0
The project has a login page with two email fields one and another that is your password!
I have a Javaweb application and in the deployment descriptor I have some declared error pages, which are related to errors made by the users, with these error pages I send them to customized pages informing the respective problem!
These two are famous:
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/ErroPaginaNaoEncontrada.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/ErroLogin.jsp</location>
</error-page>
The first, 404, page not found this ok.
The second,500, login error has a small defect , I do not know if it is my mistake, when the user puts your wrong email and the right password the error, in the application everything goes right!
As he entered his incorrect email the error is captured by the application and the client and forwarded to a page saying that he put the wrong email!
But if it puts the correct email and the wrong password the error is not caught by the application, do not know what to do.
What is the status code that I should put in order to capture exactly this password error? or what is the most viable solution? I’ve tried some of the 400 to 500 line, but nothing!
Here is my Login View:
public class Login extends HttpServlet {
private UsuarioDAOInterface usuarioDAO = DAOFactory.createFactory(NomeBanco.DAO_BD).criarUsuarioDAO();
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.setCharacterEncoding("UTF-8");
String email = request.getParameter("email");
String senha = request.getParameter("senha");
UsuarioBean usuario = new UsuarioBean();
usuario = usuarioDAO.selecionarPorEmail(email);
HttpSession session = request.getSession();
session.setAttribute("usuario", usuario);
if (usuario.getEmail().equals(email) && usuario.getSenha().equals(senha)) {
RequestDispatcher dispatcher
= request.getRequestDispatcher("Home.jsp");
dispatcher.forward(request, response);
}
}
}
You are using 404 and 500 pages to inform the user that there has been an error in the application data entry?
– Maniero
@bigown That’s right! The first case he searches for a page that does not exist inside the application and second picks up the login error
– Pena Pintada
OMG. Do not do this. These errors do not form created for this. In a very specific case I would use a clearer error that expresses that the error is a domain error. Even so I doubt it would make sense to use this. I would think of something like 422 or 428. But I feel that even this is the wrong cumin. I don’t even know if I should suggest other codes. https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
– Maniero
@Bigown Thanks man, man but had visited this site before
– Pena Pintada
This you handle in the feature called, for example, in a Servlet that controls the login. The lack of an attribute in the request is an "exception", not a status. Just remember: You can use JS or even HTML5 validation attributes to resolve still on the side of client (or request if the password is missing).
– Renan Gomes
The only thing that looks like you want is 401, or 403 if the login is correct, but the user does not have permission for that feature. And even so, I think it’s a bit exaggerated to issue an HTTP error for this. 500 is server error, sign of some serious problem. And it’s still true that you’re having a serious problem sending it :)
– Bacco