Not sure how stupid I've coded this but I'm attempting to make a user signing that cross references my mySql database. Not sure if I'm going about this correctly. Thanks for any advise.
Login method
@Repository
public class LoginDAOImpl implements LoginDAO {
private SessionFactory sessionFactory;
@Override
public boolean checkLogin(String userName, String password) {
Session session = sessionFactory.openSession();
boolean userLogin = false;
Query query = session.createQuery("FROM Users u WHERE u.userName=? AND u.password=?");
query.setParameter(0, password);
query.setParameter(1, userName);
List list = query.getResultList();
if ((userName != null) && (list.size() > 0)) {
userLogin = true;
}
return userLogin;
}
}
COntroller
@Controller
public class UserController {
private UserDAO userDAO;
@Autowired
private LoginDAOImpl loginDAO;
@Autowired
public void setUserDao(UserDAO userDAO){
this.userDAO = userDAO;
}
@GetMapping("/home")
public String userSignup(Model model, @RequestParam("username")String username, @RequestParam("password") String password){
loginDAO.checkLogin(username, password);
return "user-signin";
}
@GetMapping("/UserForm")
public String userSigninForm(Model model){
model.addAttribute("user", new Users());
return "user-signup";
}
@PostMapping("/saveUser")
public String savedUserForm(@ModelAttribute("user") Users users){
userDAO.save(users);
return "redirect:/home";
}
}
I don't think your code has a chance to work:
Parameters in your query ordered as: username, password; but you call setParameter(...) method with wrong indexes.
Query query = session.createQuery("FROM Users u WHERE u.userName=? AND u.password=?");
query.setParameter(0, password);
query.setParameter(1, userName);
Why username validation performed after query is executed?
Since you are using Spring Framework in your project you can make use of Spring Security project. Guys from Spring already took care of what you are trying to implement.