From 75bdb211a072b88621bdb0924d635f79f96168af Mon Sep 17 00:00:00 2001 From: marinakusniruk Date: Tue, 8 Aug 2023 15:58:14 +0200 Subject: [PATCH 1/2] Hometask jv-web-security completed --- .../GetMyCurrentCarsController.java | 27 ++++++++++++ .../authentication/LoginController.java | 40 ++++++++++++++++++ .../authentication/LogoutController.java | 16 +++++++ .../driver/AddDriverController.java | 4 +- src/main/java/taxi/dao/CarDaoImpl.java | 6 ++- src/main/java/taxi/dao/DriverDao.java | 2 + src/main/java/taxi/dao/DriverDaoImpl.java | 42 +++++++++++++++---- .../exception/AuthenticationException.java | 7 ++++ src/main/java/taxi/model/Driver.java | 25 +++++++++++ .../taxi/service/AuthenticationService.java | 8 ++++ .../service/AuthenticationServiceImpl.java | 24 +++++++++++ src/main/java/taxi/service/DriverService.java | 3 ++ .../java/taxi/service/DriverServiceImpl.java | 9 +++- src/main/java/taxi/util/ConnectionUtil.java | 8 ++-- .../taxi/web/filter/AuthenticationFilter.java | 39 +++++++++++++++++ src/main/resources/init_db.sql | 16 +++---- src/main/webapp/WEB-INF/views/cars/add.jsp | 1 + src/main/webapp/WEB-INF/views/cars/all.jsp | 3 +- src/main/webapp/WEB-INF/views/drivers/add.jsp | 9 ++++ src/main/webapp/WEB-INF/views/drivers/all.jsp | 5 +++ src/main/webapp/WEB-INF/views/header.jsp | 9 ++++ src/main/webapp/WEB-INF/views/index.jsp | 4 +- src/main/webapp/WEB-INF/views/login.jsp | 18 ++++++++ .../WEB-INF/views/manufacturers/add.jsp | 1 + .../WEB-INF/views/manufacturers/all.jsp | 1 + src/main/webapp/web.xml | 24 +++++++++++ 26 files changed, 327 insertions(+), 24 deletions(-) create mode 100644 src/main/java/taxi/controller/GetMyCurrentCarsController.java create mode 100644 src/main/java/taxi/controller/authentication/LoginController.java create mode 100644 src/main/java/taxi/controller/authentication/LogoutController.java create mode 100644 src/main/java/taxi/exception/AuthenticationException.java create mode 100644 src/main/java/taxi/service/AuthenticationService.java create mode 100644 src/main/java/taxi/service/AuthenticationServiceImpl.java create mode 100644 src/main/java/taxi/web/filter/AuthenticationFilter.java create mode 100644 src/main/webapp/WEB-INF/views/header.jsp create mode 100644 src/main/webapp/WEB-INF/views/login.jsp diff --git a/src/main/java/taxi/controller/GetMyCurrentCarsController.java b/src/main/java/taxi/controller/GetMyCurrentCarsController.java new file mode 100644 index 000000000..0fd1eed64 --- /dev/null +++ b/src/main/java/taxi/controller/GetMyCurrentCarsController.java @@ -0,0 +1,27 @@ +package taxi.controller; + +import java.io.IOException; +import java.util.List; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import taxi.lib.Injector; +import taxi.model.Car; +import taxi.service.CarService; + +public class GetMyCurrentCarsController extends HttpServlet { + private static final Injector injector = Injector.getInstance("taxi"); + private final CarService carService = (CarService) injector.getInstance(CarService.class); + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + HttpSession session = req.getSession(); + Long driverId = (Long) session.getAttribute("driver_id"); + List cars = carService.getAllByDriver(driverId); + req.setAttribute("cars", cars); + req.getRequestDispatcher("/WEB-INF/views/cars/all.jsp").forward(req, resp); + } +} diff --git a/src/main/java/taxi/controller/authentication/LoginController.java b/src/main/java/taxi/controller/authentication/LoginController.java new file mode 100644 index 000000000..0fc500c22 --- /dev/null +++ b/src/main/java/taxi/controller/authentication/LoginController.java @@ -0,0 +1,40 @@ +package taxi.controller.authentication; + +import java.io.IOException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import taxi.exception.AuthenticationException; +import taxi.lib.Injector; +import taxi.model.Driver; +import taxi.service.AuthenticationService; + +public class LoginController extends HttpServlet { + private static final Injector injector = Injector.getInstance("taxi"); + private final AuthenticationService authenticationService = + (AuthenticationService) injector.getInstance(AuthenticationService.class); + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + String login = req.getParameter("login"); + String password = req.getParameter("password"); + try { + Driver driver = authenticationService.login(login, password); + HttpSession session = req.getSession(); + session.setAttribute("driver_id", driver.getId()); + resp.sendRedirect(req.getContextPath() + "/index"); + } catch (AuthenticationException e) { + req.setAttribute("errorMsg", e.getMessage()); + req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp); + } + } +} diff --git a/src/main/java/taxi/controller/authentication/LogoutController.java b/src/main/java/taxi/controller/authentication/LogoutController.java new file mode 100644 index 000000000..e4705b98e --- /dev/null +++ b/src/main/java/taxi/controller/authentication/LogoutController.java @@ -0,0 +1,16 @@ +package taxi.controller.authentication; + +import java.io.IOException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class LogoutController extends HttpServlet { + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + req.getSession().invalidate(); + resp.sendRedirect(req.getContextPath() + "/index"); + } +} diff --git a/src/main/java/taxi/controller/driver/AddDriverController.java b/src/main/java/taxi/controller/driver/AddDriverController.java index 1db67730b..e6da4dd22 100644 --- a/src/main/java/taxi/controller/driver/AddDriverController.java +++ b/src/main/java/taxi/controller/driver/AddDriverController.java @@ -24,7 +24,9 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp) public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { String name = req.getParameter("name"); String licenseNumber = req.getParameter("license_number"); - Driver driver = new Driver(name, licenseNumber); + String login = req.getParameter("login"); + String password = req.getParameter("password"); + Driver driver = new Driver(name, licenseNumber, login, password); driverService.create(driver); resp.sendRedirect(req.getContextPath() + "/drivers/add"); } diff --git a/src/main/java/taxi/dao/CarDaoImpl.java b/src/main/java/taxi/dao/CarDaoImpl.java index 586ccb595..aface2ddd 100644 --- a/src/main/java/taxi/dao/CarDaoImpl.java +++ b/src/main/java/taxi/dao/CarDaoImpl.java @@ -188,7 +188,7 @@ private void deleteAllDrivers(Car car) { } private List getAllDriversByCarId(Long carId) { - String query = "SELECT id, name, license_number " + String query = "SELECT id, name, license_number, login, password " + "FROM cars_drivers cd " + "JOIN drivers d ON cd.driver_id = d.id " + "WHERE car_id = ? AND is_deleted = false"; @@ -211,10 +211,14 @@ private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException Long driverId = resultSet.getObject("id", Long.class); String name = resultSet.getString("name"); String licenseNumber = resultSet.getString("license_number"); + String login = resultSet.getString("login"); + String password = resultSet.getString("password"); Driver driver = new Driver(); driver.setId(driverId); driver.setName(name); driver.setLicenseNumber(licenseNumber); + driver.setLogin(login); + driver.setPassword(password); return driver; } diff --git a/src/main/java/taxi/dao/DriverDao.java b/src/main/java/taxi/dao/DriverDao.java index 83440d530..e9c38d2a5 100644 --- a/src/main/java/taxi/dao/DriverDao.java +++ b/src/main/java/taxi/dao/DriverDao.java @@ -1,6 +1,8 @@ package taxi.dao; +import java.util.Optional; import taxi.model.Driver; public interface DriverDao extends GenericDao { + Optional findByLogin(String login); } diff --git a/src/main/java/taxi/dao/DriverDaoImpl.java b/src/main/java/taxi/dao/DriverDaoImpl.java index f5e18f2a2..09d14fde2 100644 --- a/src/main/java/taxi/dao/DriverDaoImpl.java +++ b/src/main/java/taxi/dao/DriverDaoImpl.java @@ -17,13 +17,15 @@ public class DriverDaoImpl implements DriverDao { @Override public Driver create(Driver driver) { - String query = "INSERT INTO drivers (name, license_number) " - + "VALUES (?, ?)"; + String query = "INSERT INTO drivers (name, license_number, login, password) " + + "VALUES (?, ?, ?, ?)"; try (Connection connection = ConnectionUtil.getConnection(); PreparedStatement statement = connection.prepareStatement(query, Statement.RETURN_GENERATED_KEYS)) { statement.setString(1, driver.getName()); statement.setString(2, driver.getLicenseNumber()); + statement.setString(3, driver.getLogin()); + statement.setString(4, driver.getPassword()); statement.executeUpdate(); ResultSet resultSet = statement.getGeneratedKeys(); if (resultSet.next()) { @@ -57,7 +59,7 @@ public List getAll() { String query = "SELECT * FROM drivers WHERE is_deleted = FALSE"; List drivers = new ArrayList<>(); try (Connection connection = ConnectionUtil.getConnection(); - PreparedStatement statement = connection.prepareStatement(query)) { + PreparedStatement statement = connection.prepareStatement(query)) { ResultSet resultSet = statement.executeQuery(); while (resultSet.next()) { drivers.add(parseDriverFromResultSet(resultSet)); @@ -71,14 +73,16 @@ public List getAll() { @Override public Driver update(Driver driver) { String query = "UPDATE drivers " - + "SET name = ?, license_number = ? " + + "SET name = ?, license_number = ? , login = ?, password = ?" + "WHERE id = ? AND is_deleted = FALSE"; try (Connection connection = ConnectionUtil.getConnection(); - PreparedStatement statement - = connection.prepareStatement(query)) { + PreparedStatement statement + = connection.prepareStatement(query)) { statement.setString(1, driver.getName()); statement.setString(2, driver.getLicenseNumber()); - statement.setLong(3, driver.getId()); + statement.setString(3, driver.getLogin()); + statement.setString(4, driver.getPassword()); + statement.setLong(5, driver.getId()); statement.executeUpdate(); return driver; } catch (SQLException e) { @@ -90,7 +94,7 @@ public Driver update(Driver driver) { public boolean delete(Long id) { String query = "UPDATE drivers SET is_deleted = TRUE WHERE id = ?"; try (Connection connection = ConnectionUtil.getConnection(); - PreparedStatement statement = connection.prepareStatement(query)) { + PreparedStatement statement = connection.prepareStatement(query)) { statement.setLong(1, id); return statement.executeUpdate() > 0; } catch (SQLException e) { @@ -102,10 +106,32 @@ private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException Long id = resultSet.getObject("id", Long.class); String name = resultSet.getString("name"); String licenseNumber = resultSet.getString("license_number"); + String login = resultSet.getString("login"); + String password = resultSet.getString("password"); Driver driver = new Driver(); driver.setId(id); driver.setName(name); driver.setLicenseNumber(licenseNumber); + driver.setLogin(login); + driver.setPassword(password); return driver; } + + @Override + public Optional findByLogin(String login) { + String queryFindByLogin = "SELECT * FROM drivers WHERE login = ? AND is_deleted = FALSE"; + try (Connection connection = ConnectionUtil.getConnection(); + PreparedStatement statement = connection.prepareStatement(queryFindByLogin)) { + statement.setString(1, login); + ResultSet resultSet = statement.executeQuery(); + Driver driver = null; + if (resultSet.next()) { + driver = parseDriverFromResultSet(resultSet); + } + return Optional.ofNullable(driver); + } catch (SQLException e) { + throw new DataProcessingException("Can't find driver by login " + login, e); + } + + } } diff --git a/src/main/java/taxi/exception/AuthenticationException.java b/src/main/java/taxi/exception/AuthenticationException.java new file mode 100644 index 000000000..a80dfd9e9 --- /dev/null +++ b/src/main/java/taxi/exception/AuthenticationException.java @@ -0,0 +1,7 @@ +package taxi.exception; + +public class AuthenticationException extends Exception { + public AuthenticationException(String message) { + super(message); + } +} diff --git a/src/main/java/taxi/model/Driver.java b/src/main/java/taxi/model/Driver.java index 9c375f94c..4acf2f78a 100644 --- a/src/main/java/taxi/model/Driver.java +++ b/src/main/java/taxi/model/Driver.java @@ -6,6 +6,8 @@ public class Driver { private Long id; private String name; private String licenseNumber; + private String login; + private String password; public Driver() { } @@ -15,6 +17,13 @@ public Driver(String name, String licenseNumber) { this.licenseNumber = licenseNumber; } + public Driver(String name, String licenseNumber, String login, String password) { + this.name = name; + this.licenseNumber = licenseNumber; + this.login = login; + this.password = password; + } + public Long getId() { return id; } @@ -39,6 +48,22 @@ public void setLicenseNumber(String licenseNumber) { this.licenseNumber = licenseNumber; } + public String getLogin() { + return login; + } + + public void setLogin(String login) { + this.login = login; + } + + public String getPassword() { + return password; + } + + public void setPassword(String password) { + this.password = password; + } + @Override public boolean equals(Object o) { if (this == o) { diff --git a/src/main/java/taxi/service/AuthenticationService.java b/src/main/java/taxi/service/AuthenticationService.java new file mode 100644 index 000000000..e9ffa0eea --- /dev/null +++ b/src/main/java/taxi/service/AuthenticationService.java @@ -0,0 +1,8 @@ +package taxi.service; + +import taxi.exception.AuthenticationException; +import taxi.model.Driver; + +public interface AuthenticationService { + Driver login(String login, String password) throws AuthenticationException; +} diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java new file mode 100644 index 000000000..27e2554eb --- /dev/null +++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java @@ -0,0 +1,24 @@ +package taxi.service; + +import java.util.Optional; +import taxi.exception.AuthenticationException; +import taxi.lib.Injector; +import taxi.model.Driver; + +public class AuthenticationServiceImpl implements AuthenticationService { + private static final Injector injector = Injector.getInstance("taxi"); + private final DriverService driverService = + (DriverService) injector.getInstance(DriverService.class); + + @Override + public Driver login(String login, String password) throws AuthenticationException { + Optional driver = driverService.findByLogin(login); + if (driver.isEmpty()) { + throw new AuthenticationException("Login or password was incorrect"); + } + if (driver.get().getPassword().equals(password)) { + return driver.get(); + } + throw new AuthenticationException("Login or password was incorrect"); + } +} diff --git a/src/main/java/taxi/service/DriverService.java b/src/main/java/taxi/service/DriverService.java index faddf81b3..fa0e9283d 100644 --- a/src/main/java/taxi/service/DriverService.java +++ b/src/main/java/taxi/service/DriverService.java @@ -1,6 +1,9 @@ package taxi.service; +import java.util.Optional; +import taxi.exception.AuthenticationException; import taxi.model.Driver; public interface DriverService extends GenericService { + Optional findByLogin(String login) throws AuthenticationException; } diff --git a/src/main/java/taxi/service/DriverServiceImpl.java b/src/main/java/taxi/service/DriverServiceImpl.java index e2f554b3f..446bf7244 100644 --- a/src/main/java/taxi/service/DriverServiceImpl.java +++ b/src/main/java/taxi/service/DriverServiceImpl.java @@ -2,7 +2,9 @@ import java.util.List; import java.util.NoSuchElementException; +import java.util.Optional; import taxi.dao.DriverDao; +import taxi.exception.AuthenticationException; import taxi.lib.Inject; import taxi.lib.Service; import taxi.model.Driver; @@ -20,7 +22,7 @@ public Driver create(Driver driver) { @Override public Driver get(Long id) { return driverDao.get(id).orElseThrow(() -> - new NoSuchElementException("Can't get driver by id: " + id) + new NoSuchElementException("Can't get driver by id: " + id) ); } @@ -38,4 +40,9 @@ public Driver update(Driver driver) { public boolean delete(Long id) { return driverDao.delete(id); } + + public Optional findByLogin(String login) throws AuthenticationException { + return driverDao.findByLogin(login); + + } } diff --git a/src/main/java/taxi/util/ConnectionUtil.java b/src/main/java/taxi/util/ConnectionUtil.java index 9a94e69a2..86e837aa6 100644 --- a/src/main/java/taxi/util/ConnectionUtil.java +++ b/src/main/java/taxi/util/ConnectionUtil.java @@ -6,10 +6,10 @@ import java.util.Properties; public class ConnectionUtil { - private static final String URL = "YOUR DATABASE URL"; - private static final String USERNAME = "YOUR USERNAME"; - private static final String PASSWORD = "YOUR PASSWORD"; - private static final String JDBC_DRIVER = "YOUR DRIVER"; + private static final String URL = "jdbc:mysql://localhost:3306/taxi_service"; + private static final String USERNAME = "root"; + private static final String PASSWORD = "26082014"; + private static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver"; static { try { diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java new file mode 100644 index 000000000..396ccb201 --- /dev/null +++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java @@ -0,0 +1,39 @@ +package taxi.web.filter; + +import java.io.IOException; +import java.util.HashSet; +import java.util.Set; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +public class AuthenticationFilter implements Filter { + private static final Set allowedUrls = new HashSet<>(); + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + allowedUrls.add("/login"); + allowedUrls.add("/drivers/add"); + } + + @Override + public void doFilter(ServletRequest servletRequest, + ServletResponse servletResponse, FilterChain filterChain) + throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) servletRequest; + HttpServletResponse response = (HttpServletResponse) servletResponse; + HttpSession session = request.getSession(); + Long id = (Long) session.getAttribute("driver_id"); + if (id != null || allowedUrls.contains(request.getContextPath())) { + filterChain.doFilter(request, response); + return; + } + response.sendRedirect(request.getContextPath() + "/login"); + } +} diff --git a/src/main/resources/init_db.sql b/src/main/resources/init_db.sql index 2acabb883..8609e5220 100644 --- a/src/main/resources/init_db.sql +++ b/src/main/resources/init_db.sql @@ -7,13 +7,15 @@ SET FOREIGN_KEY_CHECKS = 0; -- Table structure for drivers -- ---------------------------- DROP TABLE IF EXISTS `drivers`; -CREATE TABLE `drivers` ( - `id` BIGINT(0) UNSIGNED NOT NULL AUTO_INCREMENT, - `name` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, - `license_number` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, - `is_deleted` BIT(1) NOT NULL DEFAULT b'0', - PRIMARY KEY (`id`) USING BTREE -) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic; +CREATE TABLE `drivers` ( + `id` bigint NOT NULL AUTO_INCREMENT, + `name` varchar(256) DEFAULT 'null', + `license_number` varchar(256) DEFAULT 'null', + `is_deleted` tinyint NOT NULL DEFAULT '0', + `login` varchar(256) DEFAULT 'null', + `password` varchar(256) DEFAULT 'null', + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=23 DEFAULT CHARSET=utf8; -- ---------------------------- -- Table structure for manufacturers diff --git a/src/main/webapp/WEB-INF/views/cars/add.jsp b/src/main/webapp/WEB-INF/views/cars/add.jsp index c23ba0b4f..1615662e1 100644 --- a/src/main/webapp/WEB-INF/views/cars/add.jsp +++ b/src/main/webapp/WEB-INF/views/cars/add.jsp @@ -6,6 +6,7 @@ Add car + <%@include file="../header.jsp"%>
diff --git a/src/main/webapp/WEB-INF/views/cars/all.jsp b/src/main/webapp/WEB-INF/views/cars/all.jsp index 84f046299..84b9e77ab 100644 --- a/src/main/webapp/WEB-INF/views/cars/all.jsp +++ b/src/main/webapp/WEB-INF/views/cars/all.jsp @@ -6,6 +6,7 @@ All cars + <%@include file="../header.jsp"%>

All cars:

@@ -34,7 +35,7 @@ - ${driver.id} ${driver.name} ${driver.licenseNumber}
+ ${driver.id} ${driver.name} ${driver.licenseNumber} ${driver.login}
diff --git a/src/main/webapp/WEB-INF/views/drivers/add.jsp b/src/main/webapp/WEB-INF/views/drivers/add.jsp index 4ad7cee44..fe04f9e2e 100644 --- a/src/main/webapp/WEB-INF/views/drivers/add.jsp +++ b/src/main/webapp/WEB-INF/views/drivers/add.jsp @@ -6,6 +6,7 @@ All drivers + <%@include file="../header.jsp"%>
@@ -14,6 +15,8 @@ Name License number + Login + Password Add @@ -23,6 +26,12 @@ + + + + + + diff --git a/src/main/webapp/WEB-INF/views/drivers/all.jsp b/src/main/webapp/WEB-INF/views/drivers/all.jsp index 776101f73..4ca29b6df 100644 --- a/src/main/webapp/WEB-INF/views/drivers/all.jsp +++ b/src/main/webapp/WEB-INF/views/drivers/all.jsp @@ -6,6 +6,7 @@ All drivers + <%@include file="../header.jsp"%>

All drivers:

@@ -14,6 +15,7 @@ ID Name License number + Login Delete @@ -27,6 +29,9 @@ + + + DELETE diff --git a/src/main/webapp/WEB-INF/views/header.jsp b/src/main/webapp/WEB-INF/views/header.jsp new file mode 100644 index 000000000..c449603f1 --- /dev/null +++ b/src/main/webapp/WEB-INF/views/header.jsp @@ -0,0 +1,9 @@ +<%@ page contentType="text/html;charset=UTF-8" language="java" %> + + + Logout + + +Logout + + diff --git a/src/main/webapp/WEB-INF/views/index.jsp b/src/main/webapp/WEB-INF/views/index.jsp index b9b5e9d2b..82779af71 100644 --- a/src/main/webapp/WEB-INF/views/index.jsp +++ b/src/main/webapp/WEB-INF/views/index.jsp @@ -7,8 +7,9 @@ My team +<%@include file="header.jsp"%>
-

Hello, mates

+

${driverName}, your ID is ${driver_id}

@@ -20,6 +21,7 @@ +
Redirect to
Create new Car
Create new Manufacturer
Add Driver to Car
My cars
diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp new file mode 100644 index 000000000..b9cc1f93e --- /dev/null +++ b/src/main/webapp/WEB-INF/views/login.jsp @@ -0,0 +1,18 @@ +<%@ page contentType="text/html;charset=UTF-8" language="java" %> + + + Login + + +

Login Page

+

${errorMsg}

+
+ Please enter your login: + Please enter your password + +
+
+ Register +
+ + diff --git a/src/main/webapp/WEB-INF/views/manufacturers/add.jsp b/src/main/webapp/WEB-INF/views/manufacturers/add.jsp index 108d3541c..33c540522 100644 --- a/src/main/webapp/WEB-INF/views/manufacturers/add.jsp +++ b/src/main/webapp/WEB-INF/views/manufacturers/add.jsp @@ -6,6 +6,7 @@ Manufacturers + <%@include file="../header.jsp"%>
diff --git a/src/main/webapp/WEB-INF/views/manufacturers/all.jsp b/src/main/webapp/WEB-INF/views/manufacturers/all.jsp index fd3eafdbf..b6a27a655 100644 --- a/src/main/webapp/WEB-INF/views/manufacturers/all.jsp +++ b/src/main/webapp/WEB-INF/views/manufacturers/all.jsp @@ -6,6 +6,7 @@ All manufacturers + <%@include file="../header.jsp"%>

All manufacturers:

diff --git a/src/main/webapp/web.xml b/src/main/webapp/web.xml index 284381048..8a2051857 100644 --- a/src/main/webapp/web.xml +++ b/src/main/webapp/web.xml @@ -105,4 +105,28 @@ deleteManufacturer /manufacturers/delete + + loginController + taxi.controller.authentication.LoginController + + + loginController + /login + + + logoutController + taxi.controller.authentication.LogoutController + + + logoutController + /logout + + + authenticationFilter + taxi.web.filter.AuthenticationFilter + + + authenticationFilter + /* + From 95c356ba5bf10f233dad86f966c39e1746b39999 Mon Sep 17 00:00:00 2001 From: marinakusniruk Date: Tue, 8 Aug 2023 20:22:26 +0200 Subject: [PATCH 2/2] Hometask jv-web-security completed changes --- src/main/java/taxi/service/AuthenticationServiceImpl.java | 5 +---- src/main/java/taxi/service/DriverServiceImpl.java | 1 - 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java index 27e2554eb..c3d9723ac 100644 --- a/src/main/java/taxi/service/AuthenticationServiceImpl.java +++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java @@ -13,10 +13,7 @@ public class AuthenticationServiceImpl implements AuthenticationService { @Override public Driver login(String login, String password) throws AuthenticationException { Optional driver = driverService.findByLogin(login); - if (driver.isEmpty()) { - throw new AuthenticationException("Login or password was incorrect"); - } - if (driver.get().getPassword().equals(password)) { + if (driver.isPresent() && driver.get().getPassword().equals(password)) { return driver.get(); } throw new AuthenticationException("Login or password was incorrect"); diff --git a/src/main/java/taxi/service/DriverServiceImpl.java b/src/main/java/taxi/service/DriverServiceImpl.java index 446bf7244..6b04b4692 100644 --- a/src/main/java/taxi/service/DriverServiceImpl.java +++ b/src/main/java/taxi/service/DriverServiceImpl.java @@ -43,6 +43,5 @@ public boolean delete(Long id) { public Optional findByLogin(String login) throws AuthenticationException { return driverDao.findByLogin(login); - } }