1

I have two type of users: admin and user. Here's what I am doing in Login servlet

protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    PrintWriter out = response.getWriter();
    String user=request.getParameter("user");
    String pass=request.getParameter("pass");

    HttpSession session=request.getSession();


    String name="user",type;
    try
    {
        Class.forName("com.mysql.jdbc.Driver");
        Connection con=DriverManager.getConnection(url,user,pass);

        PreparedStatement ps=con.prepareStatement("select utype from users where email=? and pass=?");

        ps.setString(1, user);
        ps.setString(2, pass);

        ResultSet rs=ps.executeQuery();

        if(rs.next()) 
        {
            type=rs.getString(1);
            if(type.equals("a"))
            {
                session.setAttribute("loggedIn", "admin");
                RequestDispatcher rd=request.getRequestDispatcher("admin.jsp");
                rd.forward(request, response);
            }
            else
            {
                session.setAttribute("loggedIn", "user");
                RequestDispatcher rd=request.getRequestDispatcher("home.jsp");
                rd.include(request, response);
            }


        }
        else
        {
            request.setAttribute("message","Username or password error!");
                RequestDispatcher rd=request.getRequestDispatcher("login.jsp");
            rd.include(request, response);
        }
    }
    catch(Exception e)
    {
        e.printStackTrace();
    }

}

And on account.jsp page I am checking is user is logged in or not.Here's the code:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
 <%@ include file="headpl.jsp" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"  "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
        <script>
              //have some code here
        </script>
    </head>
    <body>

    <%
        if(session.getAttribute("loggedIn").equals("admin"))
            {
                response.sendRedirect("admin.jsp");
          }else
           if(!session.getAttribute("loggedIn").equals("user"))
        {
            response.sendRedirect("index.jsp");
         }  
   %>
     //some html code here
  </body>
  </html>

The code was running fine before I added the session checks. Now, when the admin is logged in and types the URL of the account page, he is redirected to admin.jsp (that's fine), when user is logged in he is allowed t go to account page , But when no one is logged in I get an exception:

  exception

org.apache.jasper.JasperException
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:370)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
root cause

java.lang.NullPointerException
org.apache.jsp.account_jsp._jspService(org.apache.jsp.account_jsp:128)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.11 logs.

I think that the NullPointerException is due to the fact that no session variable exists since No one is logged in. I saw several answers on SO but none of them worked for me.

Any suggestions?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
user63762453
  • 1,734
  • 2
  • 22
  • 44

3 Answers3

2

The "loggedIn" session attribute is missing so the equals method call rejects a NPE.

You can try to check null value of "loggedIn" session attribute before manage its value.

Something like this :

if (session.getAttribute("loggedIn") == null) {
     response.sendRedirect("login.jsp");
} else if(session.getAttribute("loggedIn").equals("admin")) {
     response.sendRedirect("admin.jsp");
} else if(!session.getAttribute("loggedIn").equals("user")) {
     response.sendRedirect("index.jsp");
}
Fabien Thouraud
  • 909
  • 1
  • 11
  • 21
  • I don't know how but it worked when I copied your code. Maybe the order of `if statements` was the reason. I wrote: `if(session.getAttribute("loggedIn").equals("admin")) { response.sendRedirect("admin.jsp"); }else if(session.getAttribute("loggedIn")==null)) { response.sendRedirect("login.jsp"); }else{}' How silly of me :P – user63762453 Jul 15 '14 at 13:34
  • Yes it was because your first if statement rejected NPE and the JSP generation just stopped. – Fabien Thouraud Jul 15 '14 at 13:42
1

you need to first check weather session.getAttribute("loggedIn") is null or not before compare to admin or user string.
If no one user is logged in that time you don't have session attribute loggedIn in session and you got null when try to read value from session using session.getAttribute("loggedIn") and equals method throw exception because it compare your string with null. 

if(session.getAttribute("loggedIn")!=null && session.getAttribute("loggedIn").equals("admin"))
{
    response.sendRedirect("admin.jsp");
}
else if(session.getAttribute("loggedIn")!=null && !session.getAttribute("loggedIn").equals("user"))
{
    response.sendRedirect("index.jsp");
}  
else  
{
    response.sendRedirect("defaultPage.jsp");
}

It always best practice to check for null value before comparing to any string or any object with other object.

Yagnesh Agola
  • 4,556
  • 6
  • 37
  • 50
0

Or just use:

String username = request.getRemoteUser();
if ("user".equalsIgnoreCare(username)) {
    .....do something....
}
Yster
  • 3,147
  • 5
  • 32
  • 48