473,412 Members | 4,594 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > java > questions > why are users able to see other user's data?

Join Bytes to post your question to a community of 473,412 software developers and data experts.

Why are users able to see other user's data?

I am currently creating collaboartive learning website based on the social networking ideas.

I have a Java servlet that uses HttpSession to store data.

When one user, User-A, logs in and does something on the website, User-B logs in. When User-A navigates to another page, User-B's information is shown instead of User-A's.

My Java servlet:

Expand|Select|Wrap|Line Numbers
  1. package control;
  2.  
  3. import java.io.IOException;
  4. import java.util.HashMap;
  5. import javax.servlet.RequestDispatcher;
  6. import javax.servlet.ServletException;
  7. import javax.servlet.http.Cookie;
  8. import javax.servlet.http.HttpServlet;
  9. import javax.servlet.http.HttpServletRequest;
  10. import javax.servlet.http.HttpServletResponse;
  11. import javax.servlet.http.HttpSession;
  12. import model.InstructorUserBean;
  13. import model.StudentUserBean;
  14.  
  15. /**
  16.  * Servlet controls the main interaction between the client and server
  17.  * @author Adam K Hagan
  18.  * @version v1
  19.  */
  20. public class Servlet extends HttpServlet {
  21.  
  22.     // Instance variables
  23.     //A bean for the Logged in User
  24.     InstructorUserBean loggedInInstructorUser;
  25.     StudentUserBean loggedInStudentUser;
  26.     //ProfileManager
  27.     UserProfileManager profileManager;
  28.     //Manage login requests
  29.     LoginManager loginManager;
  30.     //Manage account creation
  31.     UserAccountCreator accountCreator;
  32.     // A session
  33.     HttpSession session;
  34.     // Hashmap stores data for processing
  35.     HashMap<String, String> userDetails;
  36.  
  37.     /**
  38.      * Initialises all the variables
  39.      */
  40.     public void init() {
  41.         userDetails = new HashMap<String, String>();
  42.         loggedInInstructorUser = new InstructorUserBean();
  43.          loggedInStudentUser = new StudentUserBean();
  44.     }
  45.  
  46.     /**
  47.      * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  48.      * @param request servlet request
  49.      * @param response servlet response
  50.      * @throws ServletException if a servlet-specific error occurs
  51.      * @throws IOException if an I/O error occurs
  52.      */
  53.     protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  54.             throws ServletException, IOException {
  55.  
  56.         // Stores the action using post or get
  57.         String action = request.getPathInfo();
  58.         // Stores the dispatcher - that directs to other pages
  59.         RequestDispatcher dispatcher = null;
  60.  
  61.         //A session
  62.         session = request.getSession();
  63.  
  64.  
  65.  
  66.  
  67.  
  68.         /* TEMPLATE FOR A SECTION
  69.         else if (action.equals("/action")) {
  70.         // Do something...
  71.         // Direct to page
  72.         dispatcher = this.getServletContext().getRequestDispatcher("webpage");
  73.         }
  74.          */
  75.  
  76.  
  77.  
  78.         /**
  79.          * Action to take if user logging in
  80.          */
  81.         if (action.equals("/login")) {
  82.             // Get the user name and password from the request
  83.             String username = request.getParameter("email_login_input");
  84.             String password = request.getParameter("password_login_input");
  85.             //Create a LoginManager and check if the user is authentic
  86.             loginManager = new LoginManager(username, password);
  87.             //If the user is authentic, take to their dashboard
  88.             if (loginManager.isAuthenticUser()) {
  89.                 //Log user in
  90.                 loginUser(username, password);
  91.                 // Authentic and user profile set up so direct to user's dashbaord
  92.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/dashboard/dashboard.jspx");
  93.             } // If not an authentic user, send user to error login page
  94.             else {
  95.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/login/errorLogin.jspx");
  96.             }
  97.         }
  98.  
  99.         /**
  100.          * Go to sign in page
  101.          */
  102.         else if (action.equals("/goSignIn")) {
  103.             dispatcher = this.getServletContext().getRequestDispatcher("/signin.jspx");
  104.         }
  105.  
  106.         /**
  107.          * Action to take when signing up for an account: Stage 1
  108.          */
  109.         else if (action.equals("/signUp")) {
  110.             // Gather signUp page information
  111.             String email = request.getParameter("inputEmail");
  112.             String firstName = request.getParameter("inputFirstName");
  113.             String lastName = request.getParameter("inputLastName");
  114.             String password = request.getParameter("inputPassword");
  115.             String type = request.getParameter("accountTypeInput");
  116.             userDetails.put("username", email);
  117.             userDetails.put("firstname", firstName);
  118.             userDetails.put("lastname", lastName);
  119.             userDetails.put("password", password);
  120.             userDetails.put("type", type);
  121.  
  122.             if (type.equals("student")) {
  123.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/registration/accountRegistration_s.jspx");
  124.             }
  125.             if (type.equals("instructor")) {
  126.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/registration/accountRegistration_i.jspx");
  127.             }
  128.         }
  129.  
  130.         /**
  131.          * Action for sign up Stage 2
  132.          */
  133.         else if (action.equals("/accountStudentSetup")) {
  134.             // Gather account setup information
  135.             String courseName = request.getParameter("inputCourseName");
  136.             String courseYear = request.getParameter("inputCourseYear");
  137.             String privacySetting = request.getParameter("privacySetting");
  138.             userDetails.put("courseName", courseName);
  139.             userDetails.put("courseYear", courseYear);
  140.             userDetails.put("privacySetting", privacySetting);
  141.             dispatcher = this.getServletContext().getRequestDispatcher("/webmods/registration/profilePic.jspx");
  142.         } else if (action.equals("/accountInstructorSetup")) {
  143.             // Gather account setup information
  144.             String department = request.getParameter("inputDepartment");
  145.             String privacySetting = request.getParameter("privacySetting");
  146.             userDetails.put("department", department);
  147.             userDetails.put("privacySetting", privacySetting);
  148.             dispatcher = this.getServletContext().getRequestDispatcher("/webmods/registration/profilePic.jspx");
  149.         }
  150.  
  151.         /**
  152.          * Action to take if registering with profile pic
  153.          * @TODO
  154.          */
  155.         else if (action.equals("/profilePic")) {
  156.             // Do something...
  157.             // Direct to page
  158.             dispatcher = this.getServletContext().getRequestDispatcher("webpage");
  159.         }
  160.  
  161.         /**
  162.          * Action to take if user skipped profile pic
  163.          */
  164.         else if (action.equals("/completeRegistration")) {
  165.             boolean accountCreationVerified = false;
  166.             //Create useraccountcreator
  167.             if (userDetails.get("type").equals("student")) {
  168.                 StudentUserAccountCreator sUAC = new StudentUserAccountCreator(userDetails);
  169.                 //Create the account
  170.                 sUAC.createUserAccount();
  171.                 //Check the account has been created
  172.                 accountCreationVerified = sUAC.isValidAccountCreated();
  173.             }
  174.             //Create useraccountcreator
  175.             if (userDetails.get("type").equals("instructor")) {
  176.                 InstructorUserAccountCreator iUAC = new InstructorUserAccountCreator(userDetails);
  177.                 //Create the account
  178.                 iUAC.createUserAccount();
  179.                 //Check the account has been created
  180.                 accountCreationVerified = iUAC.isValidAccountCreated();
  181.             }
  182.  
  183.             // If accountVerified go to dashboard else to login page
  184.             if (accountCreationVerified) {
  185.                 loginUser(userDetails.get("username"),userDetails.get("password"));
  186.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/dashboard/dashboard.jspx");
  187.             } else {
  188.                 dispatcher = this.getServletContext().getRequestDispatcher("/signin.jspx");
  189.             }
  190.         }
  191.  
  192.         /**
  193.          * Action to take user to account settings page
  194.          */
  195.         else if (action.equals("/goAccountSettings")) {
  196.             String type = (String) session.getAttribute("type");
  197.             //If student user go to student user page
  198.             if(type.equals("student")){
  199.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/accountsettings/accountSettings_s.jspx");
  200.             }
  201.             else if(type.equals("instructor")){
  202.               dispatcher = this.getServletContext().getRequestDispatcher("/webmods/accountsettings/accountSettings_i.jspx");
  203.             }
  204.         }
  205.  
  206.         /**
  207.          * Action to take on updated account information
  208.          */
  209.         else if (action.equals("/updateInstructorAccountSettings")) {
  210.               // Get input
  211.             String password = request.getParameter("inputPassword");
  212.             String department = request.getParameter("departmentInput");
  213.             String privacySetting = request.getParameter("privacySetting");
  214.             // Change data
  215.            InstructorUserProfileManager iUPM = (InstructorUserProfileManager) profileManager;
  216.            if(!((department == null) || (department.equals("")))){
  217.            iUPM.setDepartment(department);
  218.             }
  219.            iUPM.setPrivacySetting(privacySetting);
  220.            if(!((password == null) || (password.equals("")))){
  221.            iUPM.setPassword(password);
  222.             }
  223.            profileManager = iUPM;
  224.            //Update all details
  225.            String username = iUPM.getUsername();
  226.            loginUser(username,password);
  227.            dispatcher = this.getServletContext().getRequestDispatcher("/webmods/accountsettings/accountSettings_i.jspx");
  228.         }
  229.  
  230.                 /**
  231.          * Action to take on updated account information
  232.          */
  233.         else if (action.equals("/updateStudentAccountSettings")) {
  234.             // Get input
  235.             String password = request.getParameter("inputPassword");
  236.             String course = request.getParameter("courseInput");
  237.             String year = request.getParameter("courseYearInput");
  238.             String privacySetting = request.getParameter("privacySetting");
  239.  
  240.             // Change data
  241.            StudentUserProfileManager sUPM = (StudentUserProfileManager) profileManager;
  242.            if(!((course == null) || (course.equals("")))){
  243.             sUPM.setCourse(course);
  244.             }
  245.            sUPM.setCourseYear(year);
  246.  
  247.            sUPM.setPrivacySetting(privacySetting);
  248.  
  249.            if(!((password == null) || (password.equals("")))){
  250.            sUPM.setPassword(password);
  251.             }
  252.            profileManager = sUPM;
  253.            //Update all details
  254.            String username = sUPM.getUsername();
  255.            loginUser(username,password);
  256.            dispatcher = this.getServletContext().getRequestDispatcher("/webmods/accountsettings/accountSettings_s.jspx");
  257.         }
  258.  
  259.  
  260.  
  261.  
  262.  
  263.  
  264.         /**
  265.          * Action to take user to dashboard page
  266.          */
  267.         else if (action.equals("/goDashboard")) {
  268.                 dispatcher = this.getServletContext().getRequestDispatcher("/webmods/dashboard/dashboard.jspx");
  269.         }
  270.  
  271.  
  272.  
  273.  
  274.  
  275.  
  276.  
  277.  
  278.         //      String enc = URLEncoder.encode("test", "UTF-8");
  279.  
  280.         //Forward the request to the selected page
  281.         dispatcher.forward(request, response);
  282.     }
  283.  
  284.     /**
  285.      * Gathers and creates objects to log a user in
  286.      * @param username
  287.      * @param password
  288.      */
  289.     private void loginUser(String username, String password) {
  290.  
  291.  
  292.         //Create a LoginManager and check if the user is authentic
  293.         loginManager = new LoginManager(username, password);
  294.  
  295.             if (loginManager.getUserType().equals("student")) {
  296.                 StudentUserProfileManager studentProfileManager = new StudentUserProfileManager(username, password);
  297.                 loggedInStudentUser.setUsername(username);
  298.                 loggedInStudentUser.setPassword(password);
  299.                 loggedInStudentUser.setName(studentProfileManager.getName());
  300.                 loggedInStudentUser.setCourseYear(studentProfileManager.getCourseYear());
  301.                 loggedInStudentUser.setCourseName(studentProfileManager.getCourseName());
  302.                 loggedInStudentUser.setPrivacySetting(studentProfileManager.getPrivacySetting());
  303.                 profileManager = studentProfileManager;
  304.                 session.setAttribute("loggedInStudentUser",loggedInStudentUser);
  305.                 session.setAttribute("type","student");
  306.             }
  307.          if (loginManager.getUserType().equals("instructor")){
  308.                 InstructorUserProfileManager instructorProfileManager = new InstructorUserProfileManager(username, password);
  309.                 loggedInInstructorUser.setUsername(username);
  310.                 loggedInInstructorUser.setPassword(password);
  311.                 loggedInInstructorUser.setName(instructorProfileManager.getName());
  312.                 loggedInInstructorUser.setDepartment(instructorProfileManager.getDepartment());
  313.                 loggedInInstructorUser.setPrivacySetting(instructorProfileManager.getPrivacySetting());
  314.                 profileManager = instructorProfileManager;
  315.                 session.setAttribute("loggedInInstructorUser",loggedInInstructorUser);
  316.                 session.setAttribute("type","instructor");
  317.             }
  318.     }
  319.  
  320.  
  321.  
  322.     // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  323.     /**
  324.      * Handles the HTTP <code>GET</code> method.
  325.      * @param request servlet request
  326.      * @param response servlet response
  327.      * @throws ServletException if a servlet-specific error occurs
  328.      * @throws IOException if an I/O error occurs
  329.      */
  330.     @Override
  331.     protected void doGet(HttpServletRequest request, HttpServletResponse response)
  332.             throws ServletException, IOException {
  333.         processRequest(request, response);
  334.     }
  335.  
  336.     /**
  337.      * Handles the HTTP <code>POST</code> method.
  338.      * @param request servlet request
  339.      * @param response servlet response
  340.      * @throws ServletException if a servlet-specific error occurs
  341.      * @throws IOException if an I/O error occurs
  342.      */
  343.     @Override
  344.     protected void doPost(HttpServletRequest request, HttpServletResponse response)
  345.             throws ServletException, IOException {
  346.         processRequest(request, response);
  347.     }
  348.  
  349.     /**
  350.      * Returns a short description of the servlet.
  351.      * @return a String containing servlet description
  352.      */
  353.     @Override
  354.     public String getServletInfo() {
  355.         return "Short description";
  356.     }// </editor-fold>
  357. }
  358.  
Any help or advice would be great. I have been looking all over the web to get some sort of answer to this.

Thanks
Feb 14 '11 #1
0 1300

Sign in to post your reply or Sign up for a free account.

Similar topics

1
User defined data elements
by: Joe C | last post by:
I'm working on an application where the user would like the capability of creating new data elements, enter a value, and store the information on a database for latter retrieval. I was thinking...
Oracle Database
1
Changing the owner of a user-defined data type
by: Robbie | last post by:
Hi Guys Wonder if you could help me. Basically I produce an accounts package that uses a SQL 2000 DB as the RDBMS. I always instruct users to login as 'sa' and the relevant password when...
Microsoft SQL Server
13
User defined data type used in stored procedure parameters
by: dawatson833 | last post by:
I have several stored procedures with parameters that are defined with user defined data types. The time it takes to run the procedures can take 10 - 50 seconds depending on the procedure. If I...
Microsoft SQL Server
4
Preventing users from seeing raw data
by: Trevor Williams | last post by:
I have a split database which has some rudimentary security in place which prevents unauthorised users from double-clicking the data file and seeing anything worthwhile. If they do this a popup...
Microsoft Access / VBA
4
Where to Cache "per user" Data That Can Get Updated By Admins
by: Guadala Harry | last post by:
Is there any way for one Session to remove and update objects in another Session? I seriously doubt it, but thought I'd ask. Here's why: I have some data that is unique per user (or per session -...
ASP.NET
6
Is There A Way to Pop Up a MessageBox Warning When User Changes Data?
by: No Spam | last post by:
Dear Access 2003 Users, Is there a way to pop up a MessageBox warning when a user changes data on a form? Basically, I have one field that I really want people to think about before changing,...
Microsoft Access / VBA
4
Can I use user defined data types in maps?
by: Anamika | last post by:
I want to create a map,which will be having string as a key and the related data as a structure... So can I use user defined data types as the data in maps? If so How I can use it... What is...
C / C++
4
User Profile Data
by: Scott M. | last post by:
When profile data is stored in ASP .NET, where is the user data persisted? For how long is it persisted: is it session persisted or permanent (like a cookie)?
ASP.NET
4
server not able to send data
by: pralu | last post by:
hi i ve made my server but that is not able to send data ... can any one help me ...althhough the code is error free n the code is in c socket using winsock... n m using visuall c++
C / C++
2
Using user entered data
by: gilly1471 | last post by:
Yep, new to perl, I started yesterday, but am quickly excelling. I would just like to know how to use user entered data. Let's say I have a programm that calculates the circumference of a circle....
Perl
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!