users-digest-h...@tomcat.apache.org wrote:
users Digest 15 Nov 2010 11:40:18 -0000 Issue 10062
Topics (messages 219005 through 219016):
Re: Tomcat 6.0.29 using more and more RAM until it collapses?
219005 by: Andr Warnier
219010 by: Mark Thomas
Re: 7.0.4 problem
219006 by: Anthony J. Biacco
Re: Using mod_jk in cluster environment responds HTTP 500
219007 by: rikslovein
219009 by: Andr Warnier
219013 by: rikslovein
Problem in accessing jsp:useBean
219008 by: Rekha Ravi Pai
219011 by: Mark Thomas
Re: Shutting down one instance of tomcat 6 from a listener
219012 by: Patrick Sauts
Tomcat Going down Frequently
219014 by: Amol Puglia
219015 by: Andr Warnier
219016 by: Pid
Administrivia:
Subject:
Problem in accessing jsp:useBean
From:
Rekha Ravi Pai <re...@softjin.com>
Date:
Mon, 15 Nov 2010 12:40:46 +0530
To:
users@tomcat.apache.org
To:
users@tomcat.apache.org
Hi,
I have installed tomcat-6.0.20 and postgresql-9.0.1
I have created a java bean PasswordEncryptService.java
I have kept it in WEB-INF/classes/beans directory and in beans
package.
I compiled the java file and successfully ran the class and could
enter a data in a table in pgsql database.
I have created a jsp file under webapps/apps/InfoMgmt/secure
directory.
In this jsp file I imported the PasswordEncryptService class and used
the
bean under the tag jsp:useBean. But I am getting the following error.
The value for the useBean class attribute PasswordEncryptService is
invalid.
Can anybody please, help me in resolving this issue?
Thanks and Regards,
Rekha.
Subject:
Re: Problem in accessing jsp:useBean
From:
Mark Thomas <ma...@apache.org>
Date:
Mon, 15 Nov 2010 09:04:37 +0000
To:
Tomcat Users List <users@tomcat.apache.org>
To:
Tomcat Users List <users@tomcat.apache.org>
On 15/11/2010 07:10, Rekha Ravi Pai wrote:
Hi,
I have installed tomcat-6.0.20 and postgresql-9.0.1
I have created a java bean PasswordEncryptService.java
I have kept it in WEB-INF/classes/beans directory and in beans
package.
I compiled the java file and successfully ran the class and could
enter a data in a table in pgsql database.
I have created a jsp file under webapps/apps/InfoMgmt/secure
directory.
In this jsp file I imported the PasswordEncryptService class and
used the
bean under the tag jsp:useBean. But I am getting the following
error.
The value for the useBean class attribute PasswordEncryptService
is
invalid.
Can anybody please, help me in resolving this issue?
Not without you showing us the source for the simplest JSP and bean
that
recreates this issue.
Mark
PasswordEncryptService.java file I am giving below.
I have placed this in the path
/usr/local/apache-tomcat-6.0.20/webapps/apps/WEB-INF/classes/beans
/// class to verify the password
package beans;
import java.security.NoSuchAlgorithmException;
import java.io.*; //UnsupportedEncodingException;
import java.security.MessageDigest;
import org.apache.commons.codec.binary.Base64;
import java.security.DigestOutputStream;
import java.sql.*;
public class PasswordEncryptService implements Serializable {
private static final long serialVersionUID = 7526472295622776147L;
Connection con;
Statement stm ;
ResultSet rs = null;
public PasswordEncryptService (){
try{
Class.forName("org.postgresql.Driver");
con =
DriverManager.getConnection("jdbc:postgresql:employee_release","postgres",
"");
stm = con.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_UPDATABLE);
}
catch (SQLException sqle ){
sqle.printStackTrace();
}
catch (ClassNotFoundException cnfe ) {
cnfe.printStackTrace();
}
}
private String getEncryptedString (String rawString ) throws
Exception { /// encrypt the raw String using SHA algorithm
String encryptedString = "";
byte[] encoded = Base64.encodeBase64(rawString.getBytes());
encryptedString = new String(encoded);
return encryptedString;
}
public void writeNewPasswd(String username,String passwd)throws
Exception { ///writing new password in case the password is forgotten
String encryptedPasswd = "";
try{
encryptedPasswd = getEncryptedString(passwd);
}
catch(Exception e){
e.toString();
//System.out.println(e.toString());
}
String query = "insert into passwd_tbl values(\'"+username;
query += "\',\'"+encryptedPasswd+"\')";
try{
int a = stm.executeUpdate(query);
}catch(SQLException e){
System.out.println(e.toString());
}
}
public void changePasswd(String username,String passwd,String
newPwd)throws Exception { /// reading all username/passwd in a vector
deleting the perticular user and writing back the vector
String encryptedPasswd = "";
String encryptedNewPwd = "";
String readPasswd = "";
try{
encryptedPasswd = getEncryptedString(passwd);
encryptedNewPwd = getEncryptedString(newPwd);
}
catch(Exception e){
e.toString();
//System.out.println(e.toString());
}
String query = "select * from passwd_tbl where ";
query += "username=\'"+username+"\'";
try{
rs = stm.executeQuery(query);
}catch(SQLException e){
System.out.println(e.toString());
}
if(rs.next()){
readPasswd = rs.getString("password");
}
if(encryptedPasswd.equals(readPasswd)){
String updateQuery = "update passwd_tbl set password=";
updateQuery += "\'"+encryptedNewPwd+"\' where ";
updateQuery += "username=\'"+username+"\'";
try{
int a = stm.executeUpdate(updateQuery);
}catch(SQLException e){
System.out.println(e.toString());
}
}
}
private String readPassword (String username) throws Exception {
// String passwordFromFile = "";
boolean isFound = false;
int data;
String readUsername = "", readPasswd = "";
String query = "select password from passwd_tbl where ";
query += "username=\'"+username+"\'";
try{
rs = stm.executeQuery(query);
}catch(SQLException e){
System.out.println(e.toString());
}
if(rs.next()){
readPasswd = rs.getString("password");
isFound = true;
}else{
throw new NullPointerException (" Username not found ");
}
return readPasswd;
}
/// Check if the suplied password is correct for the given username
public boolean isPasswordCorrect (String username, String passwd)
throws Exception {
String passwordFromFile = "";
String encryptedPassword = "";
try {
passwordFromFile = readPassword (username);
} catch (Exception e) {
throw new Exception ("Error reading password for the user (" +
username + ") : " + e.getMessage());
}
try {
encryptedPassword = getEncryptedString (passwd) ;
} catch (Exception e ) {
throw new Exception ("Error encrypting the password : " +
e.getMessage());
}
return passwordFromFile.equals (encryptedPassword);
}
private boolean isDuplicateUsername (String username) throws Exception
{
boolean isDuplicate = false;
String query = "select * from passwd_tbl where ";
query += "username=\'"+username+"\'";
try{
rs = stm.executeQuery(query);
}catch(SQLException e){
System.out.println(e.toString());
}
if(rs.next()){
isDuplicate = true;
}
return isDuplicate;
}
public void writeUsernamePassword (String username, String password)
throws Exception {
/// Write the username:password for a new user into the
passwdFile.
String encryptedPassword ;
String loginString;
byte [] byteArray ;
// RandomAccessFile raFile = new
RandomAccessFile(passwdFile,"rw");;
try {
encryptedPassword = getEncryptedString (password);
System.out.println(encryptedPassword);
} catch (Exception e) {
throw new Exception ("Could not write username:password for
the user " + username + " " + e.getMessage());
}
if (isDuplicateUsername (username)) {
throw new Exception ("Duplication Error : the user already
exists ");
} else {
String query = "insert into passwd_tbl values(\'"+username;
query += "\',\'"+encryptedPassword+"\')";
try {
int a = stm.executeUpdate(query);
}catch(SQLException e){
System.out.println(e.toString());
}
}
}
/*
public static void main (String [] args) throws Exception {
PasswordEncryptService verify = new PasswordEncryptService ();
// System.out.println ("path : " + verify.getFilePath ());
if (args.length != 2) {
System.out.println ("Usage : java VerifyPasswd <username>
<password> ");
System.exit (1);
}
String username = args[0];
String password = args [1];
// String newPwd = args[2];
// verify.changePasswd(username,password,newPwd);
verify.writeUsernamePassword (username, password);
// System.out.println(verify.getEncryptedString(password));
boolean isCorrect = verify.isPasswordCorrect (username, password);
if (isCorrect)
System.out.println ("Access Granted");
else
System.out.println ("Access Denied ");
}
*/
}
_______________________________________________________________________________
This file compiles and runs (when run using java PasswordEncryptService
abc xyz) as expected.
My jsp file VerifyPassword.jsp that uses this bean is given below. This
file is placed in the directory
/usr/local/apache-tomcat-6.0.20/webapps/apps/InfoMgmt/secureNew
<HTML>
<HEAD>
<TITLE>Creating the New User Account </TITLE>
</HEAD>
<BODY>
<%@ page import = "beans.*, java.sql.*"%>
<jsp:useBean id="verify" scope="session" class="PasswordEncryptService" />
<jsp:useBean id="error" scope="session" class="ErrorMessageBean" />
<jsp:useBean id="cctry" scope="session" class="ConnectorClassTry" />
<%
error.initialise ();
error.setUrl ("secureNew/VerifyPassword.jsp");
%>
<%!
Statement stmt;
Connection con=null;
ResultSet rs;
String login, passwd,empNum;
String email;
public void jspDestroy(){
con = null;
}
%>
<%
empNum = null;
login = request.getParameter ("login");
email = login+"@softjin.com";
passwd = request.getParameter("passwd");
boolean isCorrect = false;
boolean canAccess = false;
// isCorrect = true;
String referer = request.getHeader("referer");
out.println(referer);
try {
System.out.println(login);
isCorrect = verify.isPasswordCorrect(login, passwd);
} catch (Exception e) {
error.setMessage ("Could not log-in : " + e.getMessage ());
%>
<jsp:forward page = "Error.jsp" />
<%
}
String query = "select empid from employee_details where loginid = \'"
+ email + "\'";
if (isCorrect &&
(!login.startsWith("librar"))&&(!login.equals("sysadmin")) &&
(!login.equals("hrmgr")) && (!login.equals("finance")) &&
(!login.equals("admin"))){
con = cctry.getConnection ();
try {
stmt = con.createStatement (ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_UPDATABLE);
rs = stmt.executeQuery (query);
if (rs.next ()) { /// If a user exists
// session.removeAttribute("empid");
session.setAttribute ("empid" , rs.getString ("empid"))
;
} else {
throw new Exception (" Could not get empid for <B>" +
login + "</B>" );
}
}
catch (Exception e ) {
// con.close();
// stmt.close();
error.setMessage ("Error occurred while obtaining empid : " +
e.getMessage ());
%>
<jsp:forward page = "Error.jsp" />
<%
}
/// Clean up
finally {
try {
rs.close ();
stmt.close ();
con.close ();
}catch (Exception e) {
rs = null; con = null; stmt = null;
}
}
session.removeAttribute("email");
session.setAttribute("email",email);
session.removeAttribute("user");
session.setAttribute("user",login);
canAccess = true;
}
if(isCorrect &&
(login.startsWith("librar")||login.equals("sysadmin")||login.equals("hrmgr")||login.equals("finance")||login.equals("admin"))){
session.removeAttribute("email");
session.setAttribute("email",email);
session.removeAttribute("user");
session.setAttribute("user",login);
canAccess = true;
}
if(canAccess){
out.print(login);
if(isCorrect){
out.print("true");
}else{
out.print("false");
}
if(login.equals("admin")){
%>
<jsp:forward page="DifferentFormLinks.jsp" />
<%
}else
if(login.startsWith("librar")||login.equals("sysadmin")||login.equals("hrmgr")||login.equals("finance")){
%>
<jsp:forward page="homepage.jsp" />
<%
}else{
String empId = (String)session.getAttribute("empid");
if(referer.endsWith("secureNew/index.jsp")||referer.endsWith("secureNew/index_intab.jsp")||referer.endsWith("secureNew/CreateNewUser.jsp")){
%>
<jsp:forward page="homepage.jsp" />
<%
}
}
}
else{
error.setMessage ("Could not log-in : wrong username/password" );
%>
<jsp:forward page = "Error.jsp" />
<%
}
%>
</body>
</html>
Regards,
Rekha.
Business Disclaimer
____________________________________________________________
This e-mail message and any files transmitted with it are intended solely
for the use of the individual or entity to which they are addressed. It
may contain confidential, proprietary or legally privileged information.
If you are not the intended recipient please be advised that you have
received this message in error and any use is strictly prohibited. Please
immediately delete it and all copies of it from your system, destroy any
hard copies of it and notify the sender by return mail. You must not,
directly or indirectly, use, disclose, distribute, print, or copy any part of
this message if you are not the intended recipient.
___________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
