I need to write a class file that can be re-usable throughout our application. What I need to do is create a class file that when a user enters in some data, and that data is validated against our database, if the data is invalid (wrong pw, invalid userid, etc), my class creates a cookie that is just a counter and implents by one each time the user gets an error, and once the user gets 3 errors, they are redirected to a customer service page. We are using J2EE and using IBM's WebSphere.
Originally posted by jrthor2 We are lookig at container manages security. How would I do this using that instead of this way?
Also, in your code example, how do I redirect accordingly?
The security stuff is way too much to be explained in a forum like this. I'd recommend you get cozy with the WAS Infocenter and the IBM Redbooks site.
That bean is just a little counter. What you do when you notice its value is above your threshold of pain is sort of open ended. If you declare it with a useBean tag on a JSP and check it with a scriptlet then you can do a redirect right there (as long as the headers aren't already commited).
I was thinking of being able to use an import statement at the top of our pages to import this code so the page can use it. Is that how I would do it with your code? Make it a package and import it in the page?
just a quick addition here...if you are importing any libraries,classes in any of Java classes,make sure that you always import exactly what you need such as buntine pu in the post above import handling.ErrorCounter
imports with a * are not preferred, as a matter of fact is considered extremely bad practice any more in real life...
And one more thing,if you want to use jsp pages,then try to learn struts framework(since you mentioned J2EE as well)
And in a project where you are using J2ee framework,its extremely adivesable to use Struts.
Originally posted by jrthor2 We are using the Struts framework
not sure how your app works but if the above is true then importing a single class in your jsp page is not a good practice,since this must be taken care of in your Action classes( or may be a filter that all of the pages access)
I'm not quite sure what you mean by having a filter as an entry point. We want a way to capture if the user enters a userid/pw and they don't match or are on file, increment a counter and after 3 bad attempts, be directed to a customer service page.
When you say filter, you mean using page synchronization? We are already going to be using that.
Here is what should work.
Since you are using struts, I am presuming you have something like this
create a variable in the action class say int attemptsCtr = 0;
now when user tries to login, in the action class look for a request variable
if its not null and has value then convert that value to integer and assign it to
now process that if this value is <3 then increment it by 1 and then reset the request object
else if its equal to 3 then whatever you want to do
I don't like using sessions much so here is the next part...
create a hidden field in the jsp
<input type="hidden" name="attemptsCtr" value="<bean:write name="attemptsCtr"/>"/>