CODEWITHSUNDEEP
javahibernatenetbeans
joanb
joanb

Reputation: 349

Check username and password Hibernate in Java

I am trying to compare username and password from user with the one in database. I can successfully check the username but I am not sure how to go about comparing username and password at the same time :/ hopefully someone can help me on this

Here is the login method. 

@ButtonMethod(buttonName="loginButton")
public String loginMethod() {
String address = "login.jsp";
fillBeanFromRequest(data);
setErrors(data);
if (isValidProperty("username") && isValidProperty("password")) {
  Object dataPersistent = 
    HibernateHelper.getFirstMatch(data, 
      "username", data.getUsername());
  if (dataPersistent != null) {
    data = (RequestDataAccount)dataPersistent;
    response.addCookie(new Cookie("username", data.getUsername()));
    clearErrors();
    address = "ShowCookies.jsp";

  }
} else {
  address = "login.jsp";
}
return jspLocation(address);
}

Upvotes: 0

Views: 1328

Answers (1)

Raffaele
Raffaele

Reputation: 20885

Last time I checked, in Java you can compare Strings like this

form.getPassword().equals(account.getPassword())

but in your code I see you have a data variable that at the beginning of the snippet carries the form, and then is assigned the value of a database record! No no. You need both.

Also, since this is a public forum and someone else may come here and see this post, consider the usual rules for password authentication:

  • normalize the username before searching a match (at least case-insensitive)
  • don't store the password in clear text in the database (use bcrypt for example)
  • use a constant-time algorithm when comparing secrets

Upvotes: 1

Related Questions