Java - Web Servlet - Login

Creating a login class using web servlets in java.

Imports

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.persistence.Query;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import model.entities.UserAccount;
import model.entities.UserInfo;

Web Servlet

/* @author Steven Bartsch */
@WebServlet(urlPatterns = {"/login"})

Members

public class login extends HttpServlet{
    public static String loginWarning;
    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException{
        response.setContentType("text/html;charset=UTF-8");
        HttpSession session = request.getSession();

        boolean success = false;
        String page = "/store.jsp";

Validation

        if(request.getParameter("username").equals("") && request.getParameter("password").equals(""))
            loginWarning = "Username and Password cannot be blank.";
        else if(request.getParameter("username").equals(""))
            loginWarning = "Username cannot be blank.";
        else if(request.getParameter("password").equals(""))
            loginWarning = "Password cannot be blank.";
        else{
            EntityManagerFactory enf = Persistence.createEntityManagerFactory("SecondAssignmentPU");
            EntityManager em = enf.createEntityManager();
            Query query = em.createNamedQuery("UserAccount.findAll");
            Query infoQuery = em.createNamedQuery("UserInfo.findAll");
            List resultList = query.getResultList();
            List infoList = infoQuery.getResultList();
            Iterator it = resultList.iterator();
            Iterator in = infoList.iterator();
            boolean userFound = false;

            while(it.hasNext()){
                UserAccount user = (UserAccount) it.next();
                UserInfo info = (UserInfo) in.next();
                if(user.getUsername().equals(request.getParameter("username"))){
                    userFound = true;
                    if(user.getPassword().equals(request.getParameter("password"))){
                        session.setAttribute("userAccount", user);
                        session.setAttribute("userInfo", info);
                        session.setAttribute("userID", user.getUserid());
                        success = true;

                        if(user.getUserlevel() == 2)
                            page = "/inventory.jsp";
                    }
                    else
                        loginWarning = "The username and password you entered do not match. Please try again.";
                    break;
                }
            }
            if(userFound == false)
                loginWarning = "The username you entered was not found. Please try again.";
        }

        if(!success){
            page = "/login.jsp";
            session.setAttribute("loginWarning",loginWarning);
            session.setAttribute("incorrectCredentials","true");
        }
        RequestDispatcher dispatcher = request.getServletContext().getRequestDispatcher(page);
        dispatcher.forward(request, response);  
    }

Overrides

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException{
        processRequest(request, response);
    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException{
        processRequest(request, response);
    }

    @Override
    public String getServletInfo(){
        return "Short description";
    }
}