The state field path cannot be resolved to a valid type

Question

First of all, I have researched this question but I still can't figure out why it isn't working for me.

I'm developing a Dynamic Web application in Java that uses JPA to store login information of the users. I have no trouble inserting new users or listing all users from the table. But I'm trying to write a login method to authenticate users, in which I only want to select the user with the given username and password.

Here's the method in my DaoImpl class:

public User login(String userName, String passWord) {
    String sqlCommand = String.format("select u from users u where u.uname = '%s' and u.password = '%s'", userName, passWord);
    Query q = this.getEntityManager().createQuery(sqlCommand);
    //q.setParameter("uname", userName);
    //q.setParameter("pass", passWord);

    try{
        return (User) q.getSingleResult();
    } catch(Exception e) {
        return null;
    }
}

And here's the entity class:

@Entity(name=User.TABLE_NAME)
@Table(name=User.TABLE_NAME, schema=PersistentObject.SCHEMA)
public class User extends PersistentObject{

public static final String TABLE_NAME ="users";

public static final String FIRST_NAME ="fname";
public static final String LAST_NAME = "lname";
public static final String USERNAME ="uname";
public static final String EMAIL = "email";
public static final String PASSWORD = "password";

@Column(name=FIRST_NAME, nullable=false)
private String firstName;

@Column(name=LAST_NAME, nullable=false)
private String lastName;

@Column(name=USERNAME, nullable=false, unique=true)
private String userName;

@Column(name=EMAIL, nullable=false, unique=true)
private String email;

@Column(name=PASSWORD, nullable=false)
private String passWord;

@OneToMany(mappedBy="user")
private List<Update> updateList;

@OneToMany(mappedBy="user1")
private List<Friend> friendList;

public User() {
}

public User(String firstName, String lastName, String userName,
        String email, String passWord) {
    super();
    this.firstName = firstName;
    this.lastName = lastName;
    this.userName = userName;
    this.email = email;
    this.passWord = passWord;
}

And in my Servlet, I'm trying to call the login() method of my DaoImpl class like this:

User loggedInuser = this.userDao.login(request.getParameter("uname"),   request.getParameter("pass"));

And this is the error I get at the same line:

java.lang.IllegalArgumentException: An exception occurred while creating a query in EntityManager: <|Exception Description: Problem compiling [select u from users u where u.uname = 'something' and u.password = '12345']. |[28, 35] The state field path 'u.uname' cannot be resolved to a valid type.|[57, 67] The state field path 'u.password' cannot be resolved to a valid type.

The weird thing is that I don't get this error if I try to filter for the id or the email columns. The login is successful then. But for every other column, I get the above error.

Answer 1

The query you're executing is not a SQL query. It's a JPQL query. JPQL is a different language. In particular, it never uses table and column names. It always uses entity names and their mapped fields/properties names.

So the query should be

select u from User u where u.userName = :name and u.passWord = :password

Note that in addition to injection attacks due to the usage of String.format() instead of named parameters, your query also won't work as soon as the user name or password contains a singla quote. Storing passwords in clear-text in the database is also not a good idea at all. They should be salted and hashed.

Answer 2

First you replace the %s placeholders with actual username and password, then you try to call setParameter(), but it is not there. The parameters in the query start with colon. Here's the correct code:

String sqlCommand = "select u from User u where u.userName = :uname and u.password = :pass";
Query q = this.getEntityManager().createQuery(sqlCommand);
q.setParameter("uname", userName);
q.setParameter("pass", passWord);