You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Raghupathy, Gurumoorthy" <Gu...@nielsen.com> on 2007/06/05 12:42:46 UTC
RE: How To Lock User Account If he Failed to give Correct Password in three attempts
Store the count in the session using appropriate name ....
Once that is above the limit then write the code to lock it ... .
One suggestion though .....
All business logic code in single action.... That is not a good design
...
Cant you make your business objects more layered ?
Regards
Guru
-----Original Message-----
From: Srinivasula Reddy A , Bangalore [mailto:srinivasulaa@hcl.in]
Sent: 05 June 2007 10:17
To: Struts Users Mailing List
Subject: How To Lock User Account If he Failed to give Correct Password
in three attempts
Hi Struts User Community,
Here I am sending my login action code (part
only) and My DAO Code. Now I have to lock the user if he failed to enter
correct user name and password in three attempts.
How can I implement this in struts?
Please help me with some sample code or rough idea?
String username = ((LoginForm) form).getUsername();
String password = ((LoginForm)
form).getPassword();
String newPassword =
com.dfs.common.helper.PasswordService.getInstance().encrypt(password);
AccessControlDAO accessDAO = new
AccessControlDAO();
UserTo userDTO =
accessDAO.getUser(username, newPassword);
if(userDTO==null){
throw new
LoginFailedException("LoginFailedException");
}
public UserTo getUser(String username, String password)throws
BaseAppException{
DBConnection ora = DBConnection.getInstance();
Connection conn = ora.createConnection();
PreparedStatement stmt = null;
ResultSet rs = null;
UserTo userDTO = null;
Query = "select * from SYSTEM_USER where SERVICE_NO=? and PASSWORD=?";
if (conn != null) {
try{
stmt =
conn.prepareStatement(Query);
stmt.setString(1,
username);
stmt.setString(2,
password);
rs =
stmt.executeQuery();
while(rs.next()){
userDTO =
new UserTo();
userDTO.setServiceNo(rs.getString("SERVICE_NO"));
userDTO.setEmpName(rs.getString("EMP_NAME"));
}
} catch (SQLException sqle) {
throw new
BaseDBException("BaseDBException");
} finally {
try{
ora.closeConnection(conn);
stmt.close();
rs.close();
}catch(SQLException e){
throw new
BaseDBException("BaseDBException");
}
}
}else{
throw new
BaseDBException("BaseDBException");
}
return userDTO;
}
Regards,
Sreenivasula Reddy A.
DISCLAIMER:
------------------------------------------------------------------------
-----------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and
intended for the named recipient(s) only.
It shall not attach any liability on the originator or HCL or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily
reflect the opinions of HCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure,
modification, distribution and / or publication of
this message without the prior written consent of the author of this
e-mail is strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. Before opening any mail and
attachments please check them for viruses and defect.
------------------------------------------------------------------------
-----------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org