Hi Krishnan,
Getting a seccure link involves several factor. The first one is setting up
a login and password, you can use something like the code below (borrowed
from another user on this list, Credit goes to Abhishek Sharan). Secondly
you must make sure that your server support Secure Socket Layer (either 64
bit exportable or 128-bit U.S.A). Then you use a certificate. Check out
www.verisign.com or www.Thawrte.com for specifics. You use a different
socket for SSL and your links always start with https:// Setting up you SSL
depends on your servlet engine so check your documentation. Hope this sheds
some light on the subject.
Sincerely Tom Kochanowicz
/code begins
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Verify extends HttpServlet {
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
int verified = 0;
res.setContentType("text/html");
PrintWriter out = res.getWriter();
String userName = req.getParameter("txtUserName");
String password = req.getParameter("txtPassword");
try {
// Initialize driver...
Class.forName(<database driver>);
// Connect...
con = DriverManager.getConnection(<database connection with
username
and password>);
stmt = con.createStatement();
rs = stmt.executeQuery("SELECT USERNAME, PASSWORD FROM
JOJOUSERS"
+ " WHERE USERNAME = '" + userName +
"'");
// HTML Header...
out.println("<HTML><HEAD><TITLE>Verification Result"
+ "</TITLE></HEAD>");
out.println("<BODY>");
while(rs.next()) {
if(rs.getString("password").trim().equals(password.trim()))
{
verified = 1;
}
}
if(verified == 1) {
out.println("User verified: Access Granted");
} else {
out.println("Access Denied...<BR>User not found or "
+ "Incorrect Password!");
}
// HTML footer...
out.println("</BODY></HTML>");
}
catch(ClassNotFoundException e) {
out.println("Couldn't load database driver: " + e.getMessage());
}
catch(SQLException e) {
out.println("SQLException caught: " + e.getMessage());
}
finally {
try {
if (con != null) con.close();
}
catch (SQLException ignored) { }
}
}
public String getServletInfo() {
return "Login verification sample... ";
}
}
// end of the code
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of
Krishnan Srinivasan
Sent: Friday, April 14, 2000 2:53 PM
To: [EMAIL PROTECTED]
Subject: Re: Java Security
Hi Mr.Tom Kochanowicz,
I read one of your replies and I saw the "SSL" word. I was wondering if
you could throw light on setting up a secure link during the LOGIN of my
servlet. When people log in my site I want to give them an option like some
websites do "click here to logon for a secure site" Is this done using JSSE
? (java security which has the HTTP for SSL).
Thanks
SK
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
