Java EE: Getting parameters from POST for a login form
it should work, can you check by changing form method to get and trying, you should see parameters in url.
JF Beaulieu
Full Stack C# .NET / Typescript / Javascript Web Developer Microsoft MCSD Web Applications certified developer Interested in modern web technologies such as: .NET Framework 4.7.2 C# 8.0 ASP.NET Core 3.1 ASP.NET MVC 5 Entity Framework 7 SQL Server 2016 RESTful Web Services WCF Services (SoA) jQuery React Angular AngularJS Bootstrap SignalR
Updated on June 04, 2022Comments
-
JF Beaulieu almost 2 years
I am trying to implement a simple login servlet but it's not working properly.
What I wanted to know is how to pass the parameters using a HTTP POST. It already works with HTTP GET but the username and password are visible from the URL. It would be better to hide them in a POST.
<form method="post" action="home" > <input name="username" class="form-login" title="Username" value="" size="30" maxlength="2048" /> <input name="password" type="password" class="form-login" title="Password" value="" size="30" maxlength="2048" /> <input type="submit" value="Connect"> </form>
web.xml
<servlet> <servlet-name>home</servlet-name> <servlet-class>controller.HomeController</servlet-class> </servlet> <servlet-mapping> <servlet-name>home</servlet-name> <url-pattern>/home</url-pattern> </servlet-mapping>
Servlet:
public class HomeController extends HttpServlet { private HttpSession session; private UserBean userBean; public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { UserBean user = new UserBean(); String userName = request.getParameter("username"); String password = request.getParameter("password"); user.setUsername(userName); user.setPassword(password); user = UserDAO.login(user); dispatch(request, response, ApplicationRessource.getInstance().getHomePage()); } protected void dispatch(HttpServletRequest request, HttpServletResponse response, String page) throws javax.servlet.ServletException, java.io.IOException { RequestDispatcher dispatcher = getServletContext() .getRequestDispatcher(page); dispatcher.forward(request, response); } }
The problem is that the
userName
andpassword
strings are always empty, meaning that the parameters are never fetched from the POST. What am I doing wrong? -
JF Beaulieu almost 12 yearsFunny thing, it works when changing from method=post to method=get and using
doGet
instead ofdoPost
-
JF Beaulieu almost 12 yearsOnly thing, it's unfortunate to see the password in the url, I still think it's beter to use a POST even if you can sniff the text using wireshark.
-
Subin Sebastian almost 12 yearsyou should use post for sure :-), it was just for test. Can you try in some other browser
-
JF Beaulieu almost 12 yearsthe parameters are still in the url
-
Ankit almost 12 yearsParameters are in the url because i guess you are using "get" in your jsp. Use "post" only in your jsp and try implementing the above code. What will happen is from your servlet's "doPost" method, "doGet" will be called. Let me know what is the output.
-
JF Beaulieu almost 12 yearsI have edited my original post with the web.xml and the dispatch method
-
Kshitij almost 12 years1) The tomcat's service(..) method implementation is pretty simple and it just forwards the request to doGet(..) or doPost(..) based on request.getMethod() condition. if you haven't overridden service(..) method than there is not much to look in here. 2) Do you have any filters declared in your web.xml or any filter based annotations anywhere?
-
JF Beaulieu almost 12 yearsI do not use annotations, and I have no filter tags in my
web.xml
. Thedispatch()
method follows the Page Controller or Front Controller design pattern (see: java.sun.com/blueprints/corej2eepatterns/Patterns/…) -
JF Beaulieu almost 12 yearsAre you saying that the
service()
method would not be useful in this case? -
Kshitij almost 12 yearsthere is no problem with your dispatch(..) method. The point which I was making earlier was that I see more custom code than what was originally posted in your question.
Are you saying that the service() method would not be useful in this case
....have you overridden service method? if not, then everything is fine with service method.