web log": which will display "Welcome, username".

Next, change

to:

Then, change your entire writeData method to the following:

Next, we want to add in a link to be able to logout-again, without having to do it manually. So, add in this line before after calling printEntries:

ShowComment.java
This is less complicated than the Show class. In the doGet method, add the same credentialing code, and that's it.

Write.java
Again, add the credentialing code, and after the HTML header, change

to:

WriteComment.java
Add the same credentialing code, again, in the same place.

And, similarly to Write, change this:

to this:

The parameters of the writeData method need to be changed to eliminate the String password part. In addition, we can take out the "trivial security", since we now have better security. So, delete everything from the comment //first some really trivial security all the way to the end of the following if/else statement. You still need the // disconnect from MySQL lines, so don't delete those.

Don't forget to compile your java classes, and reload the JBlog session in the Tomcat Manager. Then check out your new weblog!

More to come as we add more!