Java Reference
In-Depth Information
on lines 309 and 310. This attribute contains the name of the user that is
displayed on the main Web page. With a successful log on, the attribute for the
number of attempts is cleared (line 311) and other attributes are set to indicate
whether the password is expiring (lines 313 through 315), to indicate if the user
is an administrator (lines 316 and 317), and to provide a list of user stock hold-
ings from the database (lines 319 and 320). The request then is forwarded to the
main Web page for the application (lines 322 through 324).
Figure 12-34 displays lines 326 through 438 of the WebStocks servlet code.
If the password entered is not valid, then a PasswordInvalidException is thrown
on line 328. The method, validUserPswd(), which is called on line 307, throws
a PasswordException for an invalid password, because it calls the User method,
validate(), which throws a PasswordException. Therefore, the throw on line 328 is
executed only when the user value is null. For this reason, it passes an error message
rather than using the default message. A general Exception could have been used;
however, it would not be caught on line 341. Because a password cannot be valid
for a null user ID, it is acceptable to reuse this existing exception with an appropri-
ate error message. In a larger application, an exception class hierarchy for the User
class would be created and used, similar to what was done for the Password class.
If the user password has expired, lines 331 through 340 forward the request
to a different JSP, allowing the user to enter a new password. Finally, if a user
enters an invalid user ID or password or does so three or more times (lines 341
through 370); enters no user ID or password or an exception is caught (lines 371
through 419); or exceeds the maximum number of log on attempts (lines 420
through 438); then an appropriate HTML page is written by the servlet to the
client, as discussed previously. Under such conditions, the log on attempt is not
valid, and logonValidated() will return a value of false. The logonValidated()
method returns a value of true only when the user has previously logged on suc-
cessfully. It returns false the first time a user logs on, even if successful, so the
doPost() method will take no other action and the servlet thread will complete.
This is necessary because forwarding a request to another resource does not stop
the servlet from continuing to execute subsequent code.
FIGURE 12-34
(continued)
 
Search WWH ::




Custom Search