2

I've read How to implement “Stay Logged In” when user login in to the web application. I have two questions,mainly about HttpServletRequest#login().

Question1: If user returned by userDAO.find() is not null, does it mean the username and password is correct and the user should be logged in?
Question2: What does HttpServletRequest#login do as for validating user?

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    User user = userDAO.find(username, password); 
    if (user != null) { // If true , does it prove the username and password is correct?
        try {
            /* Why call request.login() here? I think the client has been
             * validated if user!=null. What's the use of this line?
             */
            request.login(username, password); 
            System.out.println.("successfully log in");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
user7328234
  • 393
  • 7
  • 23
  • The javadoc for `HttpServletRequest#login` provides excellent explanation. You must configure authentication realm within the servlet-context (can be provided by an application server) – maress Jun 20 '17 at 14:05
  • 1
    @maress I've configured that in META-INF/context.xml. I'm really confused about function of `userDAO.find()` and `request.login(username, password)`. Is`userDAO.find()` used to search the row in the DB which matches FORM user(user filed and password are both matched)? – user7328234 Jun 20 '17 at 14:18
  • 2
    @maress "provides excellent explanation" - Not at all the case. "Validate the provided username and password in the password validation realm used by the web container login mechanism configured for the ServletContext. " Leaves unanswered the questions: what is the "password validation realm", what is the "web container login mechanism", what is the ServletContext, and how is the the logic mechanism configured. Please don't say "look it up" cos that is exactly the point - the javadoc for the method does not itself explain any of these things even at a basic level. – JL_SO Oct 06 '20 at 13:31

0 Answers0