Save and retrieve password in jsp

I am new to jsp. I have created a simple login page. Now i want to save/retrieve the password in textfile. The following is my code to save the username and password. I have save one user and password. Now i want to append new users in the same file. Can anyone please suggest me how to append the new users login details in same file. Also i would like to save the password and display some otherpage on buttonclick.

Ideally you should not be having any java code in jsp, it should be handled by servlet. As far as appending to file is concerned, you have to create the FileWriter object in append mode.

Better yet, you shouldn't have any login code at all. The technical term for user-designed login code is "hacked".

Unless you're a full-time trained security professional, you should avoid creating your own security system. Security is too important to be something done as a secondary consideration in today's hostile world. Even if your app does something as simple as trade Pokémon cards, an invader might re-purpose it to launch malware and/or spam.

J2EE/JEE defines a standard container-managed security system. It's built into all major webapp servers, including Tomcat, jetty, Wildfly and the "big name" commercial products. Typically that system has plugin authenticator modules ("Realms") so that you can keep your userids and passwords wherever and however you want to. For example, Tomcat's MemoryRealm uses a simple XML data file format. The JDBC Realm uses SQL databases, and the JNDI Realm can use LDAP servers such as Microsoft's Active directory.

A lot of J2EE books use a user-written login system for code examples. I wish they wouldn't do that. The Internet is polluted enough.

Swastik Dey wrote:Ideally you should not be having any java code in jsp, it should be handled by servlet. As far as appending to file is concerned, you have to create the FileWriter object in append mode.

Inside .jsp file i had written the above code. So instead of that code what should i use means how to handle it by servlet? Please tell me how to.

First of all text files are not very correct approach to handle web request/response.  The approach mentioned by Tim is a recommended way.  To start with JDBC might be an easy approach.  I believe you might already studied about JDBC.  Your database should store user credentials and should be validated from this database.  Servlet is ideally used for handling client requests.  The typical flow is when the user sends any request the servlet handles this and produces the output through jsp.  So the servlet is the controller and jsp is the view.    A very basic structure any servlet code looks somewhat like this

public class ExampleHttpServlet extends HttpServlet
  public void doGet(HttpServletRequest request,
       HttpServletResponse response) throws ServletException){
  }
  public void doPost(HttpServletRequest request,
       HttpServletResponse response) throws ServletException){
  }
}

So as Tim mentioned

Tomcat's MemoryRealm uses a simple XML data file format

, I am using tomcat webserver. So how should i use the database. Is there anything to configure to use the database?

For simple jdbc connectivity you don't need any specific configuration in server.  It's the jdbc api that's connect to database.  Are you ok with jdbc connectivity.

This is how you would use it: https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JDBCRealm

Swastik Dey wrote:For simple jdbc connectivity you don't need any specific configuration in server.  It's the jdbc api that's connect to database.  Are you ok with jdbc connectivity.

I am ok with this. But as for now  i am doing with text file. I also want to know how to verify username and password. If user name already exist in text file i don't want to append. Is it possible to do the user validation using text file.Can you please tell me is it possible to do?

Also I would like to know about jdbc connectivity. Please guide me.

Of course possible, what you are doing with the present code is writing to the file.  For validation purpose what you have to do is read from the file.  For JDBC you should read about this, and try to write a simple java application (not web) to learn the basic stuffs like
how to connect to database, how to execute sqls after connecting to db etc.

Swastik Dey wrote:Of course possible, what you are doing with the present code is writing to the file.  For validation purpose what you have to do is read from the file.  For JDBC you should read about this, and try to write a simple java application (not web) to learn the basic stuffs like
how to connect to database, how to execute sqls after connecting to db etc.

The following is the code which i am trying to read contents.


Still the same name appends in the text file. can you please tell me what i am doing wrong. And with above code how to validate please help me.

The above part of the code will always append to the file, as you are opening it in write mode.

For validation part you only need the 2nd part with some minor logical changes



Ideally you should have two different pages, one for user registration, that will call the writing code, and the other page should be a validation page that will call the reading code.

Thanks for the code. It works fine.
Is it Possible to avoid appending the same username?

You mean in both cases whether the user is valid or not it's going to keyboard.html and of course yes you can stop appending the same user name.  The logic will be pretty close the reading part.  When you get a username read the file, if it doesn't exist append it to file.

No No the code works perfectly fine. Thanks for the code. So i have to read the file where i am creating the file. Is it what you are conveying me?

When the application is loaded read the usernames from the file and store it in some list/array etc.  When the user enter details search the username from this array/list, if not found append to the file.

Is there any tool to work with this web servers java coding?
Like drupal, wordpress.

Whats wrong with eclipse for java ee?

No I just asked. My prof told that some existing codes will be there and I have to use that's y i asked.

For JDBC you should read about this, and try to write a simple java application (not web) to learn the basic stuffs like
how to connect to database, how to execute sqls after connecting to db etc.

I will start to learn about jdbc connectivity, to executte queries too. As i am creating web applicationWhat should i start to read and know about jdbc connectivity in eclipse.

Eclipse is just a tool to write/compile code.  JDBC is a an api.  So whether you use eclipse, netbeans or any simple text editor it has got nothing to do with JDBC api.  You can use any tool you want. As I suggested before first write a java desktop app using jdbc to learn the basic stuffs, then switch to web apps.

Please i would to like to create a simple login page and the data should get store in database. What are the prerequisite i should have in my system. Do i have to install phpmyadmin? Or is there something else i have to install. I have eclipse with apache tomcat server. Please guide me

You have eclipse with tomcat so that's good enough for web development.  For database you can use any one you wish e.g. mysql/oracle etc.  Next you need is the jar files (database drivers).

I just have to keep jar file in my desired place and configure that in build path of the project. That is enough? I no need to install xampp in my system?

Keeping the jar file in the build path is enough, nothing else is required.

I thought i have install phpmyadmin in my desktop and check with /localhost/phpmyadmin/ thats why i asked you. Thanks for the reply.

Always welcome.

When i tried to run my application i got the following error

INFO: Server startup in 377 ms
java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3491)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3423)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:910)
at com.mysql.jdbc.MysqlIO.secureAuth411(MysqlIO.java:3923)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1273)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2031)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:718)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:302)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:282)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at com.candidjava.LoginController.doPost(LoginController.java:32)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

This is my code for creating datebase

Appears to be a credentials issue.  See this link to reset root password in mysql

https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html

Thanks for the help. So is it possible to do all in same page like create db, create table, select,insert,update,alter. Following is my code



Also whenever i am running my app its tring to create db again and again. how to avoid this. Can't create database 'LoginDetails'; database exists please help me.

Ideally you should create the database and required only once, and when creating you should always whether it exists or not. For learning purpose putting all queries in a single page is ok, however from real time perspective it's not.  Think of a registration page it only needs to insert rows and no other operation is required here.

So I have to create database and should create table  and insert elements in one page. Other things should happen in different page.Right?

It depends upon your design approach.  As per MVC architecture a single servlet controls all actions.   All html/jsp pages sends request to this controller servlet. For e.g Login page and registration page sends request to the same servlet.  Based on the request type servlet performs the specific task and the response back to the client.  So if the request type is registration it will be insert operation, if if is login it might be select queries.  As far creating db/tables is concerned it should be done only once , so it should be in servlet init method.

Please suggest me a sample code I am searching for hours to learn and gothrough about. But till now i didn't get not even a tutorial abot this for creating a simple login page with few details.

You can have a look here

https://www.javatpoint.com/example-of-login-form-in-servlet

Thanks I will go through the tutorial.

I have created two conditions to check user name and password.


In the if condition I am trying to give alert message. But nothig is getting displayed. Please tell me where i am wrong
In the else

Post the complete servlet and html (the login page code).

Html code



Jsp code

Try this but keep backup of your code