Getting session sub-attributes from object

Question

I currently have a User object:

public class User {

public final String username, password, email;
public final double balance;

public User(String username, String password, String email, double balance) {
    this.username = username;
    this.password = password;
    this.email = email;
    this.balance = balance;
}

And a login function, that returns a User object:

public User checkLogin(String usrname, String pssword) {
        Front fr = new Front();
        User newUser = null;
        try {
            int count = 0;
            Class.forName("com.mysql.jdbc.Driver");   
            Connection myConn = DriverManager.getConnection("jdbc:mysql://localhost:3306/projects", "william", "william");
            java.sql.Statement mySt = myConn.createStatement();
            String rs = "SELECT username, password, email, balance FROM user WHERE username='" + usrname + "'AND password='" + pssword + "'";

    System.out.println(rs);
    ResultSet myRS = mySt.executeQuery(rs);
    while (myRS.next()) {
        newUser = new User(myRS.getString("username"),myRS.getString("password"),myRS.getString("email"),myRS.getDouble("balance"));


    count++;
    }

    if (count == 0) {
        return newUser;
    }

    if (count == 1) {
        return newUser;



    }
    myConn.close();
} catch (SQLException | HeadlessException ex) {
    JOptionPane.showMessageDialog(null, ex);
} catch (ClassNotFoundException ex) {
    Logger.getLogger(DBHandler.class.getName()).log(Level.SEVERE, null, ex);
}
return newUser;

}

And last, a servlet, which handles forms, and sets different attributes:

protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    Double balance = 0.00;
    String origin = request.getParameter("origin");
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    String email = request.getParameter("email");
    switch(origin){
    case "login":
    db.checkLogin(username, password);
    User tempUser;
        if((tempUser = db.checkLogin(username, password)) != null){
            out.print("You will be redirected");
            request.getSession().setAttribute("user", tempUser);
            response.sendRedirect("index.jsp");
        }else if(db.checkLogin(username,password) == null){
            out.print("Wrong login info, please try again!");
            response.sendRedirect("login.jsp");
        }

    break;
    case "register":
        db.registerUser(username, password, balance, email);
        response.sendRedirect("login.jsp");
    break;
}

}

What I am trying to do, is for example, display on a webpage, one of the sub-values that User has (username, email and so on). However, I am unsure howto use session.getAttribute, and how I can get tempUser.username out.

Thanks in advance.

score 2 · Accepted Answer · edited May 23 '17 at 11:52

2

You can add the attribute to the request and if you are returning it to a view page then you can access it from the response object which gets returned to the view. I will provide an example shortly.

Here is an example:

request.getSession().setAtribute("user",tempUser);

and in the view page that is on index.jsp as in your example you can achieve it by using these formats

Use of EL (expression language) and JSTL tags is highly recommended. For example, here you could use EL as

<td>Username: </td>
<td><input type="text" value="${user.username}" /></td>

There are other formats too and you can explore them

have a look on this post

How to use session in jsp pages to get information?

You can also use scriptlets but they are way too obesolete.

just try using EL or switch to using spring rest where you can handle everything as efficiently as you want.

edited May 23 '17 at 11:52

Community

1
1

answered Sep 09 '16 at 15:49

Kalyan Pradhan

1,415
3
19
34

Brother.... I cannot thank you enough. Seriously great work there. I managed to fix it by doing this, thanks to you: User tempUser = (User)session.getAttribute("user"); out.print(tempUser.username); Again, thank you so much brother, really. – William Pfaffe Sep 09 '16 at 16:27
Ok great. Try using the EL as it is used widely now a days, and if possible try switching to Restful webservices – Kalyan Pradhan Sep 09 '16 at 16:34
@WilliamPfaffe there's a potential security risk with the User class if it's stored in the session. Once populated, the password will always be available. Once a user is logged in the password should no longer be needed. Consider removing the password attribute from the User class or at least null it after user has logged in. – Andrew S Sep 09 '16 at 16:51
@Andrew yes thats a good point to be noted and yes we can use separate DAO and DTO layers for solving these problems. have a look at those websites when you get some time http://www.javatpoint.com/q/2615 – Kalyan Pradhan Sep 09 '16 at 17:02

Getting session sub-attributes from object

1 Answers1