src/main/java/PaymentServlet.java

package main.java;

import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import jakarta.servlet.ServletConfig;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;

import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.sql.DataSource;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.Date;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;

@WebServlet(name = "PaymentServlet", urlPatterns = "/api/payment")
public class PaymentServlet extends HttpServlet {

    private static final long serialVersionUID = 3L;

    // Create a dataSource which registered in web.xml
    private DataSource dataSource;

    public void init(ServletConfig config) {
        try {
            dataSource = (DataSource) new InitialContext().lookup("java:comp/env/master");
        } catch (NamingException e) {
            e.printStackTrace();
        }
    }

    /**
     * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
     */
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {

        HttpSession session = request.getSession();

        response.setContentType("application/json"); // Response mime type

        // Output stream to STDOUT
        PrintWriter out = response.getWriter();

        try (Connection conn = dataSource.getConnection()) {

            String firstName = request.getParameter("first-name");
            String lastName = request.getParameter("last-name");
            String creditCard = request.getParameter("credit-card");
            Date expiration = Date.valueOf(request.getParameter("expiration"));
            Optional<Date> dateOptional = Optional.ofNullable(expiration);

            if (firstName == null || lastName == null || creditCard == null || dateOptional.isEmpty() || firstName.isEmpty() || lastName.isEmpty() || creditCard.isEmpty()) {
                JsonObject responseJsonObject = new JsonObject();
                // Login fail
                responseJsonObject.addProperty("status", "fail");
                // Log to localhost log
                request.getServletContext().log("Payment failed");
                // sample error messages. in practice, it is not a good idea to tell user which one is incorrect/not exist.
                responseJsonObject.addProperty("message", "Invalid payment credentials.");

                response.getWriter().write(responseJsonObject.toString());
                out.close();
                return;
            }

            String query = "SELECT * FROM creditcards c WHERE c.firstName = ? AND c.lastName = ? AND c.id = ? AND c.expiration = ?";

            PreparedStatement statement = conn.prepareStatement(query);

            statement.setString(1, firstName);
            statement.setString(2, lastName);
            statement.setString(3, creditCard);
            statement.setDate(4, expiration);

            ResultSet rs = statement.executeQuery();

        /* This example only allows username/password to be test/test
        /  in the real project, you should talk to the database to verify username/password
        */
            JsonObject responseJsonObject = new JsonObject();
            if (rs.next()) {
                Map<String, Integer> cart = (HashMap<String, Integer>) session.getAttribute("cart");

                if (cart == null || cart.keySet().isEmpty()) {
                    responseJsonObject.addProperty("status", "fail");
                    // Log to localhost log
                    request.getServletContext().log("Cart is empty");
                    // sample error messages. in practice, it is not a good idea to tell user which one is incorrect/not exist.
                    responseJsonObject.addProperty("message", "Your cart is empty.");
                }
                else {
                    // Login success:

                    // set this user into the session
                    // Add all current cart items to sale
                    int currentTimeMillis = (int) System.currentTimeMillis();
                    session.setAttribute("saletime", currentTimeMillis);

                    for (Map.Entry<String, Integer> entry : cart.entrySet()) {
                        String saleInsert = "INSERT INTO sales (customerId, movieId, saleDate, quantity, saleTime) VALUES(?, ?, ?, ?, ?)";

                        PreparedStatement saleInsertStatement = conn.prepareStatement(saleInsert);
                        saleInsertStatement.setString(1, (String) session.getAttribute("customerid"));
                        saleInsertStatement.setString(2, entry.getKey());
                        saleInsertStatement.setDate(3, Date.valueOf(LocalDate.now()));
                        saleInsertStatement.setInt(4, entry.getValue());
                        saleInsertStatement.setInt(5, currentTimeMillis);

                        saleInsertStatement.execute();
                    }

                    responseJsonObject.addProperty("status", "success");
                    responseJsonObject.addProperty("message", "success");

                    session.removeAttribute("cart");
                }

            } else {
                // Login fail
                responseJsonObject.addProperty("status", "fail");
                // Log to localhost log
                request.getServletContext().log("Payment failed");
                // sample error messages. in practice, it is not a good idea to tell user which one is incorrect/not exist.
                responseJsonObject.addProperty("message", "Invalid payment credentials.");
            }

            rs.close();
            statement.close();

            response.getWriter().write(responseJsonObject.toString());
        }
        catch (Exception e) {
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("errorMessage", e.getMessage());
            out.write(jsonObject.toString());

            request.getServletContext().log("Error:", e);

            response.setStatus(500);
        }
        finally {
            out.close();
        }
    }
}