struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Al Sutton" ...@al-and-andrea.org.uk>
Subject RE: How To Lock User Account If he Failed to give Correct Password in three attempts
Date Tue, 05 Jun 2007 11:23:43 GMT
You know theres something about requests like this coming from hcl.in who
describe themselves as "Indias leading IT & Technology Company" that deeply
concerns me..... 

-----Original Message-----
From: Srinivasula Reddy A , Bangalore [mailto:srinivasulaa@hcl.in] 
Sent: 05 June 2007 12:08
To: Struts Users Mailing List
Subject: RE: How To Lock User Account If he Failed to give Correct Password
in three attempts

Thanks guru I will come back to you after trying this snippet

-----Original Message-----
From: Raghupathy, Gurumoorthy
[mailto:Gurumoorthy.Raghupathy@nielsen.com]
Sent: Tuesday, June 05, 2007 4:29 PM
To: Struts Users Mailing List
Subject: RE: How To Lock User Account If he Failed to give Correct Password
in three attempts

HttpSession session = request.getSession();

If ( session.getAttribute("LoginCount") == null ) {
	Session.setAttribute("LoginCount", new Integer(1)); } else {
	Integer loginCount = session.getAttribute("LoginCount");
	try { 
		Writecode to login;
	} catch (Loginexception e) {
		If (loginCount.intValue() >2 ) {
			Write code to block the user .... 
			return mapping.findForware("AccountLocked");
		} else {
			loginCount = new Integer(loginCount.intValue()
+1 );
			return mapping.findForware("Login");
		}
	}
}

Regards
Guru
-----Original Message-----
From: Srinivasula Reddy A , Bangalore [mailto:srinivasulaa@hcl.in]
Sent: 05 June 2007 11:45
To: Struts Users Mailing List
Subject: RE: How To Lock User Account If he Failed to give Correct Password
in three attempts

Yaa I know but I need some sample exact steps

-----Original Message-----
From: Raghupathy, Gurumoorthy
[mailto:Gurumoorthy.Raghupathy@nielsen.com]
Sent: Tuesday, June 05, 2007 4:13 PM
To: Struts Users Mailing List
Subject: RE: How To Lock User Account If he Failed to give Correct Password
in three attempts

Store the count in the session using appropriate name .... 
Once that is above the limit then write the code to lock it ... .


One suggestion though ..... 
All business logic code in single action....  That is not a good design ... 
Cant you make your business objects more layered ? 

Regards
Guru

-----Original Message-----
From: Srinivasula Reddy A , Bangalore [mailto:srinivasulaa@hcl.in]
Sent: 05 June 2007 10:17
To: Struts Users Mailing List
Subject: How To Lock User Account If he Failed to give Correct Password in
three attempts


Hi Struts User Community,

 

                        Here I am sending my login action code (part
only) and My DAO Code. Now I have to lock the user if he failed to enter
correct user name and password in three attempts.

 

How can I implement this in struts?

 

Please help me with some sample code or rough idea?

 

 

 

String username = ((LoginForm) form).getUsername();

                                    String password = ((LoginForm)
form).getPassword();                                

                                                                        

                                    String newPassword =
com.dfs.common.helper.PasswordService.getInstance().encrypt(password);


                                                            

 

                                    AccessControlDAO accessDAO = new
AccessControlDAO();

                                    UserTo userDTO =
accessDAO.getUser(username, newPassword);

                                    

                                    if(userDTO==null){


                                                throw new
LoginFailedException("LoginFailedException");

                                    }

 

            

 

 

 

 

public UserTo getUser(String username, String password)throws
BaseAppException{

                        

                        DBConnection ora = DBConnection.getInstance();


                        Connection conn = ora.createConnection();


                        

                        PreparedStatement stmt = null;

                        ResultSet rs = null;

                        UserTo userDTO = null;

Query = "select * from SYSTEM_USER where SERVICE_NO=? and PASSWORD=?";


                        if (conn != null) {

                                    try{

                                                stmt =
conn.prepareStatement(Query);

                                                stmt.setString(1,
username);

                                                stmt.setString(2,
password);

                                                rs =
stmt.executeQuery();

                                                while(rs.next()){

                                                            userDTO =
new UserTo();

 
userDTO.setServiceNo(rs.getString("SERVICE_NO"));

 
userDTO.setEmpName(rs.getString("EMP_NAME"));

                                                            }

 


                                    } catch (SQLException sqle) {

                                                throw new
BaseDBException("BaseDBException");

                                    } finally {


                                                try{

 
ora.closeConnection(conn);

 
stmt.close();

                                                            rs.close();

                                                }catch(SQLException e){

                                                            throw new
BaseDBException("BaseDBException");


                                                }

                                    }

                        }else{

                                    

                                    throw new
BaseDBException("BaseDBException");                                  

                        }

                        

                        return userDTO;

                        

            }

 

            

 

Regards,

Sreenivasula Reddy A.



DISCLAIMER:
------------------------------------------------------------------------
-----------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and
intended for the named recipient(s) only.
It shall not attach any liability on the originator or HCL or its
affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily
reflect the opinions of HCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure,
modification, distribution and / or publication of 
this message without the prior written consent of the author of this
e-mail is strictly prohibited. If you have 
received this email in error please delete it and notify the sender
immediately. Before opening any mail and 
attachments please check them for viruses and defect.

------------------------------------------------------------------------
-----------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message