/** * Validates the login. Writes the isValid flag into the session along with the current user. * * @return true if OK, false if there's a problem */ private boolean validateLogin( HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception { // Creates a user database access bean. UserManager userManager = new UserManager(); // (no setSession() here, since user may not exist yet) // Validates the login String username = req.getParameter("Username"); String password = req.getParameter("Password"); boolean isValid = userManager.isValidUser(username, password); boolean isAdmin = userManager.isAdmin(username); // To allow bootstrapping the system, if there are no users // yet, set this session valid, and grant admin privileges. if (userManager.getRecords().isEmpty()) { isValid = true; isAdmin = true; } if (isValid) { // Writes User object and validity flag to the session session.setAttribute("user", new User(username, password, isAdmin)); session.setAttribute("isValid", new Boolean(isValid)); } else { Util.putMessagePage(res, "Invalid user or password"); return false; } return isValid; }