Javier Nava Javier Nava - 5 months ago 16
MySQL Question

How to authenticate user according to their role?

I need help to authenticate a user,my database have a table called person with the attribute rol, the rol can be admin or employee, i want that when the user logins how admin the next jsp display (main.jsp) and when the rol = employee displays (main-act.jsp), I append my code from query for a authentication for the user, and the login:
1.-How i can do this?
2.-How i get the value of my rol?

public class mysqlquery extends Conexion{
Connection con = null;

public boolean autenticacion(String name, String password){
PreparedStatement pst = null;
//PreparedStatement pst1=null;
ResultSet rs = null;
//ResultSet rs1 = null;
try {
String query= "select * from person where name= ? and pass = ?";
pst = getConexion().prepareCall(consulta);
pst.setString(1, user);
pst.setString(2, password);
rs = pst.executeQuery();
if(rs.absolute(1)){
return true;
}
} catch (Exception e) {
System.err.println("error: "+e);
}
return false;
}







public class login extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String name= request.getParameter("name");
String password= request.getParameter("pass");
mysqlquery co = new mysqlquery();
if(co.autenticacion(name, password)){
HttpSession objsesion = request.getSession(true);
objsesion.setAttribute("name", name);
//objsesion.setAttribute("rol", rol);
response.sendRedirect("main.jsp");
}else {
response.sendRedirect("index.jsp");
}
}

Answer

You can add a field on your mysql query class called userRole and store the value of the role retrieved from the database on the autenticacion method call, like this:

public class mysqlquery extends Conexion{
 Connection con = null;
 private String userRole;

 public String getUserRole() { return userRole; }

    public boolean autenticacion(String name, String  password){
        PreparedStatement pst = null;
        //PreparedStatement pst1=null;
        ResultSet rs = null;
        //ResultSet rs1 = null;
        try {
            String query= "select * from person where name= ? and pass = ?";
            pst = getConexion().prepareCall(consulta);
            pst.setString(1, user);
            pst.setString(2, password); 
            rs = pst.executeQuery();
            if(rs.absolute(1)){
                userRole = rs.getString("role");
                return true;
            }
        } catch (Exception e) {
            System.err.println("error: "+e);
        }
        return false;
    }

And in the Servlet, modify it like this:

protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    String name= request.getParameter("name");
    String password= request.getParameter("pass");
    mysqlquery co = new mysqlquery();
    boolean canAuthenticate = co.autenticacion(name, password);
    if(canAuthenticate  && co.getUserRole().equals("admin")){
        //go to admin page
    } else if (canAuthenticate  && co.getUserRole().equals("employee")) {
       //go to employee page
    } else {
        response.sendRedirect("index.jsp");
    }
}

In this way you can decide if user can authenticate (have the right userName and Password) and redirect it on the page based on it's role.

Comments