From 8443edb579f6dc0cd9caf5c38872248a01b80458 Mon Sep 17 00:00:00 2001
From: Kristina Shpilchyna <kriss.mva@gmail.com>
Date: Thu, 13 Jul 2023 16:27:44 +0200
Subject: [PATCH 1/2] web security solution

---
 .../java/taxi/controller/LoginController.java | 42 +++++++++++++++
 .../taxi/controller/LogoutController.java     | 16 ++++++
 .../car/GetMyCurrentCarsController.java       | 28 ++++++++++
 .../driver/AddDriverController.java           |  4 +-
 src/main/java/taxi/dao/CarDaoImpl.java        |  6 ++-
 src/main/java/taxi/dao/DriverDao.java         |  2 +
 src/main/java/taxi/dao/DriverDaoImpl.java     | 35 ++++++++++--
 .../exception/AuthenticationException.java    |  7 +++
 .../taxi/filter/AuthenticationFilter.java     | 47 ++++++++++++++++
 src/main/java/taxi/model/Driver.java          | 53 +++++++++++++++++--
 .../taxi/service/AuthenticationService.java   |  8 +++
 .../service/AuthenticationServiceImpl.java    | 22 ++++++++
 src/main/java/taxi/service/DriverService.java |  1 +
 .../java/taxi/service/DriverServiceImpl.java  |  6 +++
 src/main/java/taxi/util/ConnectionUtil.java   |  8 +--
 src/main/webapp/WEB-INF/views/drivers/add.jsp |  8 +++
 src/main/webapp/WEB-INF/views/drivers/all.jsp |  4 ++
 src/main/webapp/WEB-INF/views/header.jsp      |  9 ++++
 src/main/webapp/WEB-INF/views/index.jsp       |  1 +
 src/main/webapp/WEB-INF/views/login.jsp       | 16 ++++++
 src/main/webapp/web.xml                       | 36 +++++++++++++
 21 files changed, 344 insertions(+), 15 deletions(-)
 create mode 100644 src/main/java/taxi/controller/LoginController.java
 create mode 100644 src/main/java/taxi/controller/LogoutController.java
 create mode 100644 src/main/java/taxi/controller/car/GetMyCurrentCarsController.java
 create mode 100644 src/main/java/taxi/exception/AuthenticationException.java
 create mode 100644 src/main/java/taxi/filter/AuthenticationFilter.java
 create mode 100644 src/main/java/taxi/service/AuthenticationService.java
 create mode 100644 src/main/java/taxi/service/AuthenticationServiceImpl.java
 create mode 100644 src/main/webapp/WEB-INF/views/header.jsp
 create mode 100644 src/main/webapp/WEB-INF/views/login.jsp

diff --git a/src/main/java/taxi/controller/LoginController.java b/src/main/java/taxi/controller/LoginController.java
new file mode 100644
index 000000000..79c043970
--- /dev/null
+++ b/src/main/java/taxi/controller/LoginController.java
@@ -0,0 +1,42 @@
+package taxi.controller;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import taxi.exception.AuthenticationException;
+import taxi.lib.Injector;
+import taxi.model.Driver;
+import taxi.service.AuthenticationService;
+
+public class LoginController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private AuthenticationService authenticationService = (AuthenticationService)
+            injector.getInstance(AuthenticationService.class);
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        String login = req.getParameter("login");
+        String password = req.getParameter("password");
+
+        try {
+            Driver driver = authenticationService.login(login, password);
+            HttpSession session = req.getSession();
+            session.setAttribute("driver_id", driver.getId());
+            System.out.println(driver.getName());
+            resp.sendRedirect("/index");
+        } catch (AuthenticationException e) {
+            req.setAttribute("errorMsg", e.getMessage());
+            req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+        }
+    }
+}
diff --git a/src/main/java/taxi/controller/LogoutController.java b/src/main/java/taxi/controller/LogoutController.java
new file mode 100644
index 000000000..c06c6023a
--- /dev/null
+++ b/src/main/java/taxi/controller/LogoutController.java
@@ -0,0 +1,16 @@
+package taxi.controller;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class LogoutController extends HttpServlet {
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        req.getSession().invalidate();
+        req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+    }
+}
diff --git a/src/main/java/taxi/controller/car/GetMyCurrentCarsController.java b/src/main/java/taxi/controller/car/GetMyCurrentCarsController.java
new file mode 100644
index 000000000..3864ff796
--- /dev/null
+++ b/src/main/java/taxi/controller/car/GetMyCurrentCarsController.java
@@ -0,0 +1,28 @@
+package taxi.controller.car;
+
+import java.io.IOException;
+import java.util.List;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import taxi.lib.Injector;
+import taxi.model.Car;
+import taxi.service.CarService;
+
+public class GetMyCurrentCarsController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private final CarService carService
+            = (CarService) injector.getInstance(CarService.class);
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        HttpSession session = req.getSession();
+        Long driverId = (Long) session.getAttribute("driver_id");
+        List<Car> cars = carService.getAllByDriver(driverId);
+        req.setAttribute("cars", cars);
+        req.getRequestDispatcher("/WEB-INF/views/cars/all.jsp").forward(req, resp);
+    }
+}
diff --git a/src/main/java/taxi/controller/driver/AddDriverController.java b/src/main/java/taxi/controller/driver/AddDriverController.java
index 1db67730b..e6da4dd22 100644
--- a/src/main/java/taxi/controller/driver/AddDriverController.java
+++ b/src/main/java/taxi/controller/driver/AddDriverController.java
@@ -24,7 +24,9 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp)
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         String name = req.getParameter("name");
         String licenseNumber = req.getParameter("license_number");
-        Driver driver = new Driver(name, licenseNumber);
+        String login = req.getParameter("login");
+        String password = req.getParameter("password");
+        Driver driver = new Driver(name, licenseNumber, login, password);
         driverService.create(driver);
         resp.sendRedirect(req.getContextPath() + "/drivers/add");
     }
diff --git a/src/main/java/taxi/dao/CarDaoImpl.java b/src/main/java/taxi/dao/CarDaoImpl.java
index 586ccb595..56218f2e3 100644
--- a/src/main/java/taxi/dao/CarDaoImpl.java
+++ b/src/main/java/taxi/dao/CarDaoImpl.java
@@ -188,7 +188,7 @@ private void deleteAllDrivers(Car car) {
     }
 
     private List<Driver> getAllDriversByCarId(Long carId) {
-        String query = "SELECT id, name, license_number "
+        String query = "SELECT id, name, license_number, login "
                 + "FROM cars_drivers cd "
                 + "JOIN drivers d ON cd.driver_id = d.id "
                 + "WHERE car_id = ? AND is_deleted = false";
@@ -211,10 +211,14 @@ private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException
         Long driverId = resultSet.getObject("id", Long.class);
         String name = resultSet.getString("name");
         String licenseNumber = resultSet.getString("license_number");
+        String login = resultSet.getString("login");
+        String password = resultSet.getString("password");
         Driver driver = new Driver();
         driver.setId(driverId);
         driver.setName(name);
         driver.setLicenseNumber(licenseNumber);
+        driver.setLogin(login);
+        driver.setPassword(password);
         return driver;
     }
 
diff --git a/src/main/java/taxi/dao/DriverDao.java b/src/main/java/taxi/dao/DriverDao.java
index 83440d530..516538dd0 100644
--- a/src/main/java/taxi/dao/DriverDao.java
+++ b/src/main/java/taxi/dao/DriverDao.java
@@ -1,6 +1,8 @@
 package taxi.dao;
 
+import java.util.Optional;
 import taxi.model.Driver;
 
 public interface DriverDao extends GenericDao<Driver> {
+    Optional<Driver> findDriverByLogin(String login);
 }
diff --git a/src/main/java/taxi/dao/DriverDaoImpl.java b/src/main/java/taxi/dao/DriverDaoImpl.java
index f5e18f2a2..ebf59e84f 100644
--- a/src/main/java/taxi/dao/DriverDaoImpl.java
+++ b/src/main/java/taxi/dao/DriverDaoImpl.java
@@ -17,13 +17,15 @@
 public class DriverDaoImpl implements DriverDao {
     @Override
     public Driver create(Driver driver) {
-        String query = "INSERT INTO drivers (name, license_number) "
-                + "VALUES (?, ?)";
+        String query = "INSERT INTO drivers (name, license_number, login, password) "
+                + "VALUES (?, ?, ?, ?)";
         try (Connection connection = ConnectionUtil.getConnection();
                 PreparedStatement statement = connection.prepareStatement(query,
                         Statement.RETURN_GENERATED_KEYS)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
+            statement.setString(3, driver.getLogin());
+            statement.setString(4, driver.getPassword());
             statement.executeUpdate();
             ResultSet resultSet = statement.getGeneratedKeys();
             if (resultSet.next()) {
@@ -71,14 +73,17 @@ public List<Driver> getAll() {
     @Override
     public Driver update(Driver driver) {
         String query = "UPDATE drivers "
-                + "SET name = ?, license_number = ? "
+                + "SET name = ?, license_number = ?, "
+                + "login = ?, password = ?"
                 + "WHERE id = ? AND is_deleted = FALSE";
         try (Connection connection = ConnectionUtil.getConnection();
                 PreparedStatement statement
                         = connection.prepareStatement(query)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
-            statement.setLong(3, driver.getId());
+            statement.setString(3, driver.getLogin());
+            statement.setString(4, driver.getPassword());
+            statement.setLong(5, driver.getId());
             statement.executeUpdate();
             return driver;
         } catch (SQLException e) {
@@ -98,14 +103,36 @@ public boolean delete(Long id) {
         }
     }
 
+    @Override
+    public Optional<Driver> findDriverByLogin(String login) {
+        String query = "SELECT * FROM drivers WHERE login = ? AND is_deleted = FALSE";
+        try (Connection connection = ConnectionUtil.getConnection();
+                PreparedStatement statement = connection.prepareStatement(query)) {
+            statement.setString(1, login);
+            ResultSet resultSet = statement.executeQuery();
+            Driver driver = null;
+            if (resultSet.next()) {
+                driver = parseDriverFromResultSet(resultSet);
+            }
+            return Optional.ofNullable(driver);
+        } catch (SQLException e) {
+            throw new DataProcessingException("Can't get driver by login " + login, e);
+        }
+    }
+
     private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException {
         Long id = resultSet.getObject("id", Long.class);
         String name = resultSet.getString("name");
         String licenseNumber = resultSet.getString("license_number");
+        String login = resultSet.getString("login");
+        String password = resultSet.getString("password");
         Driver driver = new Driver();
         driver.setId(id);
         driver.setName(name);
         driver.setLicenseNumber(licenseNumber);
+        driver.setLogin(login);
+        driver.setPassword(password);
         return driver;
     }
+
 }
diff --git a/src/main/java/taxi/exception/AuthenticationException.java b/src/main/java/taxi/exception/AuthenticationException.java
new file mode 100644
index 000000000..a80dfd9e9
--- /dev/null
+++ b/src/main/java/taxi/exception/AuthenticationException.java
@@ -0,0 +1,7 @@
+package taxi.exception;
+
+public class AuthenticationException extends Exception {
+    public AuthenticationException(String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/taxi/filter/AuthenticationFilter.java b/src/main/java/taxi/filter/AuthenticationFilter.java
new file mode 100644
index 000000000..28c60c9e4
--- /dev/null
+++ b/src/main/java/taxi/filter/AuthenticationFilter.java
@@ -0,0 +1,47 @@
+package taxi.filter;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+public class AuthenticationFilter implements Filter {
+    private Set<String> allowedUrls = new HashSet<>();
+
+    @Override
+    public void init(FilterConfig filterConfig) {
+        allowedUrls.add("/login");
+        allowedUrls.add("/drivers/add");
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
+                         FilterChain filterChain)
+            throws IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest) servletRequest;
+        HttpServletResponse resp = (HttpServletResponse) servletResponse;
+        HttpSession session = req.getSession();
+
+        Long driverId = (Long) session.getAttribute("driver_id");
+
+        if (driverId == null && allowedUrls.contains(req.getServletPath())) {
+            filterChain.doFilter(req, resp);
+            return;
+        }
+
+        if (driverId == null) {
+            resp.sendRedirect("/login");
+            return;
+        }
+
+        filterChain.doFilter(req, resp);
+    }
+}
diff --git a/src/main/java/taxi/model/Driver.java b/src/main/java/taxi/model/Driver.java
index 9c375f94c..90d149970 100644
--- a/src/main/java/taxi/model/Driver.java
+++ b/src/main/java/taxi/model/Driver.java
@@ -6,6 +6,8 @@ public class Driver {
     private Long id;
     private String name;
     private String licenseNumber;
+    private String login;
+    private String password;
 
     public Driver() {
     }
@@ -15,6 +17,19 @@ public Driver(String name, String licenseNumber) {
         this.licenseNumber = licenseNumber;
     }
 
+    public Driver(Long id, String login, String password) {
+        this.id = id;
+        this.login = login;
+        this.password = password;
+    }
+
+    public Driver(String name, String licenseNumber, String login, String password) {
+        this.name = name;
+        this.licenseNumber = licenseNumber;
+        this.login = login;
+        this.password = password;
+    }
+
     public Long getId() {
         return id;
     }
@@ -39,22 +54,50 @@ public void setLicenseNumber(String licenseNumber) {
         this.licenseNumber = licenseNumber;
     }
 
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
             return true;
         }
-        if (o == null || getClass() != o.getClass()) {
+        if (!(o instanceof Driver)) {
             return false;
         }
         Driver driver = (Driver) o;
-        return Objects.equals(id, driver.id)
-                && Objects.equals(name, driver.name)
-                && Objects.equals(licenseNumber, driver.licenseNumber);
+        return Objects.equals(getId(), driver.getId())
+                && Objects.equals(getName(), driver.getName())
+                && Objects.equals(getLicenseNumber(), driver.getLicenseNumber())
+                && Objects.equals(getLogin(), driver.getLogin())
+                && Objects.equals(getPassword(), driver.getPassword());
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(id, name, licenseNumber);
+        return Objects.hash(getId(), getName(), getLicenseNumber(), getLogin(), getPassword());
+    }
+
+    @Override
+    public String toString() {
+        return "Driver{"
+                + "id=" + id
+                + ", name='" + name + '\''
+                + ", licenseNumber='" + licenseNumber + '\''
+                + ", login='" + login + '\''
+                + '}';
     }
 }
diff --git a/src/main/java/taxi/service/AuthenticationService.java b/src/main/java/taxi/service/AuthenticationService.java
new file mode 100644
index 000000000..e9ffa0eea
--- /dev/null
+++ b/src/main/java/taxi/service/AuthenticationService.java
@@ -0,0 +1,8 @@
+package taxi.service;
+
+import taxi.exception.AuthenticationException;
+import taxi.model.Driver;
+
+public interface AuthenticationService {
+    Driver login(String login, String password) throws AuthenticationException;
+}
diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java
new file mode 100644
index 000000000..574f89cca
--- /dev/null
+++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java
@@ -0,0 +1,22 @@
+package taxi.service;
+
+import java.util.Optional;
+import taxi.exception.AuthenticationException;
+import taxi.lib.Inject;
+import taxi.lib.Service;
+import taxi.model.Driver;
+
+@Service
+public class AuthenticationServiceImpl implements AuthenticationService {
+    @Inject
+    private DriverService driverService;
+
+    @Override
+    public Driver login(String login, String password) throws AuthenticationException {
+        Optional<Driver> driver = Optional.ofNullable(driverService.findDriverByLogin(login));
+        if (driver.isPresent() && driver.get().getPassword().equals(password)) {
+            return driver.get();
+        }
+        throw new AuthenticationException("Login or password is incorrect");
+    }
+}
diff --git a/src/main/java/taxi/service/DriverService.java b/src/main/java/taxi/service/DriverService.java
index faddf81b3..6e2cc5910 100644
--- a/src/main/java/taxi/service/DriverService.java
+++ b/src/main/java/taxi/service/DriverService.java
@@ -3,4 +3,5 @@
 import taxi.model.Driver;
 
 public interface DriverService extends GenericService<Driver> {
+    Driver findDriverByLogin(String login);
 }
diff --git a/src/main/java/taxi/service/DriverServiceImpl.java b/src/main/java/taxi/service/DriverServiceImpl.java
index e2f554b3f..01f2ae823 100644
--- a/src/main/java/taxi/service/DriverServiceImpl.java
+++ b/src/main/java/taxi/service/DriverServiceImpl.java
@@ -38,4 +38,10 @@ public Driver update(Driver driver) {
     public boolean delete(Long id) {
         return driverDao.delete(id);
     }
+
+    @Override
+    public Driver findDriverByLogin(String login) {
+        return driverDao.findDriverByLogin(login).orElseThrow(() ->
+                new NoSuchElementException("Can't get driver by login: " + login));
+    }
 }
diff --git a/src/main/java/taxi/util/ConnectionUtil.java b/src/main/java/taxi/util/ConnectionUtil.java
index 9a94e69a2..a7911c74e 100644
--- a/src/main/java/taxi/util/ConnectionUtil.java
+++ b/src/main/java/taxi/util/ConnectionUtil.java
@@ -6,10 +6,10 @@
 import java.util.Properties;
 
 public class ConnectionUtil {
-    private static final String URL = "YOUR DATABASE URL";
-    private static final String USERNAME = "YOUR USERNAME";
-    private static final String PASSWORD = "YOUR PASSWORD";
-    private static final String JDBC_DRIVER = "YOUR DRIVER";
+    private static final String URL = "jdbc:mysql://localhost:3306/taxi?serverTimezone=UTC";
+    private static final String USERNAME = "root";
+    private static final String PASSWORD = "Kery1155";
+    private static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver";
 
     static {
         try {
diff --git a/src/main/webapp/WEB-INF/views/drivers/add.jsp b/src/main/webapp/WEB-INF/views/drivers/add.jsp
index 4ad7cee44..579cc1e83 100644
--- a/src/main/webapp/WEB-INF/views/drivers/add.jsp
+++ b/src/main/webapp/WEB-INF/views/drivers/add.jsp
@@ -14,6 +14,8 @@
     <tr>
         <th>Name</th>
         <th>License number</th>
+        <th>Login</th>
+        <th>Password</th>
         <th>Add</th>
     </tr>
     <tr>
@@ -23,6 +25,12 @@
         <td>
             <input type="text" name="license_number" form="driver" required>
         </td>
+        <td>
+            <input type="text" name="login" form="driver" required>
+        </td>
+        <td>
+            <input type="text" name="password" form="driver" required>
+        </td>
         <td>
             <input type="submit" name="add" form="driver">
         </td>
diff --git a/src/main/webapp/WEB-INF/views/drivers/all.jsp b/src/main/webapp/WEB-INF/views/drivers/all.jsp
index 776101f73..2b87fe8a0 100644
--- a/src/main/webapp/WEB-INF/views/drivers/all.jsp
+++ b/src/main/webapp/WEB-INF/views/drivers/all.jsp
@@ -14,6 +14,7 @@
         <th>ID</th>
         <th>Name</th>
         <th>License number</th>
+        <th>Login</th>
         <th>Delete</th>
     </tr>
     <c:forEach var="driver" items="${drivers}">
@@ -27,6 +28,9 @@
             <td>
                 <c:out value="${driver.licenseNumber}"/>
             </td>
+            <td>
+                <c:out value="${driver.login}"/>
+            </td>
             <td>
                 <a href="${pageContext.request.contextPath}/drivers/delete?id=${driver.id}">DELETE</a>
             </td>
diff --git a/src/main/webapp/WEB-INF/views/header.jsp b/src/main/webapp/WEB-INF/views/header.jsp
new file mode 100644
index 000000000..aee9f24a7
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/header.jsp
@@ -0,0 +1,9 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+  <title>Header</title>
+</head>
+<body>
+<a href="${pageContext.request.contextPath}/logout">Logout</a>
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/index.jsp b/src/main/webapp/WEB-INF/views/index.jsp
index b9b5e9d2b..16361e10a 100644
--- a/src/main/webapp/WEB-INF/views/index.jsp
+++ b/src/main/webapp/WEB-INF/views/index.jsp
@@ -5,6 +5,7 @@
 <html>
 <head>
     <title>My team</title>
+    <%@include file="header.jsp"%>>
 </head>
 <body>
 <form method="post" id="redirect"></form>
diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp
new file mode 100644
index 000000000..33cd98f20
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/login.jsp
@@ -0,0 +1,16 @@
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Login</title>
+</head>
+<body>
+<h1>Login Page</h1>
+<h4 style="color: red">${errorMsg}</h4>
+<form method="post" action="${pageContext.request.contextPath}/login">
+    Enter login: <input type="text" name="login"required>
+    Enter password: <input type="password" name="password" required>
+    <button type="submit">Login</button>
+</form>
+<h4><a href="${pageContext.request.contextPath}/register">Register</a></h4>
+</body>
+</html>
diff --git a/src/main/webapp/web.xml b/src/main/webapp/web.xml
index 284381048..fc5e0858e 100644
--- a/src/main/webapp/web.xml
+++ b/src/main/webapp/web.xml
@@ -105,4 +105,40 @@
         <servlet-name>deleteManufacturer</servlet-name>
         <url-pattern>/manufacturers/delete</url-pattern>
     </servlet-mapping>
+
+    <servlet>
+        <servlet-name>loginController</servlet-name>
+        <servlet-class>taxi.controller.LoginController</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>loginController</servlet-name>
+        <url-pattern>/login</url-pattern>
+    </servlet-mapping>
+
+    <servlet>
+        <servlet-name>logoutController</servlet-name>
+        <servlet-class>taxi.controller.LoginController</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>logoutController</servlet-name>
+        <url-pattern>/logout</url-pattern>
+    </servlet-mapping>
+
+    <servlet>
+        <servlet-name>getAllCarsController</servlet-name>
+        <servlet-class>taxi.controller.car.GetAllCarsController</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>getAllCarsController</servlet-name>
+        <url-pattern>/drivers/cars</url-pattern>
+    </servlet-mapping>
+
+    <filter>
+        <filter-name>authenticationFilter</filter-name>
+        <filter-class>taxi.filter.AuthenticationFilter</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>authenticationFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 </web-app>

From a83c367558a2ef82ff0b87d3652113017c20ead1 Mon Sep 17 00:00:00 2001
From: Kristina Shpilchyna <kriss.mva@gmail.com>
Date: Thu, 13 Jul 2023 17:40:59 +0200
Subject: [PATCH 2/2] web security solution

---
 src/main/java/taxi/util/ConnectionUtil.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/taxi/util/ConnectionUtil.java b/src/main/java/taxi/util/ConnectionUtil.java
index a7911c74e..d538e9d35 100644
--- a/src/main/java/taxi/util/ConnectionUtil.java
+++ b/src/main/java/taxi/util/ConnectionUtil.java
@@ -8,7 +8,7 @@
 public class ConnectionUtil {
     private static final String URL = "jdbc:mysql://localhost:3306/taxi?serverTimezone=UTC";
     private static final String USERNAME = "root";
-    private static final String PASSWORD = "Kery1155";
+    private static final String PASSWORD = "123456";
     private static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver";
 
     static {