Tuesday, 19 July 2011

Login-Logout Application in JSP/Servlet/Hibernate with Session Handling

I have put together a sample application implementing login/logout functionality using technologies like JSP, Servlets, Hibernate with database as MySQL and development environment as Eclipse Helios.

The database contains a table called logininfo which has the following structure

CREATE TABLE `logininfo` (
  `loginid` varchar(20) NOT NULL,
  `password` varchar(20) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `loginid_UNIQUE` (`loginid`)

There is a Login data access object that is a bean corresponding to the table in the database. The Login dao is as shown below :-

public class Login {
private long id;
private String loginId;
private String password;

public long getId() {
return id;
public void setId(long id) {
this.id = id;
public String getLoginId() {
return loginId;
public void setLoginId(String loginId) {
this.loginId = loginId;
public String getPassword() {
return password;
public void setPassword(String password) {
this.password = password;

The hibernate mapping file Login.hbm.xml for the above class is as shown below

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD//EN"
<hibernate-mapping auto-import="true" default-lazy="false">
<class name="soft.sms.dao.hibernate.Login" table="logininfo">
<id name="id" column="id" type="java.lang.Long">
<generator class="increment"></generator>
<property name="loginId" column="loginid" type="java.lang.String"
not-null="true" unique="true" length="20"></property>
<property name="password" column="password" type="java.lang.String"
not-null="true" length="20"></property>

The hibernate configuration file i.e. hibernate.cfg.xml is as follows

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD 3.0//EN"

<property name="connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="connection.url">jdbc:mysql://localhost/<name-of-the-database></property>
<property name="connection.username">root</property>
<property name="connection.password">****</property>
<property name="connection.pool_size">10</property>
<property name="show_sql">true</property>
<property name="dialect">org.hibernate.dialect.MySQLDialect</property>
<property name="hbm2ddl.auto">update</property>

<mapping resource="soft/sms/dao/hibernate/Login.hbm.xml"/>

The user login page is login.jsp as shown below. When the user enters username/password it is verified against the database table and subsequently a message is returned from the servlet stating whether the access is granted or denied.

If the user is denied access the message is shown on the same screen as shown below

If the user is granted access he is taken to a home screen where the name of the user is displayed with the current date. First, the username and password are checked and then the user information is stored in the implicit HTTP session object of JSP. This business logic is implemented at the server side in AuthenticationServlet.java as shown below

public class AuthenticationServlet extends HttpServlet {

protected void service(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

String username = request.getParameter("username");
String password = request.getParameter("password");
HttpSession httpSession = request.getSession();
SessionFactory factory = new Configuration().configure().buildSessionFactory();
Session session = factory.openSession();
String query = "from Login login where loginId=? and password=?";
Query queryObj = session.createQuery(query);
queryObj.setString(0, username);
queryObj.setString(1, password);
List<Login> records = queryObj.list();
request.setAttribute("loginstatus", "Login Successful.");
httpSession.setAttribute("username", username);
getServletContext().getRequestDispatcher("/application/home.jsp").forward(request, response);
request.setAttribute("loginstatus", "Username/Password do not match.");
getServletContext().getRequestDispatcher("/authentication/login.jsp").forward(request, response);

The home screen as shown below

Logout functionality is there where the session is invalidated and the user is directed to the logout page which is as shown

The entire application code is shared at the following location :
Login Application

No comments:

Post a Comment