I have a user profile class and was just wondering what the best way to load it was. I have the following code and wanted to know if it would be the proper way to do it.
UserProfile userProfile = null;
char[] password = {'a','b','c'};
for(UserProfile profile : UserProfiles){
if(compareUserNameAndPassword("userName", password)){
userProfile = profile;
}
}
And my profile class:
package jlibfprint;
public class UserProfile extends Profile {
/**
* constructor
*/
public UserProfile(String userName, int id, char[] password){
this.name = userName;
this.id = id;
this.password = password;
}
/**
* Users password
*/
private char[] password;
/**
* Set User password
* @param password
*/
public void setPassword(char[] password){
this.password = password;
}
/**
* compare passwords
*/
public boolean compareUserNameAndPassword(String userName,char[] password) {
if(this.name.equals(userName) && this.password.equals(password)){
return true;
}
return false;
}
}
Please don't implement the password security system in this post. It was mediocre at the time. You should use a proper authentication system provided by either a third party system (LDAP/OAUTH). your web-framework or a reputable library like Shiro. SHA1 is broken and doing directly like I do below is prone to error
This isn't classloading, it's checking objects that are instances of a single class. And it should be profile.compareUserNameAndPassword(userName,password).
The current way you are doing it implies all your UserProfiles are in memory. Normally they'd be in a database and you'd do the username and password comparison in a query and then only fetch one if they match.
You probably want to also consider whether passwords should be hashed at some point.
You probably also should think about not 're-inventing the wheel' and borrowing some framework tools to help. Hibernate is an object relation management tool designed to simplify retrieval of Java objects from the database. Spring is a framework which helps promote good design techniques and managing authorization and authentication as well as the MVC approach
/*
* Retrieves a UserProfile from the database based on a username and password
* Needs Apache Commons Codec package otherwise you have to use MessageDigest
* which gives a binary SHA-1
* @param username The username to fetch
* @param password The unhashed password
* @return The UserProfile or null if the user was not found in the DB
*/
private static UserProfile retrieveUserProfile(String username, char[] password)
throws SQLException {
password = DigestUtils.sha1Hex(password);
//Assuming a pre-setup JDBC Connection object - `con`
final String updateString = "SELECT userName, password FROM userProfiles"
+ "WHERE username = ? AND password = ? LIMIT 1";
PreparedStatement retrieveUserProfile = con.prepareStatement(updateString)
retrieveUserProfile.setString(1,"username");
retrieveUserProfile.setString(2,"password");
ResultSet rs = retrieveUserProfile.execute();
if(rs.next()) {
return new UserProfile(username,password);
}
else {
//User Not found
return null;
}
}