Masking the username after user logs in JDBC

StackOverflow https://stackoverflow.com/questions/17343779

Question

So I have the code here to send my username parameter value to my index.jsp welcome page :

response.sendRedirect("index.jsp?username=" + username);

The name is displayed in my index.jsp page with this :

<%= "Welcome " + request.getParameter("username")%>

However, the URL is displaying this information which is what I don't want :

http://localhost:8088/Trading_Platform_Web/index.jsp?username=ClayBanks1989

Any ideas how to mask this?

Also, it would be more desirable to display the first name only from my database. But we can focus on the task at hand.

Était-ce utile?

La solution 2

Use request dispatching instead of redirection.

RequestDispatcher view = Request.getRequestDispatcher("index.jsp");
view.forward(request, response);

This would forward the same request object to index.jsp. If the username is not already a request parameter pass it as an attribute

request.setAttribute("username", username); // before doing the forward

and retrieve it in your index.jsp as

<%= "Welcome " + request.getAttribute("username")%>

Alternatively, since the user has logged-in (through backend authentication via JDBC as you state) you can save the username (and other things pertaining to him) in the HttpSession.

HttpSession session = request.getSession();
session.setAttribute("username", username);

Now, you can forward (recommended) or choose to redirect as before but index.jsp would change to

<%= "Welcome " + session.getAttribute("username")%>

Autres conseils

Using forwarding. This will enable that request attributes could be passed to the view and you can use them in form of ServletRequest#getAttribute or by using Expression Language and JSTL. Short example

Controller (your servlet)

request.setAttribute(username", username);
RequestDispatcher dispatcher = servletContext().getRequestDispatcher("index.jsp");

dispatcher.forward(request, response);

View (your JSP). 

<%
out.println(request.getAttribute("username"));
%>

Another option is using session variables:

//if request is not from HttpServletRequest, you should do a typecast before
HttpSession session = request.getSession(false);
//save message in session
session.setAttribute(username", username);
response.sendRedirect("index.jsp");

then get it back

<%
out.println(session.getAttribute("message"));
session.removeAttribute("message");
%>

similarly you can store first name in a session variable from your database and you can display it anywhere on your website till the session is maintained

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top