SlideShare una empresa de Scribd logo

Hands-On Java web passando por Servlets, JSP, JSTL, JDBC, Hibernate, DAO, MVC, etc

Mario Jorge Pereira
Mario Jorge Pereira

Material sobre Java WEB super mão na massa. Vou construindo e alterando uma aplicação durante a apresentação os assuntos cobertos são: Java Servlet Java Server Pages - JSP JavaServer Pages Standard Tag Library - JSTL Expression Language - EL Java Database Connectivity - JDBC Data Access Object - DAO Model View Controller - MVC Hibernate ... Apresento também formas de fugir do sqlinjection

EducaciónTecnología
1 de 47
Descargar para leer sin conexión
MVC/DAO JSP/JSTL/EL JDBC/ORM
java web Mario Jorge Pereira
14 20 13 20 12 20 11 20 10 20 09 20 08 20 07 20 06 20 05 20 04 20 03 20 02 20
Agenda • Java Servlet • Java Server Pages - JSP • JavaServer Pages Standard Tag Library - JSTL • Expression Language - EL • Java Database Connectivity - JDBC • Data Access Object - DAO • Model View Controller - MVC • Hibernate
JSP
i g lo p js . n versão 1.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“home.jsp"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> </body> </html>
p js . e versão 1.0 m o h <!DOCTYPE html> <html> <head> <title>HOME</title> </head> <body> Bem vindo, <%=request.getParameter("login")%> </body> </html>
Servlet
Autenticador.java versão 2.0 package br.com.mariojp; ! import import import import ! java.io.*; javax.servlet.*; javax.servlet.annotation.*; javax.servlet.http.*; Regra: 
 Se o login igual a senha esta ok! @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { ! } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String login = request.getParameter("login"); String senha = request.getParameter("senha"); if(login!=null && senha!=null && login.equalsIgnoreCase(senha)){ response.sendRedirect("home.jsp?user="+login); }else{ String erro = "Usuario ou Senha Invalidos!"; response.sendRedirect("login.jsp?erro="+erro); } }
i g lo p js . n versão 2.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <% String erro = request.getParameter("erro"); if(erro!=null && !erro.trim().equals("")){ out.print(erro); } %> </body> </html> Aciona o servlet Apresenta o erro de login
p js . e versão 2.0 m o h <!DOCTYPE html> <html> <head> <title>HOME</title> </head> <body> Bem vindo, <%=request.getParameter("user")%> </body> </html>
MVC
U .j io r a u s a v a package br.com.mariojp; ! versão 3.0 public class Usuario { private Integer id; private String login; private String senha; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getLogin() { return login; } public void setNome(String login) { this.login = login; } public String getSenha() { return senha; } public void setSenha(String senha) { this.senha = senha; } }
Autenticador.java versão 3.0 @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { ! protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Usuario user = new Usuario(); String login = request.getParameter("login"); String senha = request.getParameter("senha"); user.setLogin(login); user.setSenha(senha); if(autenticar(user)){ request.getSession().setAttribute("user", user); response.sendRedirect("home.jsp"); }else{ request.setAttribute("erro", "Usuario ou Senha Invalidos!"); RequestDispatcher d= request.getRequestDispatcher("login.jsp"); d.forward(request,response); } } private boolean autenticar(Usuario user) {...} ! }
Autenticador.java versão 3.0 ! private boolean autenticar(Usuario user) { boolean autenticado = false; if(user.getLogin()!=null && user.getSenha()!=null && user.getLogin().equals(user.getSenha())){ autenticado = true; } return autenticado; }
i g lo p js . n versão 3.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <% String erro = (String) request.getAttribute(“erro”); if(erro!=null && !erro.trim().equals("")){ out.print(erro); } %> </body> </html>
m o h p js . e versão 3.0 <!DOCTYPE html> <%@page import="br.com.mariojp.Usuario"%> <html> <head> <title>HOME</title> </head> <body> <% Usuario user = (Usuario) session.getAttribute("user");%> Bem vindo, <%=user.getLogin() %> </body> </html>
Revisão Rapida • Java Servlet • Java Server Pages - JSP • Model View Controller - MVC
E agora? • JavaServer Pages Standard Tag Library - JSTL • Expression Language - EL
WEB-INFlib • javax-1.servlet.jsp.jstl-1.2.1.jar • javax-1.servlet.jsp.jstl-api-1.2.1.jar
i g lo p js . n versão 3.1 <!DOCTYPE html> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <c:out value="${erro}"/> </body> </html>
m o h p js . e versão 3.1 <!DOCTYPE html> <%@page import="br.com.mariojp.Usuario"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>HOME</title> <jsp:useBean id="user" class="br.com.mariojp.Usuario" scope=“session” /> </head> <body> Bem vindo, <c:out value=“${user.login}" /> </body> </html>
JDBC
HSQLDB java -cp hsqldb.jar org.hsqldb.server.Server -database.0 file:mydb --dbname.0 banco
HSQL Database Manager ! Type: HSQL Database Engine Server Driver: org.hsqldb.jdbcDriver URL: jdbc:hsqldb:hsql://localhost/banco User: SA
HSQLDB CREATE TABLE USUARIOS ( USUARIO_ID INTEGER IDENTITY, LOGIN varchar(100) NOT NULL , SENHA varchar(100) NOT NULL ) ; ! INSERT INTO USUARIOS ( "LOGIN", "SENHA" ) VALUES ('user', ‘1234’); ! SELECT * FROM USUARIOS;
WEB-INFlib • hsqldb.jar
BancoUtil.java package br.com.mariojp; versão 4.0 ! import java.sql.Connection; import java.sql.DriverManager; ! public class BancoUtil { private static Connection connection; static { try { Class.forName("org.hsqldb.jdbc.JDBCDriver" ); connection = DriverManager.getConnection( "jdbc:hsqldb:hsql://localhost/banco", "SA", ""); } catch (Exception e) { e.printStackTrace(); } } public static Connection getConnection() { return connection; } }
Autenticador.java versão 4.0 private boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { Statement stmt = con.createStatement(); ResultSet resultSet = stmt.executeQuery( "select * from usuarios where "+ "login='"+user.getLogin().trim()+"' and "+ "senha='"+user.getSenha().trim()+"';" ); if(resultSet.next()){ autenticado = true; } resultSet.close(); stmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; }
Segurança • Voce consegue acessar o home.jsp? • Pela url • Sql Injection
m o h p js . e versão 4.1 <!DOCTYPE html> <%@page import="br.com.mariojp.Usuario"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>HOME</title> <jsp:useBean id="user" class="br.com.mariojp.Usuario" scope=“session” /> </head> <body> <c:if test="${user.login == null}"> <c:redirect url=“login.jsp" /> </c:if> Bem vindo, <c:out value=“${user.login}" /> </body> </html>
Teste? • Use Login = 123 e Senha = ' or '1' = ‘1 • Use Login = ' OR 1=1 --
Autenticador.java versão 4.1 private boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { String sql = "select * from usuarios where " + "login=? and senha=?;"; PreparedStatement pstmt = con.prepareStatement(sql); pstmt.setString(1, user.getLogin()); pstmt.setString(2, user.getSenha()); ResultSet resultSet = pstmt.executeQuery(); if(resultSet.next()){ autenticado = true; } resultSet.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; }
DAO
package br.com.mariojp; versão 5.0 ! import import import import java.sql.Connection; java.sql.PreparedStatement; java.sql.ResultSet; java.sql.SQLException; ! public class UsuarioDAO { ! } public boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { String sql = "select * from usuarios where login=? and senha=?;"; PreparedStatement pstmt = con.prepareStatement(sql); pstmt.setString(1, user.getLogin()); pstmt.setString(2, user.getSenha()); ResultSet resultSet = pstmt.executeQuery(); if(resultSet.next()){ autenticado = true; } resultSet.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; } UsuarioDAO.java
Autenticador.java versão 3.0 @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { private UsuarioDAO usuarioDAO = new UsuarioDAO(); protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Usuario user = new Usuario(); String login = request.getParameter("login"); String senha = request.getParameter("senha"); user.setLogin(login); user.setSenha(senha); if(usuarioDAO.autenticar(user)){ request.getSession().setAttribute("user", user); response.sendRedirect("home.jsp"); }else{ request.setAttribute("erro", "Usuario ou Senha Invalidos!"); RequestDispatcher d= request.getRequestDispatcher("login.jsp"); d.forward(request,response); } } }
Hibernate • Framework de mapeamento objeto relacional
WEB-INFlib • hibernate-core-4.3.0.Final.jar • antlr-2.7.7.jar • dom4j-1.6.1.jar • hibernate-commons-annotations-4.0.4.Final.jar • hibernate-jpa-2.1-api-1.0.0.Final.jar • jandex-1.1.0.Final.jar • javassist-3.18.1-GA.jar • jboss-logging-3.1.3.GA.jar • jboss-logging-annotations-1.2.0.Beta1.jar • jboss-transaction-api_1.2_spec-1.0.0.Final.jar
package br.com.mariojp; versão 6.0 ! import java.io.Serializable; Usuario.java ! import import import import javax.persistence.Entity; javax.persistence.GeneratedValue; javax.persistence.Id; javax.persistence.Table; ! @Entity @Table(name="usuarios") public class Usuario implements Serializable{ private static final long serialVersionUID = 1L; ! @Id @GeneratedValue private Integer id; ! } private String login; private String senha; //get’s e set's
package br.com.mariojp; versão 6.0 ! import import import import org.hibernate.SessionFactory; org.hibernate.boot.registry.StandardServiceRegistryBuilder; org.hibernate.cfg.Configuration; org.hibernate.service.ServiceRegistry; ! public class BancoUtil { private static SessionFactory factory; ! static { Configuration configuration = new Configuration().configure(); StandardServiceRegistryBuilder serviceRegistryBuilder; serviceRegistryBuilder = new StandardServiceRegistryBuilder(); serviceRegistryBuilder.applySettings(configuration.getProperties()); ServiceRegistry serviceRegistry = serviceRegistryBuilder.build(); factory = configuration.buildSessionFactory(serviceRegistry); ! } ! ! } public static SessionFactory getFactory() { return factory; } BancoUtil.java
package br.com.mariojp; versão 6.0 ! import org.hibernate.Session; ! public class UsuarioDAO { ! public boolean autenticar(Usuario user) { ! String query = "select u from Usuario as u where " + "u.login=:login and u.senha=:senha"; Session session = BancoUtil.getFactory().openSession(); session.beginTransaction(); Usuario usuario = (Usuario) session .createQuery(query) .setString("login", user.getLogin()) .setString("senha", user.getSenha()).uniqueResult(); session.getTransaction().commit(); session.close(); return usuario != null; ! } ! } UsuarioDAO.java
versão 6.0 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE hibernate-configuration PUBLIC "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd"> <hibernate-configuration > <session-factory> <property name="hibernate.connection.driver_class">org.hsqldb.jdbc.JDBCDriver</property> <property name="hibernate.connection.url">jdbc:hsqldb:hsql://localhost/ banco</property> <property name="hibernate.connection.username">SA</property> <property name="hibernate.connection.password"></property> <property name="hibernate.connection.pool_size">1</property> <property name="hibernate.dialect">org.hibernate.dialect.HSQLDialect</ property> <property name="hibernate.current_session_context_class">thread</property> <property name="hibernate.cache.provider_class">org.hibernate.cache.internal.NoCacheProv ider</property> <!-- Echo all executed SQL to stdout --> <property name="hibernate.show_sql">true</property> <!-- Drop and re-create the database schema on startup --> <property name="hibernate.hbm2ddl.auto">create</property> <mapping class="br.com.mariojp.Usuario"/> </session-factory> </hibernate-configuration> hibernate.cfg.xml
Esta obra está licenciada sob a licença Creative Commons Atribuição-CompartilhaIgual 3.0 Não Adaptada. Para ver uma cópia desta licença, visite http://creativecommons.org/licenses/by-sa/3.0/.
Java web Mario Jorge Pereira Como me encontrar? http://www.mariojp.com.br twitter.com/@mariojp mariojp@gmail.com

Recomendados

Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
Trey Howard
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
Joshua Long
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
IndicThreads
 
Spring boot jpa
Spring boot jpaSpring boot jpa
Spring boot jpa
Hamid Ghorbani
 
JDBC - JPA - Spring Data
JDBC - JPA - Spring DataJDBC - JPA - Spring Data
JDBC - JPA - Spring Data
Arturs Drozdovs
 
Spring Core
Spring CoreSpring Core
Spring Core
Pushan Bhattacharya
 
Spring Data JPA from 0-100 in 60 minutes
Spring Data JPA from 0-100 in 60 minutesSpring Data JPA from 0-100 in 60 minutes
Spring Data JPA from 0-100 in 60 minutes
VMware Tanzu
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework
Serhat Can
 

Recomendados

Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
Trey Howard
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
Joshua Long
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
IndicThreads
 
Spring boot jpa
Spring boot jpaSpring boot jpa
Spring boot jpa
Hamid Ghorbani
 
JDBC - JPA - Spring Data
JDBC - JPA - Spring DataJDBC - JPA - Spring Data
JDBC - JPA - Spring Data
Arturs Drozdovs
 
Spring Core
Spring CoreSpring Core
Spring Core
Pushan Bhattacharya
 
Spring Data JPA from 0-100 in 60 minutes
Spring Data JPA from 0-100 in 60 minutesSpring Data JPA from 0-100 in 60 minutes
Spring Data JPA from 0-100 in 60 minutes
VMware Tanzu
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework
Serhat Can
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
Purbarun Chakrabarti
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
Jeevesh Pandey
 
Spring framework core
Spring framework coreSpring framework core
Spring framework core
Taemon Piya-Lumyong
 
Fundamentos de JDBC
Fundamentos de JDBCFundamentos de JDBC
Fundamentos de JDBC
Mario Jorge Pereira
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOP
Dzmitry Naskou
 
Spring boot
Spring bootSpring boot
Spring boot
Gyanendra Yadav
 
GraalVm and Quarkus
GraalVm and QuarkusGraalVm and Quarkus
GraalVm and Quarkus
Sascha Rodekamp
 
Spring Framework - MVC
Spring Framework - MVCSpring Framework - MVC
Spring Framework - MVC
Dzmitry Naskou
 
Spring boot
Spring bootSpring boot
Spring boot
Pradeep Shanmugam
 
PUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBootPUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBoot
Josué Neis
 
Java 11 to 17 : What's new !?
Java 11 to 17 : What's new !?Java 11 to 17 : What's new !?
Java 11 to 17 : What's new !?
Jérôme Tamborini
 
Introduction to java 8 stream api
Introduction to java 8 stream apiIntroduction to java 8 stream api
Introduction to java 8 stream api
Vladislav sidlyarevich
 
Java reflection
Java reflectionJava reflection
Java reflection
NexThoughts Technologies
 
Java database connectivity with MySql
Java database connectivity with MySqlJava database connectivity with MySql
Java database connectivity with MySql
Dhyey Dattani
 
Spring boot introduction
Spring boot introductionSpring boot introduction
Spring boot introduction
Rasheed Waraich
 
introduction to Vue.js 3
introduction to Vue.js 3 introduction to Vue.js 3
introduction to Vue.js 3
ArezooKmn
 
Spring Boot
Spring BootSpring Boot
Spring Boot
Jiayun Zhou
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
axykim00
 
Spring Boot
Spring BootSpring Boot
Spring Boot
HongSeong Jeon
 
Spring beans
Spring beansSpring beans
Spring beans
Roman Dovgan
 
Educacao e Inteligencia Artificial Generativa
Educacao e Inteligencia Artificial GenerativaEducacao e Inteligencia Artificial Generativa
Educacao e Inteligencia Artificial Generativa
Mario Jorge Pereira
 
Labs Jogos Java
Labs Jogos JavaLabs Jogos Java
Labs Jogos Java
Mario Jorge Pereira
 

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
 
Spring framework core
Spring framework coreSpring framework core
Spring framework core
 
Fundamentos de JDBC
Fundamentos de JDBCFundamentos de JDBC
Fundamentos de JDBC
 
Spring Framework - AOP
Spring Framework - AOPSpring Framework - AOP
Spring Framework - AOP
 
Spring boot
Spring bootSpring boot
Spring boot
 
GraalVm and Quarkus
GraalVm and QuarkusGraalVm and Quarkus
GraalVm and Quarkus
 
Spring Framework - MVC
Spring Framework - MVCSpring Framework - MVC
Spring Framework - MVC
 
Spring boot
Spring bootSpring boot
Spring boot
 
PUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBootPUC SE Day 2019 - SpringBoot
PUC SE Day 2019 - SpringBoot
 
Java 11 to 17 : What's new !?
Java 11 to 17 : What's new !?Java 11 to 17 : What's new !?
Java 11 to 17 : What's new !?
 
Introduction to java 8 stream api
Introduction to java 8 stream apiIntroduction to java 8 stream api
Introduction to java 8 stream api
 
Java reflection
Java reflectionJava reflection
Java reflection
 
Java database connectivity with MySql
Java database connectivity with MySqlJava database connectivity with MySql
Java database connectivity with MySql
 
Spring boot introduction
Spring boot introductionSpring boot introduction
Spring boot introduction
 
introduction to Vue.js 3
introduction to Vue.js 3 introduction to Vue.js 3
introduction to Vue.js 3
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Spring security oauth2
Spring security oauth2Spring security oauth2
Spring security oauth2
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Spring beans
Spring beansSpring beans
Spring beans
 

Más de Mario Jorge Pereira

Java e Cloud Computing
Java e Cloud ComputingJava e Cloud Computing
Java e Cloud Computing
Mario Jorge Pereira
 

Más de Mario Jorge Pereira (20)

Educacao e Inteligencia Artificial Generativa
Educacao e Inteligencia Artificial GenerativaEducacao e Inteligencia Artificial Generativa
Educacao e Inteligencia Artificial Generativa
 
Labs Jogos Java
Labs Jogos JavaLabs Jogos Java
Labs Jogos Java
 
Java www
Java wwwJava www
Java www
 
Html
HtmlHtml
Html
 
HTTP
HTTPHTTP
HTTP
 
Lógica de Programação e Algoritmos
Lógica de Programação e AlgoritmosLógica de Programação e Algoritmos
Lógica de Programação e Algoritmos
 
Guia rapido java v2
Guia rapido java v2Guia rapido java v2
Guia rapido java v2
 
Guia Rápido de Referência Java
Guia Rápido de Referência JavaGuia Rápido de Referência Java
Guia Rápido de Referência Java
 
Android por onde começar? Mini Curso Erbase 2015
Android por onde começar? Mini Curso Erbase 2015 Android por onde começar? Mini Curso Erbase 2015
Android por onde começar? Mini Curso Erbase 2015
 
Java Nuvem Appengine
Java Nuvem AppengineJava Nuvem Appengine
Java Nuvem Appengine
 
Mini curso Android
Mini curso AndroidMini curso Android
Mini curso Android
 
Java Server Faces
Java Server FacesJava Server Faces
Java Server Faces
 
Minicurso Android
Minicurso AndroidMinicurso Android
Minicurso Android
 
Android, por onde começar?
Android, por onde começar?Android, por onde começar?
Android, por onde começar?
 
Android e Cloud Computing
Android e Cloud ComputingAndroid e Cloud Computing
Android e Cloud Computing
 
Threads
ThreadsThreads
Threads
 
RMI (Remote Method Invocation)
RMI (Remote Method Invocation) RMI (Remote Method Invocation)
RMI (Remote Method Invocation)
 
Socket
SocketSocket
Socket
 
Java e Cloud Computing
Java e Cloud ComputingJava e Cloud Computing
Java e Cloud Computing
 
GUI - Eventos
GUI - EventosGUI - Eventos
GUI - Eventos
 

Hands-On Java web passando por Servlets, JSP, JSTL, JDBC, Hibernate, DAO, MVC, etc

  • 2.
  • 5. Agenda • Java Servlet • Java Server Pages - JSP • JavaServer Pages Standard Tag Library - JSTL • Expression Language - EL • Java Database Connectivity - JDBC • Data Access Object - DAO • Model View Controller - MVC • Hibernate
  • 6. JSP
  • 7. i g lo p js . n versão 1.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“home.jsp"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> </body> </html>
  • 8. p js . e versão 1.0 m o h <!DOCTYPE html> <html> <head> <title>HOME</title> </head> <body> Bem vindo, <%=request.getParameter("login")%> </body> </html>
  • 10. Autenticador.java versão 2.0 package br.com.mariojp; ! import import import import ! java.io.*; javax.servlet.*; javax.servlet.annotation.*; javax.servlet.http.*; Regra: 
 Se o login igual a senha esta ok! @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { ! } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String login = request.getParameter("login"); String senha = request.getParameter("senha"); if(login!=null && senha!=null && login.equalsIgnoreCase(senha)){ response.sendRedirect("home.jsp?user="+login); }else{ String erro = "Usuario ou Senha Invalidos!"; response.sendRedirect("login.jsp?erro="+erro); } }
  • 11. i g lo p js . n versão 2.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <% String erro = request.getParameter("erro"); if(erro!=null && !erro.trim().equals("")){ out.print(erro); } %> </body> </html> Aciona o servlet Apresenta o erro de login
  • 12. p js . e versão 2.0 m o h <!DOCTYPE html> <html> <head> <title>HOME</title> </head> <body> Bem vindo, <%=request.getParameter("user")%> </body> </html>
  • 13. MVC
  • 14. U .j io r a u s a v a package br.com.mariojp; ! versão 3.0 public class Usuario { private Integer id; private String login; private String senha; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getLogin() { return login; } public void setNome(String login) { this.login = login; } public String getSenha() { return senha; } public void setSenha(String senha) { this.senha = senha; } }
  • 15. Autenticador.java versão 3.0 @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { ! protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Usuario user = new Usuario(); String login = request.getParameter("login"); String senha = request.getParameter("senha"); user.setLogin(login); user.setSenha(senha); if(autenticar(user)){ request.getSession().setAttribute("user", user); response.sendRedirect("home.jsp"); }else{ request.setAttribute("erro", "Usuario ou Senha Invalidos!"); RequestDispatcher d= request.getRequestDispatcher("login.jsp"); d.forward(request,response); } } private boolean autenticar(Usuario user) {...} ! }
  • 16. Autenticador.java versão 3.0 ! private boolean autenticar(Usuario user) { boolean autenticado = false; if(user.getLogin()!=null && user.getSenha()!=null && user.getLogin().equals(user.getSenha())){ autenticado = true; } return autenticado; }
  • 17. i g lo p js . n versão 3.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <% String erro = (String) request.getAttribute(“erro”); if(erro!=null && !erro.trim().equals("")){ out.print(erro); } %> </body> </html>
  • 18. m o h p js . e versão 3.0 <!DOCTYPE html> <%@page import="br.com.mariojp.Usuario"%> <html> <head> <title>HOME</title> </head> <body> <% Usuario user = (Usuario) session.getAttribute("user");%> Bem vindo, <%=user.getLogin() %> </body> </html>
  • 19. Revisão Rapida • Java Servlet • Java Server Pages - JSP • Model View Controller - MVC
  • 20. E agora? • JavaServer Pages Standard Tag Library - JSTL • Expression Language - EL
  • 22. i g lo p js . n versão 3.1 <!DOCTYPE html> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <c:out value="${erro}"/> </body> </html>
  • 23. m o h p js . e versão 3.1 <!DOCTYPE html> <%@page import="br.com.mariojp.Usuario"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>HOME</title> <jsp:useBean id="user" class="br.com.mariojp.Usuario" scope=“session” /> </head> <body> Bem vindo, <c:out value=“${user.login}" /> </body> </html>
  • 24. JDBC
  • 25. HSQLDB java -cp hsqldb.jar org.hsqldb.server.Server -database.0 file:mydb --dbname.0 banco
  • 26. HSQL Database Manager ! Type: HSQL Database Engine Server Driver: org.hsqldb.jdbcDriver URL: jdbc:hsqldb:hsql://localhost/banco User: SA
  • 27. HSQLDB CREATE TABLE USUARIOS ( USUARIO_ID INTEGER IDENTITY, LOGIN varchar(100) NOT NULL , SENHA varchar(100) NOT NULL ) ; ! INSERT INTO USUARIOS ( "LOGIN", "SENHA" ) VALUES ('user', ‘1234’); ! SELECT * FROM USUARIOS;
  • 29. BancoUtil.java package br.com.mariojp; versão 4.0 ! import java.sql.Connection; import java.sql.DriverManager; ! public class BancoUtil { private static Connection connection; static { try { Class.forName("org.hsqldb.jdbc.JDBCDriver" ); connection = DriverManager.getConnection( "jdbc:hsqldb:hsql://localhost/banco", "SA", ""); } catch (Exception e) { e.printStackTrace(); } } public static Connection getConnection() { return connection; } }
  • 30. Autenticador.java versão 4.0 private boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { Statement stmt = con.createStatement(); ResultSet resultSet = stmt.executeQuery( "select * from usuarios where "+ "login='"+user.getLogin().trim()+"' and "+ "senha='"+user.getSenha().trim()+"';" ); if(resultSet.next()){ autenticado = true; } resultSet.close(); stmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; }
  • 31. Segurança • Voce consegue acessar o home.jsp? • Pela url • Sql Injection
  • 32. m o h p js . e versão 4.1 <!DOCTYPE html> <%@page import="br.com.mariojp.Usuario"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>HOME</title> <jsp:useBean id="user" class="br.com.mariojp.Usuario" scope=“session” /> </head> <body> <c:if test="${user.login == null}"> <c:redirect url=“login.jsp" /> </c:if> Bem vindo, <c:out value=“${user.login}" /> </body> </html>
  • 33. Teste? • Use Login = 123 e Senha = ' or '1' = ‘1 • Use Login = ' OR 1=1 --
  • 34. Autenticador.java versão 4.1 private boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { String sql = "select * from usuarios where " + "login=? and senha=?;"; PreparedStatement pstmt = con.prepareStatement(sql); pstmt.setString(1, user.getLogin()); pstmt.setString(2, user.getSenha()); ResultSet resultSet = pstmt.executeQuery(); if(resultSet.next()){ autenticado = true; } resultSet.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; }
  • 35. DAO
  • 36. package br.com.mariojp; versão 5.0 ! import import import import java.sql.Connection; java.sql.PreparedStatement; java.sql.ResultSet; java.sql.SQLException; ! public class UsuarioDAO { ! } public boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { String sql = "select * from usuarios where login=? and senha=?;"; PreparedStatement pstmt = con.prepareStatement(sql); pstmt.setString(1, user.getLogin()); pstmt.setString(2, user.getSenha()); ResultSet resultSet = pstmt.executeQuery(); if(resultSet.next()){ autenticado = true; } resultSet.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; } UsuarioDAO.java
  • 37. Autenticador.java versão 3.0 @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { private UsuarioDAO usuarioDAO = new UsuarioDAO(); protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Usuario user = new Usuario(); String login = request.getParameter("login"); String senha = request.getParameter("senha"); user.setLogin(login); user.setSenha(senha); if(usuarioDAO.autenticar(user)){ request.getSession().setAttribute("user", user); response.sendRedirect("home.jsp"); }else{ request.setAttribute("erro", "Usuario ou Senha Invalidos!"); RequestDispatcher d= request.getRequestDispatcher("login.jsp"); d.forward(request,response); } } }
  • 38.
  • 39. Hibernate • Framework de mapeamento objeto relacional
  • 40. WEB-INFlib • hibernate-core-4.3.0.Final.jar • antlr-2.7.7.jar • dom4j-1.6.1.jar • hibernate-commons-annotations-4.0.4.Final.jar • hibernate-jpa-2.1-api-1.0.0.Final.jar • jandex-1.1.0.Final.jar • javassist-3.18.1-GA.jar • jboss-logging-3.1.3.GA.jar • jboss-logging-annotations-1.2.0.Beta1.jar • jboss-transaction-api_1.2_spec-1.0.0.Final.jar
  • 41. package br.com.mariojp; versão 6.0 ! import java.io.Serializable; Usuario.java ! import import import import javax.persistence.Entity; javax.persistence.GeneratedValue; javax.persistence.Id; javax.persistence.Table; ! @Entity @Table(name="usuarios") public class Usuario implements Serializable{ private static final long serialVersionUID = 1L; ! @Id @GeneratedValue private Integer id; ! } private String login; private String senha; //get’s e set's
  • 42. package br.com.mariojp; versão 6.0 ! import import import import org.hibernate.SessionFactory; org.hibernate.boot.registry.StandardServiceRegistryBuilder; org.hibernate.cfg.Configuration; org.hibernate.service.ServiceRegistry; ! public class BancoUtil { private static SessionFactory factory; ! static { Configuration configuration = new Configuration().configure(); StandardServiceRegistryBuilder serviceRegistryBuilder; serviceRegistryBuilder = new StandardServiceRegistryBuilder(); serviceRegistryBuilder.applySettings(configuration.getProperties()); ServiceRegistry serviceRegistry = serviceRegistryBuilder.build(); factory = configuration.buildSessionFactory(serviceRegistry); ! } ! ! } public static SessionFactory getFactory() { return factory; } BancoUtil.java
  • 43. package br.com.mariojp; versão 6.0 ! import org.hibernate.Session; ! public class UsuarioDAO { ! public boolean autenticar(Usuario user) { ! String query = "select u from Usuario as u where " + "u.login=:login and u.senha=:senha"; Session session = BancoUtil.getFactory().openSession(); session.beginTransaction(); Usuario usuario = (Usuario) session .createQuery(query) .setString("login", user.getLogin()) .setString("senha", user.getSenha()).uniqueResult(); session.getTransaction().commit(); session.close(); return usuario != null; ! } ! } UsuarioDAO.java
  • 44. versão 6.0 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE hibernate-configuration PUBLIC "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd"> <hibernate-configuration > <session-factory> <property name="hibernate.connection.driver_class">org.hsqldb.jdbc.JDBCDriver</property> <property name="hibernate.connection.url">jdbc:hsqldb:hsql://localhost/ banco</property> <property name="hibernate.connection.username">SA</property> <property name="hibernate.connection.password"></property> <property name="hibernate.connection.pool_size">1</property> <property name="hibernate.dialect">org.hibernate.dialect.HSQLDialect</ property> <property name="hibernate.current_session_context_class">thread</property> <property name="hibernate.cache.provider_class">org.hibernate.cache.internal.NoCacheProv ider</property> <!-- Echo all executed SQL to stdout --> <property name="hibernate.show_sql">true</property> <!-- Drop and re-create the database schema on startup --> <property name="hibernate.hbm2ddl.auto">create</property> <mapping class="br.com.mariojp.Usuario"/> </session-factory> </hibernate-configuration> hibernate.cfg.xml
  • 45.
  • 46. Esta obra está licenciada sob a licença Creative Commons Atribuição-CompartilhaIgual 3.0 Não Adaptada. Para ver uma cópia desta licença, visite http://creativecommons.org/licenses/by-sa/3.0/.
  • 47. Java web Mario Jorge Pereira Como me encontrar? http://www.mariojp.com.br twitter.com/@mariojp mariojp@gmail.com