Institutionen för datavetenskap: Webutveckling för serversidan

Assignment 3 - Tag Libraries

Due: 2007-08-21, 10:00

The assignment shall be solved individually.

The purpose of this assignment is to introduce the use of tag libraries in JSP, and show how to incorporate them with session management in JSP development.

In this assignment you are to create a set of custom tags, export them in a tag library and incorporate the tag library in an existing web application. More specifically you are to create a series of custom tags which handle user authentication (login and logout) for JSP pages, and then modify your solution from assignment 2 to make use of these tags to secure the shopping application.
NOTE that you are to copy all of the files in your solution from assignment 2 to the assignment3 directory in your laboration environment prior to modifying the files for assignment 3.
If you have not completed assignment 2 before handing in assignment 3 you may use your existing solution for assignment 2, you will not need to fix problems in assignment 2 twice (unless ofcourse they completely obscure the use of the tags in assignment 3). If your solution of assignment 2 is structured in a way which prohibits reasonable use of the tags in assignment 3 (e.g., if you have implemented a MVC architecture which obsoletes the use of RequireAuthenticationTag) you may construct a simple demonstration web site which demonstrates the use of the tags. If you elect to do this, you must document the site and its use of the tags in a brief report which is to be handed in with your solution (an explanatory section of an email will suffice).

Tag name	Tag parameters	Description
LogInTag	`skipPage` (optional, default "false")	Present a log-in form which sends an authentication request to itself. If a log-in request was made (i.e., the log-in form was submitted), authenticate the user and create a session variable which stores the username of the authenticated user. If user authentication fails, present the log-in form again. If `skipPage` equals "true", skip the rest if the JSP content when presenting the log-in form.
LogOutTag	None	Reset the username variable in the session (i.e., perform a user log-out).
GetCurrentUserTag	`message`	Present the username of the currently logged-in user, or `message` if no user is currently logged in.
RequireHTTPSTag	None	Throw a JspException if the current request was made using a non-secure channel (i.e., over HTTP).
RequireAuthenticationTag	`redirectURL` (optional)	Redirect the request to the specified `redirectURL` if no user has been authenticated in the current session. If no `redirectURL` has been specified, throw a JspException.

All tag classes shall be placed in the Java package assignment3.tags. A template taglib descriptor file named assignment3-taglib.tld is provided and should be usable as-is for the assignment.

Note that for a passing grade on this assignment you need to provide both the specified tags and integrate them in the files copied from your solution for assignment 2. If the structure of your solution / adaptation of assignment 2 is not self-evident and completely transparent you should provide some form of documentation for this (i.e., in a very brief report or in the form of comments in your JSP pages).

Laboration environment

Download assignment3.jar and place it in your web applications library directory (5dv076/username/web/WEB-INF/lib).

This JAR-file contains a data access layer for a simulated user database. The system is provided in a Java package called assignment3 which contains the following classes:

assignment3.Id                              <- a UUID wrapper class
assignment3.User                            <- a user representation
assignment3.UserAccessor                    <- an accessor interface for the user database
assignment3.UserAccessorSimulator           <- a simulated implementation of the accessor
assignment3.UserAccessorSimulator.Factory   <- a factory class for the simulator

The users in this system contains three data fields: id, username and password. Although the User class contains get methods for each of them, use of the UserAccessor interface is sufficient for the solution of the assignment. The accessor interface contains a single method for authenticating users using a (username,password) tuple.

Using the system: To use the system to authenticate a user simply instantiate an accessor:

  UserAccessor accessor = UserAccessorSimulator.Factory.getInstance();

and authenticate the user using the provided user credentials
(username and password submitted via a log-in form)

  boolean authenticationResult = accessor.authenticate(username,password);

Note that the authentication method is case sensitive, i.e., username and password must be specified using an exact case match when logging in.

The simulated user database contains by default 10 test users, with username and passwords created on the pattern

testuser1   testpassword1
testuser2   testpassword2
   .              .
   .              .
   .              .

See the environment page for details on the laboration environment.

Examination

Place a WAR-file containing your solution in

~/edu/5dv076/assignment3/

Place your custom tag Java source code in

~/edu/5dv076/assignment3/src/

and email the teachers when you have completed the assignment.

Due date

2007-08-21, 10:00

http://www.cs.umu.se/kurser/5DV076/SOM-07/assignments/3/index.html
Ansvarig för sidan: P-O Östberg
Senast ändrad 2007-08-16