Download as PDF, PPTX
Uploaded byMario Jorge Pereira
Hands-On Java web passando por Servlets, JSP, JSTL, JDBC, Hibernate, DAO, MVC, etc
Material sobre Java WEB super mão na massa. Vou construindo e alterando uma aplicação durante a apresentação os assuntos cobertos são: Java Servlet Java Server Pages - JSP JavaServer Pages Standard Tag Library - JSTL Expression Language - EL Java Database Connectivity - JDBC Data Access Object - DAO Model View Controller - MVC Hibernate ... Apresento também formas de fugir do sqlinjection
![Palestra PythonBrasil[8]](https://cdn.slidesharecdn.com/ss_thumbnails/palestra-pythonbrasil8-130129121049-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
Hands-On Java web passando por Servlets, JSP, JSTL, JDBC, Hibernate, DAO, MVC, etc
- 1.
- 3. java web Mario JorgePereira
- 4.
- 5. Agenda • Java Servlet •Java Server Pages - JSP • JavaServer Pages Standard Tag Library - JSTL • Expression Language - EL • Java Database Connectivity - JDBC • Data Access Object - DAO • Model View Controller - MVC • Hibernate
- 6.
- 7. i g lo p js . n versão 1.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“home.jsp"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> </body> </html>
- 8. p js . e versão 1.0 m o h <!DOCTYPE html> <html> <head> <title>HOME</title> </head> <body> Bem vindo, <%=request.getParameter("login")%> </body> </html>
- 9.
- 10. Autenticador.java versão 2.0 package br.com.mariojp; ! import import import import ! java.io.*; javax.servlet.*; javax.servlet.annotation.*; javax.servlet.http.*; Regra: Se o login igual a senha esta ok! @WebServlet("/Autenticador") public class Autenticador extends HttpServlet { ! } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String login = request.getParameter("login"); String senha = request.getParameter("senha"); if(login!=null && senha!=null && login.equalsIgnoreCase(senha)){ response.sendRedirect("home.jsp?user="+login); }else{ String erro = "Usuario ou Senha Invalidos!"; response.sendRedirect("login.jsp?erro="+erro); } }
- 11. i g lo p js . n versão 2.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <% String erro = request.getParameter("erro"); if(erro!=null && !erro.trim().equals("")){ out.print(erro); } %> </body> </html> Aciona o servlet Apresenta o erro de login
- 12. p js . e versão 2.0 m o h <!DOCTYPE html> <html> <head> <title>HOME</title> </head> <body> Bem vindo, <%=request.getParameter("user")%> </body> </html>
- 13.
- 14. U .j io r a u s a v a package br.com.mariojp; ! versão 3.0 publicclass Usuario { private Integer id; private String login; private String senha; public Integer getId() { return id; } public void setId(Integer id) { this.id = id; } public String getLogin() { return login; } public void setNome(String login) { this.login = login; } public String getSenha() { return senha; } public void setSenha(String senha) { this.senha = senha; } }
- 15. Autenticador.java versão 3.0 @WebServlet("/Autenticador") public classAutenticador extends HttpServlet { ! protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Usuario user = new Usuario(); String login = request.getParameter("login"); String senha = request.getParameter("senha"); user.setLogin(login); user.setSenha(senha); if(autenticar(user)){ request.getSession().setAttribute("user", user); response.sendRedirect("home.jsp"); }else{ request.setAttribute("erro", "Usuario ou Senha Invalidos!"); RequestDispatcher d= request.getRequestDispatcher("login.jsp"); d.forward(request,response); } } private boolean autenticar(Usuario user) {...} ! }
- 16. Autenticador.java versão 3.0 ! private booleanautenticar(Usuario user) { boolean autenticado = false; if(user.getLogin()!=null && user.getSenha()!=null && user.getLogin().equals(user.getSenha())){ autenticado = true; } return autenticado; }
- 17. i g lo p js . n versão 3.0 <!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <% String erro = (String) request.getAttribute(“erro”); if(erro!=null && !erro.trim().equals("")){ out.print(erro); } %> </body> </html>
- 18. m o h p js . e versão 3.0 <!DOCTYPE html> <%@pageimport="br.com.mariojp.Usuario"%> <html> <head> <title>HOME</title> </head> <body> <% Usuario user = (Usuario) session.getAttribute("user");%> Bem vindo, <%=user.getLogin() %> </body> </html>
- 19. Revisão Rapida • JavaServlet • Java Server Pages - JSP • Model View Controller - MVC
- 20. E agora? • JavaServerPages Standard Tag Library - JSTL • Expression Language - EL
- 21.
- 22. i g lo p js . n versão 3.1 <!DOCTYPE html> <%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>Login</title> </head> <body> <form method="post" action=“Autenticador"> Login: <input name="login" type="text"> <br> Senha: <input name="senha" type="password"><br> <input type="submit"> </form> <c:out value="${erro}"/> </body> </html>
- 23. m o h p js . e versão 3.1 <!DOCTYPE html> <%@pageimport="br.com.mariojp.Usuario"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>HOME</title> <jsp:useBean id="user" class="br.com.mariojp.Usuario" scope=“session” /> </head> <body> Bem vindo, <c:out value=“${user.login}" /> </body> </html>
- 24.
- 25. HSQLDB java -cp hsqldb.jarorg.hsqldb.server.Server -database.0 file:mydb --dbname.0 banco
- 26. HSQL Database Manager ! Type:HSQL Database Engine Server Driver: org.hsqldb.jdbcDriver URL: jdbc:hsqldb:hsql://localhost/banco User: SA
- 27. HSQLDB CREATE TABLE USUARIOS( USUARIO_ID INTEGER IDENTITY, LOGIN varchar(100) NOT NULL , SENHA varchar(100) NOT NULL ) ; ! INSERT INTO USUARIOS ( "LOGIN", "SENHA" ) VALUES ('user', ‘1234’); ! SELECT * FROM USUARIOS;
- 28.
- 29. BancoUtil.java package br.com.mariojp; versão 4.0 ! importjava.sql.Connection; import java.sql.DriverManager; ! public class BancoUtil { private static Connection connection; static { try { Class.forName("org.hsqldb.jdbc.JDBCDriver" ); connection = DriverManager.getConnection( "jdbc:hsqldb:hsql://localhost/banco", "SA", ""); } catch (Exception e) { e.printStackTrace(); } } public static Connection getConnection() { return connection; } }
- 30. Autenticador.java versão 4.0 private booleanautenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { Statement stmt = con.createStatement(); ResultSet resultSet = stmt.executeQuery( "select * from usuarios where "+ "login='"+user.getLogin().trim()+"' and "+ "senha='"+user.getSenha().trim()+"';" ); if(resultSet.next()){ autenticado = true; } resultSet.close(); stmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; }
- 31. Segurança • Voce consegueacessar o home.jsp? • Pela url • Sql Injection
- 32. m o h p js . e versão 4.1 <!DOCTYPE html> <%@pageimport="br.com.mariojp.Usuario"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <html> <head> <title>HOME</title> <jsp:useBean id="user" class="br.com.mariojp.Usuario" scope=“session” /> </head> <body> <c:if test="${user.login == null}"> <c:redirect url=“login.jsp" /> </c:if> Bem vindo, <c:out value=“${user.login}" /> </body> </html>
- 33. Teste? • Use Login= 123 e Senha = ' or '1' = ‘1 • Use Login = ' OR 1=1 --
- 34. Autenticador.java versão 4.1 private booleanautenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { String sql = "select * from usuarios where " + "login=? and senha=?;"; PreparedStatement pstmt = con.prepareStatement(sql); pstmt.setString(1, user.getLogin()); pstmt.setString(2, user.getSenha()); ResultSet resultSet = pstmt.executeQuery(); if(resultSet.next()){ autenticado = true; } resultSet.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; }
- 35.
- 36. package br.com.mariojp; versão 5.0 ! import import import import java.sql.Connection; java.sql.PreparedStatement; java.sql.ResultSet; java.sql.SQLException; ! publicclass UsuarioDAO { ! } public boolean autenticar(Usuario user) { boolean autenticado = false; Connection con = BancoUtil.getConnection(); try { String sql = "select * from usuarios where login=? and senha=?;"; PreparedStatement pstmt = con.prepareStatement(sql); pstmt.setString(1, user.getLogin()); pstmt.setString(2, user.getSenha()); ResultSet resultSet = pstmt.executeQuery(); if(resultSet.next()){ autenticado = true; } resultSet.close(); pstmt.close(); } catch (SQLException e) { e.printStackTrace(); } return autenticado; } UsuarioDAO.java
- 37. Autenticador.java versão 3.0 @WebServlet("/Autenticador") public classAutenticador extends HttpServlet { private UsuarioDAO usuarioDAO = new UsuarioDAO(); protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Usuario user = new Usuario(); String login = request.getParameter("login"); String senha = request.getParameter("senha"); user.setLogin(login); user.setSenha(senha); if(usuarioDAO.autenticar(user)){ request.getSession().setAttribute("user", user); response.sendRedirect("home.jsp"); }else{ request.setAttribute("erro", "Usuario ou Senha Invalidos!"); RequestDispatcher d= request.getRequestDispatcher("login.jsp"); d.forward(request,response); } } }
- 39. Hibernate • Framework demapeamento objeto relacional
- 40. WEB-INFlib • hibernate-core-4.3.0.Final.jar • antlr-2.7.7.jar •dom4j-1.6.1.jar • hibernate-commons-annotations-4.0.4.Final.jar • hibernate-jpa-2.1-api-1.0.0.Final.jar • jandex-1.1.0.Final.jar • javassist-3.18.1-GA.jar • jboss-logging-3.1.3.GA.jar • jboss-logging-annotations-1.2.0.Beta1.jar • jboss-transaction-api_1.2_spec-1.0.0.Final.jar
- 41. package br.com.mariojp; versão 6.0 ! importjava.io.Serializable; Usuario.java ! import import import import javax.persistence.Entity; javax.persistence.GeneratedValue; javax.persistence.Id; javax.persistence.Table; ! @Entity @Table(name="usuarios") public class Usuario implements Serializable{ private static final long serialVersionUID = 1L; ! @Id @GeneratedValue private Integer id; ! } private String login; private String senha; //get’s e set's
- 42. package br.com.mariojp; versão 6.0 ! import import import import org.hibernate.SessionFactory; org.hibernate.boot.registry.StandardServiceRegistryBuilder; org.hibernate.cfg.Configuration; org.hibernate.service.ServiceRegistry; ! publicclass BancoUtil { private static SessionFactory factory; ! static { Configuration configuration = new Configuration().configure(); StandardServiceRegistryBuilder serviceRegistryBuilder; serviceRegistryBuilder = new StandardServiceRegistryBuilder(); serviceRegistryBuilder.applySettings(configuration.getProperties()); ServiceRegistry serviceRegistry = serviceRegistryBuilder.build(); factory = configuration.buildSessionFactory(serviceRegistry); ! } ! ! } public static SessionFactory getFactory() { return factory; } BancoUtil.java
- 43. package br.com.mariojp; versão 6.0 ! importorg.hibernate.Session; ! public class UsuarioDAO { ! public boolean autenticar(Usuario user) { ! String query = "select u from Usuario as u where " + "u.login=:login and u.senha=:senha"; Session session = BancoUtil.getFactory().openSession(); session.beginTransaction(); Usuario usuario = (Usuario) session .createQuery(query) .setString("login", user.getLogin()) .setString("senha", user.getSenha()).uniqueResult(); session.getTransaction().commit(); session.close(); return usuario != null; ! } ! } UsuarioDAO.java
- 44. versão 6.0 <?xml version="1.0"encoding="UTF-8"?> <!DOCTYPE hibernate-configuration PUBLIC "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd"> <hibernate-configuration > <session-factory> <property name="hibernate.connection.driver_class">org.hsqldb.jdbc.JDBCDriver</property> <property name="hibernate.connection.url">jdbc:hsqldb:hsql://localhost/ banco</property> <property name="hibernate.connection.username">SA</property> <property name="hibernate.connection.password"></property> <property name="hibernate.connection.pool_size">1</property> <property name="hibernate.dialect">org.hibernate.dialect.HSQLDialect</ property> <property name="hibernate.current_session_context_class">thread</property> <property name="hibernate.cache.provider_class">org.hibernate.cache.internal.NoCacheProv ider</property> <!-- Echo all executed SQL to stdout --> <property name="hibernate.show_sql">true</property> <!-- Drop and re-create the database schema on startup --> <property name="hibernate.hbm2ddl.auto">create</property> <mapping class="br.com.mariojp.Usuario"/> </session-factory> </hibernate-configuration> hibernate.cfg.xml
- 46. Esta obra estálicenciada sob a licença Creative Commons Atribuição-CompartilhaIgual 3.0 Não Adaptada. Para ver uma cópia desta licença, visite http://creativecommons.org/licenses/by-sa/3.0/.
- 47. Java web Mario JorgePereira Como me encontrar? http://www.mariojp.com.br twitter.com/@mariojp mariojp@gmail.com