protected boolean passwordsMatch(String username, String password) {

boolean match=false;

try {

String sqlStmt= select password from userverify where

username=' +username+ ' ;

Statement stmt=con.createStatement();

ResultSet rs=stmt.executeQuery(stmt);

if (rs.next()) {

ResultSetMetaData rsmd=rs.getMetaData();

if rsmd.getColumnCount()>0) {

String thePassword=rs.getString(1);

if (thePassword.equals(password)) match=true;

}

}

} catch (SQLException e) e.printStacktrace();

return match;

}

Figure 68. Java code for the passwordsMatch method

3. If the login is to be successful, we must populate the Session object, using

the putValue method, with the following information:

a. username, password

This information is already available in the username and password

variables. Hence, the code is simply:

session.putValue( username , username);

sessoin.putValue( password , password);

b. user information

The user information, for example, an address or e mail, must be

obtained from the USERINFO database table. We perform a select of

the relevant information, then iterate through the list of USERINFO

columns to be populated into the Session object.

We predefine a string array called infoCols, which contains a list of

values that we intend to obtain from the select statement, and then

place it in the Session object (in effect, using this array of strings as a

filter). The code looks something like Figure 69 on page 92.

Chapter 3. Building the Web server

91