WebServlet list for logged users

Question

I'm trying to create a list of medicines so that the user who added the medicines could see them and only him and that he wouldn't see the medicines of other users. But when I log in on accout which have 2 medicines added to databese and I visit my servlet /mlist i see "No drugs on the list" because to my user_id is assigned 0 and i don't get it why.

//edit "My request.getSession().getAttribute("user_id"); was wrong because it didn't take the user session, correct is request.getSession().getAttribute("user"); "

But now i got new problem PreparedStatementCallback; SQL [SELECT id_medicines, name, drugform, quantity, expiration_date, description, user_id FROM medicines WHERE user_id= ?Invalid argument value: java.io.NotSerializableException; nested exception is java.sql.SQLException: Invalid argument value: java.io.NotSerializableException //

SQL call

public List<Medicines> findByProperty(String propName, Object propValue) {
        String sql = "SELECT id_medicines, name, drugform, quantity, expiration_date, 
        description, user_id FROM medicines WHERE "+propName+"= ?";
        List<Medicines> medicines = jdbcTemplate.query(sql, new MedicinesRowMapper(), propValue);
        return medicines;
    }

Medicines Service

public List<Medicines> findUserMedicines(User user_id){
        DAOFactory factory = DAOFactory.getDAOFactory();
        MedicinesDAO medicinesDao = factory.getMedicinesDAO();
        return medicinesDao.findByProperty("user_id", user_id);
    }`

findUserMedicines taking from DAOFactory this line public abstract MedicinesDAO getMedicinesDAO();

Servlet /mlist

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
             {
        medicinesList(request);
        request.getRequestDispatcher("WEB-INF/mlist.jsp").forward(request, response);
    }

    public void medicinesList(HttpServletRequest request) throws ServletException, IOException
    {
        request.setCharacterEncoding("UTF-8");
        MedicinesService medicinesService = new MedicinesService();
        User user_id = (User) request.getSession().getAttribute("user");
        List<Medicines> userMedicines =  medicinesService.findUserMedicines(user_id);
        request.setAttribute("medicines", userMedicines);
    }

LoginFilter

private void saveUserInSession(HttpServletRequest request) {
    UserService userService = new UserService();
    String username = request.getUserPrincipal().getName();
    User userByUsername = userService.getUserByUsername(username);
    request.getSession(true).setAttribute("user", userByUsername);
}

Answer 1

The problem is in the line User user_id = (User) request.getSession().getAttribute("user");. Your User class which you have not provided in your question is not serialized. But even if you would make it serializable I doubt it would give you the result you want.

I suppose your user id is actually a String. Get the user id from your User object as a String and pass that along in your query instead. (The same could apply even if it where an intor a long. You need to get it from your User object.

Something similar to

String userIdString = user_id.getId();

I can update the answer if you provide your User class in the question.