La classe UnsafeServlet

package unsafeweb;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;

public class UnsafeServlet extends javax.servlet.http.HttpServlet
    implements javax.servlet.Servlet
{
  private String userID;
  private String password;

  public UnsafeServlet() { super(); }   

  public void init(ServletConfig config) throws ServletException
  {
    super.init(config);
  }
  
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
  {
    String userID = request.getParameter("userID");
    String password = request.getParameter("password");
    
    this.userID = userID;
    this.password = password;
    
    try
    {
      String sleeptime = getInitParameter("sleep");
      int sleep = Integer.parseInt(sleeptime);
      Thread.sleep(sleep);
    }
    catch(Exception exc)
    {
      log("",exc);
    }
    
    try
    {
      response.setContentType("text/html");
      PrintWriter writer = response.getWriter();
      writer.println("<html><body>");
      writer.println("<p><u>Valori delle variabili locali al metodo" + " doPost()</u> <br />");
      writer.println("userID=" + userID + "<br/>");
      writer.println("password=" + password + "</p>");
      writer.println("<p><u>Valori degli attributi della Servlet</u><br />");
      writer.println("userID=" + this.userID +"<br />");
      writer.println("password=" + this.password + "</p>");
      writer.println("</body></html>");
      writer.close();
    }
    catch (Exception exc)
    {
      exc.printStackTrace();
    }
  }
}