From 765e30543746dd9afcecf96a44e502f3554cee2b Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 15:35:09 +0300
Subject: [PATCH 1/9] realization jv web security

---
 .../java/taxi/controller/IndexController.java |  6 +++
 .../java/taxi/controller/LoginController.java | 43 +++++++++++++++++++
 .../taxi/controller/LogoutController.java     | 17 ++++++++
 .../driver/AddDriverController.java           |  6 ++-
 .../driver/GetMyCurrentCarsController.java    | 31 +++++++++++++
 src/main/java/taxi/dao/DriverDao.java         |  2 +
 src/main/java/taxi/dao/DriverDaoImpl.java     | 42 ++++++++++++++----
 .../exception/AuthenticationException.java    |  7 +++
 src/main/java/taxi/model/Driver.java          | 32 +++++++++++++-
 .../taxi/service/AuthenticationService.java   |  7 +++
 .../service/AuthenticationServiceImpl.java    | 26 +++++++++++
 src/main/java/taxi/util/ConnectionUtil.java   |  9 ++--
 .../taxi/web/filter/AuthenticationFilter.java | 38 ++++++++++++++++
 src/main/webapp/WEB-INF/views/cars/add.jsp    |  1 +
 src/main/webapp/WEB-INF/views/cars/all.jsp    |  1 +
 .../webapp/WEB-INF/views/cars/drivers/add.jsp |  1 +
 src/main/webapp/WEB-INF/views/drivers/add.jsp |  9 ++++
 src/main/webapp/WEB-INF/views/drivers/all.jsp |  1 +
 src/main/webapp/WEB-INF/views/header.jsp      | 11 +++++
 src/main/webapp/WEB-INF/views/index.jsp       |  2 +
 src/main/webapp/WEB-INF/views/login.jsp       | 19 ++++++++
 .../WEB-INF/views/manufacturers/add.jsp       |  1 +
 .../WEB-INF/views/manufacturers/all.jsp       |  1 +
 src/main/webapp/web.xml                       | 27 ++++++++++++
 24 files changed, 324 insertions(+), 16 deletions(-)
 create mode 100644 src/main/java/taxi/controller/LoginController.java
 create mode 100644 src/main/java/taxi/controller/LogoutController.java
 create mode 100644 src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java
 create mode 100644 src/main/java/taxi/exception/AuthenticationException.java
 create mode 100644 src/main/java/taxi/service/AuthenticationService.java
 create mode 100644 src/main/java/taxi/service/AuthenticationServiceImpl.java
 create mode 100644 src/main/java/taxi/web/filter/AuthenticationFilter.java
 create mode 100644 src/main/webapp/WEB-INF/views/header.jsp
 create mode 100644 src/main/webapp/WEB-INF/views/login.jsp

diff --git a/src/main/java/taxi/controller/IndexController.java b/src/main/java/taxi/controller/IndexController.java
index 0d5dd0e33..a9e002612 100644
--- a/src/main/java/taxi/controller/IndexController.java
+++ b/src/main/java/taxi/controller/IndexController.java
@@ -5,8 +5,14 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import taxi.lib.Injector;
+import taxi.service.DriverService;
 
 public class IndexController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private final DriverService driverService = (DriverService) injector
+            .getInstance(DriverService.class);
+
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
diff --git a/src/main/java/taxi/controller/LoginController.java b/src/main/java/taxi/controller/LoginController.java
new file mode 100644
index 000000000..e89e7fb2c
--- /dev/null
+++ b/src/main/java/taxi/controller/LoginController.java
@@ -0,0 +1,43 @@
+package taxi.controller;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import taxi.exception.AuthenticationException;
+import taxi.lib.Injector;
+import taxi.model.Driver;
+import taxi.service.AuthenticationService;
+
+@WebServlet("/login")
+public class LoginController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private final AuthenticationService authenticationService = (AuthenticationService) injector
+            .getInstance(AuthenticationService.class);
+
+    @Override
+    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+    }
+
+    @Override
+    protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        String login = req.getParameter("login");
+        String password = req.getParameter("password");
+        try {
+            Driver driver = authenticationService.login(login, password);
+            HttpSession session = req.getSession();
+            session.setAttribute("id", driver.getId());
+            resp.sendRedirect("/index");
+        } catch (AuthenticationException e) {
+            req.setAttribute("errorMsg", e.getMessage());
+            req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);
+        }
+    }
+}
diff --git a/src/main/java/taxi/controller/LogoutController.java b/src/main/java/taxi/controller/LogoutController.java
new file mode 100644
index 000000000..a53c350f5
--- /dev/null
+++ b/src/main/java/taxi/controller/LogoutController.java
@@ -0,0 +1,17 @@
+package taxi.controller;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class LogoutController extends HttpServlet {
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        req.getSession().invalidate();
+        resp.sendRedirect("/login");
+    }
+}
diff --git a/src/main/java/taxi/controller/driver/AddDriverController.java b/src/main/java/taxi/controller/driver/AddDriverController.java
index 1db67730b..b58898c60 100644
--- a/src/main/java/taxi/controller/driver/AddDriverController.java
+++ b/src/main/java/taxi/controller/driver/AddDriverController.java
@@ -24,8 +24,10 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp)
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         String name = req.getParameter("name");
         String licenseNumber = req.getParameter("license_number");
-        Driver driver = new Driver(name, licenseNumber);
+        String login = req.getParameter("login");
+        String password = req.getParameter("password");
+        Driver driver = new Driver(name, licenseNumber, login, password);
         driverService.create(driver);
-        resp.sendRedirect(req.getContextPath() + "/drivers/add");
+        resp.sendRedirect(req.getContextPath() + "/index");
     }
 }
diff --git a/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java b/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java
new file mode 100644
index 000000000..a2970e2d0
--- /dev/null
+++ b/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java
@@ -0,0 +1,31 @@
+package taxi.controller.driver;
+
+import java.io.IOException;
+import java.util.List;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import taxi.lib.Injector;
+import taxi.model.Car;
+import taxi.service.CarService;
+
+public class GetMyCurrentCarsController extends HttpServlet {
+    private static final Injector injector = Injector.getInstance("taxi");
+    private final CarService carService = (CarService) injector.getInstance(CarService.class);
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp)
+            throws ServletException, IOException {
+        HttpSession session = req.getSession();
+        Long driverId = (Long) session.getAttribute("id");
+        if (driverId != null) {
+            List<Car> cars = carService.getAllByDriver(driverId);
+            req.setAttribute("cars", cars);
+            req.getRequestDispatcher("/WEB-INF/views/cars/all.jsp").forward(req, resp);
+        } else {
+            resp.sendRedirect("/login");
+        }
+    }
+}
diff --git a/src/main/java/taxi/dao/DriverDao.java b/src/main/java/taxi/dao/DriverDao.java
index 83440d530..e9c38d2a5 100644
--- a/src/main/java/taxi/dao/DriverDao.java
+++ b/src/main/java/taxi/dao/DriverDao.java
@@ -1,6 +1,8 @@
 package taxi.dao;
 
+import java.util.Optional;
 import taxi.model.Driver;
 
 public interface DriverDao extends GenericDao<Driver> {
+    Optional<Driver> findByLogin(String login);
 }
diff --git a/src/main/java/taxi/dao/DriverDaoImpl.java b/src/main/java/taxi/dao/DriverDaoImpl.java
index f5e18f2a2..6439c4b5d 100644
--- a/src/main/java/taxi/dao/DriverDaoImpl.java
+++ b/src/main/java/taxi/dao/DriverDaoImpl.java
@@ -15,15 +15,34 @@
 
 @Dao
 public class DriverDaoImpl implements DriverDao {
+    @Override
+    public Optional<Driver> findByLogin(String login) {
+        String query = "SELECT * FROM drivers WHERE login = ?";
+        try (Connection connection = ConnectionUtil.getConnection();
+             PreparedStatement statement = connection.prepareStatement(query)) {
+            statement.setString(1, login);
+            ResultSet resultSet = statement.executeQuery();
+            Driver driver = null;
+            if (resultSet.next()) {
+                driver = parseDriverFromResultSet(resultSet);
+            }
+            return Optional.ofNullable(driver);
+        } catch (SQLException e) {
+            throw new DataProcessingException("Can't get driver by login and password " + login, e);
+        }
+    }
+
     @Override
     public Driver create(Driver driver) {
-        String query = "INSERT INTO drivers (name, license_number) "
-                + "VALUES (?, ?)";
+        String query = "INSERT INTO drivers (name, license_number,login, password) "
+                + "VALUES (?, ?, ?, ?)";
         try (Connection connection = ConnectionUtil.getConnection();
-                PreparedStatement statement = connection.prepareStatement(query,
-                        Statement.RETURN_GENERATED_KEYS)) {
+             PreparedStatement statement = connection.prepareStatement(query,
+                     Statement.RETURN_GENERATED_KEYS)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
+            statement.setString(3, driver.getLogin());
+            statement.setString(4, driver.getPassword());
             statement.executeUpdate();
             ResultSet resultSet = statement.getGeneratedKeys();
             if (resultSet.next()) {
@@ -39,7 +58,7 @@ public Driver create(Driver driver) {
     public Optional<Driver> get(Long id) {
         String query = "SELECT * FROM drivers WHERE id = ? AND is_deleted = FALSE";
         try (Connection connection = ConnectionUtil.getConnection();
-                PreparedStatement statement = connection.prepareStatement(query)) {
+             PreparedStatement statement = connection.prepareStatement(query)) {
             statement.setLong(1, id);
             ResultSet resultSet = statement.executeQuery();
             Driver driver = null;
@@ -57,7 +76,7 @@ public List<Driver> getAll() {
         String query = "SELECT * FROM drivers WHERE is_deleted = FALSE";
         List<Driver> drivers = new ArrayList<>();
         try (Connection connection = ConnectionUtil.getConnection();
-                PreparedStatement statement = connection.prepareStatement(query)) {
+             PreparedStatement statement = connection.prepareStatement(query)) {
             ResultSet resultSet = statement.executeQuery();
             while (resultSet.next()) {
                 drivers.add(parseDriverFromResultSet(resultSet));
@@ -74,8 +93,8 @@ public Driver update(Driver driver) {
                 + "SET name = ?, license_number = ? "
                 + "WHERE id = ? AND is_deleted = FALSE";
         try (Connection connection = ConnectionUtil.getConnection();
-                PreparedStatement statement
-                        = connection.prepareStatement(query)) {
+             PreparedStatement statement
+                     = connection.prepareStatement(query)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
             statement.setLong(3, driver.getId());
@@ -90,7 +109,7 @@ public Driver update(Driver driver) {
     public boolean delete(Long id) {
         String query = "UPDATE drivers SET is_deleted = TRUE WHERE id = ?";
         try (Connection connection = ConnectionUtil.getConnection();
-                PreparedStatement statement = connection.prepareStatement(query)) {
+             PreparedStatement statement = connection.prepareStatement(query)) {
             statement.setLong(1, id);
             return statement.executeUpdate() > 0;
         } catch (SQLException e) {
@@ -102,10 +121,15 @@ private Driver parseDriverFromResultSet(ResultSet resultSet) throws SQLException
         Long id = resultSet.getObject("id", Long.class);
         String name = resultSet.getString("name");
         String licenseNumber = resultSet.getString("license_number");
+        String login = resultSet.getString("login");
+        String password = resultSet.getString("password");
         Driver driver = new Driver();
         driver.setId(id);
         driver.setName(name);
         driver.setLicenseNumber(licenseNumber);
+        driver.setLogin(login);
+        driver.setPassword(password);
         return driver;
     }
+
 }
diff --git a/src/main/java/taxi/exception/AuthenticationException.java b/src/main/java/taxi/exception/AuthenticationException.java
new file mode 100644
index 000000000..e1c22824e
--- /dev/null
+++ b/src/main/java/taxi/exception/AuthenticationException.java
@@ -0,0 +1,7 @@
+package taxi.exception;
+
+public class AuthenticationException extends RuntimeException{
+    public AuthenticationException(String message) {
+        super(message);
+    }
+}
diff --git a/src/main/java/taxi/model/Driver.java b/src/main/java/taxi/model/Driver.java
index 9c375f94c..96497f91e 100644
--- a/src/main/java/taxi/model/Driver.java
+++ b/src/main/java/taxi/model/Driver.java
@@ -6,13 +6,17 @@ public class Driver {
     private Long id;
     private String name;
     private String licenseNumber;
+    private String login;
+    private String password;
 
     public Driver() {
     }
 
-    public Driver(String name, String licenseNumber) {
+    public Driver(String name, String licenseNumber, String login, String password) {
         this.name = name;
         this.licenseNumber = licenseNumber;
+        this.login = login;
+        this.password = password;
     }
 
     public Long getId() {
@@ -39,6 +43,22 @@ public void setLicenseNumber(String licenseNumber) {
         this.licenseNumber = licenseNumber;
     }
 
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -57,4 +77,14 @@ public boolean equals(Object o) {
     public int hashCode() {
         return Objects.hash(id, name, licenseNumber);
     }
+
+    @Override
+    public String toString() {
+        return "Driver{"
+                + "id=" + id
+                + ", name='" + name + '\''
+                + ", licenseNumber='" + licenseNumber + '\''
+                + ", login='" + login + '\''
+                + '}';
+    }
 }
diff --git a/src/main/java/taxi/service/AuthenticationService.java b/src/main/java/taxi/service/AuthenticationService.java
new file mode 100644
index 000000000..5ae56ed93
--- /dev/null
+++ b/src/main/java/taxi/service/AuthenticationService.java
@@ -0,0 +1,7 @@
+package taxi.service;
+
+import taxi.model.Driver;
+
+public interface AuthenticationService {
+    public Driver login(String login, String password);
+}
diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java
new file mode 100644
index 000000000..d059fba5b
--- /dev/null
+++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java
@@ -0,0 +1,26 @@
+package taxi.service;
+
+import java.util.Optional;
+import taxi.dao.DriverDao;
+import taxi.exception.AuthenticationException;
+import taxi.lib.Inject;
+import taxi.lib.Service;
+import taxi.model.Driver;
+
+@Service
+public class AuthenticationServiceImpl implements AuthenticationService {
+    @Inject
+    DriverDao driverDao;
+
+    @Override
+    public Driver login(String login, String password) {
+        Optional<Driver> driver = driverDao.findByLogin(login);
+        if (driver.isEmpty()) {
+            throw new AuthenticationException("Driver login or password incorrect");
+        }
+        if (driver.get().getPassword().equals(password)) {
+            return driver.get();
+        }
+        throw new AuthenticationException("Driver login or password incorrect");
+    }
+}
diff --git a/src/main/java/taxi/util/ConnectionUtil.java b/src/main/java/taxi/util/ConnectionUtil.java
index 9a94e69a2..c52d17f63 100644
--- a/src/main/java/taxi/util/ConnectionUtil.java
+++ b/src/main/java/taxi/util/ConnectionUtil.java
@@ -6,10 +6,11 @@
 import java.util.Properties;
 
 public class ConnectionUtil {
-    private static final String URL = "YOUR DATABASE URL";
-    private static final String USERNAME = "YOUR USERNAME";
-    private static final String PASSWORD = "YOUR PASSWORD";
-    private static final String JDBC_DRIVER = "YOUR DRIVER";
+    private static final String URL
+            = "jdbc:mysql://localhost:3306/taxi?serverTimezone=Europe/Kiev";
+    private static final String USERNAME = "root";
+    private static final String PASSWORD = "1984";
+    private static final String JDBC_DRIVER = "com.mysql.cj.jdbc.Driver";
 
     static {
         try {
diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
new file mode 100644
index 000000000..6ef413d14
--- /dev/null
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -0,0 +1,38 @@
+package taxi.web.filter;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+public class AuthenticationFilter implements Filter {
+    Set<String> allowedUrl = new HashSet<>();
+
+    @Override
+    public void init(FilterConfig filterConfig)
+            throws ServletException {
+        allowedUrl.add("/login");
+        allowedUrl.add("/drivers/add");
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest) request;
+        HttpServletResponse resp = (HttpServletResponse) response;
+        HttpSession httpSession = req.getSession();
+        Long id = (Long) httpSession.getAttribute("id");
+        if (id == null && allowedUrl.contains(req.getServletPath())) {
+            chain.doFilter(req, resp);
+            return;
+        }
+        if (id == null) {
+            resp.sendRedirect("/login");
+            return;
+        }
+        chain.doFilter(req, resp);
+    }
+}
diff --git a/src/main/webapp/WEB-INF/views/cars/add.jsp b/src/main/webapp/WEB-INF/views/cars/add.jsp
index c23ba0b4f..e177dee28 100644
--- a/src/main/webapp/WEB-INF/views/cars/add.jsp
+++ b/src/main/webapp/WEB-INF/views/cars/add.jsp
@@ -8,6 +8,7 @@
     <title>Add car</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <form method="post" id="car" action="${pageContext.request.contextPath}/cars/add"></form>
 <h1 class="table_dark">Add car:</h1>
 <table border="1" class="table_dark">
diff --git a/src/main/webapp/WEB-INF/views/cars/all.jsp b/src/main/webapp/WEB-INF/views/cars/all.jsp
index 84f046299..5c306d441 100644
--- a/src/main/webapp/WEB-INF/views/cars/all.jsp
+++ b/src/main/webapp/WEB-INF/views/cars/all.jsp
@@ -8,6 +8,7 @@
     <title>All cars</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <h1 class="table_dark">All cars:</h1>
 <table border="1" class="table_dark">
     <tr>
diff --git a/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp b/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp
index d281d5d72..13e37351b 100644
--- a/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp
+++ b/src/main/webapp/WEB-INF/views/cars/drivers/add.jsp
@@ -8,6 +8,7 @@
     <title>Add driver to car</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <form method="post" id="car" action="${pageContext.request.contextPath}/cars/drivers/add"></form>
 <h1 class="table_dark">Add driver to car:</h1>
 <table border="1" class="table_dark">
diff --git a/src/main/webapp/WEB-INF/views/drivers/add.jsp b/src/main/webapp/WEB-INF/views/drivers/add.jsp
index 4ad7cee44..64d068ec3 100644
--- a/src/main/webapp/WEB-INF/views/drivers/add.jsp
+++ b/src/main/webapp/WEB-INF/views/drivers/add.jsp
@@ -8,12 +8,15 @@
     <title>All drivers</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <form method="post" id="driver" action="${pageContext.request.contextPath}/drivers/add"></form>
 <h1 class="table_dark">Add driver:</h1>
 <table border="1" class="table_dark">
     <tr>
         <th>Name</th>
         <th>License number</th>
+        <th>login</th>
+        <th>password</th>
         <th>Add</th>
     </tr>
     <tr>
@@ -23,6 +26,12 @@
         <td>
             <input type="text" name="license_number" form="driver" required>
         </td>
+        <td>
+            <input type="text" name="login" form="driver" required>
+        </td>
+        <td>
+            <input type="text" name="password" form="driver" required>
+        </td>
         <td>
             <input type="submit" name="add" form="driver">
         </td>
diff --git a/src/main/webapp/WEB-INF/views/drivers/all.jsp b/src/main/webapp/WEB-INF/views/drivers/all.jsp
index 776101f73..6d4bda0bc 100644
--- a/src/main/webapp/WEB-INF/views/drivers/all.jsp
+++ b/src/main/webapp/WEB-INF/views/drivers/all.jsp
@@ -8,6 +8,7 @@
     <title>All drivers</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <h1 class="table_dark">All drivers:</h1>
 <table border="1" class="table_dark">
     <tr>
diff --git a/src/main/webapp/WEB-INF/views/header.jsp b/src/main/webapp/WEB-INF/views/header.jsp
new file mode 100644
index 000000000..556f0dc79
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/header.jsp
@@ -0,0 +1,11 @@
+
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title></title>
+</head>
+<body>
+<a href="${pageContext.request.contextPath}/logout">logout</a>
+
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/index.jsp b/src/main/webapp/WEB-INF/views/index.jsp
index b9b5e9d2b..0867ea4a1 100644
--- a/src/main/webapp/WEB-INF/views/index.jsp
+++ b/src/main/webapp/WEB-INF/views/index.jsp
@@ -7,6 +7,7 @@
     <title>My team</title>
 </head>
 <body>
+<%@include file="header.jsp"%>
 <form method="post" id="redirect"></form>
 <h1 class="table_dark">Hello, mates</h1>
 <table class="table_dark">
@@ -15,6 +16,7 @@
     </tr>
     <tr><td><a href="${pageContext.request.contextPath}/drivers">Display All Drivers</a></td></tr>
     <tr><td><a href="${pageContext.request.contextPath}/cars">Display All Cars</a></td></tr>
+    <tr><td><a href="${pageContext.request.contextPath}/cars/all">Display My Cars</a></td></tr>
     <tr><td><a href="${pageContext.request.contextPath}/manufacturers">Display All Manufacturers</a></td></tr>
     <tr><td><a href="${pageContext.request.contextPath}/drivers/add">Create new Driver</a></td></tr>
     <tr><td><a href="${pageContext.request.contextPath}/cars/add">Create new Car</a></td></tr>
diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp
new file mode 100644
index 000000000..f625b9671
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/login.jsp
@@ -0,0 +1,19 @@
+
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<html>
+<head>
+    <title>Login</title>
+</head>
+<body>
+<h1>Login page</h1>
+<h4 style="color:red">${errorMsg}</h4>
+<form method="post" action="${pageContext.request.contextPath}/login">
+    Please enter your login: <input type="text" name="login" required>
+    Please enter your password: <input type="password" name="password" required>
+    <button type="submit">Login</button>
+</form>
+<h4>
+<a href="${pageContext.request.contextPath}/drivers/add">register</a>
+</h4>
+</body>
+</html>
diff --git a/src/main/webapp/WEB-INF/views/manufacturers/add.jsp b/src/main/webapp/WEB-INF/views/manufacturers/add.jsp
index 108d3541c..61215cba7 100644
--- a/src/main/webapp/WEB-INF/views/manufacturers/add.jsp
+++ b/src/main/webapp/WEB-INF/views/manufacturers/add.jsp
@@ -8,6 +8,7 @@
     <title>Manufacturers</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <form method="post" id="manufacturer" action="${pageContext.request.contextPath}/manufacturers/add"></form>
 <h1 class="table_dark">Add manufacturer:</h1>
 <table border="1" class="table_dark">
diff --git a/src/main/webapp/WEB-INF/views/manufacturers/all.jsp b/src/main/webapp/WEB-INF/views/manufacturers/all.jsp
index fd3eafdbf..b107093e5 100644
--- a/src/main/webapp/WEB-INF/views/manufacturers/all.jsp
+++ b/src/main/webapp/WEB-INF/views/manufacturers/all.jsp
@@ -8,6 +8,7 @@
     <title>All manufacturers</title>
 </head>
 <body>
+<%@include file="/WEB-INF/views/header.jsp" %>
 <h1 class="table_dark">All manufacturers:</h1>
 <table border="1" class="table_dark">
     <tr>
diff --git a/src/main/webapp/web.xml b/src/main/webapp/web.xml
index 284381048..68839de74 100644
--- a/src/main/webapp/web.xml
+++ b/src/main/webapp/web.xml
@@ -105,4 +105,31 @@
         <servlet-name>deleteManufacturer</servlet-name>
         <url-pattern>/manufacturers/delete</url-pattern>
     </servlet-mapping>
+
+    <servlet>
+        <servlet-name>logoutController</servlet-name>
+        <servlet-class>taxi.controller.LogoutController</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>logoutController</servlet-name>
+        <url-pattern>/logout</url-pattern>
+    </servlet-mapping>
+
+    <servlet>
+        <servlet-name>getMyCurrentCarsController</servlet-name>
+        <servlet-class>taxi.controller.driver.GetMyCurrentCarsController</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>getMyCurrentCarsController</servlet-name>
+        <url-pattern>/cars/all</url-pattern>
+    </servlet-mapping>
+
+    <filter>
+        <filter-name>authenticationFilter</filter-name>
+        <filter-class>taxi.web.filter.AuthenticationFilter</filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>authenticationFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 </web-app>

From 1148ec80a69c74752d6ba4ba32846c6e7ec0fdb3 Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 15:53:57 +0300
Subject: [PATCH 2/9] realization jv web security

---
 .../java/taxi/controller/LoginController.java    |  1 -
 src/main/java/taxi/dao/DriverDaoImpl.java        | 16 ++++++++--------
 .../taxi/exception/AuthenticationException.java  |  2 +-
 .../taxi/service/AuthenticationServiceImpl.java  |  2 +-
 .../taxi/web/filter/AuthenticationFilter.java    |  9 +++++++--
 5 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/main/java/taxi/controller/LoginController.java b/src/main/java/taxi/controller/LoginController.java
index e89e7fb2c..edf5630ae 100644
--- a/src/main/java/taxi/controller/LoginController.java
+++ b/src/main/java/taxi/controller/LoginController.java
@@ -7,7 +7,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-
 import taxi.exception.AuthenticationException;
 import taxi.lib.Injector;
 import taxi.model.Driver;
diff --git a/src/main/java/taxi/dao/DriverDaoImpl.java b/src/main/java/taxi/dao/DriverDaoImpl.java
index 6439c4b5d..8f4ab31dc 100644
--- a/src/main/java/taxi/dao/DriverDaoImpl.java
+++ b/src/main/java/taxi/dao/DriverDaoImpl.java
@@ -19,7 +19,7 @@ public class DriverDaoImpl implements DriverDao {
     public Optional<Driver> findByLogin(String login) {
         String query = "SELECT * FROM drivers WHERE login = ?";
         try (Connection connection = ConnectionUtil.getConnection();
-             PreparedStatement statement = connection.prepareStatement(query)) {
+                PreparedStatement statement = connection.prepareStatement(query)) {
             statement.setString(1, login);
             ResultSet resultSet = statement.executeQuery();
             Driver driver = null;
@@ -37,8 +37,8 @@ public Driver create(Driver driver) {
         String query = "INSERT INTO drivers (name, license_number,login, password) "
                 + "VALUES (?, ?, ?, ?)";
         try (Connection connection = ConnectionUtil.getConnection();
-             PreparedStatement statement = connection.prepareStatement(query,
-                     Statement.RETURN_GENERATED_KEYS)) {
+                PreparedStatement statement = connection.prepareStatement(query,
+                        Statement.RETURN_GENERATED_KEYS)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
             statement.setString(3, driver.getLogin());
@@ -58,7 +58,7 @@ public Driver create(Driver driver) {
     public Optional<Driver> get(Long id) {
         String query = "SELECT * FROM drivers WHERE id = ? AND is_deleted = FALSE";
         try (Connection connection = ConnectionUtil.getConnection();
-             PreparedStatement statement = connection.prepareStatement(query)) {
+                PreparedStatement statement = connection.prepareStatement(query)) {
             statement.setLong(1, id);
             ResultSet resultSet = statement.executeQuery();
             Driver driver = null;
@@ -76,7 +76,7 @@ public List<Driver> getAll() {
         String query = "SELECT * FROM drivers WHERE is_deleted = FALSE";
         List<Driver> drivers = new ArrayList<>();
         try (Connection connection = ConnectionUtil.getConnection();
-             PreparedStatement statement = connection.prepareStatement(query)) {
+                PreparedStatement statement = connection.prepareStatement(query)) {
             ResultSet resultSet = statement.executeQuery();
             while (resultSet.next()) {
                 drivers.add(parseDriverFromResultSet(resultSet));
@@ -93,8 +93,8 @@ public Driver update(Driver driver) {
                 + "SET name = ?, license_number = ? "
                 + "WHERE id = ? AND is_deleted = FALSE";
         try (Connection connection = ConnectionUtil.getConnection();
-             PreparedStatement statement
-                     = connection.prepareStatement(query)) {
+                PreparedStatement statement
+                        = connection.prepareStatement(query)) {
             statement.setString(1, driver.getName());
             statement.setString(2, driver.getLicenseNumber());
             statement.setLong(3, driver.getId());
@@ -109,7 +109,7 @@ public Driver update(Driver driver) {
     public boolean delete(Long id) {
         String query = "UPDATE drivers SET is_deleted = TRUE WHERE id = ?";
         try (Connection connection = ConnectionUtil.getConnection();
-             PreparedStatement statement = connection.prepareStatement(query)) {
+                PreparedStatement statement = connection.prepareStatement(query)) {
             statement.setLong(1, id);
             return statement.executeUpdate() > 0;
         } catch (SQLException e) {
diff --git a/src/main/java/taxi/exception/AuthenticationException.java b/src/main/java/taxi/exception/AuthenticationException.java
index e1c22824e..35f2c7aab 100644
--- a/src/main/java/taxi/exception/AuthenticationException.java
+++ b/src/main/java/taxi/exception/AuthenticationException.java
@@ -1,7 +1,7 @@
 package taxi.exception;
 
 public class AuthenticationException extends RuntimeException{
-    public AuthenticationException(String message) {
+    public AuthenticationException(String message){
         super(message);
     }
 }
diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java
index d059fba5b..526bf4da3 100644
--- a/src/main/java/taxi/service/AuthenticationServiceImpl.java
+++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java
@@ -10,7 +10,7 @@
 @Service
 public class AuthenticationServiceImpl implements AuthenticationService {
     @Inject
-    DriverDao driverDao;
+    private DriverDao driverDao;
 
     @Override
     public Driver login(String login, String password) {
diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
index 6ef413d14..66f074c2e 100644
--- a/src/main/java/taxi/web/filter/AuthenticationFilter.java
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -3,13 +3,18 @@
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Set;
-import javax.servlet.*;
+import javax.servlet.Filter;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 public class AuthenticationFilter implements Filter {
-    Set<String> allowedUrl = new HashSet<>();
+    private Set<String> allowedUrl = new HashSet<>();
 
     @Override
     public void init(FilterConfig filterConfig)

From d77637b83ba8874fe51e6159a663ba0028310537 Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 15:57:16 +0300
Subject: [PATCH 3/9] realization jv web security

---
 src/main/java/taxi/exception/AuthenticationException.java | 4 ++--
 src/main/java/taxi/web/filter/AuthenticationFilter.java   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/taxi/exception/AuthenticationException.java b/src/main/java/taxi/exception/AuthenticationException.java
index 35f2c7aab..baf736753 100644
--- a/src/main/java/taxi/exception/AuthenticationException.java
+++ b/src/main/java/taxi/exception/AuthenticationException.java
@@ -1,7 +1,7 @@
 package taxi.exception;
 
-public class AuthenticationException extends RuntimeException{
-    public AuthenticationException(String message){
+public class AuthenticationException extends RuntimeException {
+    public AuthenticationException(String message) {
         super(message);
     }
 }
diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
index 66f074c2e..0bb690a7f 100644
--- a/src/main/java/taxi/web/filter/AuthenticationFilter.java
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -6,8 +6,8 @@
 import javax.servlet.Filter;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
 import javax.servlet.FilterChain;
+import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

From c57c3570d14ca9c86e4c362fb51a536116538a2c Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 15:58:28 +0300
Subject: [PATCH 4/9] realization jv web security

---
 src/main/java/taxi/web/filter/AuthenticationFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
index 0bb690a7f..c0a045c6f 100644
--- a/src/main/java/taxi/web/filter/AuthenticationFilter.java
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -5,8 +5,8 @@
 import java.util.Set;
 import javax.servlet.Filter;
 import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
 import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;

From dc935e81f4b653b13f9795cbd39e0ae93ae3c807 Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 16:01:08 +0300
Subject: [PATCH 5/9] realization jv web security

---
 src/main/java/taxi/web/filter/AuthenticationFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
index c0a045c6f..178a1f5f1 100644
--- a/src/main/java/taxi/web/filter/AuthenticationFilter.java
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -3,9 +3,9 @@
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Set;
+import javax.servlet.FilterChain;
 import javax.servlet.Filter;
 import javax.servlet.FilterConfig;
-import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;

From a04267f8c5b968754601fa662ec08c3be410773e Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 16:02:39 +0300
Subject: [PATCH 6/9] realization jv web security

---
 src/main/java/taxi/web/filter/AuthenticationFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
index 178a1f5f1..7ff62ef42 100644
--- a/src/main/java/taxi/web/filter/AuthenticationFilter.java
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -3,8 +3,8 @@
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Set;
-import javax.servlet.FilterChain;
 import javax.servlet.Filter;
+import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;

From 0f6133411ffa0fd10ba8566c8f5eec867cccd330 Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 19:08:35 +0300
Subject: [PATCH 7/9] fixed jv web security

---
 src/main/java/taxi/controller/LogoutController.java      | 2 +-
 .../controller/driver/GetMyCurrentCarsController.java    | 2 +-
 .../java/taxi/service/AuthenticationServiceImpl.java     | 9 +++------
 src/main/java/taxi/service/DriverService.java            | 3 +++
 src/main/java/taxi/service/DriverServiceImpl.java        | 7 +++++++
 src/main/java/taxi/web/filter/AuthenticationFilter.java  | 8 ++------
 6 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/src/main/java/taxi/controller/LogoutController.java b/src/main/java/taxi/controller/LogoutController.java
index a53c350f5..722d0b0f5 100644
--- a/src/main/java/taxi/controller/LogoutController.java
+++ b/src/main/java/taxi/controller/LogoutController.java
@@ -12,6 +12,6 @@ public class LogoutController extends HttpServlet {
     public void doGet(HttpServletRequest req, HttpServletResponse resp)
             throws ServletException, IOException {
         req.getSession().invalidate();
-        resp.sendRedirect("/login");
+        resp.sendRedirect(req.getContextPath() + "/login");
     }
 }
diff --git a/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java b/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java
index a2970e2d0..d185fe642 100644
--- a/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java
+++ b/src/main/java/taxi/controller/driver/GetMyCurrentCarsController.java
@@ -25,7 +25,7 @@ public void doGet(HttpServletRequest req, HttpServletResponse resp)
             req.setAttribute("cars", cars);
             req.getRequestDispatcher("/WEB-INF/views/cars/all.jsp").forward(req, resp);
         } else {
-            resp.sendRedirect("/login");
+            resp.sendRedirect(req.getContextPath() + "/login");
         }
     }
 }
diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java
index 526bf4da3..100a8d19d 100644
--- a/src/main/java/taxi/service/AuthenticationServiceImpl.java
+++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java
@@ -10,15 +10,12 @@
 @Service
 public class AuthenticationServiceImpl implements AuthenticationService {
     @Inject
-    private DriverDao driverDao;
+    private DriverService driverService;
 
     @Override
     public Driver login(String login, String password) {
-        Optional<Driver> driver = driverDao.findByLogin(login);
-        if (driver.isEmpty()) {
-            throw new AuthenticationException("Driver login or password incorrect");
-        }
-        if (driver.get().getPassword().equals(password)) {
+        Optional<Driver> driver = driverService.findByLogin(login);
+        if (driver.isPresent() && driver.get().getPassword().equals(password)) {
             return driver.get();
         }
         throw new AuthenticationException("Driver login or password incorrect");
diff --git a/src/main/java/taxi/service/DriverService.java b/src/main/java/taxi/service/DriverService.java
index faddf81b3..308d313eb 100644
--- a/src/main/java/taxi/service/DriverService.java
+++ b/src/main/java/taxi/service/DriverService.java
@@ -2,5 +2,8 @@
 
 import taxi.model.Driver;
 
+import java.util.Optional;
+
 public interface DriverService extends GenericService<Driver> {
+    Optional<Driver> findByLogin(String login);
 }
diff --git a/src/main/java/taxi/service/DriverServiceImpl.java b/src/main/java/taxi/service/DriverServiceImpl.java
index e2f554b3f..fd8836ed4 100644
--- a/src/main/java/taxi/service/DriverServiceImpl.java
+++ b/src/main/java/taxi/service/DriverServiceImpl.java
@@ -2,6 +2,8 @@
 
 import java.util.List;
 import java.util.NoSuchElementException;
+import java.util.Optional;
+
 import taxi.dao.DriverDao;
 import taxi.lib.Inject;
 import taxi.lib.Service;
@@ -38,4 +40,9 @@ public Driver update(Driver driver) {
     public boolean delete(Long id) {
         return driverDao.delete(id);
     }
+
+    @Override
+    public Optional<Driver> findByLogin(String login) {
+        return driverDao.findByLogin(login);
+    }
 }
diff --git a/src/main/java/taxi/web/filter/AuthenticationFilter.java b/src/main/java/taxi/web/filter/AuthenticationFilter.java
index 7ff62ef42..36745aa00 100644
--- a/src/main/java/taxi/web/filter/AuthenticationFilter.java
+++ b/src/main/java/taxi/web/filter/AuthenticationFilter.java
@@ -30,14 +30,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         HttpServletResponse resp = (HttpServletResponse) response;
         HttpSession httpSession = req.getSession();
         Long id = (Long) httpSession.getAttribute("id");
-        if (id == null && allowedUrl.contains(req.getServletPath())) {
+        if (id != null || allowedUrl.contains(req.getServletPath())) {
             chain.doFilter(req, resp);
             return;
         }
-        if (id == null) {
-            resp.sendRedirect("/login");
-            return;
-        }
-        chain.doFilter(req, resp);
+        resp.sendRedirect(req.getContextPath() + "/login");
     }
 }

From daf715e219c751dcaff1c8a2e937710fc4a31789 Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Sun, 20 Aug 2023 19:43:52 +0300
Subject: [PATCH 8/9] fixed jv web security

---
 src/main/java/taxi/service/AuthenticationServiceImpl.java | 1 -
 src/main/java/taxi/service/DriverService.java             | 3 +--
 src/main/java/taxi/service/DriverServiceImpl.java         | 1 -
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/taxi/service/AuthenticationServiceImpl.java b/src/main/java/taxi/service/AuthenticationServiceImpl.java
index 100a8d19d..68a8ec6fb 100644
--- a/src/main/java/taxi/service/AuthenticationServiceImpl.java
+++ b/src/main/java/taxi/service/AuthenticationServiceImpl.java
@@ -1,7 +1,6 @@
 package taxi.service;
 
 import java.util.Optional;
-import taxi.dao.DriverDao;
 import taxi.exception.AuthenticationException;
 import taxi.lib.Inject;
 import taxi.lib.Service;
diff --git a/src/main/java/taxi/service/DriverService.java b/src/main/java/taxi/service/DriverService.java
index 308d313eb..3dbdfe2f3 100644
--- a/src/main/java/taxi/service/DriverService.java
+++ b/src/main/java/taxi/service/DriverService.java
@@ -1,8 +1,7 @@
 package taxi.service;
 
-import taxi.model.Driver;
-
 import java.util.Optional;
+import taxi.model.Driver;
 
 public interface DriverService extends GenericService<Driver> {
     Optional<Driver> findByLogin(String login);
diff --git a/src/main/java/taxi/service/DriverServiceImpl.java b/src/main/java/taxi/service/DriverServiceImpl.java
index fd8836ed4..cf14b8e39 100644
--- a/src/main/java/taxi/service/DriverServiceImpl.java
+++ b/src/main/java/taxi/service/DriverServiceImpl.java
@@ -3,7 +3,6 @@
 import java.util.List;
 import java.util.NoSuchElementException;
 import java.util.Optional;
-
 import taxi.dao.DriverDao;
 import taxi.lib.Inject;
 import taxi.lib.Service;

From 1659e7cf90785a317a1622f4cba324955ed872de Mon Sep 17 00:00:00 2001
From: Vershynin Kostia <bigvini@gmail.com>
Date: Mon, 21 Aug 2023 13:19:47 +0300
Subject: [PATCH 9/9] fixed jv web security

---
 src/main/java/taxi/controller/LoginController.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/taxi/controller/LoginController.java b/src/main/java/taxi/controller/LoginController.java
index edf5630ae..d2ba67e1e 100644
--- a/src/main/java/taxi/controller/LoginController.java
+++ b/src/main/java/taxi/controller/LoginController.java
@@ -33,7 +33,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
             Driver driver = authenticationService.login(login, password);
             HttpSession session = req.getSession();
             session.setAttribute("id", driver.getId());
-            resp.sendRedirect("/index");
+            resp.sendRedirect(req.getContextPath() + "/index");
         } catch (AuthenticationException e) {
             req.setAttribute("errorMsg", e.getMessage());
             req.getRequestDispatcher("/WEB-INF/views/login.jsp").forward(req, resp);