Send parameters from JSP to Servlet using POST

Question

I am building a simple web app and attempting to create a login page. The page consists of a JSP with a form which loads a Servlet.

I have got the form working using the GET method:

JSP looks like this:

<form method="get" action="Login">
Email:<input name="email"/>
Password:<input name="password"/>
<input type="Submit" value="Log in"/>

And in the Servlet:

@WebServlet(name = "Login", urlPatterns = {"/Login"})
public class Login extends HttpServlet {

/**
* Processes requests for both HTTP
* <code>GET</code> and
* <code>POST</code> methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");

//Assign variables from the request parameters
String loginFormEmail = request.getParameter("email");
String loginFormPassword = request.getParameter("password");

This code works but it includes the username and password in the URL string, so it's obviously not good practice. I have attempted to do this using POST instead but I've been getting an error. (HTTP Status 405 - HTTP method POST is not supported by this URL)

I need to know how to send parameters from the JSP to the Servlet using POST. I think this may involve using RequestDispatcher object, but all the tutorials I've found explain using RequestDispatcher to send data from the Servlet to the JSP, not the other way around. Can you/should you use Request Dispatcher to send POST data from the JSP to the Servlet? And how to you access these parameters from the Servlet? (Is there an equivalent of request.getParameter() for POST?)

I understand that using POST still won't be secure, but it is a lot better practice than including the password in the query string, and I will think about security later.

Apologies for the basic question, I have found lots of tutorials online but none of them seem to answer this specific question. Thank you.

Answer 1

Try to override the HttpServlet methods doPost() and doGet():

public void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException,IOException {
    processRequest(request,response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException,IOException {
    processRequest(request,response);
}

Answer 2

Override the HttpServlet#doPost() method in your Login class

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
    String loginFormEmail = request.getParameter("email");
    String loginFormPassword = request.getParameter("password");
    // do something to produce a response
}

This might require you to change the service() method that might be overridden to call your processRequest() method regardless of the HTTP method. This depends on the rest of your Login class implementation which you haven't shown.

Then change your <form> to make a POST request.

Answer 3

Try

<form method="POST" action="Login>

Note: method instead of type for specifying GET/POST.

But it's not really any more "secure" than using GET. They are still available in clear text in the post body. If you want it to be secure, make sure you use HTTPS.

Edit

You have edited your question now, and it appears that you are using method, not type. So if you still have errors after changing it to POST, specify what error you are getting.

Edit2

You specify that you are getting a HTTP method POST is not supported by this URL error. This means that your servlet does not accept the POST method. Which most likely means that you are inheriting some base servlet that only accepts GET. Seeing all of the code for the servlet would be helpful.

Answer 4

Use method="POST" attribute in your element

Answer 5

<form type="get" action="Login" method="POST">
 Email:<input name="email"/>
 Password:<input name="password"/>
<input type="Submit" value="Log in"/>

I suggest you instead of processRequest(), use doPost() method.