JSP表单登录检查器

Question

I have a Database with some users in it, which have a username and a password. I want to make a login form in JSP with 2 fields "login" and "password" if the input from the user is the same as in the database i want it to redirect to homepage. I know how to do this in php but im completely new to jsp so i have really no idea where to start, i thought javascript would be needed to accomplish this. I have already seen some comparable questions as mine but no answer seems to really work for me.

Here is my JSP Page:

<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
     <link rel="stylesheet" href="<c:url value="/resources/css/style.css"/>">
    <title>login</title>
</head>
<body>
    <div class="login-block">
    <h1>Login Page</h1>
    <div class="inlog-block">
    <form action="" method="post">
       <p>Enter Username: </p> 
       <input type="text" name="username" required="required" /> <br>
       <p>Enter password: </p> 
       <input type="password" name="password" required="required"/><br><br>
       <input type="submit" name="loginbutton" value="Login"/>
    </form>
    </div>
    </div>
</body>
</html>

Also i'm already able to get my users from the database in an arraylist in my model so maybe i need to use this in my JSP?

my Employeelist class:

public class EmployeeList {
    private ArrayList<Employee> employees = new ArrayList<>();

public EmployeeList()
{
    loadEmployees();
}

public void loadEmployees(){
    DAOEmployee DAOE = new DAOEmployee();
    employees = DAOE.LoadAllEmployees();
}

public ArrayList<Employee> getEmployees() {
    return employees;
}

public void setEmployees(ArrayList<Employee> employees) {
    this.employees = employees;
}

}

my DAOEmployee class:

public class DAOEmployee extends DAObject{
public ArrayList<Employee> LoadAllEmployees(){

    String sql = "SELECT * FROM EMPLOYEE";
    Employee e = null;
    ArrayList<Employee> employees = new ArrayList<>();

    try {
        ResultSet rs;
        Statement stmt = openConnection().createStatement();
        rs = stmt.executeQuery(sql);

        while(rs.next()){

            int ide = rs.getInt("id");
            String first = rs.getString(2);
            String last = rs.getString(3);
            String mail = rs.getString(4);
            String adres = rs.getString(5);
            String zip = rs.getString(6);
            String funct = rs.getString(7);
            String user = rs.getString(8);
            String pass = rs.getString(9);

            e = new Employee(ide,first, last, mail, adres, zip, funct, user, pass);


            employees.add(e);

        }
    }
        catch (SQLException x) {
            // TODO Auto-generated catch block
            x.printStackTrace();
        }


    return employees;

}
}

And my DAObject class:

public class DAObject {
private String url = "jdbc:mysql://127.0.0.1/mydatabase";
private String user = "root";
private String password = "root";

public Connection conn = null;

public DAObject(){

}

public Connection openConnection(){
    try{
        conn = DriverManager.getConnection(url, user, password);
        System.out.println("Connection succesfull");
    }
    catch(SQLException e){
        e.printStackTrace();

    }

    return conn;
}

public void CloseConnection(){
    try{
        conn.close();
    } 
    catch(SQLException e){
        e.printStackTrace();
        System.out.println("");
                }
}
}

Answer 1

You need a method to search for a especific user with a differente SQL instruction and you return a object Employee or boolean w/e you want from it:

String sql = "SELECT * FROM EMPLOYEE WHERE USER=? AND PASS=?";

In your servlet you call it and check if there is a registry for this user using the inputs values from your form.

String userName = req.getParameter("username");

Edit:

a)You need a method to search for this user, something like this (DAO layer example):

public User search(String userName, String password, Connection con) throws Exception{
    User user = null;

    String sql = "SELECT USERNAME, PASSWORD FROM T_USERS WHERE USERNAME=? AND PASSWORD=?";

    PreparedStatement pStmt = con.prepareStatement(sql);
    pStmt.setString(1, userName);
    pStmt.setString(2, password);
    ResultSet rS = pStmt.executeQuery();

    if(rS.next()){
        user = new User(rS.getString("USERNAME"), rS.getString("PASSWORD"));
    }

    rS.close();
    pStmt.close();

    return user;
}

b) In you Servlet you check it in doPost method:

String user = req.getParameter("username");
String pass = req.getParameter("password");

Connection con = null;

try {
    con = ConexaoFactory.getInst().getConnection("", "");       

    User user = BOClass.search(user, pass, con);

    if(user == null){
        //not found;
    }else{
        //found;
    }
} catch (Exception e) {         
    e.printStackTrace();
}finally {          
    try {               
        if(con != null)
            con.close();
    } catch (Exception e2) {
        e2.printStackTrace();
    }
}

This is just a example how you can do it.