How to output data from servlet to jsp without JSTL and EJB

Question

I have a task to make following: 1. User enters their login and password. I did following jsp for that:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<div id="main">
    <aside class="leftAside">
        <h2>Authorization section</h2>
        <p>Please enter your login and password and press "Go!"</p>
    </aside>
    <section>
        <article>
            <h1>Authorization</h1>
            <div class="text">
                <form method="GET" action="authorization">
                    <p>
                        <label for="login">Login</label>
                        <input type="text" name="login" id="login"/>
                    </p>
                    <p>
                        <label for="password">Password</label>
                        <input type="password" name="password" id="password"/>
                    </p>
                    <p>
                        <button type="submit">Go!</button>
                    </p>
                </form>
            </div>
        </article>
    </section>
</div>

1. If OK, they get back the history of visits, if not - login page again with some mark that authorization failed. I made all connections and queries, but how to manage it and how to output all data to jsp? I should not use beans and jstl, just pure servlets.

my servlet is below, and I don't understand neither how to get passwd and login from the user to send it further.

package Controller;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.*;


@WebServlet(name = "controller", loadOnStartup=1, urlPatterns = {"/"})
public class web_controller extends HttpServlet {

    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");
        String userPath=request.getServletPath();
        if ("/".equals(userPath)){
            request.getRequestDispatcher("/index.jsp").forward(request, response);
        }
        else {}
    }
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        processRequest(request, response);

    }
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        processRequest(request, response);

    }
    private static Connection getSQLConnection() {
        Connection connection = null;
        String dbUser = "root";
        String dbPwd = "root";
        String dbUrl = "jdbc:mysql://localhost:3306/test";
        try {
            Class.forName("com.mysql.jdbc.Driver");
        }
        catch (ClassNotFoundException e) {
            e.printStackTrace();
        }
        try {
            connection = DriverManager.getConnection(dbUrl, dbUser, dbPwd);
            return connection;
        }
        catch (SQLException e) {
            e.printStackTrace();
        }
        return connection;
    }

    private static ResultSet history(Connection connection, String user) {
        ResultSet result = null;
        int userID = 0;
        try{
            PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM users WHERE login=?");
            preparedStatement.setString(1, user);
            result = preparedStatement.executeQuery();
            if (result.next()) {
                userID = result.getInt("id");
            }
            result = null;
        }
        catch (SQLException e) {
            e.printStackTrace();
        }

        try{
            PreparedStatement history = connection.prepareStatement("SELECT * FROM history WHERE login=?");
            getHistory.setInt(1, userID);
            result = history.executeQuery();
            return result;
        }
        catch (SQLException e) {
            e.printStackTrace();
        }

        return result;
    }
    }

    private static int USER_NOT_FOUND = 2;
    private static int WRONG_PWD = 0;
    private static int SUCCESS = 1;

    private static int checkUser(Connection connection, String user, String passwd) {
        ResultSet result = null;
        String pwdMD5 = getMD5(passwd);
        try{
            PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM users WHERE login=?");
            preparedStatement.setString(1, user);
            result = preparedStatement.executeQuery();
            if (result.next()) {
                String storedPwd = result.getString("passwd");
                if (storedPwd.equals(pwdMD5)) {
                    return SUCCESS;
                }
                else return WRONG_PWD;
            } else return USER_NOT_FOUND;
        }
        catch (SQLException e) {
            e.printStackTrace();
        }
        return 0;
    }

    private static void addEntry(HttpServletRequest request, Connection connection, String user, String passwd, int success) {
        int userID = 0;

        try{
            PreparedStatement preparedStatement = connection.prepareStatement("SELECT * FROM users WHERE login=?");
            preparedStatement.setString(1, user);
            ResultSet result = preparedStatement.executeQuery();
            result.next();
            userID = result.getInt("id");
        }
        catch (SQLException e) {
            e.printStackTrace();
        }
        try{
            PreparedStatement updHistory = connection.prepareStatement("INSERT INTO history (user_id, success, ipaddr) VALUES (?,?,?,?)");
            updHistory.setInt(1, userID);
            updHistory.setInt(2, success);
            updHistory.setString(3, request.getRemoteAddr());
            ResultSet result = updHistory.executeQuery();
            result = updHistory.executeQuery();
        }
        catch (SQLException e) {
            e.printStackTrace();
        }

    }

    private static String getMD5(String pwd) {
        String generatedMD5 = null;
        try {
            MessageDigest md = MessageDigest.getInstance("MD5");
            md.update(pwd.getBytes());
            byte[] bytes = md.digest();
            StringBuilder sbuilder = new StringBuilder();
            for(int i=0; i< bytes.length ;i++)
            {
                sbuilder.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
            }
            generatedMD5 = sbuilder.toString();
        }
        catch (NoSuchAlgorithmException e)
        {
            e.printStackTrace();
        }
        return generatedMD5;

    }
}

Answer 1

how to get passwd and login from the user to send it further?

Try with ServletRequest#getParameter()

Sample code

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    processRequest(request, response);

    String login = request.getParameter("login");
    String password = request.getParameter("password");
}

---

Never send username/password via GET request due to security concern.

use <form method="POST" action="authorization">

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    processRequest(request, response);

    String login = request.getParameter("login");
    String password = request.getParameter("password");
}

For more sample have a look at How to transfer data from JSP to servlet

---

--EDIT--

how to pass the ResultSet from the servlet to the jsp?

Simply use ServletRequest#setAttribute() and ServletRequest#getAttribute()

Please have a look at below posts:

• How to access at request attributes in JSP?

• How to access a request attribute set by a servlet in JSP?