Overview
In this blog, we will create a complete authentication system using JSP, Jakarta Servlets, JSTL (latest version), and MySQL in a Maven project. The application will include a registration system, login functionality, and access control to ensure users cannot access the dashboard or “My Account” pages without logging in.
Description
Authentication and session management are essential features of any modern web application. Using Jakarta Servlets, JSP, and JSTL, we will implement the following features:
- User Registration: Allows users to create an account with a username and password.
- User Login: Authenticates users and initializes their session.
- Access Control: Ensures restricted pages, like the dashboard and “My Account,” are accessible only to logged-in users.
- Session Management: Tracks user sessions to maintain secure access.
This application is built on a Maven structure, ensuring modularity and easy dependency management. MySQL is used to store user credentials securely.
Prerequisites
- Java Development Kit (JDK) installed.
- Apache Tomcat Server (latest version).
- MySQL database installed.
- Maven is configured in your system.
Maven Dependencies
Add the following dependencies to your pom.xml file:
<dependencies>
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jakarta.servlet.jsp.jstl</groupId>
<artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>jakarta.servlet.jsp.jstl</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.34</version>
</dependency>
</dependencies>Database Setup
Create a MySQL database named user_db with the following users table:
CREATE DATABASE user_db;
USE user_db;
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL
);Directory Structure
MyApp/
|-- src/main/java/
| |-- com.example.controller/
| | |-- LoginServlet.java
| | |-- LogoutServlet.java
| | |-- RegisterServlet.java
| | |-- DashboardServlet.java
| |-- com.example.utils/
| |-- DBConnection.java
|-- src/main/webapp/
|-- WEB-INF/
| |-- web.xml
|-- index.jsp
|-- register.jsp
|-- login.jsp
|-- dashboard.jsp
|-- myaccount.jspCode Implementation
1. DBConnection.java
package com.example.utils;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
public class DBConnection {
private static final String URL = "jdbc:mysql://localhost:3306/user_db";
private static final String USER = "root";
private static final String PASSWORD = "password";
public static Connection getConnection() throws SQLException {
return DriverManager.getConnection(URL, USER, PASSWORD);
}
}2. RegisterServlet.java
package com.example.controller;
import com.example.utils.DBConnection;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@WebServlet("/register")
public class RegisterServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
try (Connection conn = DBConnection.getConnection()) {
String sql = "INSERT INTO users (username, password) VALUES (?, ?)";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1, username);
ps.setString(2, password);
ps.executeUpdate();
response.sendRedirect("login.jsp");
} catch (SQLException e) {
e.printStackTrace();
response.sendRedirect("register.jsp?error=1");
}
}
}3. LoginServlet.java
package com.example.controller;
import com.example.utils.DBConnection;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
try (Connection conn = DBConnection.getConnection()) {
String sql = "SELECT * FROM users WHERE username = ? AND password = ?";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1, username);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();
if (rs.next()) {
HttpSession session = request.getSession();
session.setAttribute("username", username);
response.sendRedirect("dashboard");
} else {
response.sendRedirect("login.jsp?error=1");
}
} catch (SQLException e) {
e.printStackTrace();
}
}
}4. DashboardServlet.java
package com.example.controller;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet("/dashboard")
public class DashboardServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("username") == null) {
response.sendRedirect("login.jsp?error=not_logged_in");
} else {
request.getRequestDispatcher("dashboard.jsp").forward(request, response);
}
}
}5. LogoutServlet.java
package com.example.controller;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
@WebServlet("/logout")
public class LogoutServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = request.getSession();
session.invalidate();
response.sendRedirect("login.jsp");
}
}
JSP Files
// index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Welcome to MyApp</title>
</head>
<body>
<h1>Welcome to MyApp</h1>
<a href="register.jsp">Register</a> | <a href="login.jsp">Login</a>
</body>
</html>
// register.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Register</title>
</head>
<body>
<h1>Register</h1>
<% if (request.getParameter("error") != null) { %>
<p style="color:red;">Registration failed. Try again.</p>
<% } %>
<form action="register" method="post">
Username: <input type="text" name="username" required><br>
Password: <input type="password" name="password" required><br>
<button type="submit">Register</button>
</form>
</body>
</html>
// login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<% if (request.getParameter("error") != null) { %>
<p style="color:red;">Invalid credentials. Please try again.</p>
<% } %>
<form action="login" method="post">
Username: <input type="text" name="username" required><br>
Password: <input type="password" name="password" required><br>
<button type="submit">Login</button>
</form>
</body>
</html>
// dashboard.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="jakarta.servlet.http.HttpSession" %>
<%
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("username") == null) {
response.sendRedirect("login.jsp?error=not_logged_in");
return;
}
String username = (String) session.getAttribute("username");
%>
<html>
<head>
<title>Dashboard</title>
</head>
<body>
<h1>Welcome, <%= username %>!</h1>
<a href="logout">Logout</a>
</body>
</html>
// myaccount.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page import="jakarta.servlet.http.HttpSession" %>
<%
HttpSession session = request.getSession(false);
if (session == null || session.getAttribute("username") == null) {
response.sendRedirect("login.jsp?error=not_logged_in");
return;
}
String username = (String) session.getAttribute("username");
%>
<html>
<head>
<title>My Account</title>
</head>
<body>
<h1>My Account</h1>
<p>Username: <%= username %></p>
<a href="dashboard">Go to Dashboard</a> | <a href="logout">Logout</a>
</body>
</html>
Summary
This blog demonstrates how to implement a secure authentication system using JSP, Servlets, JSTL, and MySQL. It includes registration, login, access control, and session management features. The dashboard is restricted to logged-in users only, redirecting unauthorized access attempts to the login page. By following the provided steps, developers can build scalable and secure web applications with Jakarta Servlets and MySQL integration