Database behind JSP application is very convenient approach for managing user accounts and authenticating. In this sample we use users table from a database source to store user account information (name, password). The user supplies his username and password in the form fields. In JSP we use the <sql:param> tags fill in the question marks with the supplied values. The query matches a row only if both the username and the password match. This is how we handle authentication the process of forcing the users to prove that they are who they say they are. Dependently on the login succeeds or not this page modifies request state before forwarding:

<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="sql" uri="http://java.sun.com/jstl/sql" %>

<sql:query var="result">
	select * from users where user=? and password=?
	<sql:param value="${param.user}" />
	<sql:param value="${param.pw}" />
</sql:query>

<c:choose>
	
	<c:when test="${result.rowCount > 0}">
		<c:set var="user" scope="session" value="${param.user}" />
		<c:set var="rss" scope="session" 
                    value="${result.rows[0].RSS}" />
	</c:when>
		
	<c:otherwise>
		<c:set var="failedLogin" scope="request" value="true"/>
	</c:otherwise>
</c:choose>
	
<jsp:forward page="main.jsp" />