0

In my project I have a page which contains email and password field. my requirement is,after filling username and password fields,when I press submit,It will check username and password fields in database table..and if it match then it will go to the profile page.

so,I have done this:

mycontroller class is:

@RequestMapping(value = "/signin", method = RequestMethod.POST)
    public String dologin(@ModelAttribute("student") Student student,HttpServletRequest request,
            HttpServletResponse response,BindingResult result) {


          try{
           studentService.LoginStudent(student.getEmail(), student.getPassword());

                 if (result.hasErrors()) {
                  return "signin";
                }
              }
              catch(ConstraintViolationException e){

            }

        return "profile";
    }

my StudentServiceimpl.java is:

public Student LoginStudent(String email, String password) {

        Student student = new Student(email,password);


        studentDao.LoginStudent(student);

        return student;
    }

and StudentDao.java is:

public void LoginStudent(Student student) {
       String hql = "select student_id from  student  where email = :email and password = :password";

        sessionFactory.getCurrentSession().createSQLQuery(hql)
        .setParameter("email", student.getEmail())
        .setParameter("password", student.getPassword());

    }

now,the problem is If I put any email id and any password it is directly going to the profile page.if the fields are blank then it is also going to the profile page.why it is not checking the fields?

Pramod S. Nikam
  • 4,271
  • 4
  • 38
  • 62
Salini
  • 357
  • 2
  • 20

3 Answers3

2

What I think whatever you are doing with result.hasErrors() is not serving well

I think you should treat that if condition like below:

 Student student =      studentService.LoginStudent(student.getEmail(), student.getPassword());




             if (student  != null) {
              return "signin";
            }

BindingResult class is not appropriate here. It is useful for form validations ( via validate method ).

Please read What is the use of BindingResult interface in spring MVC?

Also in your hibernate code you are not executing query, do it like below

Query query  = sessionFactory.getCurrentSession().createSQLQuery(hql)
        .setParameter("email", student.getEmail())
        .setParameter("password", student.getPassword());

return query.list();

above program is for reference you need do additional work around your code like parsing and all.

Community
  • 1
  • 1
Pramod S. Nikam
  • 4,271
  • 4
  • 38
  • 62
  • I used your code..But now I am still in the page..Whatever I put in the fields or if I put correct email & password it is staying on the same page – Salini Aug 04 '15 at 05:55
  • And why does he even use `BindingResult` if he's fetching "Student" before performing checkout whether `BindingResult` has errors? This is just bad answer. – Branislav Lazic Aug 04 '15 at 06:05
  • I used " public void LoginStudent(Student student) "..what will be the so the return type is not matching.. – Salini Aug 04 '15 at 06:09
  • @BranislavLazic - I am trying to tell him not to use BindingResult here. I am saying him to use alternate logic. Whats bad in that? – Pramod S. Nikam Aug 04 '15 at 06:14
0

See u are not returning by hql query. return true is that user exists else false. and your controller should be like this

 try {
    if (result.hasErrors()) {
        return "signin";
    }
    bool res = studentService.LoginStudent(student.getEmail(), student.getPassword());


    if (res) {
        return "profile";
    } else {
        return "sign_in";
    }
} catch (ConstraintViolationException e) {

}
return "profile";
}
Subodh Joshi
  • 12,717
  • 29
  • 108
  • 202
Krisnela TPL
  • 37
  • 1
  • 5
0

Your whole code within doLogin method is generally wrong.

RequestMapping(value = "/signin", method = RequestMethod.POST)
public String dologin(@ModelAttribute("student") Student student, BindingResult result) {
    // No need for HttpServletRequest request and
    //   HttpServletResponse response
    String urlOrPage  = null;
    // First perform whether result has errors
    if(!result.hasErrors) {
        // If there are no errors, fetch Student
        Student student = studentService.loginStudent(student.getEmail(), student.getPassword());
        // If credentials are wrong, it will return null, if not, it will return Student. 
        if(student != null) {
            urlOrPage = "redirect:/profile";
        } else {
            urlOrPage = "signin";
        }

    } else {
        urlOrPage = "signin";
    }

    return urlOrPage;   
}

Considering that:

  • You have "/profile" mapping
  • Your validation annotations in Student class are correctly placed
Branislav Lazic
  • 14,388
  • 8
  • 60
  • 85
  • I have used your code.but ,every time I enter wrong id & password or blank the fields or correct id/password I am getting the same page..@ Orion telling me not to use binding result..im trying to follow this – Salini Aug 04 '15 at 06:39
  • @Salini And how will you know if someone i.e. passes mail like `thisIsAMail` or even registers with `thisIsAMail`? Or how will you make list of banned password patterns like: `1234`, `password`, `asdf` etc? Prefer checking that password is not blank? Prefer checking that password has enough characters? Did you also debug your `loginStudent` method? – Branislav Lazic Aug 04 '15 at 06:42
  • I have a validator class for this..but I cant get whats the point of this questions you have asked and what I have asked here(my question) – Salini Aug 04 '15 at 07:00